Enregistré dans:
Détails bibliographiques
Auteurs principaux: Dossche, Niels, Abrath, Bert, Coppens, Bart
Format: Preprint
Publié: 2024
Sujets:
Accès en ligne:https://arxiv.org/abs/2404.00350
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866909155597484032
author Dossche, Niels
Abrath, Bert
Coppens, Bart
author_facet Dossche, Niels
Abrath, Bert
Coppens, Bart
contents Race conditions are a class of bugs in software where concurrent accesses to shared resources are not protected from each other. Consequences of race conditions include privilege escalation, denial of service, and memory corruption which can potentially lead to arbitrary code execution. However, in large code bases the exact rules as to which fields should be accessed under which locks are not always clear. We propose a novel static technique that infers rules for how field accesses should be locked, and then checks the code against these rules. Traditional static analysers for detecting race conditions are based on lockset analysis. Instead, we propose an outlier-based technique enhanced with a context-sensitive mechanism that scales well. We have implemented this analysis in LLIF, and evaluated it to find incorrectly protected field accesses in Linux v5.14.11. We thoroughly evaluate its ability to find race conditions, and study the causes for false positive reports. In addition, we reported a subset of the issues and submitted patches. The maintainers confirmed 24 bugs.
format Preprint
id arxiv_https___arxiv_org_abs_2404_00350
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle A Context-Sensitive, Outlier-Based Static Analysis to Find Kernel Race Conditions
Dossche, Niels
Abrath, Bert
Coppens, Bart
Software Engineering
Cryptography and Security
Race conditions are a class of bugs in software where concurrent accesses to shared resources are not protected from each other. Consequences of race conditions include privilege escalation, denial of service, and memory corruption which can potentially lead to arbitrary code execution. However, in large code bases the exact rules as to which fields should be accessed under which locks are not always clear. We propose a novel static technique that infers rules for how field accesses should be locked, and then checks the code against these rules. Traditional static analysers for detecting race conditions are based on lockset analysis. Instead, we propose an outlier-based technique enhanced with a context-sensitive mechanism that scales well. We have implemented this analysis in LLIF, and evaluated it to find incorrectly protected field accesses in Linux v5.14.11. We thoroughly evaluate its ability to find race conditions, and study the causes for false positive reports. In addition, we reported a subset of the issues and submitted patches. The maintainers confirmed 24 bugs.
title A Context-Sensitive, Outlier-Based Static Analysis to Find Kernel Race Conditions
topic Software Engineering
Cryptography and Security
url https://arxiv.org/abs/2404.00350