Mining Windows Kernel API Rules Jinlin Yang 09/28/2005CS696.

Slides:

Advertisements

Similar presentations

Advanced programming tools at Microsoft

Advertisements

The Static Driver Verifier Research Platform

A Survey of Runtime Verification Jonathan Amir 2004.

1 Chao Wang, Yu Yang*, Aarti Gupta, and Ganesh Gopalakrishnan* NEC Laboratories America, Princeton, NJ * University of Utah, Salt Lake City, UT Dynamic.

50.530: Software Engineering Sun Jun SUTD. Week 10: Invariant Generation.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Identification of Distributed Features in SOA Anis Yousefi, PhD Candidate Department of Computing and Software McMaster University July 30,

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.

UC Berkeley Online System Problem Detection by Mining Console Logs Wei Xu* Ling Huang † Armando Fox* David Patterson* Michael Jordan* *UC Berkeley † Intel.

Effectively Prioritizing Tests in Development Environment

Background for “KISS: Keep It Simple and Sequential” cs264 Ras Bodik spring 2005.

1 Thorough Static Analysis of Device Drivers Byron Cook – Microsoft Research Joint work with: Tom Ball, Vladimir Levin, Jakob Lichtenberg,

David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.

1 of 24 Automatic Extraction of Object-Oriented Observer Abstractions from Unit-Test Executions Dept. of Computer Science & Engineering University of Washington,

Thomas Ball, Rupak Majumdar, Todd Millstein, Sriram K. Rajamani Presented by Yifan Li November 22nd In PLDI 01: Programming Language.

1 Perracotta: Mining Temporal API Rules from Imperfect Traces Jinlin Yang David Evans Deepali Bhardwaj Thirumalesh Bhat Manuvir Das.

Department of Software Engineering Faculty of Mathematics and Physics CHARLES UNIVERSITY IN PRAGUE Czech Republic Extracting Zing Models from C Source.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Taming Win32 Threads with Static Analysis Jason Yang Program Analysis Group Center for Software Excellence (CSE) Microsoft Corporation.

Efficient Systematic Testing for Dynamically Updatable Software Christopher M. Hayden, Eric A. Hardisty, Michael Hicks, Jeffrey S. Foster University of.

Synergy: A New Algorithm for Property Checking

Speeding Up Dataflow Analysis Using Flow- Insensitive Pointer Analysis Stephen Adams, Tom Ball, Manuvir Das Sorin Lerner, Mark Seigle Westley Weimer Microsoft.

Capriccio: Scalable Threads for Internet Services Rob von Behren, Jeremy Condit, Feng Zhou, Geroge Necula and Eric Brewer University of California at Berkeley.

Visualizing Type Qualifier Inference with Eclipse David Greenfieldboyce Jeffrey S. Foster University of Maryland.

Threads 1 CS502 Spring 2006 Threads CS-502 Spring 2006.

Dynamically Discovering Likely Program Invariants to Support Program Evolution Michael Ernst, Jake Cockrell, William Griswold, David Notkin Presented by.

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Automatically Extracting and Verifying Design Patterns in Java Code James Norris Ruchika Agrawal Computer Science Department Stanford University {jcn,

Chair of Software Engineering Automatic Verification of Computer Programs.

University of California San Diego Locality Phase Prediction Xipeng Shen, Yutao Zhong, Chen Ding Computer Science Department, University of Rochester Class.

1 Inferring Specifications A kind of review. 2 The Problem Most programs do not have specifications Those that do often fail to preserve the consistency.

Symbolic Path Simulation in Path-Sensitive Dataflow Analysis Hari Hampapuram Jason Yue Yang Manuvir Das Center for Software Excellence (CSE) Microsoft.

Automated Tools for Software Reliability Suhabe Bugrara Stanford University.

Dr. Pedro Mejia Alvarez Software Testing Slide 1 Software Testing: Building Test Cases.

Reverse Engineering State Machines by Interactive Grammar Inference Neil Walkinshaw, Kirill Bogdanov, Mike Holcombe, Sarah Salahuddin.

An Introduction to MBT  what, why and when 张坚

Towards Scalable Modular Checking of User-defined Properties Thomas Ball, MSR Brian Hackett, Mozilla Shuvendu Lahiri, MSR Shaz Qadeer, MSR Julien Vanegue,

Scalable Defect Detection Manuvir Das, Zhe Yang, Daniel Wang Center for Software Excellence Microsoft Corporation.

