-
Julia Lawall,
Ben Laurie,
René Rydhof Hansen,
Nicolas Palix,
and Gilles Muller.
Finding Error Handling Bugs in OpenSSL using Coccinelle.
In Proceeding of the 8th European Dependable Computing Conference, EDCC 2010,
Valencia, Spain,
April 2010.
Keyword(s): Software quality,
Software evolution,
Static code analysis.
Abstract:
OpenSSL is a library providing various functionalities relating to secure network communication. Detecting and fixing bugs in OpenSSL code is thus essential, particularly when such bugs can lead to malicious attacks. In previous work, we have proposed a methodology for finding API usage protocols in Linux kernel code using the program matching and transformation engine Coccinelle. In this work, we report on our experience in applying this methodology to OpenSSL, focusing on API usage protocols related to error handling. This work has resulted in detection of over 30 bugs in a recent snapshot of OpenSSL, and in many cases it was possible to correct the bugs automatically. Our patches correcting these bugs have been accepted by the OpenSSL developers. This work furthermore confirms the applicability of our methodology to user-level code. |
@INPROCEEDINGS{lawall:edcc10,
ADDRESS = {Valencia, Spain},
AUTHOR = {Julia Lawall and Ben Laurie and Rydhof Hansen, René and Nicolas Palix and Gilles Muller},
BOOKTITLE = {Proceeding of the 8th European Dependable Computing Conference, EDCC 2010},
OPTEDITOR = {},
MONTH = {April},
OPTNOTE = {},
OPTNUMBER = {},
OPTORGANIZATION = {},
OPTPAGES = {},
OPTPUBLISHER = {},
OPTSERIES = {},
TITLE = {Finding Error Handling Bugs in OpenSSL using Coccinelle},
OPTVOLUME = {},
YEAR = {2010},
ABSTRACT = { OpenSSL is a library providing various functionalities relating to secure network communication. Detecting and fixing bugs in OpenSSL code is thus essential, particularly when such bugs can lead to malicious attacks. In previous work, we have proposed a methodology for finding API usage protocols in Linux kernel code using the program matching and transformation engine Coccinelle. In this work, we report on our experience in applying this methodology to OpenSSL, focusing on API usage protocols related to error handling. This work has resulted in detection of over 30 bugs in a recent snapshot of OpenSSL, and in many cases it was possible to correct the bugs automatically. Our patches correcting these bugs have been accepted by the OpenSSL developers. This work furthermore confirms the applicability of our methodology to user-level code. },
OPTDOI = {},
OPTISBN = {},
OPTISSN = {},
KEYWORDS = {Software quality, Software evolution, Static code analysis},
OPTURL = {},
OPTURL-PUBLISHER = {}
}
-
Mads Chr. Olesen,
René Rydhof Hansen,
Julia L. Lawall,
and Nicolas Palix.
Clang and Coccinelle: Synergising program analysis tools for CERT C Secure Coding Standard certification.
In 4th International Workshop on Foundations and Techniques for Open Source Software Certification,
Pisa, Italy,
September 2010.
Keyword(s): automated tool support,
CERT C Secure Coding,
certification,
Clang,
Coccinelle.
