SHF: Small: Collaborative Research: Static Analysis Infrastructure for Variability-Aware Bug Detection and Translation of Highly-Configurable Software Systems

SHF：小型：协作研究：用于高度可配置软件系统的可变性缺陷检测和转换的静态分析基础设施

• 批准号: 1840934
• 负责人: Paul Gazzillo
• 金额: $ 22.91万
• 依托单位: The University of Central Florida Board of Trustees
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2022-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1840934&HistoricalAwards=false
• 关键词: SHF; Small; Collaborative; Research; Static

Highly-configurable systems, e.g., the Linux kernel, form our most critical infrastructure, underpinning everything from high-performance computing clusters to IoT devices. Keeping these systems secure and reliable with automated tools is essential. However, tool support is lacking for such systems because of the complexity and scale of their configurability. This leaves some of the most critical software with some of the least tool support. The problem is that most software tools are not variability-aware; that is, they do not account for the many configurations of the software. Serious defects, including null pointer errors and buffer overflows, can and do appear in specific configurations, making them hard to find without accounting for variability. The goal of this project is to advance the state of the art for systems development and debugging, resulting in more secure and less error-prone systems, benefiting the millions who rely on highly-configurable software infrastructure.To solve these challenges, this project aims to develop the infrastructure, analysis techniques, and language support for debugging and maintaining configurable software systems written in C-family languages, currently lacking for software developers. The first part of the project is to develop a front-end infrastructure that captures these sources of variability in a new intermediate representation. Such reusable infrastructure is crucial to the development of state-of-the-art analyses. The second part seeks to create variability-aware versions of static analyses and propose new inter-procedural analyses that enable tradeoffs between scalability and precision. While static analysis has proven useful for detecting bugs, accounting for configurations increases the complexity of analysis. Systematic extensions to bug detection algorithms based on these new analyses can target previously obscured bugs. Since the C preprocessor has long been recognized as a source of problems, the third part of this project is to develop new language extensions to C, supplanting preprocessor usage and enabling compiler support for variability specifications. Translators to the new language based on our front-end analysis infrastructure will enable existing software to benefit from the new language. The PIs on this project will mentor graduate students and are committed to promoting female and under-represented minority participation. Artifacts developed in this project will be used in courses to introduce students to state-of-the-art software tool development.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

高度可配置的系统，例如，Linux内核构成了我们最关键基础架构，支撑着从高性能计算集群到物联网设备的一切。 使用自动化工具保持这些系统的安全性和可靠性至关重要。 然而，工具支持是缺乏这样的系统，因为它们的可配置性的复杂性和规模。 这使得一些最关键的软件得到了最少的工具支持。 问题是大多数软件工具都不是可变性感知的;也就是说，它们没有考虑软件的许多配置。 包括空指针错误和缓冲区溢出在内的严重缺陷可能而且确实出现在特定配置中，因此在不考虑可变性的情况下很难找到它们。 该项目的目标是提高系统开发和调试的技术水平，从而使系统更安全，更不易出错，使数百万依赖高度可配置软件基础设施的人受益。为了解决这些挑战，该项目旨在开发基础设施，分析技术和语言支持，用于调试和维护用C系列语言编写的可配置软件系统，目前缺乏软件开发人员。 该项目的第一部分是开发一个前端基础设施，在一个新的中间表示中捕获这些可变性来源。这种可重复使用的基础设施对于开发最先进的分析至关重要。 第二部分旨在创建静态分析的可变性感知版本，并提出新的跨过程分析，使可扩展性和精度之间的权衡。 虽然静态分析已被证明对检测bug很有用，但考虑配置会增加分析的复杂性。 基于这些新的分析，对错误检测算法的系统扩展可以针对以前被掩盖的错误。 由于C预处理器长期以来被认为是问题的根源，本项目的第三部分是开发新的C语言扩展，取代预处理器的使用，并使编译器支持可变性规范。 基于我们的前端分析基础设施的新语言翻译器将使现有软件能够从新语言中受益。 该项目的PI将指导研究生，并致力于促进女性和代表性不足的少数民族的参与。 在这个项目中开发的工件将被用于课程中，向学生介绍最先进的软件工具开发。这个奖项反映了NSF的法定使命，并被认为是值得通过使用基金会的智力价值和更广泛的影响审查标准进行评估的支持。

项目成果

SugarC: scalable desugaring of real-world preprocessor usage into pure C

SugarC：将现实世界的预处理器使用可扩展地脱糖为纯 C

• DOI: 10.1145/3510003.3512763
• 发表时间: 2022
• 期刊: ICSE '22: Proceedings of the 44th International Conference on Software Engineering
• 作者: Patterson, Zachary;Zhang, Zenong;Pappas, Brent;Wei, Shiyi;Gazzillo, Paul
• 通讯作者: Gazzillo, Paul

An empirical study of real-world variability bugs detected by variability-oblivious tools

• DOI: 10.1145/3338906.3338967
• 发表时间: 2019-08
• 期刊: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
• 作者: Austin Mordahl;Jeho Oh;Ugur Koc;Shiyi Wei;Paul Gazzillo

t-wise Coverage by Uniform Sampling

• DOI: 10.1145/3336294.3342359
• 发表时间: 2019-09
• 期刊: Proceedings of the 23rd International Systems and Software Product Line Conference - Volume A
• 作者: Jeho Oh;Paul Gazzillo;D. Batory

Finding broken Linux configuration specifications by statically analyzing the Kconfig language

通过静态分析 Kconfig 语言来查找损坏的 Linux 配置规范

• DOI: 10.1145/3468264.3468578
• 发表时间: 2021
• 期刊: ESEC/FSE 2021: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
• 作者: Oh, Jeho;Yıldıran, Necip Fazıl;Braha, Julian;Gazzillo, Paul
• 通讯作者: Gazzillo, Paul

Conditional compilation is dead, long live conditional compilation!

条件编译已死，条件编译万岁！

• DOI: 10.1109/icse-nier.2019.00035
• 发表时间: 2019
• 期刊: Proceedings - International Conference on Software Engineering
• 作者: Gazzillo, Paul;Wei, Shiyi
• 通讯作者: Wei, Shiyi