Verfügbarkeit: Static detection of software errors

Static detection of software errors: precise and scalable algorithms for automatic detection of software errors

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Xie, Yichen (VerfasserIn)
Format:	Abschlussarbeit Buch
Sprache:	English
Veröffentlicht:	Saarbrücken VDM, Müller 2007
Schlagworte:	Softwaretest Bug > Informatik Statische Analyse Hochschulschrift
Online-Zugang:	Inhaltstext Inhaltsverzeichnis
Beschreibung:	XVI, 129 S.
ISBN:	9783836421720 3836421720

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV024619873
003	DE-604
005	20090910
007	t
008	090924s2007 m\|\|\| 00\|\|\| eng d
015			\|a 07,N35,0036 \|2 dnb
015			\|a 08,A12,0048 \|2 dnb
016	7		\|a 985243384 \|2 DE-101
020			\|a 9783836421720 \|9 978-3-8364-2172-0
020			\|a 3836421720 \|9 3-8364-2172-0
035			\|a (OCoLC)213397759
035			\|a (DE-599)DNB985243384
040			\|a DE-604 \|b ger \|e rakwb
041	0		\|a eng
049			\|a DE-83
082	0		\|a 005.14 \|2 22/ger
084			\|a ST 233 \|0 (DE-625)143620: \|2 rvk
084			\|a 004 \|2 sdnb
100	1		\|a Xie, Yichen \|e Verfasser \|0 (DE-588)133936082 \|4 aut
245	1	0	\|a Static detection of software errors \|b precise and scalable algorithms for automatic detection of software errors \|c Yichen Xie
264		1	\|a Saarbrücken \|b VDM, Müller \|c 2007
300			\|a XVI, 129 S.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
502			\|a Zugl.: Stanford, Univ., Diss., 2006
650	0	7	\|a Softwaretest \|0 (DE-588)4132652-0 \|2 gnd \|9 rswk-swf
650	0	7	\|a Bug \|g Informatik \|0 (DE-588)4238603-2 \|2 gnd \|9 rswk-swf
650	0	7	\|a Statische Analyse \|0 (DE-588)4325372-6 \|2 gnd \|9 rswk-swf
655		7	\|0 (DE-588)4113937-9 \|a Hochschulschrift \|2 gnd-content
689	0	0	\|a Statische Analyse \|0 (DE-588)4325372-6 \|D s
689	0	1	\|a Bug \|g Informatik \|0 (DE-588)4238603-2 \|D s
689	0	2	\|a Softwaretest \|0 (DE-588)4132652-0 \|D s
689	0		\|5 DE-604
856	4	2	\|q text/html \|u http://deposit.dnb.de/cgi-bin/dokserv?id=2991792&prov=M&dok_var=1&dok_ext=htm \|3 Inhaltstext
856	4	2	\|m HBZ Datenaustausch \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=018591922&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
943	1		\|a oai:aleph.bib-bvb.de:BVB01-018591922

