spinfer inferring semantic patches for the linux kernel
play

SPINFER: Inferring Semantic Patches for the Linux Kernel Lucas - PowerPoint PPT Presentation

Oct 11, 2022 •419 likes •937 views

SPINFER: Inferring Semantic Patches for the Linux Kernel Lucas Serrano , Van-Anh Nguyen , Ferdian Thung Lingxiao Jiang , David Lo , Julia Lawall , Gilles Muller 1 Maintenance of the Linux kernel Maintenance tasks are very common in all software

  1. SPINFER: Inferring Semantic Patches for the Linux Kernel Lucas Serrano , Van-Anh Nguyen , Ferdian Thung Lingxiao Jiang , David Lo , Julia Lawall , Gilles Muller 1

  2. Maintenance of the Linux kernel Maintenance tasks are very common in all software projects. 2

  3. Maintenance of the Linux kernel Maintenance tasks are very common in all software projects. These tasks can consist of: • Refactoring portions of code • Cleaning dead code • Migrating APIs to new version 2

  4. Maintenance of the Linux kernel Maintenance tasks are very common in all software projects. These tasks can consist of: • Refactoring portions of code • Cleaning dead code • Migrating APIs to new version But maintaining the Linux kernel is particularly hard: • 18M lines of C code • 13M lines of driver code • The same kernel API can be used by thousands of files Even simple API migrations can be difficult to do 2

  5. Motivating Example

  6. Example of API migration Example of low-resolution timer structure initialization: • Originally with the init_timer function • Since 2006 with setup_timer 3

  7. Example of API migration Example of low-resolution timer structure initialization: • Originally with the init_timer function • Since 2006 with setup_timer Old function was not removed, the migration was not mandatory. 3

  8. init_timer migration drivers/atm/nicstar.c @@ -284,10 +284 ,8 @@ static int __init nicstar_init(void) - init_timer (& ns_timer); + setup_timer (& ns_timer , ns_poll , 0UL); ns_timer.expires = jiffies + NS_POLL_PERIOD; - ns_timer.data = 0UL; - ns_timer.function = ns_poll; drivers/gpu/drm/omapdrm/dss/dsi.c @@ -5449,9 +5449 ,7 @@ static int dsi_bind(struct device *dev , - init_timer (&dsi ->te_timer); - dsi ->te_timer.function = dsi_te_timeout ; - dsi ->te_timer.data = 0; + setup_timer (&dsi ->te_timer , dsi_te_timeout , 0); 4

  9. 5

  10. Automation In 2018 these interfaces were considered insecure and were both replaced. But at this time API usage was in inconsistent state: • 60% using the new setup_timer • 40% using the old init_timer 6

  11. Automation In 2018 these interfaces were considered insecure and were both replaced. But at this time API usage was in inconsistent state: • 60% using the new setup_timer • 40% using the old init_timer Could the transformation have been done automatically? 6

  12. First contribution: Taxonomy of transformation challenges

  13. Related work There are a lot of tools to perform API migration by learning from examples: REFAZER, LASE, AppEvolve, Meditor, . . . But it was hard to know what kind of transformation they could handle. Our first contribution is to classify transformation challenges. 7

  14. Transformation challenges taxonomy Challenges can be organized in 5 main categories: 8

  15. Transformation challenges taxonomy Challenges can be organized in 5 main categories: 1. Control-flow dependencies 8

  16. Transformation challenges taxonomy Challenges can be organized in 5 main categories: 1. Control-flow dependencies 2. Data-flow dependencies 8

  17. Transformation challenges taxonomy Challenges can be organized in 5 main categories: 1. Control-flow dependencies 2. Data-flow dependencies 3. Number of variants 8

  18. Transformation challenges taxonomy Challenges can be organized in 5 main categories: 1. Control-flow dependencies 2. Data-flow dependencies 3. Number of variants 4. Number of instances 8

  19. Transformation challenges taxonomy Challenges can be organized in 5 main categories: 1. Control-flow dependencies 2. Data-flow dependencies 3. Number of variants 4. Number of instances 5. Presence of unrelated changes 8

  20. Need for a new tool We found that all tools cannot handle transformation that: • Require control-flow dependencies • Have multiple variants 9

  21. Need for a new tool We found that all tools cannot handle transformation that: • Require control-flow dependencies • Have multiple variants Both of these constraints are common in Linux kernel transformations. And they were necessary for our timer example. 9

  22. Need for a new tool We found that all tools cannot handle transformation that: • Require control-flow dependencies • Have multiple variants Both of these constraints are common in Linux kernel transformations. And they were necessary for our timer example. Moreover transformation rules used by these tools are not exposed Meaning that developers cannot check if the transformation will be correct. 9