Abstract:
Writing correct C programs is well-known to be hard, not least due to the many language features intrinsic to C. Writing secure C programs is even harder and, at times, seemingly impossible. To improve on this situation the US CERT has developed and published a set of coding standards, the “CERT C Secure Coding Standard”, that (in the current version) enumerates 118 rules and 182 recommenda- tions with the aim of making C programs (more) secure. The large number of rules and recommendations makes automated tool support essential for certifying that a given system is in compliance with the standard. In this paper we report on ongoing work on integrating two state of the art analysis tools, Clang and Coccinelle, into a combined tool well suited for analysing and certifying C programs according to, e.g., the CERT C Secure Coding standard or the MISRA (the Motor Industry Software Reliability Assocation) C standard. We further argue that such a tool must be highly adaptable and customisable to each software project as well as to the certification rules required by a given standard. Clang is the C frontend for the LLVM compiler/virtual machine project which in- cludes a comprehensive set of static analyses and code checkers. Coccinelle is a program transformation tool and bug-finder developed originally for the Linux ker- nel, but has been successfully used to find bugs in other Open Source projects such as WINE and OpenSSL. |
@INPROCEEDINGS{Olesen:opencert10,
ADDRESS = {Pisa, Italy},
AUTHOR = {Mads Chr. Olesen and René Rydhof Hansen and Julia L. Lawall and Nicolas Palix},
BOOKTITLE = {4th International Workshop on Foundations and Techniques for Open Source Software Certification},
OPTEDITOR = {},
MONTH = {September},
OPTNOTE = {},
OPTNUMBER = {},
OPTORGANIZATION = {},
OPTPAGES = {},
OPTPUBLISHER = {},
OPTSERIES = {},
TITLE = {Clang and Coccinelle: Synergising program analysis tools for CERT C Secure Coding Standard certification},
OPTVOLUME = {},
YEAR = {2010},
ABSTRACT = { Writing correct C programs is well-known to be hard, not least due to the many language features intrinsic to C. Writing secure C programs is even harder and, at times, seemingly impossible. To improve on this situation the US CERT has developed and published a set of coding standards, the “CERT C Secure Coding Standard”, that (in the current version) enumerates 118 rules and 182 recommenda- tions with the aim of making C programs (more) secure. The large number of rules and recommendations makes automated tool support essential for certifying that a given system is in compliance with the standard. In this paper we report on ongoing work on integrating two state of the art analysis tools, Clang and Coccinelle, into a combined tool well suited for analysing and certifying C programs according to, e.g., the CERT C Secure Coding standard or the MISRA (the Motor Industry Software Reliability Assocation) C standard. We further argue that such a tool must be highly adaptable and customisable to each software project as well as to the certification rules required by a given standard. Clang is the C frontend for the LLVM compiler/virtual machine project which in- cludes a comprehensive set of static analyses and code checkers. Coccinelle is a program transformation tool and bug-finder developed originally for the Linux ker- nel, but has been successfully used to find bugs in other Open Source projects such as WINE and OpenSSL. },
OPTDOI = {},
OPTISBN = {},
OPTISSN = {},
KEYWORDS = {automated tool support, CERT C Secure Coding, certification, Clang, Coccinelle},
OPTURL = {},
OPTURL-PUBLISHER = {}
}
-
Nicolas Palix,
Julia Lawall,
and Gilles Muller.
Tracking Code Patterns over Multiple Software Versions with Herodotos.
In Proceeding of the ACM International Conference on Aspect-Oriented Software Development, AOSD'10,
Rennes and Saint Malo, France,
pages 169-180,
March 2010.
Keyword(s): Occurrence histories,
Software quality,
Software evolution,
Static code analysis,
Coccinelle,
Herodotos.
Abstract:
An important element of understanding a software code base is to identify the repetitive patterns of code it contains and how these evolve over time. Some patterns are useful to the software, and may be modularized. Others are detrimental to the software, such as patterns that represent defects. In this case, it is useful to study the occurrences of such patterns, to identify properties such as when and why they are introduced, how long they persist, and the reasons why they are corrected. To enable studying pattern occurrences over time, we propose a tool, Herodotos, that semi-automatically tracks pattern occurrences over multiple versions of a software project, independent of other changes in the source files. Guided by a user-provided configuration file, Herodotos builds various graphs showing the evolution of the pattern occurrences and computes some statistics. We have evaluated this approach on the history of a representative range of open source projects over the last three years. For each project, we track several kinds of defects that have been found by pattern matching. This tracking is done automatically in 99% of the occurrences. The results allow us to compare the evolution of the selected projects and defect kinds over time. |
