| IP telephony services use network resources to automate communication stimuli processing. However, deploying services on a telephony system leads to safety issues, and programmers need to ensure some safety properties on their services. Several approaches allowing service development have emerged. Some of them ensure safety properties by restricting expressiveness, limiting the scope of usage. This thesis proposes a new approach that relies on domain-specific languages (DSL) to develop communication services. A domain-specific language is a programming language dedicated to a particular domain. Their expressiveness and verifiability are adapted and specific to a domain. A compiler statically checks critical domain properties. Two new DSLs have been designed for communication services, namely SPL (Session Processing Language) and Pantaxou. The SPL language allows developers to specify routing logic that processes IP telephony signaling. SPL offers abstractions specific to message processing that guarantee the safety properties of IP telephony. The Pantaxou language generalizes the communication service concept introduced by SPL allowing the coordination of communicating entities. The language consists of two parts: the first one enables the description of an environment of communicating entities; the second one expresses the coordination scenarios between these entities. These scenarios must ensure some constrains with respect to the environment description. Two compilers ensure the environment consistency and the scenarios consistency regarding the environment. The contributions of this thesis are as follows: (1) We carry out an analysis of communication services. This analysis focuses on communication services based on the SIP protocol. Existing approaches for developing SIP-based communication services are presented. (2) We present the design and implementation of a language, named SPL, for programming routing services. Various analyses for this language ensure critical properties of the SIP protocol. (3) We generalize the service development to entity services. We have designed a language, named Pantaxou, that introduces a two-step process for the development of coordination services, enabling early verification during the development process. (4) The design and implementation of these languages improve the development process of communication services and especially their safety. Beyond the domain of telephony services, our DSL-based approach opens up new possibilities for the development of distributed services in the field of ubiquitous computing. |
Keyword(s): Linux,
bug finding,
program analysis.
| Bug-finding tools rely on specifications of what is correct or incorrect code. As it is difficult for a tool developer or user to anticipate all possible specifications, strategies for inferring specifications have been proposed. These strategies obtain probable specifications by observing common characteristics of code or execution traces, typically focusing on sequences of function calls. To counter the observed high rate of false positives, heuristics have been proposed for ranking or pruning the results. These heuristics, however, can result in false negatives, especially for rarely used functions. In this paper, we propose an alternate approach to specification inference, in which the user guides the inference process using patterns of code that reflect the user's understanding of the conventions and design of the targeted software project. We focus on specifications describing the correct usage of API functions, which we refer to as API protocols. Our approach builds on the Coccinelle program matching and transformation tool, which allows a user to construct patterns that reflect the structure of the code to be matched. We evaluate our approach on the source code of the Linux kernel, which defines a very large number of API functions with varying properties. Linux is also critical software, implying that fixing even bugs involving rarely used protocols is essential. In our experiments, we use our approach to find over 3000 potential API protocols, with an estimated false positive rate of under 15% and use these protocols to find over 360 bugs in the use of API functions. Copyright © 2012 John Wiley & Sons, Ltd. |
Keyword(s): Automated tool support,
CERT C Secure Coding,
Certification.
| Writing correct C programs is well-known to be hard, not least due to the many low-level language features intrinsic to C. Writing secure C programs is even harder and, at times, seemingly impossible. To improve this situation the \{US\} \{CERT\} has developed and published a set of coding standards, the “CERT C Secure Coding Standard”, that (currently) enumerates 122 rules and 180 recommendations, with the aim of making C programs (more) secure. The large number of rules and recommendations makes automated tool support essential for certifying that a given system complies with the standard. In this paper, we report on ongoing work on adapting the Coccinelle bug-finder and program transformation tool, into a tool for analysing and certifying C programs according to, e.g., the \{CERT\} C Secure Coding Standard or the \{MISRA\} (the Motor Industry Software Reliability Association) C standard. We argue that such a tool must be highly adaptable and customisable to each software project as well as to the certification rules required by a given standard. Furthermore, we present current work on integrating Clang (the \{LLVM\} C front-end) as a program analysis component into Coccinelle. Program analysis information, e.g., from data-flow or pointer analysis, is necessary both for more precise compliance checking, i.e., with fewer false positives, and also for enabling more complete checking, i.e., with fewer false negatives, e.g., resulting from pointer aliasing. |
Keyword(s): Coccinelle,
Herodotos,
LLVM,
CLang.
