Checking System Rules Using System-Specific, Programmer- Written Compiler Extensions Dawson Engler, Benjamin Chelf, Andy Chow, Seth Hallem Computer Systems.

Slides:

Advertisements

Similar presentations

Static Analysis for Security

Advertisements

Model Driven Generative Programming Reza Azimi February 6, 2003 ECE1770: Trends in Middleware Systems.

Semantics Static semantics Dynamic semantics attribute grammars

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.

Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.

1 Chao Wang, Yu Yang*, Aarti Gupta, and Ganesh Gopalakrishnan* NEC Laboratories America, Princeton, NJ * University of Utah, Salt Lake City, UT Dynamic.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Assembly Code Verification Using Model Checking Hao XIAO Singapore University of Technology and Design.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

CS 355 – Programming Languages

Bastian Schlich Ansgar Fehnker, Ralf Huuck, and Michael Tapp (National ICT Australia) Automatic Bug Detection in Microcontroller.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Aliases in a bug finding tool Benjamin Chelf Seth Hallem June 5 th, 2002.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Operational Semantics.

Chapter 16 Programming and Languages: Telling the Computer What to Do.

MULTIVIE W Checking System Rules Using System-Specific, Program-Written Compiler Extensions Paper: Dawson Engler, Benjamin Chelf, Andy Chou, and Seth Hallem.

Chair of Software Engineering Automatic Verification of Computer Programs.

FIGURE 1-1 A Computer System

“A System and Language for Building System-Specific, Static Analyses” CMSC 631 – Fall 2003 Seth Hallem, Benjamin Chelf, Yichen Xie, and Dawson Engler (presented.

End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI

1 Software Testing and Quality Assurance Lecture 1 Software Verification & Validation.

Gaurav S. Kc, 1 MC: Meta-level Compilation Extending the Process of Code Compilation with Application-Specific Information.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

1.3 Executing Programs. How is Computer Code Transformed into an Executable? Interpreters Compilers Hybrid systems.

CASE Tools And Their Effect On Software Quality Peter Geddis – pxg07u.

Introduction to High-Level Language Programming

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Verification and Validation Yonsei University 2 nd Semester, 2014 Sanghyun Park.

1 Yolanda Gil Information Sciences InstituteJanuary 10, 2010 Requirements for caBIG Infrastructure to Support Semantic Workflows Yolanda.

Open Source Software An Introduction. The Creation of Software l As you know, programmers create the software that we use l What you may not understand.

A Simple Method for Extracting Models from Protocol Code David Lie, Andy Chou, Dawson Engler and David Dill Computer Systems Laboratory Stanford University.

CSCE 548 Code Review. CSCE Farkas2 Reading This lecture: – McGraw: Chapter 4 – Recommended: Best Practices for Peer Code Review,

Inferring and checking system rules by static analysis William R Wright.

Programming Models & Runtime Systems Breakout Report MICS PI Meeting, June 27, 2002.

1 2. Program Construction in Java Programming Fundamentals.

Richard Mancusi - CSCI 297 Static Analysis and Modeling Tools which allows further checking of software systems.

Model Based Testing Group 7  Nishanth Chandradas ( )  George Stavrinides ( )  Jeyhan Hizli ( )  Talvinder Judge ( )  Saajan.

ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.

Static Code Checking: Security and Concurrency Ben Watson The George Washington University CS 297 Security and Programming Languages June 9, 2005.

16 August Verilog++ Assertion Extension Requirements Proposal.

1 Phase Implementation. Janice Regan, Overview of Implementation phase Create Class Skeletons Define Implementation Plan (+ determine subphases)

1 Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions Dawson Engler Benjamin Chelf Andy Chou Seth Hallem Stanford University.

3.2 Semantics. 2 Semantics Attribute Grammars The Meanings of Programs: Semantics Sebesta Chapter 3.

Chapter 3 Part II Describing Syntax and Semantics.

Semantics In Text: Chapter 3.

Syntax and Semantics CIS 331 Syntax: the form or structure of the expressions, statements, and program units. Semantics: the meaning of the expressions,

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University IWPSE 2003 Program.

Software Development Problem Analysis and Specification Design Implementation (Coding) Testing, Execution and Debugging Maintenance.

Benchmarking Effectiveness for Object-Oriented Unit Testing Anthony J H Simons and Christopher D Thomson.

