Finding Bugs in Open Source Kernels using Parfait
نویسندگان
چکیده
Parfait is a static bug checking tool for C/C++ source code, which is designed to be both scalable and precise. Requirements for this tool were derived from interaction with the Solaris operating system team, where it was required to check millions of lines of code in a time-efficient manner, with minimal noise and a low cost of integration into the build process. This paper gives an overview of the Parfait tool and present the results of running Parfait over the OpenSolaris, Linux and OpenBSD operating system kernels. It will also summarise the graphical reporting tool which helps developers quickly understand where bugs are in source code.
منابع مشابه
Simple and Effective Static Analysis to Find Bugs
Title of dissertation: SIMPLE AND EFFECTIVE STATIC ANALYSIS TO FIND BUGS David H. Hovemeyer, Doctor of Philosophy, 2005 Dissertation directed by: Professor William W. Pugh Department of Computer Science Much research in recent years has focused on using static analysis to find bugs in software. Many new approaches employing sophisticated program analysis techniques—inter-procedural, context-sen...
متن کاملFinding Bugs in Source Code Using Commonly Available Development Metadata
Developers and security analysts have been using static analysis for a long time to analyze programs for defects and vulnerabilities. Generally a static analysis tool is run on the source code for a given program, flagging areas of code that need to be further inspected by a human analyst. These tools tend to work fairly well – every year they find many important bugs. These tools are more impr...
متن کاملBug shallowness in open-source, Macintosh software
Central to the power of open-source software is bug shallowness, the relative ease of finding and fixing bugs. The open-source movement began with Unix software, so many users were also programmers capable of finding and fixing bugs given the source code. But as the open-source movement reaches the Macintosh platform, bugs may not be shallow because few Macintosh users are programmers. Based on...
متن کاملPrecise and Scalable Detection of Double-Fetch Bugs in OS Kernels
During system call execution, it is common for operating system kernels to read userspace memory multiple times (multi-reads). A critical bug may exist if the fetched userspace memory is subject to change across these reads, i.e., a race condition, which is known as a double-fetch bug. Prior works have attempted to detect these bugs both statically and dynamically. However, due to their imprope...
متن کاملperf fuzzer: Targeted Fuzzing of the perf event open() System Call
Fuzzing is a process where random, almost valid, input streams are automatically generated and fed into computer systems in order to test the robustness of userexposed interfaces. We fuzz the Linux kernel system call interface; unlike previous work that attempts to generically fuzz all of an operating system’s system calls, we explore the effectiveness of using specific domain knowledge and foc...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009