SHF: Small: Collaborative Research: Static Analysis Infrastructure for Variability-Aware Bug Detection and Translation of Highly-Configurable Software Systems

SHF：小型：协作研究：用于高度可配置软件系统的可变性缺陷检测和转换的静态分析基础设施

• 批准号: 1816951
• 负责人: Shiyi Wei
• 金额: $ 24.13万
• 依托单位: University of Texas at Dallas
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2022-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1816951&HistoricalAwards=false
• 关键词: SHF; Small; Collaborative; Research; Static

Highly-configurable systems, e.g., the Linux kernel, form our most critical infrastructure, underpinning everything from high-performance computing clusters to IoT devices. Keeping these systems secure and reliable with automated tools is essential. However, tool support is lacking for such systems because of the complexity and scale of their configurability. This leaves some of the most critical software with some of the least tool support. The problem is that most software tools are not variability-aware; that is, they do not account for the many configurations of the software. Serious defects, including null pointer errors and buffer overflows, can and do appear in specific configurations, making them hard to find without accounting for variability. The goal of this project is to advance the state of the art for systems development and debugging, resulting in more secure and less error-prone systems, benefiting the millions who rely on highly-configurable software infrastructure.To solve these challenges, this project aims to develop the infrastructure, analysis techniques, and language support for debugging and maintaining configurable software systems written in C-family languages, currently lacking for software developers. The first part of the project is to develop a front-end infrastructure that captures these sources of variability in a new intermediate representation. Such reusable infrastructure is crucial to the development of state-of-the-art analyses. The second part seeks to create variability-aware versions of static analyses and propose new inter-procedural analyses that enable tradeoffs between scalability and precision. While static analysis has proven useful for detecting bugs, accounting for configurations increases the complexity of analysis. Systematic extensions to bug detection algorithms based on these new analyses can target previously obscured bugs. Since the C preprocessor has long been recognized as a source of problems, the third part of this project is to develop new language extensions to C, supplanting preprocessor usage and enabling compiler support for variability specifications. Translators to the new language based on our front-end analysis infrastructure will enable existing software to benefit from the new language. The PIs on this project will mentor graduate students and are committed to promoting female and under-represented minority participation. Artifacts developed in this project will be used in courses to introduce students to state-of-the-art software tool development.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

高度可配置的系统，例如Linux内核构成了我们最关键的基础架构，从高性能计算簇到IoT设备的所有基础。 使用自动化工具确保这些系统安全可靠。 但是，由于其可配置性的复杂性和规模，因此缺乏此类系统的工具支持。 这使一些最关键的软件具有一些工具支持最少的支持。 问题在于，大多数软件工具不是可变性的；也就是说，它们没有说明软件的许多配置。 严重的缺陷，包括无效的指针错误和缓冲区溢出，可以并且确实以特定的配置出现，从而使它们难以在不考虑可变性的情况下找到。 The goal of this project is to advance the state of the art for systems development and debugging, resulting in more secure and less error-prone systems, benefiting the millions who rely on highly-configurable software infrastructure.To solve these challenges, this project aims to develop the infrastructure, analysis techniques, and language support for debugging and maintaining configurable software systems written in C-family languages, currently lacking for software developers. 该项目的第一部分是开发一个前端基础架构，该基础架构在新的中间表示中捕获这些可变性来源。这种可重复使用的基础设施对于最新分析的发展至关重要。 第二部分旨在创建静态分析的可变性版本，并提出新的过程间分析，以在可扩展性和精度之间进行权衡。 虽然静态分析已被证明可用于检测错误，但对配置的考虑会增加分析的复杂性。 基于这些新分析的错误检测算法的系统扩展可以针对以前被遮盖的错误。 由于长期以来，C Preadosesor一直被认为是问题的来源，因此该项目的第三部分是为C开发新的语言扩展，取代预处理器使用情况并为可变性规格提供编译器支持。 基于我们的前端分析基础架构将转换为新语言，将使现有软件能够从新语言中受益。 该项目的PI将指导研究生，并致力于促进女性和代表性不足的少数参与。 该项目中开发的文物将在课程中使用，以向学生介绍最先进的软件工具开发。该奖项反映了NSF的法定任务，并且使用基金会的知识分子优点和更广泛的影响审查标准，被认为值得通过评估来提供支持。

项目成果

SugarC: scalable desugaring of real-world preprocessor usage into pure C

SugarC：将现实世界的预处理器使用可扩展地脱糖为纯 C

• DOI: 10.1145/3510003.3512763
• 发表时间: 2022
• 期刊: ICSE '22: Proceedings of the 44th International Conference on Software Engineering
• 作者: Patterson, Zachary;Zhang, Zenong;Pappas, Brent;Wei, Shiyi;Gazzillo, Paul
• 通讯作者: Gazzillo, Paul

Conditional compilation is dead, long live conditional compilation!

条件编译已死，条件编译万岁！

• DOI: 10.1109/icse-nier.2019.00035
• 发表时间: 2019
• 期刊: Proceedings - International Conference on Software Engineering
• 作者: Gazzillo, Paul;Wei, Shiyi
• 通讯作者: Wei, Shiyi

An empirical study of real-world variability bugs detected by variability-oblivious tools

• DOI: 10.1145/3338906.3338967
• 发表时间: 2019-08
• 期刊: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
• 作者: Austin Mordahl;Jeho Oh;Ugur Koc;Shiyi Wei;Paul Gazzillo

Static data-flow analysis for software product lines in C: Revoking the preprocessor’s special role

C 语言中软件产品线的静态数据流分析：撤销预处理器的特殊角色

• DOI: 10.1007/s10515-022-00333-1
• 发表时间: 2022
• 期刊: Automated Software Engineering
• 影响因子: 3.4
• 作者: Schubert, Philipp Dominik;Gazzillo, Paul;Patterson, Zach;Braha, Julian;Schiebel, Fabian;Hermann, Ben;Wei, Shiyi;Bodden, Eric
• 通讯作者: Bodden, Eric

Toward detection and characterization of variability bugs in configurable C software: an empirical study

可配置 C 软件中可变性错误的检测和表征：一项实证研究

• DOI: 10.1109/icse-companion.2019.00064
• 发表时间: 2019
• 期刊: Proceedings - International Conference on Software Engineering
• 作者: Mordahl, Austin