Blasting Linux Code

Mühlberg, Jan Tobias; Lüttgen, Gerald

doi:10.1007/978-3-540-70952-7_14

Jan Tobias Mühlberg¹ &
Gerald Lüttgen¹

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 4346))

Included in the following conference series:

International Workshop on Parallel and Distributed Methods in Verification

655 Accesses

Abstract

Computer programs can only run reliably if the underlying operating system is free of errors. In this paper we evaluate, from a practitioner’s point of view, the utility of the popular software model checker Blast for revealing errors in Linux kernel code. The emphasis is on important errors related to memory safety in and locking behaviour of device drivers. Our conducted case studies show that, while Blast’s abstraction and refinement techniques are efficient and powerful, the tool has deficiencies regarding usability and support for analysing pointers, which are likely to prevent kernel developers from using it.

Research funding was provided by the EPSRC under grant GR/S86211/01.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Analyzing a decade of Linux system calls

Article 13 October 2017

Effective Bug Finding in C Programs with Shape and Effect Abstractions

AMCheX: Accurate Analysis of Missing-Check Bugs for Linux Kernel

Article 30 November 2021

References

Ball, T., Rajamani, S.K.: Automatically validating temporal safety properties of interfaces. In: Dwyer, M.B. (ed.) Model Checking Software. LNCS, vol. 2057, pp. 103–122. Springer, Heidelberg (2001)
Chapter Google Scholar
Beyer, D., Chlipala, A.J., Henzinger, T.A., Jhala, R., Majumdar, R.: The BLAST query language for software verification. In: PEPM 2004, pp. 201–202. ACM Press, New York (2004)
Chapter Google Scholar
Beyer, D., Henzinger, T.A., Jhala, R., Majumdar, R.: Checking memory safety with BLAST. In: Cerioli, M. (ed.) FASE 2005. LNCS, vol. 3442, pp. 2–18. Springer, Heidelberg (2005)
Google Scholar
Breuer, P.T., Pickin, S.: Abstract interpretation meets model checking near the 10<Superscript>6</Superscript> LOC mark. In: AVIS 2006, To appear in ENTCS
Google Scholar
Chaki, S., Clarke, E., Groce, A., Ouaknine, J., Strichman, O., Yorav, K.: Efficient verification of sequential and concurrent C programs. FMSD 25(2–3), 129–166 (2004)
MATH Google Scholar
Chou, A., Yang, J., Chelf, B., Hallem, S., Engler, D.R.: An empirical study of operating system errors. In: SOSP 2001, pp. 73–88. ACM Press, New York (2001)
Chapter Google Scholar
Clarke, E.M., Grumberg, O., Peled, D.A.: Model checking. MIT Press, Cambridge (2000)
Google Scholar
Corbet, J., Rubini, A., Kroah-Hartmann, G.: Linux Device Drivers, 3rd edn. O’Reilly, Sebastopol (2005)
Google Scholar
Corbett, J.C., et al.: Bandera: Extracting finite-state models from Java source code. In: ICST 2000, pp. 439–448. SQS Publishing (2000)
Google Scholar
Cousot, P., Cousot, R.: On abstraction in software verification. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 37–56. Springer, Heidelberg (2002)
Chapter Google Scholar
Engler, D.R., Chelf, B., Chou, A., Hallem, S.: Checking system rules using system-specific, programmer-written compiler extensions. In: OSDI 2000, USENIX (2000)
Google Scholar
Engler, D.R., Musuvathi, M.: Static analysis versus software model checking for bug finding. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 191–210. Springer, Heidelberg (2004)
Google Scholar
Henzinger, T.A., Jhala, R., Majumdar, R.: Race checking by context inference. In: PLDI 2004, pp. 1–13. ACM Press, New York (2004)
Chapter Google Scholar
Henzinger, T.A., Jhala, R., Majumdar, R., Sanvido, M.A.A.: Extreme model cecking. In: Dershowitz, N. (ed.) Verification: Theory and Practice. LNCS, vol. 2772, pp. 232–358. Springer, Heidelberg (2004)
Google Scholar
Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: POPL 2002, pp. 58–70. ACM Press, New York (2002)
Chapter Google Scholar
Henzinger, T.A., et al.: Temporal-safety proofs for systems code. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 526–538. Springer, Heidelberg (2002)
Chapter Google Scholar
Holzmann, G.J.: The SPIN model checker. Addison-Wesley, Reading (2003)
Google Scholar
Jie, H., Shivaji, S.: Temporal safety verification of AVFS using BLAST. Project report, Univ. California at Santa Cruz (2004)
Google Scholar
Microsoft Corporation. Static driver verifier: Finding bugs in device drivers at compile-time. http://www.microsoft.com/whdc/devtools/tools/SDV.mspx
Mong, W.S.: Lazy abstraction on software model checking. Project report, Toronto Univ., Canada (2004)
Google Scholar
Necula, G.C., McPeaki, S., Weimer, W.: CCured: Type-safe retrofitting of legacy code. In: POPL 2002, pp. 128–139. ACM Press, New York (2002)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science, University of York, York YO10 5DD, U.K.
Jan Tobias Mühlberg & Gerald Lüttgen

Authors

Jan Tobias Mühlberg
View author publications
You can also search for this author in PubMed Google Scholar
Gerald Lüttgen
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Luboš Brim Boudewijn Haverkort Martin Leucker Jaco van de Pol

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Mühlberg, J.T., Lüttgen, G. (2007). Blasting Linux Code. In: Brim, L., Haverkort, B., Leucker, M., van de Pol, J. (eds) Formal Methods: Applications and Technology. PDMC 2006. Lecture Notes in Computer Science, vol 4346. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70952-7_14

Download citation

DOI: https://doi.org/10.1007/978-3-540-70952-7_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70951-0
Online ISBN: 978-3-540-70952-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics