Improving Error-Handling Code in Systems Software

Reliability is essential in systems software. A key element of ensuring reliability is proper handling of error conditions [26]. In general, the role of error handling code is to return the system to a coherent state, typically by undoing recent operations and releasing recently allocated resources. If some of these resource-releasing operations are omitted, the result can be deadlocks and memory leaks. If resource-releasing operations are performed in the wrong order, the result can be invalid data accesses, such as null-pointer dereferences and double frees. These issues are especially critical in the case of operating systems, such as Linux, as an operating system manages many resources over a long period of time, increasing the amount of error conditions that can occur and resource-releasing operations that are needed, and heightening the accumulated impact of any memory leaks. The C language does not provide any abstractions for exception handling or other forms of error handling, leaving programmers to devise their own conventions for detecting and handling errors. The Linux coding style guidelines suggest placing error handling code at the end of each function, where it can be reached by gotos whenever an error is detected. This coding style has the advantage of putting all of the error-handling code in one place, which eases understanding and maintenance, and reduces code duplication. Nevertheless, this coding style is not always applied. Even when error handling code is structured according to the Linux coding style guidelines, the management of the releasing of allocated resources remains a continual problem in ensuring the robustness of systems code [21]. Missing resource-releasing operations lead to faults in source code. A number of approaches have been proposed to detect such problems [6, 12, 14, 25], but they often have a high rate of false positives, or focus only on commonly used functions. I observe that resource-releasing operations are often found in error-handling code, and that the choice of resource-releasing operation may depend on the context in which it is to be used. The overall goal of my PhD work is to improve error handling in system’s code. I have divided my PhD work into three parts. The first part focuses on improving the structure of error handling code with the goal of helping to reduce the number of system faults that may occur in error handling code in future. The second part focuses on finding existing system faults in the error handling code. The third part focuses on fixing the detected system faults in the error handling code. In the first half of my PhD, I have completed the first part of the PhD work by proposing an approach to improve the structure of error handling code. I have also partially completed the second part of the PhD work by proposing an approach to detect existing resource release omission faults in the error handling code. In the second half of my PhD, I will extend the fault detection approach to detect concurrency and semantic system faults also. Concurrency faults are those that happen only in a multi-threading environment. They are cause by ill-synchronized operations from multiple threads. Semantic faults are faults that are inconsistent with the original design and the programmers’ intention. Finally, in order to complete the third part of my Phd work, I will investigate how to automatically fix all detected system faults in the error handling code. The rest of this report is organized as follows. Section 2 presents an algorithm to improve the structure if error handling code. This work was published in LCTES’11, in the paper An Approach to Improving