Parallel and Distributed Computing in Model Checking Diana DUBU (UVT) Dana PETCU (IeAT, UVT)

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

Automatically Inferring Temporal Properties for Program Evolution Jinlin Yang and David Evans 15 th IEEE International Symposium on Software Reliability.

Promising Breaks and Breaking Promises David Evans University of Virginia Program Analysis in Theory and Practice.

Aditya V. Nori, Sriram K. Rajamani Microsoft Research India.

From Quality Control to Quality Assurance…and Beyond Alan Page Microsoft.

SEMINAR WEI GUO. Software Visualization in the Large.

Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.

Jinlin Yang and David Evans [jinlin, Department of Computer Science University of Virginia PASTE 2004 June 7 th 2004

1 Test Selection for Result Inspection via Mining Predicate Rules Wujie Zheng

Glenn Ammons Ras Bodík Jim Larus Univ. of Wisconsin Univ. of Wisconsin Microsoft Research Mining Specifications (lots of) code  specifications.

Effective Interprocedural Resource Leak Detection ICSE 10 Emina Torlak Satish Chandra IBM T.J. Watson Research Center, USA.

Automatically Validating Temporal Safety Properties of Interfaces Thomas Ball, Sriram K. MSR Presented by Xin Li.

Exploiting Code Search Engines to Improve Programmer Productivity and Quality Suresh Thummalapenta Advisor: Dr. Tao Xie Department of Computer Science.

Ali Kheradmand, Baris Kasikci, George Candea Lockout: Efficient Testing for Deadlock Bugs 1.

Effective Static Deadlock Detection Mayur Naik* Chang-Seo Park +, Koushik Sen +, David Gay* *Intel Research, Berkeley + UC Berkeley.

Effective Static Deadlock Detection Mayur Naik (Intel Research) Chang-Seo Park and Koushik Sen (UC Berkeley) David Gay (Intel Research)

1 Proving program termination Lecture 5 · February 4 th, 2008 TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A.

/ PSWLAB Thread Modular Model Checking by Cormac Flanagan and Shaz Qadeer (published in Spin’03) Hong,Shin Thread Modular Model.

MOPS: an Infrastructure for Examining Security Properties of Software Authors Hao Chen and David Wagner Appears in ACM Conference on Computer and Communications.

Beyond Application Profiling to System Aware Analysis Elena Laskavaia, QNX Bill Graham, QNX.

Jeremy Nimmer, page 1 Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science Joint work with.

Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.

Effective Data-Race Detection for the Kernel

Verifying REACT Aleks Milisevic Will Noble Martin Rinard

Robson Ytallo Silva de Oliveira

Yikes! Why is my SystemVerilog Testbench So Slooooow?

Predicate Abstraction

50.530: Software Engineering

Presentation transcript:

Mining Windows Kernel API Rules Jinlin Yang 09/28/2005CS696

09/28/2005Jinlin Yang, CS6962 My Background Bounded exhaustive testing, 09/ /2004 –D. Coppit, J. Yang, S. Khurshid, W. Le, and K. Sullivan. Software Assurance by Bounded Exhaustive Testing. IEEE Transactions on Software Engineering. April 2005 –K. Sullivan, J. Yang, D. Coppit, S. Khurshid, and D. Jackson. Software Assurance by Bounded Exhaustive Testing. ISSTA ‘04 Temporal properties inference, 01/2004-present –J. Yang and D. Evans. Dynamically Inferring Temporal Properties. PASTE ’04 –J. Yang and D. Evans. Automatically Inferring Temporal Properties for Program Evolution. ISSRE ’04 –J. Yang and D. Evans. Automatically Discovering Temporal Properties for Program Verification. Submitted to FMSD –J. Yang, D. Evans, D. Bhardwah, T. Bhat, and M. Das. Terracotta: Mining Temporal API Rules from Imperfect Traces. Submitted to ICSE ‘06

09/28/2005Jinlin Yang, CS6963 Overview Problem: unavailability of specification is a big issue in defect detection Solution: automatically inferring specification from execution traces Benefits: better understanding of legacy code and opportunity to find more defects –Experiments on finding kernel API rules –Found one previously unknown bug in Windows –Found interesting properties that should have been checked

09/28/2005Jinlin Yang, CS6964 Problem Defect detection technique Generic properties –E.g. pointer and buffer usage –PREfix [Bush et al, SP&E00], PREfast –Very effective Application specific properties –E.g. lock/unlock, resource creation/deletion –SLAM/SDV [Ball et al, SPIN01], ESP [Das et al, PLDI02] Where do we get such properties?

