摘要
在Linux内核等大型底层系统中广泛采用引用计数来管理共享资源.引用计数需要与引用资源的对象个数保持一致,否则可能导致不恰当引用计数更新缺陷,使得资源永远无法释放或者被提前释放.为检测不恰当引用计数更新缺陷,现有静态检测方法通常需要知道哪些函数增加引用计数,哪些函数减少引用计数.而手动获取这些关于引用计数的先验知识过于费时且可能有遗漏.基于挖掘的缺陷检测方法虽然可以减少对先验知识的依赖,但难以有效检测像不恰当引用计数更新缺陷这类路径敏感的缺陷.为此,提出一个将数据挖掘技术和静态分析技术深度融合的不恰当引用计数更新缺陷检测方法RTDMiner.首先,根据引用计数的通用规律,利用数据挖掘技术从大规模代码中自动识别增加或减少引用计数的函数.然后,采用路径敏感的静态分析方法检测增加了引用计数但没有减少引用计数的缺陷路径.为了降低误报,在检测阶段再次利用数据挖掘技术来识别例外模式.在Linux内核上的实验结果表明,所提方法能够以将近90%的准确率自动识别增加或减少引用计数的函数.而且RTDMiner检测到的排行靠前的50个疑似缺陷中已经有24个被内核维护人员确认为真实缺陷.
Reference counts are widely employed in large-scale low-level systems including Linux kernel to manage shared resources,and should be consistent with the number of objects referring to resources.Otherwise,bugs of improper update of reference counts may be caused,and resources can never be released or will be released earlier.To detect improper updates of reference counts,available static detection methods have to know the functions which increase reference counts or decrease the counts.However,manually collecting prior knowledge of reference counts is too time-consuming and may be incomplete.Though mining-based methods can reduce the dependency on prior knowledge,it is difficult to effectively detect path-sensitive bugs containing improper updates of reference counts.To this end,this study proposes a method RTDMiner that deeply integrates data mining into static analysis to detect improper updates of reference counts.First,according to the general principles of reference counts,the data mining technique is leveraged to identify functions that raise or reduce reference counts.Then,a path-sensitive static analysis method is employed to detect defective paths that increase reference counts instead of decreasing the counts.To reduce false positives,the study adopts the data mining technique to identify exceptional patterns during detection.The experiment results on the Linux kernel demonstrate that the proposed method can automatically identify functions increasing or decreasing reference counts with the precision of nearly 90%.Moreover,24 out of the top 50 suspicious bugs detected by RTDMiner have been confirmed to be real bugs by kernel maintainers.
作者
边攀
梁彬
黄建军
游伟
石文昌
张健
BIAN Pan;LIANG Bin;HUANG Jian-Jun;YOU Wei;SHI Wen-Chang;ZHANG Jian(School of Information,Renmin University of China,Beijing 100872,China;Huawei Technologies Co.Ltd.,Beijing 100085,China;State Key Laboratory of Computer Science(Institute of Software,Chinese Academy of Sciences),Beijing 100190,China)
出处
《软件学报》
EI
CSCD
北大核心
2023年第10期4724-4742,共19页
Journal of Software
基金
国家自然科学基金(U1836209,62132020,61802413,62002361)。
关键词
引用计数
缺陷检测
数据挖掘
静态分析
reference count
bug detection
data mining
static analysis