Datensatz im Suchindex

_version_	1809403653500436480
adam_text	Contents Abstract vi Acknowledgments vii 1 Introduction 1 1.1 Motivation 1 1.2 Existing Techniques 2 1.2.1 Dynamic Tools 2 1.2.2 Static Analysis 3 1.3 Thesis Outline and Summary of Contributions 3 2 A SAT-based Analysis Framework 6 2.1 Introduction 6 2.2 The Saturn Framework 8 2.2.1 Modeling Integers 8 2.2.2 Control Flow 12 2.2.3 Structures 13 2.2.4 Pointers 14 2.2.5 Attributes 17 2.3 Discussions and Improvements 18 2.3.1 Automatic Slicing 18 2.3.2 Lazy Construction of the Environment 18 2.3.3 Using BDDs for Guards 19 2.4 Building Modular Property Checkers with Saturn 20 2.5 Case Study I: Checking Finite State Properties 22 ix 2.5.1 Interface Objects 23 2.5.2 Function Summary Representation 24 2.5.3 Summary Application 26 2.5.4 Summary Inference 28 2.5.5 A Linux Lock Checker 29 2.5.6 Experimental Results 31 2.6 Case Study II: The Leak Detector 36 2.6.1 Motivation and Examples 37 2.6.2 Outline of the Leak Checker 38 2.6.3 Access Paths and Origins 39 2.6.4 Escape and Leak Conditions 42 2.6.5 Interprocedural Analysis 43 2.6.6 Loops and Recursion 46 2.6.7 Handling Unsafe Operations in C 47 2.6.8 A Distributed Architecture 48 2.6.9 Experimental Results 51 2.7 Unsoundness 53 2.8 Related Work 54 2.8.1 FSM Checking 54 2.8.2 Memory Leak Detection 56 2.8.3 Other SAT-based Checking and Verification Tools 58 2.9 Conclusion 58 3 Static Analysis of Scripting Languages 59 3.1 Introduction 59 3.2 Background 61 3.3 Analysis 64 3.3.1 Simulating Basic Blocks 65 3.3.2 Intraprocedural Analysis 74 3.3.3 Interprocedural Analysis 76 3.4 Experimental Results 77 3.4.1 Case Study: Two SQL Injection Attacks in PHP-fusion 80 3.5 Related Work 83 x 3.5.1 Static techniques 83 3.5.2 Dynamic Techniques 85 3.6 Conclusion 86 4 Using Redundancy to Find Errors 87 4.1 Introduction 87 4.2 Idempotent Operations 89 4.3 Redundant Assignments 91 4.4 Dead Code 97 4.5 Redundant Conditionals 100 4.6 Redundant NULL-checks 104 4.7 Predicting Hard Errors with Redundancies 106 4.7.1 Methodology 107 4.7.2 Data acquisition and test results 108 4.7.3 Predicting hard errors 110 4.8 Detecting Specification Mistakes 111 4.8.1 Case study: Finding missed security holes 112 4.8.2 Case study: Helping static race detection 113 4.9 Related Work 116 4.10 Conclusion 118 5 Conclusion 119 5.1 Future Work 119 Bibliography 121 i List of Tables 2.1 Performance statistics on a Single processor Pentium IV 3.0G desktop with 1GB memory 32 2.2 Number of bugs found in each category. 33 2.3 Breakdown of intra- and inter-procedural bugs 33 2.4 Breakdown of false positives 34 2.5 Objects, access paths, and access origins in the sample program 41 2.6 Experimental results for the memory leak checker 49 3.1 Summary of experiments. LOC statistics include embedded HTML, and thus is a rough estimate of code complexity. Err Msgs: number of reported errors. Bugs: number of confirmed bugs from error reports. FP: number of false positives. Warn: number of unique warning messages for variables of unresolved origin (uninspected) 79 4.1 Bugs found by the idempotent checker in Linux version 2.4.5-ac8, OpenBSD 3.2, and PostgreSQL 7.2 90 4.2 Bugs found by the redundant assignment checker in Linux version 2.4.5-ac8, OpenBSD 3.2, and PostgreSQL 7.2 92 4.3 Bugs found by the dead code checker on Linux version 2.4.5-ac8, OpenBSD 3.2, and PostgreSQL 7.2 97 4.4 Bugs found by the redundant conditionals checker in Linux 2.4.5-ac8, OpenBSD 3.2, PostgreSQL 7.2 100 xii 4.5 Contingency table: Redundant Assignments vs. Hard Bugs. There are 345 files with both error types, 435 files with a redundant assignments and no hard bugs, 206 files with a hard bug and no redundant assignments, and 1069 files with no bugs of either type. A T-statistic value above four gives a p-value of less than 0.05, which strongly suggests the two events are not independent. The observed T value of 194.37 gives a p-value of essentially 0, noticeably better than the Standard threshold. Intuitively, the correlation between error types can be seen in that the ratio of 345/435 is considerably larger than the ratio 206/1069 — if the events were independent, we expect these two ratios to be approximately equal 109 4.6 Contingency table: Dead code vs. Hard Bugs 109 4.7 Contingency table: Redundant Conditionals vs. Hard Bugs 109 4.8 Contingency table: Program Redundancies (Aggregate) vs. Hard Bugs . 110 4.9 Program files with redundancies are on average roughly 50% more likely to contain hard errors 110 ', xiii 1 I List of Figures 2.1 Modeling integers in Saturn 9 2.2 The translation of integers 10 2.3 Merging control-flow paths 11 2.4 The translation of structures 13 2.5 Pointers and guarded location sets 14 2.6 Control-fiow merges with pointers 15 2.7 Function summary representation 25 2.8 Sample function summaries for the locking property. 