  23. Second contribution: Spinfer

  24. A tool suitable for the Linux kernel To perform API migration in the Linux kernel we want a tool that: • Learns transformation from examples • Handles both control-flow dependencies and transformation variants • Exposes transformation rules to developers 10

  25. Transformation rules Fortunately, a transformation rules language is already used in the Linux kernel. Since 2008 Coccinelle rules are used to perform some transformations. Even used in our motivating example. 11

  26. Coccinelle Semantic Patch Automatically generated diffs a.c SP Coccinelle b.c c.c d.c 12

  27. Semantic patch @@ expression E0, E1, E2; @@ - init_timer(E0); + setup_timer(E0, E1, E2); ... - E0.data = E2; - E0.function = E1; 13

  28. Semantic patch @@ Generates diffs like this: expression E0, E1, E2; @@ - init_timer(E0); - init_timer(&ns_timer); + setup_timer(&ns_timer, ns_poll, 0UL); + setup_timer(E0, E1, E2); ns_timer.expires = jiffies + NS_P_P; ... - E0.data = E2; - ns_timer.data = 0UL; - ns_timer.function = ns_poll; - E0.function = E1; 13

  29. Our approach: Spinfer Semantic patch Automatically generated diffs a.c SP Coccinelle b.c c.c d.c 14

  30. Our approach: Spinfer Example files Semantic patch Automatically generated diffs Spinfer a.c foo.c SP Coccinelle bar.c b.c c.c d.c 14

  31. Infering semantic patches How to convert transformation instances. . . . . . to a semantic patch. @@ expression E0, E1, E2; @@ - init_timer(&ns_timer); - init_timer(E0); + setup_timer(&ns_timer, ns_poll, 0UL); + setup_timer(E0, E1, E2); ns_timer.expires = jiffies + NS_P_P; ... - ns_timer.data = 0UL; - E0.data = E2; - ns_timer.function = ns_poll; - E0.function = E1; 15

  32. 1: Extracting modified statements - init_timer(&ns_timer); + setup_timer(&ns_timer, ns_poll, 0UL); ns_timer.expires = jiffies + NS_POLL_PERIOD; - ns_timer.data = 0UL; - ns_timer.function = ns_poll; - init_timer(&dsi->te_timer); - dsi->te_timer.function = dsi_te_timeout; - dsi->te_timer.data = 0; + setup_timer(&dsi->te_timer, dsi_te_timeout, 0); 16

  33. 1: Extracting modified statements - init_timer(&ns_timer); + setup_timer(&ns_timer, ns_poll, 0UL); ns_timer.expires = jiffies + NS_POLL_PERIOD; - ns_timer.data = 0UL; - ns_timer.function = ns_poll; - init_timer(&dsi->te_timer); - dsi->te_timer.function = dsi_te_timeout; - dsi->te_timer.data = 0; + setup_timer(&dsi->te_timer, dsi_te_timeout, 0); 16

  34. 2: Clustering similar statements - init_timer(&ns_timer); - init_timer(&dsi->te_timer); + setup_timer(&ns_timer, ns_poll, 0UL); + setup_timer(&dsi->te_timer, dsi_te_timeout, 0); - ns_timer.data = 0UL; - dsi->te_timer.data = 0; - ns_timer.function = ns_poll; - dsi->te_timer.function = dsi_te_timeout; 17

  35. 3: Abstracting clusters - init_timer(&ns_timer); - init_timer( Expr ); - init_timer(&dsi->te_timer); + setup_timer(&ns_timer, ns_poll, 0UL); + setup_timer( Expr , Expr , Expr ); + setup_timer(&dsi->te_timer, dsi_te_timeout, 0); - ns_timer.data = 0UL; - Expr .data = Expr ; - dsi->te_timer.data = 0; - ns_timer.function = ns_poll; - Expr .function = Expr ; - dsi->te_timer.function = dsi_te_timeout; 18

  36. 4: Assembling abstractions - init_timer( Expr ); - Expr .data = Expr ; - Expr .function = Expr ; + setup_timer( Expr , Expr , Expr ); 19

  37. 4: Assembling abstractions - init_timer( Expr ); - Expr .data = Expr ; - Expr .function = Expr ; + setup_timer( Expr , Expr , Expr ); Spinfer takes a first abstraction - init_timer( Expr ); 19

  38. 4: Assembling abstractions - init_timer( Expr ); - Expr .data = Expr ; - Expr .function = Expr ; + setup_timer( Expr , Expr , Expr ); It extends rules using control-flow dependencies - init_timer( Expr ); ... - Expr .function = Expr ; 19