| Finding and fixing programming errors in deployed software is often a slow, painstaking, and expensive process. In order to minimise this problem, static analysis is increasingly being adopted as a way to find programming errors before the software application is released. Coccinelle is a program matching and transfor-mation tool that makes it easy for developers to express static analysis-based software defect-finding rules and scan software source code for potential defects. |
Keyword(s): SIP,
IP Telephony.
| Telephony over IP (ToIP) makes it possible to program telephony platforms that have long been kept closed and proprietary. As new services are developed that enrich telephony with complex features such as database access, Web service invocation, and agenda look-up, the telephony platform is increasingly exposed to software bugs. Because telephony is heavily relied on, the success of its evolution to IP critically depends on the reliability of services. |
Keyword(s): hardware-software codesign,
integrated circuit design,
network-on-chip,
NoC-based heterogeneous multicore platform,
compute intensive applications,
integrated architecture exploration workflow,
integrated design flow,
network-on-chip,
space exploration mapping,
telecommunication application,
Computer architecture,
Generators,
Hardware,
IP networks,
Software,
Space exploration,
Standards.
| Compute-intensive applications can greatly benefit from the flexibility of NoC-based heterogeneous multi-core platforms. However, mapping applications on such MPSoC is becoming increasingly complex and requires integrated design flows. We conducted a case study to evaluate the benefits of an integrated design flow for the mapping space exploration of a real telecommunication application on a NoC-based heterogeneous platform. Thanks to the flow, we simulated several virtual platforms and several mappings of our application on each. This approach drastically lowers the required skills and the time needed for design space exploration. An improvement of several weeks have been observed. |
Keyword(s): Linux,
Coccinelle,
Herodotos.
| In 2001, Chou et al. published a study of faults found by applying a static analyzer to Linux versions 1.0 through 2.4.1. A major result of their work was that the drivers directory contained up to 7 times more of certain kinds of faults than other directories. This result inspired a number of development and research efforts on improving the reliability of driver code. Today, however, Linux is used in a much wider range of environments, provides a much wider range of services, and has adopted a new development and release model. What has been the impact of these changes on code quality? Are drivers still a major problem? To answer these questions, we have attempted to transport, based on the information provided, the experiments of Chou et al. to Linux versions 2.6.0 to 2.6.33, released between late 2003 and early 2010. We find that even if Linux has more than doubled in size during this period, the number of faults per line of code has been decreasing. And, even though drivers still accounts for a large part of the kernel code and contains the most faults, its fault rate is now below that of other directories, such as arch (HAL) and fs (file systems). Such information can guide further development and research efforts. To enable others to continually update the results as Linux evolves, we define our experimental protocol and make our checkers and results available in a public archive. |
| OpenSSL is a library providing various functionalities relating to secure network communication. Detecting and fixing bugs in OpenSSL code is thus essential, particularly when such bugs can lead to malicious attacks. In previous work, we have proposed a methodology for finding API usage protocols in Linux kernel code using the program matching and transformation engine Coccinelle. In this work, we report on our experience in applying this methodology to OpenSSL, focusing on API usage protocols related to error handling. This work has resulted in detection of over 30 bugs in a recent snapshot of OpenSSL, and in many cases it was possible to correct the bugs automatically. Our patches correcting these bugs have been accepted by the OpenSSL developers. This work furthermore confirms the applicability of our methodology to user-level code. |
| Writing correct C programs is well-known to be hard, not least due to the many language features intrinsic to C. Writing secure C programs is even harder and, at times, seemingly impossible. To improve on this situation the US CERT has developed and published a set of coding standards, the “CERT C Secure Coding Standard”, that (in the current version) enumerates 118 rules and 182 recommenda- tions with the aim of making C programs (more) secure. The large number of rules and recommendations makes automated tool support essential for certifying that a given system is in compliance with the standard. In this paper we report on ongoing work on integrating two state of the art analysis tools, Clang and Coccinelle, into a combined tool well suited for analysing and certifying C programs according to, e.g., the CERT C Secure Coding standard or the MISRA (the Motor Industry Software Reliability Assocation) C standard. We further argue that such a tool must be highly adaptable and customisable to each software project as well as to the certification rules required by a given standard. Clang is the C frontend for the LLVM compiler/virtual machine project which in- cludes a comprehensive set of static analyses and code checkers. Coccinelle is a program transformation tool and bug-finder developed originally for the Linux ker- nel, but has been successfully used to find bugs in other Open Source projects such as WINE and OpenSSL. |
Keyword(s): Occurrence histories,
Software quality,
Software evolution,
Static code analysis,
Coccinelle,
Herodotos.