09/28/2005Jinlin Yang, CS6965 My Approach Program Instrumented Program Instrumentation Test Suite Execution Traces Running Inferred Properties Property Templates InferencePost-processing Report J. Yang and D. Evans. Dynamically inferring temporal properties. PASTE ‘04.

09/28/2005Jinlin Yang, CS6966 An Example Alternating template (PS)*, P≠S.P and S are placeholders

09/28/2005Jinlin Yang, CS6967 Implementation Terracotta –Inference engine –Context-aware trace analysis –Heuristics for prioritizing and presenting properties Performance linear to length of trace and number of distinct events More information

09/28/2005Jinlin Yang, CS6968 Lessons Missing interesting properties –Original algorithm requires 100% satisfaction Real world is never perfect –Trace collected by sampling –Object information unavailable –Imperfect programs Can we develop better inference to handle this? Too many noises in results –Interesting properties are buried in a group of uninteresting ones Can we develop heuristics to select interesting ones?

09/28/2005Jinlin Yang, CS6969 Refinement of Inference How to detect interesting properties in face of imperfect traces? Example –PS PS PS PS PS PS PS PS PS PPP –The dominant behavior is P and S alternate –10 subtraces, 90% satisfy Alternating

09/28/2005Jinlin Yang, CS69610 Refinement of Inference (2) How to pick out interesting properties? Which one is more likely to be interesting? –Heuristics: C  D is often more interesting –Compute call graph for windows binaries –Keep A  B if B is not reachable from A void A(){... B();... } Case 1 void x(){ C();... D(); } Case 2 void KeSetTimer(){ KeSetTimerEx(); } void x(){ ExAcquireFastMutexUnsafe(&m);... ExReleaseFastMutexUnsafe(&m); }

09/28/2005Jinlin Yang, CS69611 Refinement of Inference (3) Heuristics: the more similar two events are, the more likely that the properties is interesting Relative edit distance between A and B –Partition A and B into words –A has w A words, B has w B, w common words – For example: –Ke Acquire In Stack Queued Spin Lock  Ke Release In Stack Queued Spin Lock –Similarity = 85.7%

09/28/2005Jinlin Yang, CS69612 Results: Kernel Approximation –P AL threshold = 0.90 –7611 properties Call-graph and edit distance based reduction –Use the call-graph of ntoskrnl.exe, edit dist > 0.5 –142 properties. 53 times reduction! –Small enough for manual inspection 56 apparently interesting properties (40%) –Locking discipline –Resource allocation and deletion

09/28/2005Jinlin Yang, CS69613 Result: Kernel (2) Found interesting properties that should be checked –Several types of kernel SpinLock –The Static Device Verifier should have checked them ESP found one previously unknown bug in ntfs.sys –Double-acquire of FastMutex –Confirmed and fixed by the responsible developers M. Das, S. Lerner, and M. Seigle. ESP: Path-Sensitive Program Verification in Polynomial Time. PLDI ‘02 Static Driver Verifier: Finding Bugs in Device Drivers at Compile-Time. WinHEC, April 2004.

09/28/2005Jinlin Yang, CS69614 Summary of Experiments We inferred interesting rules about kernel APIs! –SDV already encodes some properties –We inferred undocumented ones too Inference scales well to realistic traces Approximation is effective in tolerating imperfect traces and detect dominant patterns Call-graph and edit distance based reduction is very effective Check with defect detection tool is promising Other experiments: Vulcan APIs, Daisy file system

09/28/2005Jinlin Yang, CS69615 Conclusion Constructing interesting properties is important and difficult Automatic inference from execution traces is light-weight and effective Practical values –Helping developers understand legacy code –Giving us opportunity of leveraging sophisticated static analysis tools to find application specific defects

09/28/2005Jinlin Yang, CS69616 Q & A For more information Great collaborators –UVa David Evans, Ed Mitchell –Microsoft Stephen Adams, Deepali Bhardwaj, Thirumalesh Bhat, Manuvir Das, Damian Hasse, Marne Staples, Rick Vicik, Jason Yang, Zhe Yang