  39. 5: Rule splitting When there are inconsistencies in control-flow, rules are split: - init_timer( Expr ); - init_timer( Expr ); ... ... - Expr .data = Expr ; - Expr .function = Expr ; - Expr .data = Expr ; - Expr .function = Expr ; This allows Spinfer to discover transformation variants. 20

  40. 6: Iterating This process goes on until all abstractions are exhausted. - init_timer( Expr ); - init_timer( Expr ); + setup_timer( Expr , Expr , Expr ); + setup_timer( Expr , Expr , Expr ); ... ... - Expr .data = Expr ; - Expr .function = Expr ; - Expr .function = Expr ; - Expr .data = Expr ; 21

  41. 7: Metavariable discovery To obtain a valid rule Spinfer transforms abstractions into metavariables: A unique name is chosen for each set of terms found in the examples. @@ expression E0 , E1 , E2 ; @@ - init_timer( Expr ); - init_timer( E0 ); + setup_timer( Expr , Expr , Expr ); + setup_timer( E0 , E1 , E2 ); ... ... - Expr .data = Expr ; - E0 .data = E2 ; - Expr .function = Expr ; - E0 .function = E1 ; 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
Linux Driver for APIC Authors: Berkley Shands, John DeHart, Rezwani Kabir Linux Kernel

Linux Driver for APIC Authors: Berkley Shands, John DeHart, Rezwani Kabir Linux Kernel

Linux Driver for APIC Authors: Berkley Shands, John DeHart, Rezwani Kabir Linux Kernel versions 2.2.X (user mode only) 2.3.99-pre6 (stable) 2.4.0-test1 (intel/alpha with patches) 2.4.0-test2 (intel only) Linux Driver

74 views • 4 slides
Rebootless Security Patches for the Linux Kernel Caglar nver 30.05.2014 Motivation

Rebootless Security Patches for the Linux Kernel Caglar nver 30.05.2014 Motivation

Rebootless Security Patches for the Linux Kernel Caglar nver 30.05.2014 Motivation Motivation Why do we care about updates on the fly Why do we care about updates on the fly More than 90% of the attacks exploit known security

574 views • 32 slides
Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module Linux is written in C, but does not include all standard libraries And some other idiosyncrasies This lecture will give you a crash

1.35k views • 22 slides
1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research Thats unavoidable, but the linux kernel developers dont do very much to make the situation any better. -- Basically, the

625 views • 36 slides
Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for

Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for

Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for Women LinuxCon North America 2013 Agenda Introduction What Got Me Interested in OPW Project Overview Xen Block Ring Protocol

922 views • 13 slides
Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules Kernel module: code that can be dynamically loaded/unloaded into the kernel at runtime Change the kernel code without needing to reboot

545 views • 13 slides
GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The GNU userland consists of libc, the init system (SystemD) X11 GUI toolkits etc. Ask the audience Who has used

442 views • 22 slides
. Kernel The Variability Model of the Linux Extra Conclusions Linux Study Introduction .

. Kernel The Variability Model of the Linux Extra Conclusions Linux Study Introduction .

. Krzysztof Czarnecki, Andrzej Wsowski The Variability Model of the Linux Kernel . . January 26, 2010 IT University of Copenhagen University of Leipzig University of Waterloo Steven She, Rafael Lotufo, Thorsten Berger, . Kernel The

928 views • 39 slides
Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux

Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux

Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux Kernel Widespread Deployed on: powerful (high performance compute clusters) sensitive (bank, gov. systems, ..) safety critical

995 views • 29 slides
Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

3/1/20 COMP 790: OS Implementation COMP 790: OS Implementation Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

647 views • 8 slides
Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019

Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019

Linux Kernel Debugging Linux Kernel Debugging Advanced Operating Systems 2018/2019 http://d3s.mff.cuni.cz CHARLES UNIVERSITY IN PRAGUE faculty of mathematjcs and physics faculty of mathematjcs and physics Vlastimil Babka vbabka@suse.cz

1.6k views • 62 slides
Inferring semantically related words from software context Jinqiu Yang , Lin Tan University of

Inferring semantically related words from software context Jinqiu Yang , Lin Tan University of

Inferring semantically related words from software context Jinqiu Yang , Lin Tan University of Waterloo 1 Motivation I need to find all functions that disable interrupts in the Linux kernel. Hmmm, so I search for disable*interrupt .

259 views • 24 slides
Normal and Exotic use cases of NUMA features in the Linux Kernel Christopher Lameter, Ph.D.

Normal and Exotic use cases of NUMA features in the Linux Kernel Christopher Lameter, Ph.D.