26 2.9 Summary application 27 2.10 Summary inference 28 2.11 An interprocedural Type A error found in sound/oss/sscape. c 35 2.12 An intraprocedural Type B error found in drivers/message/i2o/i2oxore. c. 36 2.13 Access paths 40 2.14 Memory leak detection rules 41 2.15 The definition of function summaries 43 2.16 Summary generation 44 2.17 Three representative errors found by the leak checker 50 2.18 A sample false positive 51 3.1 Pseudo-code for the analysis of a function 64 3.2 Pseudo-code for intra-block Simulation 65 3.3 Language Definition 66 3.4 Intrablock Simulation algorithm 67 3.5 An exploitable vulnerability in PHP-fusion 6.00.204 82 4.1 Lost return value caught by flagging the redundant assignment to err. . 93 xiv 4.2 A single-iteration loop caught by flagging the redundant assignment next = entry- next. The assignment appears to be read in the loop iteration Statement (entry = next) but it is dead code, since the loop always exits after a Single iteration. If the entry the loop is trying to delete is not the first one in the list, it is not deleted 94 4.3 Catastrophic return caught by the redundant assignment to c2. The last con- ditional is accidentally terminated because of a stray Statement terminator (";") at the end of the line, causing the routine to always return err.val. . 95 4.4 Unintentional switch "fall through" causing the code to always return an error. This maps to the low-level redundancy that the value assigned to val is never used 95 4.5 Unexpected return: The call pseterr is a macro that returns its argument value as an error. Unfortunately, the programmer does not realize this and inserts subsequent operations, which are fiagged by our dead code checker. There were many other similar misuses of the same macro 97 4.6 Broken loop: the first if-else Statement of the loop contains a break on both paths, causing the loop to always abort, without ever executing the subsequent code it contains 98 4.7 Useless loop body: similarly to Figure 4.6 this loop has a broken if-else Statement. One branch aborts the loop, the other uses C's continue State¬ ment to skip the body and begin another iteration 98 4.8 Unsigned variable tested for negativity. 99 4.9 Nonsensical programming style: the check at line 3 is clearly redundant. . . 101 4.10 Nonsensical programming style: the check of slave at line 9 is guaranteed to be true; also notice the difference in return value 102 4.11 Redundant conditional that suggests a serious program error 102 4.12 Redundant conditionals that signal errors: a conditional expression being placed in the eise branch of another identical test 103 4.13 A serious error in a linked list insertion implementation: srb_p is always NULL after the while loop (which appears to be checking the wrong Boolean condition) 103 xv I i 4.14 Redundant NULL-check of drl signals a more serious problem: return values of ntf s_rl_realloc should in fact be checked with IS.ERR. A NULL-check will never catch the error case 105 4.15 Error ranked high because of redundancy analysis: there were 28 places where the routine serial_out was used as the first or last Statement in a critical section 114 xvi
any_adam_object	1
author	Xie, Yichen
author_GND	(DE-588)133936082
author_facet	Xie, Yichen
author_role	aut
author_sort	Xie, Yichen
author_variant	y x yx
building	Verbundindex
bvnumber	BV024619873
classification_rvk	ST 233
ctrlnum	(OCoLC)213397759 (DE-599)DNB985243384
dewey-full	005.14
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.14
dewey-search	005.14
dewey-sort	15.14
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
format	Thesis Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>00000nam a2200000 c 4500</leader><controlfield tag="001">BV024619873</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20090910</controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">090924s2007 m\|\|\| 00\|\|\| eng d</controlfield><datafield tag="015" ind1=" " ind2=" "><subfield code="a">07,N35,0036</subfield><subfield code="2">dnb</subfield></datafield><datafield tag="015" ind1=" " ind2=" "><subfield code="a">08,A12,0048</subfield><subfield code="2">dnb</subfield></datafield><datafield tag="016" ind1="7" ind2=" "><subfield code="a">985243384</subfield><subfield code="2">DE-101</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9783836421720</subfield><subfield code="9">978-3-8364-2172-0</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">3836421720</subfield><subfield code="9">3-8364-2172-0</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)213397759</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)DNB985243384</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-83</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.14</subfield><subfield code="2">22/ger</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 233</subfield><subfield code="0">(DE-625)143620:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">004</subfield><subfield code="2">sdnb</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Xie, Yichen</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)133936082</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Static detection of software errors</subfield><subfield code="b">precise and scalable algorithms for automatic detection of software errors</subfield><subfield code="c">Yichen Xie</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Saarbrücken</subfield><subfield code="b">VDM, Müller</subfield><subfield code="c">2007</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XVI, 129 S.