ABSTRACT
Unchecked errors are especially pernicious in operating system file management code. Transient or permanent hardware failures are inevitable, and error-management bugs at the file system layer can cause silent, unrecoverable data corruption. We propose an interprocedural static analysis that tracks errors as they propagate through file system code. Our implementation detects overwritten, out-of-scope, and unsaved unchecked errors. Analysis of four widely-used Linux file system implementations (CIFS, ext3, IBM JFS and ReiserFS), a relatively new file system implementation (ext4), and shared virtual file system (VFS) code uncovers 312 error propagation bugs. Our flow- and context-sensitive approach produces more precise results than related techniques while providing better diagnostic information, including possible execution paths that demonstrate each bug found.
- M. W. Bigrigg and J. J. Vos. The set-check-use methodology for detecting error propagation failures in I/O routines. In Workshop on Dependability Benchmarking, Washington, DC, June 2002.Google Scholar
- R. E. Bryant. Binary decision diagrams and beyond: enabling technologies for formal verification. In R. L. Rudell, editor, ICCAD, pages 236--243. IEEE Computer Society, 1995. Google ScholarDigital Library
- D. Callahan. The program summary graph and flow-sensitive interprocedural data flow analysis. In PLDI, pages 47--56, 1988. Google ScholarDigital Library
- G. Candea, M. Delgado, M. Chen, and A. Fox. Automatic failure-path inference: A generic introspection technique for Internet applications. In Proceedings of the The Third IEEE Workshop on Internet Applications (WIAPP '03), pages 132--141, San Jose, California, June 2003. IEEE. Google ScholarDigital Library
- A. Dilger. Error propagation bugs in ext4. Personal communication, Nov. 2008.Google Scholar
- D. Evans. LCLint User's Guide. University of Virginia, May 2000.Google Scholar
- C. A. Flanagan and M. Burrows. System and method for dynamically detecting unchecked error condition values in computer programs. United States Patent #6,378,081 B1, Apr. 2002.Google Scholar
- J. B. Goodenough. Structured exception handling. In POPL, pages 204--224, 1975. Google ScholarDigital Library
- T. Goradia. Dynamic impact analysis: A cost-effective technique to enforce error-propagation. In ISSTA, pages 171--181, 1993. Google ScholarDigital Library
- A. D. Groce. Problem solved. Personal communication, Jan. 2009.Google Scholar
- H. S. Gunawi, C. Rubio-González, A. C. Arpaci-Dusseau, R. H. Arpaci-Dusseau, and B. Liblit. EIO: Error handling is occasionally correct. In 6th USENIX Conference on File and Storage Technologies (FAST '08), San Jose, California, Feb. 2008. Google ScholarDigital Library
- P. J. Guo, J. H. Perkins, S. McCamant, and M. D. Ernst. Dynamic inference of abstract types. In L. L. Pollock and M. Pezzè, editors, ISSTA, pages 255--265. ACM, 2006. Google ScholarDigital Library
- M. Hiller, A. Jhumka, and N. Suri. An approach for analysing the propagation of data errors in software. In DSN, pages 161--172. IEEE Computer Society, 2001. Google ScholarDigital Library
- M. Hiller, A. Jhumka, and N. Suri. Propane: an environment for examining the propagation of errors in software. In ISSTA, pages 81--85, 2002. Google ScholarDigital Library
- M. Hiller, A. Jhumka, and N. Suri. Epic: Profiling the propagation and effect of data errors in software. IEEE Trans. Computers, 53(5): 512--530, 2004. Google ScholarDigital Library
- A. Jhumka, M. Hiller, and N. Suri. Assessing inter-modular error propagation in distributed software. In SRDS, pages 152--161. IEEE Computer Society, 2001.Google ScholarCross Ref
- A. Johansson and N. Suri. Error propagation profiling of operating systems. In DSN, pages 86--95. IEEE Computer Society, 2005. Google ScholarDigital Library
- N. Kidd, T. Reps, and A. Lal. WALi: A C++ library for weighted pushdown systems. http://www.cs.wisc.edu/wpis/wpds/download.php, 2008.Google Scholar