| An important element of understanding a software code base is to identify the repetitive patterns of code it contains and how these evolve over time. Some patterns are useful to the software, and may be modularized. Others are detrimental to the software, such as patterns that represent defects. In this case, it is useful to study the occurrences of such patterns, to identify properties such as when and why they are introduced, how long they persist, and the reasons why they are corrected. To enable studying pattern occurrences over time, we propose a tool, Herodotos, that semi-automatically tracks pattern occurrences over multiple versions of a software project, independent of other changes in the source files. Guided by a user-provided configuration file, Herodotos builds various graphs showing the evolution of the pattern occurrences and computes some statistics. We have evaluated this approach on the history of a representative range of open source projects over the last three years. For each project, we track several kinds of defects that have been found by pattern matching. This tracking is done automatically in 99% of the occurrences. The results allow us to compare the evolution of the selected projects and defect kinds over time. |
Keyword(s): DSL,
Coccinelle,
Herodotos.
| Large open-source software projects involve developers with a wide variety of backgrounds and expertise. Such software projects furthermore include many internal APIs that developers must understand and use properly. According to the intended purpose of these APIs, they are more or less frequently used, and used by developers with more or less expertise. In this paper, we study the impact of usage patterns and developer expertise on the rate of defects occurring in the use of internal APIs. For this preliminary study, we focus on memory management APIs in the Linux kernel, as the use of these has been shown to be highly error prone in previous work. We study defect rates and developer expertise, to consider e.g., whether widely used APIs are more defect prone because they are used by less experienced developers, or whether defects in widely used APIs are more likely to be fixed. |
Keyword(s): DSL,
Coccinelle.
| Eliminating OS bugs is essential to ensuring the reliability of infrastructures ranging from embedded systems to servers. Several tools based on static analysis have been proposed for finding bugs in OS code. They have, however, emphasized scalability over usability, making it difficult to focus the tools on specific kinds of bugs and to relate the results to patterns in the source code. We propose a declarative approach to bug finding in Linux OS code using a control-flow based program search engine. Our approach is WYSIWIB (What You See Is Where It Bugs), since the programmer expresses specifications for bug finding using a syntax close to that of ordinary C code. The key advantage of our approach is that search specifications can be easily tailored, to eliminate false positives or catch more bugs. We present three case studies that have allowed us to find hundreds of potential bugs. |
Keyword(s): DSL,
Coccinelle.
| In the Linux kernel source tree, header files typically define many small functions that have a simple behavior but are critical to ensure readability, correctness, and maintainability. We have observed, however, that some Linux code does not use these functions systematically. In this paper, we propose an approach combining rule-based program matching and transformation with generative programming to generate rules for finding and fixing code fragments that should use the functions defined in header files. We illustrate our approach using an in-depth study based on four typical functions defined in the header file include/linux/usb.h. |
Keyword(s): Herodotos.