Normal and Exotic use cases of NUMA features in the Linux Kernel Christopher Lameter, Ph.D. cl@linux.com Collaboration Summit, Napa Valley, 2014 Non Uniform Memory access in the Linux Kernel Memory is segmented into nodes so that

518 views • 12 slides
Making C Less Dangerous in the Linux Kernel Kees Cook | @keescook LINUX.CONF.AU 21-25 January

Making C Less Dangerous in the Linux Kernel Kees Cook | @keescook LINUX.CONF.AU 21-25 January

Making C Less Dangerous in the Linux Kernel Kees Cook | @keescook LINUX.CONF.AU 21-25 January The Linux of Things | #LCA2019 | @linuxconfau 2019 Christchurch, NZ Making C Less Dangerous in the Linux Kernel Linux Conf AU January 25,

505 views • 29 slides
Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda

Linux Kernel Debugging Your kernel just oopsed - What do you do, hotshot? Muli Ben-Yehuda mulix@mulix.org IBM Haifa Research Lab Kernel Debugging, Haifux 2003 p.1/19 Kernel Debugging - Why? Why would we want to debug the kernel? after

308 views • 19 slides
Lecture 14- ECE 240a Transient Response Ver Chap. 9.3 Linearized Solution Sinusoidal

Lecture 14- ECE 240a Transient Response Ver Chap. 9.3 Linearized Solution Sinusoidal

Lecture 14- ECE 240a Laser Dynamics Hole Burning Below Threshold Above Threshold Lecture 14- ECE 240a Transient Response Ver Chap. 9.3 Linearized Solution Sinusoidal Variation Step Response Gain Switching 1 ECE 240a Lasers -

613 views • 18 slides
Highlights of the FEL 2002 Conference Stephen Benson Thomas Jefferson National Accelerator

Highlights of the FEL 2002 Conference Stephen Benson Thomas Jefferson National Accelerator

Highlights of the FEL 2002 Conference Stephen Benson Thomas Jefferson National Accelerator Facility svb[General files 02/Presentations]FEL-summary.ppt Operated by the Southeastern Universities Research Association for the U.S. Dept. of Energy

208 views • 10 slides
Researc h Articles pGCL formal reasoning for random algorithms Carroll Morgan

Researc h Articles pGCL formal reasoning for random algorithms Carroll Morgan

Researc h Articles pGCL formal reasoning for random algorithms Carroll Morgan and Annab elle McIv er Pr o gr amming R ese ar ch Gr oup University of Oxfor d httpwwwcomlaboxacuko

306 views • 14 slides
It Is Possible to Do Object-Oriented Programming in Java Kevlin Henney kevlin@curbralan.com

It Is Possible to Do Object-Oriented Programming in Java Kevlin Henney kevlin@curbralan.com

It Is Possible to Do Object-Oriented Programming in Java Kevlin Henney kevlin@curbralan.com @KevlinHenney The Java programming language platform provides a portable , interpreted , high-performance , simple , object-oriented programming

1.11k views • 64 slides
R&D Towards a Laser Based Beam Size Monitor for PETRA and the FLC Thorsten Kamps, Royal

R&D Towards a Laser Based Beam Size Monitor for PETRA and the FLC Thorsten Kamps, Royal

R&D Towards a Laser Based Beam Size Monitor for PETRA and the FLC Thorsten Kamps, Royal Holloway, FLC Group Nanobeam Workshop, Lausanne, September 2002 The next 30 minutes Motivation for the Project History and Status of Laserwire

398 views • 17 slides
Simultaneous maximum-likelihood calibration of robot and sensor parameters Andrea Censi, Luca

Simultaneous maximum-likelihood calibration of robot and sensor parameters Andrea Censi, Luca

Simultaneous maximum-likelihood calibration of robot and sensor parameters Andrea Censi, Luca Marchionni, Giuseppe Oriolo Differential-drive kinematics driftless affine system: q x ( t ) v ( t ) cos q ( t ) d = q y (

526 views • 17 slides
Status of Revercomb Evaluation/Validation Activities Noise characterization using Earth

Status of Revercomb Evaluation/Validation Activities Noise characterization using Earth

Status of Revercomb Evaluation/Validation Activities Noise characterization using Earth scene data (7/3, 8/1 Net-Meetings) Cloud flag using AIRS and MODIS data (7/3, 8/1, 8/15 Net-Meetings) Broadband radiance comparisons with GOES

592 views • 20 slides
Preparation for AIRS Validation Robert Knuteson University of Wisconsin - Madison 21-23 February

Preparation for AIRS Validation Robert Knuteson University of Wisconsin - Madison 21-23 February

Preparation for AIRS Validation Robert Knuteson University of Wisconsin - Madison 21-23 February 2001 Topics MODIS Workshop announcement UW AIRS Validation Activities ARM Best Estimate status AFWEX (ARM site validation)

602 views • 31 slides

More recommend