Hector: Detecting resource-release omission faults in error-handling code for systems software

Suman Saha, Jean Pierre Lozi, Gael Thomas, Julia L. Lawall, Gilles Muller

Research output: Chapter in Book/Report/Conference proceedingConference contribution

27 Citations (Scopus)

Abstract

Omitting resource-release operations in systems error handling code can lead to memory leaks, crashes, and deadlocks. Finding omission faults is challenging due to the difficulty of reproducing system errors, the diversity of system resources, and the lack of appropriate abstractions in the C language. To address these issues, numerous approaches have been proposed that globally scan a code base for common resource-release operations. Such macroscopic approaches are notorious for their many false positives, while also leaving many faults undetected. We propose a novel microscopic approach to finding resource-release omission faults in systems software. Rather than generalizing from the entire source code, our approach focuses on the error-handling code of each function. Using our tool, Hector, we have found over 370 faults in six systems software projects, including Linux, with a 23% false positive rate. Some of these faults allow an unprivileged malicious user to crash the entire system.

Original languageEnglish (US)
Title of host publication2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013
DOIs
StatePublished - Sep 9 2013
Event2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013 - Budapest, Hungary
Duration: Jun 24 2013Jun 27 2013

Publication series

NameProceedings of the International Conference on Dependable Systems and Networks

Other

Other2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013
CountryHungary
CityBudapest
Period6/24/136/27/13

Fingerprint

Data storage equipment
Linux

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Saha, S., Lozi, J. P., Thomas, G., Lawall, J. L., & Muller, G. (2013). Hector: Detecting resource-release omission faults in error-handling code for systems software. In 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013 [6575307] (Proceedings of the International Conference on Dependable Systems and Networks). https://doi.org/10.1109/DSN.2013.6575307
Saha, Suman ; Lozi, Jean Pierre ; Thomas, Gael ; Lawall, Julia L. ; Muller, Gilles. / Hector : Detecting resource-release omission faults in error-handling code for systems software. 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013. 2013. (Proceedings of the International Conference on Dependable Systems and Networks).
@inproceedings{ccb130ca91bc470fa3f5f26b3b66c081,
title = "Hector: Detecting resource-release omission faults in error-handling code for systems software",
abstract = "Omitting resource-release operations in systems error handling code can lead to memory leaks, crashes, and deadlocks. Finding omission faults is challenging due to the difficulty of reproducing system errors, the diversity of system resources, and the lack of appropriate abstractions in the C language. To address these issues, numerous approaches have been proposed that globally scan a code base for common resource-release operations. Such macroscopic approaches are notorious for their many false positives, while also leaving many faults undetected. We propose a novel microscopic approach to finding resource-release omission faults in systems software. Rather than generalizing from the entire source code, our approach focuses on the error-handling code of each function. Using our tool, Hector, we have found over 370 faults in six systems software projects, including Linux, with a 23{\%} false positive rate. Some of these faults allow an unprivileged malicious user to crash the entire system.",
author = "Suman Saha and Lozi, {Jean Pierre} and Gael Thomas and Lawall, {Julia L.} and Gilles Muller",
year = "2013",
month = "9",
day = "9",
doi = "10.1109/DSN.2013.6575307",
language = "English (US)",
isbn = "9781467364713",
series = "Proceedings of the International Conference on Dependable Systems and Networks",
booktitle = "2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013",

}

Saha, S, Lozi, JP, Thomas, G, Lawall, JL & Muller, G 2013, Hector: Detecting resource-release omission faults in error-handling code for systems software. in 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013., 6575307, Proceedings of the International Conference on Dependable Systems and Networks, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013, Budapest, Hungary, 6/24/13. https://doi.org/10.1109/DSN.2013.6575307

Hector : Detecting resource-release omission faults in error-handling code for systems software. / Saha, Suman; Lozi, Jean Pierre; Thomas, Gael; Lawall, Julia L.; Muller, Gilles.

2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013. 2013. 6575307 (Proceedings of the International Conference on Dependable Systems and Networks).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Hector

T2 - Detecting resource-release omission faults in error-handling code for systems software

AU - Saha, Suman

AU - Lozi, Jean Pierre

AU - Thomas, Gael

AU - Lawall, Julia L.

AU - Muller, Gilles

PY - 2013/9/9

Y1 - 2013/9/9

N2 - Omitting resource-release operations in systems error handling code can lead to memory leaks, crashes, and deadlocks. Finding omission faults is challenging due to the difficulty of reproducing system errors, the diversity of system resources, and the lack of appropriate abstractions in the C language. To address these issues, numerous approaches have been proposed that globally scan a code base for common resource-release operations. Such macroscopic approaches are notorious for their many false positives, while also leaving many faults undetected. We propose a novel microscopic approach to finding resource-release omission faults in systems software. Rather than generalizing from the entire source code, our approach focuses on the error-handling code of each function. Using our tool, Hector, we have found over 370 faults in six systems software projects, including Linux, with a 23% false positive rate. Some of these faults allow an unprivileged malicious user to crash the entire system.

AB - Omitting resource-release operations in systems error handling code can lead to memory leaks, crashes, and deadlocks. Finding omission faults is challenging due to the difficulty of reproducing system errors, the diversity of system resources, and the lack of appropriate abstractions in the C language. To address these issues, numerous approaches have been proposed that globally scan a code base for common resource-release operations. Such macroscopic approaches are notorious for their many false positives, while also leaving many faults undetected. We propose a novel microscopic approach to finding resource-release omission faults in systems software. Rather than generalizing from the entire source code, our approach focuses on the error-handling code of each function. Using our tool, Hector, we have found over 370 faults in six systems software projects, including Linux, with a 23% false positive rate. Some of these faults allow an unprivileged malicious user to crash the entire system.

UR - http://www.scopus.com/inward/record.url?scp=84883422022&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84883422022&partnerID=8YFLogxK

U2 - 10.1109/DSN.2013.6575307

DO - 10.1109/DSN.2013.6575307

M3 - Conference contribution

AN - SCOPUS:84883422022

SN - 9781467364713

T3 - Proceedings of the International Conference on Dependable Systems and Networks

BT - 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013

ER -

Saha S, Lozi JP, Thomas G, Lawall JL, Muller G. Hector: Detecting resource-release omission faults in error-handling code for systems software. In 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2013. 2013. 6575307. (Proceedings of the International Conference on Dependable Systems and Networks). https://doi.org/10.1109/DSN.2013.6575307