@INPROCEEDINGS{palix:aosd10,
ADDRESS = {Rennes and Saint Malo, France},
AUTHOR = {Nicolas Palix and Julia Lawall and Gilles Muller},
BOOKTITLE = {Proceeding of the ACM International Conference on Aspect-Oriented Software Development, AOSD'10},
OPTEDITOR = {},
MONTH = {March},
OPTNOTE = {},
OPTNUMBER = {},
OPTORGANIZATION = {},
PAGES = {169-180},
OPTPUBLISHER = {},
OPTSERIES = {},
TITLE = {Tracking Code Patterns over Multiple Software Versions with Herodotos},
OPTVOLUME = {},
YEAR = {2010},
ABSTRACT = { An important element of understanding a software code base is to identify the repetitive patterns of code it contains and how these evolve over time. Some patterns are useful to the software, and may be modularized. Others are detrimental to the software, such as patterns that represent defects. In this case, it is useful to study the occurrences of such patterns, to identify properties such as when and why they are introduced, how long they persist, and the reasons why they are corrected. To enable studying pattern occurrences over time, we propose a tool, Herodotos, that semi-automatically tracks pattern occurrences over multiple versions of a software project, independent of other changes in the source files. Guided by a user-provided configuration file, Herodotos builds various graphs showing the evolution of the pattern occurrences and computes some statistics. We have evaluated this approach on the history of a representative range of open source projects over the last three years. For each project, we track several kinds of defects that have been found by pattern matching. This tracking is done automatically in 99% of the occurrences. The results allow us to compare the evolution of the selected projects and defect kinds over time. },
DOI = {10.1145/1739230.1739250},
OPTISBN = {},
OPTISSN = {},
KEYWORDS = {Occurrence histories, Software quality, Software evolution, Static code analysis, Coccinelle, Herodotos},
URL = {http://proton.inrialpes.fr/~npalix/papers/aosd10-palix.pdf},
OPTURL-PUBLISHER = {},
PDF = {http://proton.inrialpes.fr/~npalix/papers/aosd10-palix.pdf}
}
-
Nicolas Palix,
Julia L. Lawall,
Gaël Thomas,
and Gilles Muller.
How Often do Experts Make Mistakes?.
In ACP4IS '10: Proceedings of the 9th workshop on Aspects, components, and patterns for infrastructure software,
pages 9-15,
March 2010.
ISBN: 978-3-86956-043-4.
ISSN: 1613-5652.
Keyword(s): DSL,
Coccinelle,
Herodotos.
Abstract:
Large open-source software projects involve developers with a wide variety of backgrounds and expertise. Such software projects furthermore include many internal APIs that developers must understand and use properly. According to the intended purpose of these APIs, they are more or less frequently used, and used by developers with more or less expertise. In this paper, we study the impact of usage patterns and developer expertise on the rate of defects occurring in the use of internal APIs. For this preliminary study, we focus on memory management APIs in the Linux kernel, as the use of these has been shown to be highly error prone in previous work. We study defect rates and developer expertise, to consider e.g., whether widely used APIs are more defect prone because they are used by less experienced developers, or whether defects in widely used APIs are more likely to be fixed. |
@INPROCEEDINGS{acp4is10,
OPTADDRESS = {},
AUTHOR = {Nicolas Palix and Julia L. Lawall and Gaël Thomas and Gilles Muller},
BOOKTITLE = {ACP4IS '10: Proceedings of the 9th workshop on Aspects, components, and patterns for infrastructure software},
OPTEDITOR = {},
MONTH = {March},
OPTNOTE = {},
OPTNUMBER = {},
OPTORGANIZATION = {},
PAGES = {9--15},
OPTPUBLISHER = {},
OPTSERIES = {},
TITLE = {How Often do Experts Make Mistakes?},
OPTVOLUME = {},
YEAR = {2010},
ABSTRACT = {Large open-source software projects involve developers with a wide variety of backgrounds and expertise. Such software projects furthermore include many internal APIs that developers must understand and use properly. According to the intended purpose of these APIs, they are more or less frequently used, and used by developers with more or less expertise. In this paper, we study the impact of usage patterns and developer expertise on the rate of defects occurring in the use of internal APIs. For this preliminary study, we focus on memory management APIs in the Linux kernel, as the use of these has been shown to be highly error prone in previous work. We study defect rates and developer expertise, to consider e.g., whether widely used APIs are more defect prone because they are used by less experienced developers, or whether defects in widely used APIs are more likely to be fixed.},
OPTDOI = {},
ISBN = {978-3-86956-043-4},
ISSN = {1613-5652},
KEYWORDS = {DSL, Coccinelle, Herodotos},
URL = {http://proton.inrialpes.fr/~npalix/papers/acp4is10-palix.pdf},
OPTURL-PUBLISHER = {},
PDF = {http://opus.kobv.de/ubp/volltexte/2010/4122/}
}