| Les logiciels évoluent continuellement afin d'améliorer les performances, corriger les erreurs, ou ajouter des fonctionnalités. Cependant, les modifications du code conduisent inévitablement l'introduction de défauts logiciels. Pour prévenir l'introduction de fautes, il est nécessaire de comprendre pourquoi elles surviennent. Il est donc important de développer des outils et des pratiques aidant trouver, suivre et prévenir ces défauts. Dans cet article, nous proposons une méthodologie et son outil associé, Herodotos, permettant d'étudier les fautes dans le temps et d'ainsi déterminer le moment de leur apparition et de leur disparition. Herodotos suit, de manière semi-automatisée, les fautes sur plusieurs versions d'un même projet indépendamment des modifications annexes dans les fichiers sources. Il construit des historiques graphiques et calcule des statistiques sur la vie des fautes. Nous avons évalué cette approche sur l'historique de quatre projets open source sur les trois dernières années. Pour chaque projet, nous explorons plusieurs types de fautes qui ont été trouvées par une analyse statique du code. Nous analysons les résultats produits pour comparer les projets sélectionnés et les types de fautes étudiées. |
Keyword(s): Pervasive,
Middleware,
Generation,
Programming Framework,
DiaGen.
| In this paper, we present a domain-specific Interface Definition Language (IDL) and its compiler, dedicated to the development of pervasive computing applications. Our IDL provides declarative support for concisely characterizing a pervasive computing environment. This description is (1) to be used by programmers as a high-level reference to develop applications that coordinate entities of the target environment and (2) to be passed to a compiler that generates a programming framework dedicated to the target environment. This process enables verifications to be performed prior to runtime on both the declared environment and a given application. Furthermore, customized operations are automatically generated to support the development of pervasive computing activities, such as service discovery and session negotiation for stream-oriented devices. |
Keyword(s): IP Telephony,
SIP,
Middleware,
Generation,
Programming Framework,
DiaGen.
| The scope of telephony is significantly broadening, providing users with a variety of communication modes, including presence status, instant messaging and videoconferencing. Furthermore, telephony is being increasingly combined with a number of non-telephony, heterogeneous resources, consisting of software entities, such as Web services, and hardware entities, such as location-tracking devices. This heterogeneity, compounded with the intricacies of underlying technologies, make the programming of new telephony applications a daunting task. This paper proposes an approach to supporting the development of advanced telephony applications. To do so, we introduce a declarative language over Java to define the entities of a target telephony application area. This definition is passed to a generator to produce a Java programming framework, dedicated to the application area. The generated frameworks provide service discovery and high-level communication mechanisms. These mechanisms are automatically mapped into SIP, making our approach compatible with existing SIP infrastructures and entities. Our work is implemented and has been validated on various advanced telephony applications. |
Keyword(s): Pantaxou,
Generation,
Programming Framework.
| Coordinating entities in a networked environment has always been a significant challenge for software developers. In recent years, however, it has become even more difficult, because devices have increasingly rich capabilities, combining an ever larger range of technologies (networking, multimedia, sensors, etc.). To address this challenge, we propose a language-based approach to covering the life-cycle of applications coordinating networked entities. Our approach covers the characterization of the networked environment, the specification of coordination applications, the verification of a networked environment and its deployment. It is carried out in practice by a domain-specific language, named Pantaxou. This paper presents the domain-specific language Pantaxou, dedicated to the development of applications for networked heterogeneous entities. Pantaxou has been used to specify a number of coordination scenarios in areas ranging from home automation to telecommunications. The language semantics has been formally defined and a compiler has been developed. The compiler verifies the coherence of a coordination scenario and generates coordination code in Java. |
Keyword(s): Pervasive,
Generation,
Programming Framework,
Middleware,
DiaGen.
| Pervasive computing applications are tedious to develop because they combine a number of problems ranging from device heterogeneity, to middleware constraints, to lack of programming support. In this paper, we present an approach to integrating the ontological description of a pervasive computing environment into a programming language, namely Java. From this ontological description of a pervasive computing environment, a framework is automatically generated. It provides the developer with dedicated programming support to manage, discover and invoke services. Besides, it performs a number of verifications both at compile and run time, ensuring the robustness of applications. |
Keyword(s): IP Telephony,
SIP,
DSL,
SPL.
