Feature Consistency in Compile-TimeConfigurable System Software - - PowerPoint PPT Presentation

feature consistency in compile time configurable system
SMART_READER_LITE
LIVE PREVIEW

Feature Consistency in Compile-TimeConfigurable System Software - - PowerPoint PPT Presentation

Dec 14, 2022 547 likes •1.09k views

Feature Consistency in Compile-TimeConfigurable System Software Facing the Linux 10000 Feature Problem Reinhard Tartler , Daniel Lohmann, Julio Sincero, Wolfgang Schr oder-Preikschat System Software Group Friedrich-Alexander University

slide-1
SLIDE 1

Feature Consistency in Compile-Time–Configurable System Software

Facing the Linux 10000 Feature Problem Reinhard Tartler, Daniel Lohmann, Julio Sincero, Wolfgang Schr¨

  • der-Preikschat

System Software Group Friedrich-Alexander University Erlangen-Nuremberg

April 11, 2011

supported by

slide-2
SLIDE 2

System Software is Configurable System Software is incredibly configurable

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 2 – 19

slide-3
SLIDE 3

System Software is Configurable System Software is incredibly configurable Complexity increases considerably

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 2 – 19

slide-4
SLIDE 4

System Software is Configurable System Software is incredibly configurable Complexity increases considerably

Source of bugs!

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 2 – 19

slide-5
SLIDE 5

System Software is Configurable System Software is incredibly configurable Complexity increases considerably

Source of bugs! Linux v2.6.35 contains: 11.057 Features 27.166 Source files 82.116 #ifdef blocks

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 2 – 19

slide-6
SLIDE 6

Variability Implementation in Linux

1 2 3 4

#ifdef CONFIG_HOTPLUG_CPU ... #endif

source files KConfig files

config HOTPLUG_CPU bool "Support for ..." depends on SMP && ...

autoconf.h

#define CONFIG_HOTPLUG_CPU #define CONFIG_SMP ...

auto.make

gcc

user selection configuration space

Kbuild Kconfig

implementation variant implementation space configuration variant

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 3 – 19

slide-7
SLIDE 7

Variability Implementation in Linux

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 3 – 19

slide-8
SLIDE 8

Variability Implementation in Linux

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 3 – 19

slide-9
SLIDE 9

Variability Implementation in Linux

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 3 – 19

slide-10
SLIDE 10

Variability Implementation in Linux

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 3 – 19

slide-11
SLIDE 11

The Problem

Configuration Implementation

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 4 – 19

slide-12
SLIDE 12

The Problem

Configuration Implementation

Source of Inconsistencies!

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 4 – 19

slide-13
SLIDE 13

Finding Bugs with Tools for Static Analysis Bugs in declaration and implementation Excellent tool support for static analysis:

Dingo: Taming Device Drivers (EuroSys’09) KLEE: Automatic generation of high-coverage tests (EuroSys’08) RWset: Attacking path explosion (TACAS’08) EXE: Automatically generating inputs of death (CCS’06) ...

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 5 – 19

slide-14
SLIDE 14

Finding Bugs with Tools for Static Analysis Bugs in declaration and implementation Excellent tool support for static analysis:

Dingo: Taming Device Drivers (EuroSys’09) KLEE: Automatic generation of high-coverage tests (EuroSys’08) RWset: Attacking path explosion (TACAS’08) EXE: Automatically generating inputs of death (CCS’06) ...

Each of them is configuration agnostic:

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 5 – 19

slide-15
SLIDE 15

Outline

  • 1. Introduction
  • 2. Analysis
  • 3. Approach and Implementation
  • 4. Results
  • 5. Future Work and Conclusions
  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 6 – 19

slide-16
SLIDE 16

Problem Analysis

Configuration Implementation

slide-17
SLIDE 17

Problem Analysis

Configuration Implementation symbols constraints symbols constraints

slide-18
SLIDE 18

Problem Analysis

Configuration Implementation symbols constraints symbols constraints

config HOTPLUG_CPU depends on SMP && HOTPLUG

slide-19
SLIDE 19

Problem Analysis

Configuration Implementation symbols constraints symbols constraints

config HOTPLUG_CPU depends on SMP && HOTPLUG #ifdef CONFIG_CPU_HOTPLUG #ifdef CONFIG_CPU_HOTPLUG #else #endif

slide-20
SLIDE 20

Problem Analysis

Configuration Implementation symbols constraints symbols constraints

config HOTPLUG_CPU depends on SMP && HOTPLUG #ifdef CONFIG_CPU_HOTPLUG #ifdef CONFIG_CPU_HOTPLUG #else #endif

slide-21
SLIDE 21

Problem Analysis

Configuration Implementation symbols constraints symbols constraints

config HOTPLUG_CPU depends on SMP && HOTPLUG #ifdef CONFIG_CPU_HOTPLUG #ifdef CONFIG_CPU_HOTPLUG #else #endif

