Presentation is loading. Please wait.

Presentation is loading. Please wait.

Checking System Rules Using System-Specific, Programmer- Written Compiler Extensions Dawson Engler, Benjamin Chelf, Andy Chow, Seth Hallem Computer Systems.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Checking System Rules Using System-Specific, Programmer- Written Compiler Extensions Dawson Engler, Benjamin Chelf, Andy Chow, Seth Hallem Computer Systems."— Presentation transcript:

1 Checking System Rules Using System-Specific, Programmer- Written Compiler Extensions Dawson Engler, Benjamin Chelf, Andy Chow, Seth Hallem Computer Systems Laboratory Stanford University

2 What are system rules? z“variable A must be guarded by lock B” z“system calls must check user pointers before using them” z“message handlers must free their buffer before completing” z…… Rules in systems software must be obeyed for correctness and performance

3 How to check rules? zVerification   rigorous but hard to construct specifications zTesting   dynamic but misses many cases and makes diagnosis difficult zManual inspection   semantic level powerful but unreliable and tedious zStatic compiler analysis  Ôcan perform automatic check with source code, but needs semantic help!

4 Approach in this paper zUsing extensions written by implementers to help compiler checking system rules  System implementors uses meta-level compilation (MC) to write simple system-specific compiler extensions  checks are automatically made on code for rule violations

5 Benefits: 4take into account semantics Ôcomparing to pure static compile analysis 4automatic Ôcomparing to manual inspections 4general, extensible Ôcomparing to related work focusing on specific errors  rules usually are easy to express Ôcomparing to formal verification

6 How it works? zrules as compiler extensions written in a high-level, state- machine language--metal  extensions dynamically linked into extensible compiler, xg++  extensions are applied down every possible execution path by xg++ on internal representation form zUsing patterns to match key source code, causing transitions between states

7 A simple rule example //This example checks disabled interrupt to the end and //duplicate enable/disable calls //define patterns pat enable = { sti(); }|{ restore_flags(flags); }; pat disable = { cli(); }; //States, the first state is the initial state is_enabled: disable ==> is_disabled | enable ==> { err(“double enable”); }; is_disabled: enable==>is_enabled | disable ==> { err(“double disable”); } | $end_of_path$ ==> { err(“exiting with intr disabled!”; };

8 Rule template and more examples

9 Applying this approach  Check illegal actions in assert zApply check on Linux and OpenBSD ycopyin/copyout ymemory management zEnforce rules globally across functions zCheck Linux mutual exclusion zOptimize FLASH

10 Conclusion 4A general approach with easy to write rules, easy to implement extensions 4Succeeded in checking real systems --- found more than 500 bugs 4Use of meta-level compilation can significantly aid system construction

11 Discussion zWhen propagating the rules through the code, should it be: ÔFlow-sensitive? Apply down all path ÔFlow-insensitive? Apply linearly through the code

Download ppt "Checking System Rules Using System-Specific, Programmer- Written Compiler Extensions Dawson Engler, Benjamin Chelf, Andy Chow, Seth Hallem Computer Systems."

Similar presentations

Static Analysis for Security

Static Analysis for Security
Model Driven Generative Programming Reza Azimi February 6, 2003 ECE1770: Trends in Middleware Systems.

Model Driven Generative Programming Reza Azimi February 6, 2003 ECE1770: Trends in Middleware Systems.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.
Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.

Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.
1 Chao Wang, Yu Yang*, Aarti Gupta, and Ganesh Gopalakrishnan* NEC Laboratories America, Princeton, NJ * University of Utah, Salt Lake City, UT Dynamic.

1 Chao Wang, Yu Yang*, Aarti Gupta, and Ganesh Gopalakrishnan* NEC Laboratories America, Princeton, NJ * University of Utah, Salt Lake City, UT Dynamic.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Assembly Code Verification Using Model Checking Hao XIAO Singapore University of Technology and Design.

Assembly Code Verification Using Model Checking Hao XIAO Singapore University of Technology and Design.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
CS 355 – Programming Languages

CS 355 – Programming Languages
Bastian Schlich Ansgar Fehnker, Ralf Huuck, and Michael Tapp (National ICT Australia) Automatic Bug Detection in Microcontroller.

Bastian Schlich Ansgar Fehnker, Ralf Huuck, and Michael Tapp (National ICT Australia) Automatic Bug Detection in Microcontroller.
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
Aliases in a bug finding tool Benjamin Chelf Seth Hallem June 5 th, 2002.

Aliases in a bug finding tool Benjamin Chelf Seth Hallem June 5 th, 2002.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Operational Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Operational Semantics.
Chapter 16 Programming and Languages: Telling the Computer What to Do.

Chapter 16 Programming and Languages: Telling the Computer What to Do.
MULTIVIE W Checking System Rules Using System-Specific, Program-Written Compiler Extensions Paper: Dawson Engler, Benjamin Chelf, Andy Chou, and Seth Hallem.

MULTIVIE W Checking System Rules Using System-Specific, Program-Written Compiler Extensions Paper: Dawson Engler, Benjamin Chelf, Andy Chou, and Seth Hallem.
Chair of Software Engineering Automatic Verification of Computer Programs.

Chair of Software Engineering Automatic Verification of Computer Programs.
FIGURE 1-1 A Computer System

FIGURE 1-1 A Computer System
“A System and Language for Building System-Specific, Static Analyses” CMSC 631 – Fall 2003 Seth Hallem, Benjamin Chelf, Yichen Xie, and Dawson Engler (presented.

“A System and Language for Building System-Specific, Static Analyses” CMSC 631 – Fall 2003 Seth Hallem, Benjamin Chelf, Yichen Xie, and Dawson Engler (presented.
End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI 48019-2122.

End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI

Similar presentations

Ads by Google