SAFE KERNEL EXTENSIONS WITHOUT RUN-TIME CHECKING George C. Necula Peter Lee Carnegie Mellon U.

R-Verify: Deep Checking of Embedded Code James Ezick † Donald Nguyen † Richard Lethin † Rick Pancoast* (†) Reservoir Labs (*) Lockheed Martin The Eleventh.

“ A Simple Method for Extracting Models From Protocol Code ” David Lie, Andy Chou, Dawson Engler and David D. Dill Presented by Anna Zamansky.

MOPS: an Infrastructure for Examining Security Properties of Software Authors Hao Chen and David Wagner Appears in ACM Conference on Computer and Communications.

Compilers and Interpreters

/ PSWLAB Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions by D. Engler, B. Chelf, A. Chou, S. Hallem published.

Checking System Rules Using System-Specific Programmer Written Compiler Extensions Dawson Engler, Benjamin Chelf, Andy Chou and Seth Hallem Presented by:

Introduction to Computer Programming Concepts M. Uyguroğlu R. Uyguroğlu.

SOFTWARE TESTING LECTURE 9. OBSERVATIONS ABOUT TESTING “ Testing is the process of executing a program with the intention of finding errors. ” – Myers.

CS 5150 Software Engineering Lecture 21 Reliability 2.

Programming Language Basics. What is a Programming Language? “A computer, human-created language used to write instructions for a computer.” “An artificial.

BY Al Bessey, Ken Block, Ben Chelf, Andy Chou,

Source Analysis for Security

Introduction to Compiler Construction

Software Verification and Validation

Programming Language Basics

CSE 451: Operating Systems Autumn 2003 Lecture 7 Synchronization

CSE 451: Operating Systems Autumn 2005 Lecture 7 Synchronization

CSE 451: Operating Systems Winter 2003 Lecture 7 Synchronization

CSE 542: Operating Systems

Presentation transcript:

Checking System Rules Using System-Specific, Programmer- Written Compiler Extensions Dawson Engler, Benjamin Chelf, Andy Chow, Seth Hallem Computer Systems Laboratory Stanford University

What are system rules? z“variable A must be guarded by lock B” z“system calls must check user pointers before using them” z“message handlers must free their buffer before completing” z…… Rules in systems software must be obeyed for correctness and performance

How to check rules? zVerification   rigorous but hard to construct specifications zTesting   dynamic but misses many cases and makes diagnosis difficult zManual inspection   semantic level powerful but unreliable and tedious zStatic compiler analysis  Ôcan perform automatic check with source code, but needs semantic help!

Approach in this paper zUsing extensions written by implementers to help compiler checking system rules  System implementors uses meta-level compilation (MC) to write simple system-specific compiler extensions  checks are automatically made on code for rule violations

Benefits: 4take into account semantics Ôcomparing to pure static compile analysis 4automatic Ôcomparing to manual inspections 4general, extensible Ôcomparing to related work focusing on specific errors  rules usually are easy to express Ôcomparing to formal verification

How it works? zrules as compiler extensions written in a high-level, state- machine language--metal  extensions dynamically linked into extensible compiler, xg++  extensions are applied down every possible execution path by xg++ on internal representation form zUsing patterns to match key source code, causing transitions between states

A simple rule example //This example checks disabled interrupt to the end and //duplicate enable/disable calls //define patterns pat enable = { sti(); }|{ restore_flags(flags); }; pat disable = { cli(); }; //States, the first state is the initial state is_enabled: disable ==> is_disabled | enable ==> { err(“double enable”); }; is_disabled: enable==>is_enabled | disable ==> { err(“double disable”); } | $end_of_path$ ==> { err(“exiting with intr disabled!”; };

Rule template and more examples

Applying this approach  Check illegal actions in assert zApply check on Linux and OpenBSD ycopyin/copyout ymemory management zEnforce rules globally across functions zCheck Linux mutual exclusion zOptimize FLASH

Conclusion 4A general approach with easy to write rules, easy to implement extensions 4Succeeded in checking real systems --- found more than 500 bugs 4Use of meta-level compilation can significantly aid system construction

Discussion zWhen propagating the rules through the code, should it be: ÔFlow-sensitive? Apply down all path ÔFlow-insensitive? Apply linearly through the code