Symbolic

slide-22
SLIDE 22

Problem Analysis

Configuration Implementation symbols constraints symbols constraints

config HOTPLUG_CPU depends on SMP && HOTPLUG #ifdef CONFIG_CPU_HOTPLUG #ifdef CONFIG_CPU_HOTPLUG #else #endif

Symbolic Logic

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 7 – 19

slide-23
SLIDE 23

Symbolic Inconsistency

config HOTPLUG_CPU bool "Support for hot -pluggable CPUs" depends

  • n SMP &&

HOTPLUG

  • --help ---
  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 8 – 19

slide-24
SLIDE 24

Symbolic Inconsistency

config HOTPLUG_CPU bool "Support for hot -pluggable CPUs" depends

  • n SMP &&

HOTPLUG

  • --help ---

static int hotplug_cfd (struct notifier_block *nfb , unsigned long action , void *hcpu) { // [...] switch (action) { case CPU_UP_PREPARE : case CPU_UP_PREPARE_FROZEN : // [...] #ifdef CONFIG_CPU_HOTPLUG case CPU_UP_CANCELED : case CPU_UP_CANCELED_FROZEN : case CPU_DEAD: case CPU_DEAD_FROZEN : free_cpumask_var (cfd ->cpumask ); break; #endif }; return NOTIFY_OK;

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 8 – 19

slide-25
SLIDE 25

Symbolic Inconsistency

config HOTPLUG_CPU bool "Support for hot -pluggable CPUs" depends

  • n SMP &&

HOTPLUG

  • --help ---

static int hotplug_cfd (struct notifier_block *nfb , unsigned long action , void *hcpu) { // [...] switch (action) { case CPU_UP_PREPARE : case CPU_UP_PREPARE_FROZEN : // [...] #ifdef CONFIG_CPU_HOTPLUG case CPU_UP_CANCELED : case CPU_UP_CANCELED_FROZEN : case CPU_DEAD: case CPU_DEAD_FROZEN : free_cpumask_var (cfd ->cpumask ); break; #endif }; return NOTIFY_OK;

Symbolic Result: Fix for a critical bug

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 8 – 19

slide-26
SLIDE 26

Logic Inconsistencies

MEMORY MODEL FLATMEM DISCONTIGMEM SPARSEMEM NUMA d e p e n d s

  • n

#ifdef CONFIG DISCONTIGMEM // Block1 static . . . int pfn_to_mid (. . .) # ifdef CONFIG NUMA // Block2 # else // Block3 # endif #endif

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 9 – 19

slide-27
SLIDE 27

Logic Inconsistencies

MEMORY MODEL FLATMEM DISCONTIGMEM SPARSEMEM NUMA d e p e n d s

  • n

#ifdef CONFIG DISCONTIGMEM // Block1 static . . . int pfn_to_mid (. . .) # ifdef CONFIG NUMA // Block2 # else // Block3 # endif #endif

Feature DISCONTIGMEM requires NUMA Inner block is not configuration dependent anymore

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 9 – 19

slide-28
SLIDE 28

Logic Inconsistencies

MEMORY MODEL FLATMEM DISCONTIGMEM SPARSEMEM NUMA d e p e n d s

  • n

#ifdef CONFIG DISCONTIGMEM // Block1 static . . . int pfn_to_mid (. . .) # ifdef CONFIG NUMA // Block2 # else // Block3 # endif #endif

Feature DISCONTIGMEM requires NUMA Inner block is not configuration dependent anymore Logic