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="502" ind1=" " ind2=" "><subfield code="a">Zugl.: Stanford, Univ., Diss., 2006</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Softwaretest</subfield><subfield code="0">(DE-588)4132652-0</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Bug</subfield><subfield code="g">Informatik</subfield><subfield code="0">(DE-588)4238603-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Statische Analyse</subfield><subfield code="0">(DE-588)4325372-6</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="655" ind1=" " ind2="7"><subfield code="0">(DE-588)4113937-9</subfield><subfield code="a">Hochschulschrift</subfield><subfield code="2">gnd-content</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Statische Analyse</subfield><subfield code="0">(DE-588)4325372-6</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Bug</subfield><subfield code="g">Informatik</subfield><subfield code="0">(DE-588)4238603-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Softwaretest</subfield><subfield code="0">(DE-588)4132652-0</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="q">text/html</subfield><subfield code="u">http://deposit.dnb.de/cgi-bin/dokserv?id=2991792&prov=M&dok_var=1&dok_ext=htm</subfield><subfield code="3">Inhaltstext</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">HBZ Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=018591922&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-018591922</subfield></datafield></record></collection>
genre	(DE-588)4113937-9 Hochschulschrift gnd-content
genre_facet	Hochschulschrift
id	DE-604.BV024619873
illustrated	Not Illustrated
indexdate	2024-09-06T00:16:31Z
institution	BVB
isbn	9783836421720 3836421720
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-018591922
oclc_num	213397759
open_access_boolean
owner	DE-83
owner_facet	DE-83
physical	XVI, 129 S.
publishDate	2007
publishDateSearch	2007
publishDateSort	2007
publisher	VDM, Müller
record_format	marc
spelling	Xie, Yichen Verfasser (DE-588)133936082 aut Static detection of software errors precise and scalable algorithms for automatic detection of software errors Yichen Xie Saarbrücken VDM, Müller 2007 XVI, 129 S. txt rdacontent n rdamedia nc rdacarrier Zugl.: Stanford, Univ., Diss., 2006 Softwaretest (DE-588)4132652-0 gnd rswk-swf Bug Informatik (DE-588)4238603-2 gnd rswk-swf Statische Analyse (DE-588)4325372-6 gnd rswk-swf (DE-588)4113937-9 Hochschulschrift gnd-content Statische Analyse (DE-588)4325372-6 s Bug Informatik (DE-588)4238603-2 s Softwaretest (DE-588)4132652-0 s DE-604 text/html http://deposit.dnb.de/cgi-bin/dokserv?id=2991792&prov=M&dok_var=1&dok_ext=htm Inhaltstext HBZ Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=018591922&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Xie, Yichen Static detection of software errors precise and scalable algorithms for automatic detection of software errors Softwaretest (DE-588)4132652-0 gnd Bug Informatik (DE-588)4238603-2 gnd Statische Analyse (DE-588)4325372-6 gnd
subject_GND	(DE-588)4132652-0 (DE-588)4238603-2 (DE-588)4325372-6 (DE-588)4113937-9
title	Static detection of software errors precise and scalable algorithms for automatic detection of software errors
title_auth	Static detection of software errors precise and scalable algorithms for automatic detection of software errors
title_exact_search	Static detection of software errors precise and scalable algorithms for automatic detection of software errors
title_full	Static detection of software errors precise and scalable algorithms for automatic detection of software errors Yichen Xie
title_fullStr	Static detection of software errors precise and scalable algorithms for automatic detection of software errors Yichen Xie
title_full_unstemmed	Static detection of software errors precise and scalable algorithms for automatic detection of software errors Yichen Xie
title_short	Static detection of software errors
title_sort	static detection of software errors precise and scalable algorithms for automatic detection of software errors
title_sub	precise and scalable algorithms for automatic detection of software errors
topic	Softwaretest (DE-588)4132652-0 gnd Bug Informatik (DE-588)4238603-2 gnd Statische Analyse (DE-588)4325372-6 gnd
topic_facet	Softwaretest Bug Informatik Statische Analyse Hochschulschrift
url	http://deposit.dnb.de/cgi-bin/dokserv?id=2991792&prov=M&dok_var=1&dok_ext=htm http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=018591922&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT xieyichen staticdetectionofsoftwareerrorspreciseandscalablealgorithmsforautomaticdetectionofsoftwareerrors

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Beschreibung

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge