TY - GEN
T1 - BP-Miner
T2 - 21st Asia-Pacific Software Engineering Conference, APSEC 2014
AU - Liu, Hu Qiu
AU - Bai, Jia Ju
AU - Wang, Yu Ping
AU - Hu, Shi Min
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014
Y1 - 2014
N2 - Kernel extension functions are provided as interfaces for drivers to manage devices and resources, and there are many implicit rules about their usages. One of the most important rules is that many functions should be called in pairs. That is to say, when an error occurs in a function, the driver should call related functions to handle it and release the acquired resources before returning, and we name these functions between normal execution paths and error handling paths as paired functions. However, many developers are unaware of them, which causes lots of bugs. Therefore, it is highly significant to automatically extract paired functions and detect violations for drivers. This paper proposes an efficient tool named BP-Miner, which can extract paired functions from binary code of driver modules and detect violations for error handling in drivers with extracted paired functions. BP-Miner constructs control flow graph (CFG) based on basic blocks of binary code, and locates potential execution paths to extract paired functions. We have evaluated BP-Miner with Linux drivers 2.6.38 and 3.13.0-rc7. 76 bugs are reported by BP-Miner in 2.6.38 which have been fixed in the current latest version 3.13.0-rc7. BP-Miner spends about 90 minutes handling 3653 module files for 3.13.0-rc7, and 859 violations have been detected with 1167 extracted paired functions. As it works on the binary code, it can be utilized to check close-source drivers.
AB - Kernel extension functions are provided as interfaces for drivers to manage devices and resources, and there are many implicit rules about their usages. One of the most important rules is that many functions should be called in pairs. That is to say, when an error occurs in a function, the driver should call related functions to handle it and release the acquired resources before returning, and we name these functions between normal execution paths and error handling paths as paired functions. However, many developers are unaware of them, which causes lots of bugs. Therefore, it is highly significant to automatically extract paired functions and detect violations for drivers. This paper proposes an efficient tool named BP-Miner, which can extract paired functions from binary code of driver modules and detect violations for error handling in drivers with extracted paired functions. BP-Miner constructs control flow graph (CFG) based on basic blocks of binary code, and locates potential execution paths to extract paired functions. We have evaluated BP-Miner with Linux drivers 2.6.38 and 3.13.0-rc7. 76 bugs are reported by BP-Miner in 2.6.38 which have been fixed in the current latest version 3.13.0-rc7. BP-Miner spends about 90 minutes handling 3653 module files for 3.13.0-rc7, and 859 violations have been detected with 1167 extracted paired functions. As it works on the binary code, it can be utilized to check close-source drivers.
KW - Binary code checking
KW - Error path checking
KW - Paired functions mining
KW - Violations detection
UR - http://www.scopus.com/inward/record.url?scp=84951292362&partnerID=8YFLogxK
U2 - 10.1109/APSEC.2014.67
DO - 10.1109/APSEC.2014.67
M3 - Conference contribution
AN - SCOPUS:84951292362
T3 - Proceedings - Asia-Pacific Software Engineering Conference, APSEC
SP - 415
EP - 422
BT - Proceedings - 21st Asia-Pacific Software Engineering Conference, APSEC 2014
A2 - Gueheneuc, Yann-Gael
A2 - Kwon, Gihwon
A2 - Cha, Sungdeok
PB - IEEE Computer Society
Y2 - 1 December 2014 through 4 December 2014
ER -