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 9 – 19

slide-29
SLIDE 29

Logic Inconsistencies

MEMORY MODEL FLATMEM DISCONTIGMEM SPARSEMEM NUMA d e p e n d s

  • n

#ifdef CONFIG DISCONTIGMEM // Block1 static . . . int pfn_to_mid (. . .) # ifdef CONFIG NUMA // Block2 # else // Block3 # endif #endif

Feature DISCONTIGMEM requires NUMA Inner block is not configuration dependent anymore Result: code cleanup Logic

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 9 – 19

slide-30
SLIDE 30

Outline

  • 1. Introduction
  • 2. Analysis
  • 3. Approach and Implementation
  • 4. Results
  • 5. Future Work and Conclusions
  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 10 – 19

slide-31
SLIDE 31

General Approach

MEMORY MODEL FLATMEM DISCONTIGMEM SPARSEMEM NUMA d e p e n d s

  • n

#ifdef CONFIG DISCONTIGMEM // Block1 static . . . int pfn_to_mid (. . .) # ifdef CONFIG NUMA // Block2 # else // Block3 # endif #endif

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 11 – 19

slide-32
SLIDE 32

General Approach

MEMORY MODEL FLATMEM DISCONTIGMEM SPARSEMEM NUMA d e p e n d s

  • n

#ifdef CONFIG DISCONTIGMEM // Block1 static . . . int pfn_to_mid (. . .) # ifdef CONFIG NUMA // Block2 # else // Block3 # endif #endif

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 11 – 19

slide-33
SLIDE 33

General Approach

MEMORY MODEL FLATMEM DISCONTIGMEM SPARSEMEM NUMA d e p e n d s

  • n

#ifdef CONFIG DISCONTIGMEM // Block1 static . . . int pfn_to_mid (. . .) # ifdef CONFIG NUMA // Block2 # else // Block3 # endif #endif C = (FLATMEM → MEMORY MODEL) ∧ (DISCONTIGMEM → MEMORY MODEL) ∧ (SPARSEMEM → MEMORY MODEL) ∧ (NUMA → MEMORY MODEL) ∧ (DISCONTIGMEM → NUMA) extract

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 11 – 19

slide-34
SLIDE 34

General Approach

MEMORY MODEL FLATMEM DISCONTIGMEM SPARSEMEM NUMA d e p e n d s

  • n

#ifdef CONFIG DISCONTIGMEM // Block1 static . . . int pfn_to_mid (. . .) # ifdef CONFIG NUMA // Block2 # else // Block3 # endif #endif C = (FLATMEM → MEMORY MODEL) ∧ (DISCONTIGMEM → MEMORY MODEL) ∧ (SPARSEMEM → MEMORY MODEL) ∧ (NUMA → MEMORY MODEL) ∧ (DISCONTIGMEM → NUMA) extract I = (Block1 ↔ DISCONTIGMEM) ∧ (Block2 ↔ Block1 ∧ (NUMA) ∧ (Block3 ↔ Block1 ∧ ¬Block2) extract

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 11 – 19

slide-35
SLIDE 35

General Approach

MEMORY MODEL FLATMEM DISCONTIGMEM SPARSEMEM NUMA d e p e n d s

  • n

#ifdef CONFIG DISCONTIGMEM // Block1 static . . . int pfn_to_mid (. . .) # ifdef CONFIG NUMA // Block2 # else // Block3 # endif #endif C = (FLATMEM → MEMORY MODEL) ∧ (DISCONTIGMEM → MEMORY MODEL) ∧ (SPARSEMEM → MEMORY MODEL) ∧ (NUMA → MEMORY MODEL) ∧ (DISCONTIGMEM → NUMA) extract I = (Block1 ↔ DISCONTIGMEM) ∧ (Block2 ↔ Block1 ∧ (NUMA) ∧ (Block3 ↔ Block1 ∧ ¬Block2) extract

Crosscheck both formulas with a SAT solver: dead? = sat(C ∧ I ∧ BlockN) undead? = sat(C ∧ I ∧ ¬BlockN ∧ parent(BlockN))

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 11 – 19

slide-36
SLIDE 36

Implementation Challenges Accuracy

Conceptually no false positives Exact identification of variation points

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 12 – 19

slide-37
SLIDE 37

Implementation Challenges Accuracy

Conceptually no false positives Exact identification of variation points

Coverage

Extract configuration model for all 22 architectures Defect detected on each architecture

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 12 – 19

slide-38
SLIDE 38

Implementation Challenges Accuracy

Conceptually no false positives Exact identification of variation points

Coverage

Extract configuration model for all 22 architectures Defect detected on each architecture

Performace

Easy and fast to use during incremental builds Possible by problem slicing Complete run on Linux in 15 minutes

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 12 – 19

slide-39
SLIDE 39

Implementation for Linux

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 13 – 19

slide-40
SLIDE 40

Implementation for Linux

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 13 – 19

slide-41
SLIDE 41

Implementation for Linux

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 13 – 19

slide-42
SLIDE 42

Implementation for Linux

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 13 – 19

slide-43
SLIDE 43

Outline

  • 1. Introduction
  • 2. Analysis
  • 3. Approach and Implementation
  • 4. Results
  • 5. Future Work and Conclusions
  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 14 – 19

slide-44
SLIDE 44

Results

subsystem #ifdefs logic symbolic total arch/ 33757 345 581 926 drivers/ 32695 88 648 736 fs/ 3000 4 13 17 include/ 7241 6 11 17 kernel/ 1412 7 2 9 mm/ 555 1 1 net/ 2731 1 49 50 sound/ 3246 5 10 15 virt/ 53

  • ther subsystems

601 4 1 5

  • 85291

460 1316 1776 fix proposed 150 (1) 214 (22) 364 (23) confirmed defect 38 (1) 116 (20) 154 (21) confirmed rule-violation 88 (0) 21 (2) 109 (2) pending 24 (0) 77 (0) 101 (0)

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 15 – 19

slide-45
SLIDE 45

Results

subsystem #ifdefs logic symbolic total arch/ 33757 345 581 926 drivers/ 32695 88 648 736 fs/ 3000 4 13 17 include/ 7241 6 11 17 kernel/ 1412 7 2 9 mm/ 555 1 1 net/ 2731 1 49 50 sound/ 3246 5 10 15 virt/ 53

  • ther subsystems

601 4 1 5

  • 85291

460 1316 1776 fix proposed 150 (1) 214 (22) 364 (23) confirmed defect 38 (1) 116 (20) 154 (21) confirmed rule-violation 88 (0) 21 (2) 109 (2) pending 24 (0) 77 (0) 101 (0)

We have found 1776 configurability issues Submitted 123 patches for 364 defects 20 are confirmed new bugs

(affecting binary code)

Cleaned up 5129 lines of cruft code

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 15 – 19

slide-46
SLIDE 46

Impact on Linux

Patch Submission during the merge window of version 2.6.36:

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 16 – 19

slide-47
SLIDE 47

Impact on Linux

Patch Submission during the merge window of version 2.6.36:

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 16 – 19

slide-48
SLIDE 48

Outline

  • 1. Introduction
  • 2. Analysis
  • 3. Approach and Implementation
  • 4. Results
  • 5. Future Work and Conclusions
  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 17 – 19

slide-49
SLIDE 49

Future Work Data has to be seen as lower bound:

More precise configuration space extraction is possible #define support Improved implementation find > 4000 defects

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 18 – 19

slide-50
SLIDE 50

Future Work Data has to be seen as lower bound:

More precise configuration space extraction is possible #define support Improved implementation find > 4000 defects

Focus on pure variability defects

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 18 – 19

slide-51
SLIDE 51

Future Work Data has to be seen as lower bound:

More precise configuration space extraction is possible #define support Improved implementation find > 4000 defects

Focus on pure variability defects Integration of configuration agnostic tools for static analysis

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 18 – 19

slide-52
SLIDE 52

Conclusions

Configurability has to be seen as a significant cause of software defects in its own respect Configuration and implementation need to be kept consistent Our approach finds and fixes real problems!

Over 100 patches submitted and about 50 accepted! Excellent feedback from kernel developers

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 19 – 19

slide-53
SLIDE 53

Conclusions

Configurability has to be seen as a significant cause of software defects in its own respect Configuration and implementation need to be kept consistent Our approach finds and fixes real problems!

Over 100 patches submitted and about 50 accepted! Excellent feedback from kernel developers

http://vamos.informatik.uni-erlangen.de/trac/undertaker

  • R. Tartler

Feature Consistency in Compile-Time–Configurable System Software (April 11, 2011) 19 – 19