SHF: Small: Collaborative Research: Static Analysis Infrastructure for Variability-Aware Bug Detection and Translation of Highly-Configurable Software Systems

SHF：小型：协作研究：用于高度可配置软件系统的可变性缺陷检测和转换的静态分析基础设施

• 批准号: 1840934
• 负责人: Paul Gazzillo
• 金额: $ 22.91万
• 依托单位: The University of Central Florida Board of Trustees
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2022-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1840934&HistoricalAwards=false
• 关键词: SHF; Small; Collaborative; Research; Static

Highly-configurable systems, e.g., the Linux kernel, form our most critical infrastructure, underpinning everything from high-performance computing clusters to IoT devices. Keeping these systems secure and reliable with automated tools is essential. However, tool support is lacking for such systems because of the complexity and scale of their configurability. This leaves some of the most critical software with some of the least tool support. The problem is that most software tools are not variability-aware; that is, they do not account for the many configurations of the software. Serious defects, including null pointer errors and buffer overflows, can and do appear in specific configurations, making them hard to find without accounting for variability. The goal of this project is to advance the state of the art for systems development and debugging, resulting in more secure and less error-prone systems, benefiting the millions who rely on highly-configurable software infrastructure.To solve these challenges, this project aims to develop the infrastructure, analysis techniques, and language support for debugging and maintaining configurable software systems written in C-family languages, currently lacking for software developers. The first part of the project is to develop a front-end infrastructure that captures these sources of variability in a new intermediate representation. Such reusable infrastructure is crucial to the development of state-of-the-art analyses. The second part seeks to create variability-aware versions of static analyses and propose new inter-procedural analyses that enable tradeoffs between scalability and precision. While static analysis has proven useful for detecting bugs, accounting for configurations increases the complexity of analysis. Systematic extensions to bug detection algorithms based on these new analyses can target previously obscured bugs. Since the C preprocessor has long been recognized as a source of problems, the third part of this project is to develop new language extensions to C, supplanting preprocessor usage and enabling compiler support for variability specifications. Translators to the new language based on our front-end analysis infrastructure will enable existing software to benefit from the new language. The PIs on this project will mentor graduate students and are committed to promoting female and under-represented minority participation. Artifacts developed in this project will be used in courses to introduce students to state-of-the-art software tool development.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

高度可配置的系统，例如Linux内核构成了我们最关键的基础架构，从高性能计算簇到IoT设备的所有基础。 使用自动化工具确保这些系统安全可靠。 但是，由于其可配置性的复杂性和规模，因此缺乏此类系统的工具支持。 这使一些最关键的软件具有一些工具支持最少的支持。 问题在于，大多数软件工具不是可变性的；也就是说，它们没有说明软件的许多配置。 严重的缺陷，包括无效的指针错误和缓冲区溢出，可以并且确实以特定的配置出现，从而使它们难以在不考虑可变性的情况下找到。 The goal of this project is to advance the state of the art for systems development and debugging, resulting in more secure and less error-prone systems, benefiting the millions who rely on highly-configurable software infrastructure.To solve these challenges, this project aims to develop the infrastructure, analysis techniques, and language support for debugging and maintaining configurable software systems written in C-family languages, currently lacking for software developers. 该项目的第一部分是开发一个前端基础架构，该基础架构在新的中间表示中捕获这些可变性来源。这种可重复使用的基础设施对于最新分析的发展至关重要。 第二部分旨在创建静态分析的可变性版本，并提出新的过程间分析，以在可扩展性和精度之间进行权衡。 虽然静态分析已被证明可用于检测错误，但对配置的考虑会增加分析的复杂性。 基于这些新分析的错误检测算法的系统扩展可以针对以前被遮盖的错误。 由于长期以来，C Preadosesor一直被认为是问题的来源，因此该项目的第三部分是为C开发新的语言扩展，取代预处理器使用情况并为可变性规格提供编译器支持。 基于我们的前端分析基础架构将转换为新语言，将使现有软件能够从新语言中受益。 该项目的PI将指导研究生，并致力于促进女性和代表性不足的少数参与。 该项目中开发的文物将在课程中使用，以向学生介绍最先进的软件工具开发。该奖项反映了NSF的法定任务，并且使用基金会的知识分子优点和更广泛的影响审查标准，被认为值得通过评估来提供支持。

项目成果

SugarC: scalable desugaring of real-world preprocessor usage into pure C

SugarC：将现实世界的预处理器使用可扩展地脱糖为纯 C

• DOI: 10.1145/3510003.3512763
• 发表时间: 2022
• 期刊: ICSE '22: Proceedings of the 44th International Conference on Software Engineering
• 作者: Patterson, Zachary;Zhang, Zenong;Pappas, Brent;Wei, Shiyi;Gazzillo, Paul
• 通讯作者: Gazzillo, Paul

An empirical study of real-world variability bugs detected by variability-oblivious tools

• DOI: 10.1145/3338906.3338967
• 发表时间: 2019-08
• 期刊: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
• 作者: Austin Mordahl;Jeho Oh;Ugur Koc;Shiyi Wei;Paul Gazzillo

t-wise Coverage by Uniform Sampling

• DOI: 10.1145/3336294.3342359
• 发表时间: 2019-09
• 期刊: Proceedings of the 23rd International Systems and Software Product Line Conference - Volume A
• 作者: Jeho Oh;Paul Gazzillo;D. Batory

Finding broken Linux configuration specifications by statically analyzing the Kconfig language

通过静态分析 Kconfig 语言来查找损坏的 Linux 配置规范

• DOI: 10.1145/3468264.3468578
• 发表时间: 2021
• 期刊: ESEC/FSE 2021: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
• 作者: Oh, Jeho;Yıldıran, Necip Fazıl;Braha, Julian;Gazzillo, Paul
• 通讯作者: Gazzillo, Paul

Conditional compilation is dead, long live conditional compilation!

条件编译已死，条件编译万岁！

• DOI: 10.1109/icse-nier.2019.00035
• 发表时间: 2019
• 期刊: Proceedings - International Conference on Software Engineering
• 作者: Gazzillo, Paul;Wei, Shiyi
• 通讯作者: Wei, Shiyi