| Developing a SIP-based telephony service requires a pro- grammer to have expertise in telephony rules and constraints, the SIP protocol, distributed systems, and a SIP API, which is often large and complex. These requirements make the development of telephony software an overwhelming challenge. To overcome this challenge, various programming languages have been proposed to develop telephony services. Nevertheless, none of these languages as yet has a formal semantics. Therefore, the reference implementation, which may not be available, becomes the only source of information for the programmer to understand the subtleties of the language. Furthermore, this situation makes it dificult for third-party developers to port the language to another runtime system or to provide another implementation of the runtime system. This paper presents a semantics-based stepwise approach for designing and developing a scripting language dedicated to the development of telephony services. This approach enables critical properties of services to be guaranteed and captures expertise on the operational behavior of a service. We have applied this approach to developing the Session Processing Language (SPL) dedicated to SIP-based service creation. A variety of services have been written in SPL for our university department. |
Keyword(s): IP Telephony,
SIP,
DSL,
SPL.
| Telephony is evolving at a frantic pace, critically relying on the development of services to offer a host of new functionalities. However, programming Internet telephony services requires an intimate knowledge of a variety of protocols and technologies, which can be a challenge for many programmers. Furthermore, because telephony is a resource heavily relied on, programmability of telephony platforms should not compromise their robustness. This paper presents an approach to creating telephony services that builds on programming language technology (i.e., language design and implementation, language semantics, and program analysis). We have developed a language, named Session Processing Language (SPL), that offers domain-specific constructs, abstracting over the intricacies of the underlying technologies. By design, SPL guarantees critical properties that cannot be verified in general-purpose languages. SPL relies on a Service Logic Execution Environment for SIP (SIP-SLEE) that introduces a design framework for service development based around the notion of session. SPL and SIP-SLEE have been implemented and they are now being used to develop and deploy real services, demonstrating the practical benefits of our approach. |
Keyword(s): IP Telephony,
SIP,
DSL,
SPL.
[bibtex-key = burgy-consel-al:icin2006]
[bibtex-entry]
| In 2001, Chou et al. published a study of faults found by applying a static analyzer to Linux versions 1.0 through 2.4.1. A major result of their work was that the drivers directory contained up to 7 times more of certain kinds of faults than other directories. This result inspired a number of development and research efforts on improving the reliability of driver code. Today, however, Linux is used in a much wider range of environments, provides a much wider range of services, and has adopted a new development and release model. What has been the impact of these changes on code quality? Are drivers still a major problem? To answer these questions, we have attempted to transport, based on the information provided, the experiments of Chou et al. to Linux versions 2.6.0 to 2.6.33, released between late 2003 and early 2010. We find that even if Linux has more than doubled in size during this period, the number of faults per line of code has been decreasing. And, even though drivers still accounts for a large part of the kernel code and contains the most faults, its fault rate is now below that of other directories, such as arch (HAL) and fs (file systems). Such information can guide further development and research efforts. To enable others to continually update the results as Linux evolves, we define our experimental protocol and make our checkers and results available in a public archive. |
Keyword(s): Occurrence histories,
Software quality,
Software evolution,
Static code analysis,
Coccinelle,
Herodotos.
| Software is continually evolving, to improve performance, correct errors, and add new features. Code modifications, however, inevitably lead to the introduction of defects. To prevent the introduction of defects, one has to understand why they occur. Thus, it is important to develop tools and practices that aid in defect finding, tracking and prevention. In this paper, we propose a methodology and associated tool, Herodotos, to study defects over time. Herodotos semi-automatically tracks defects over multiple versions of a software project, independent of other changes in the source files. It builds a graphical history of each defect and gives some statistics based on the results. We have evaluated this approach on the history of a representative range of open source projects over the last three years. For each project, we explore several kinds of defects that have been found by static code analysis. We analyze the generated results to compare the selected software projects and defect kinds. |
[bibtex-key = BURGY:2008:INRIA-00350014:1]
[bibtex-entry]
| This report describes a methodology allowing to translate a SystemC description of a system on chip (SoC) in a layered component-based system consisting of transitions systems with constraints. This translation is formalized as much as possible but must be extended yet. Only simple and frequently used constructs are currently taken into account. The compositionnal aspect allows to reuse components in SystemC but also in Prometheus, tool implementing the component-based verification. The compiler framework respect the modular and component-based framework and is regarded as easily extensible to manage the more complex constructs of SystemC and C++. |