- A. Lal, T.W. Reps, and G. Balakrishnan. Extended weighted pushdown systems. In K. Etessami and S. K. Rajamani, editors, CAV, volume 3576 of Lecture Notes in Computer Science, pages 434--448. Springer, 2005. Google ScholarDigital Library
- A. Lal, N. Kidd, T.W. Reps, and T. Touili. Abstract error projection. In H. R. Nielson and G. Filé, editors, SAS, volume 4634 of Lecture Notes in Computer Science, pages 200--217. Springer, 2007. Google ScholarDigital Library
- A. Lal, T. Touili, N. Kidd, and T. Reps. Interprocedural analysis of concurrent programs under a context bound. Technical Report 1598, University of Wisconsin--Madison, July 2007.Google Scholar
- J. Lind-Nielsen. BuDDy -- A Binary Decision Diagram Package. http://sourceforge.net/projects/buddy, 2004.Google Scholar
- B. Liskov. A history of CLU. In HOPL Preprints, pages 133--147, 1993. Google ScholarDigital Library
- G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In R. N. Horspool, editor, CC, volume 2304 of Lecture Notes in Computer Science, pages 213--228. Springer, 2002. Google ScholarDigital Library
- T. W. Reps, S. Schwoon, S. Jha, and D. Melski. Weighted pushdown systems and their application to interprocedural dataflow analysis. Sci.Comput. Program., 58(1--2):206--263, 2005. Google ScholarDigital Library
- P. Sacramento, B. Cabral, and P. Marques. Unchecked exceptions: Can the programmer be trusted to document exceptions? In Second International Conference on Innovative Views of .NET Technologies, Florianópolis, Brazil, Oct. 2006. Microsoft.Google Scholar
- S. Schwoon. Model-Checking Pushdown Systems. PhD thesis, Technical Univ. of Munich, Munich, Germany, July 2002.Google Scholar
- K. G. Shin and T.-H. Lin. Modeling and measurement of error propagation in a multimodule computing system. IEEE Trans. Computers, 37(9):1053--1066, 1988. Google ScholarDigital Library
- Sun Microsystems, Inc. Unchecked exceptions -- the controversy. http://java.sun.com/docs/books/tutorial/essential/exceptions/runtime.html, Aug. 2007.Google Scholar
- M. van Dooren and E. Steegmans. Combining the robustness of checked exceptions with the flexibility of unchecked exceptions using anchored exception declarations. In R. Johnson and R. P. Gabriel, editors, OOPSLA, pages 455--471. ACM, 2005. Google ScholarDigital Library
- M. N. Wegman and F. K. Zadeck. Constant propagation with conditional branches. In POPL, pages 291--299, 1985. Google ScholarDigital Library
- J. Yang, P. Twohey, D. R. Engler, and M. Musuvathi. Using model checking to find serious file system errors. ACM Trans. Comput. Syst., 24(4):393--423, 2006. Google ScholarDigital Library
Index Terms
- Error propagation analysis for file systems
Recommendations
Error propagation analysis for file systems
PLDI '09Unchecked errors are especially pernicious in operating system file management code. Transient or permanent hardware failures are inevitable, and error-management bugs at the file system layer can cause silent, unrecoverable data corruption. We propose ...
Defective error/pointer interactions in the Linux kernel
ISSTA '11: Proceedings of the 2011 International Symposium on Software Testing and AnalysisLinux run-time errors are represented by integer values referred to as error codes. These values propagate across long function-call chains before being handled. As these error codes propagate, they are often temporarily or permanently encoded into ...
Expect the unexpected: error code mismatches between documentation and the real world
PASTE '10: Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineeringInaccurate documentation can mislead programmers and cause software to fail in unexpected ways. We examine mismatches between documented and actual error codes returned by 42 Linux file-related system calls. We use static program analysis to identify ...
Comments