Automatically diagnosing and repairing error handling bugs in C

@article{Tian2017AutomaticallyDA,
  title={Automatically diagnosing and repairing error handling bugs in C},
  author={Yuchi Tian and Baishakhi Ray},
  journal={Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering},
  year={2017}
}
  • Yuchi Tian, Baishakhi Ray
  • Published 21 August 2017
  • Computer Science
  • Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering
Correct error handling is essential for building reliable and secure systems. Unfortunately, low-level languages like C often do not support any error handling primitives and leave it up to the developers to create their own mechanisms for error propagation and handling. However, in practice, the developers often make mistakes while writing the repetitive and tedious error handling code and inadvertently introduce bugs. Such error handling bugs often have severe consequences undermining the… 

Figures and Tables from this paper

Detecting Error-Handling Bugs without Error Specification Input
TLDR
EH-Miner is a novel and practical tool that can automatically detect error-handling bugs without the need for error specifications, and is applied to 117 applications across 15 software domains.
Understanding and Detecting Disordered Error Handling with Precise Function Pairing
TLDR
The evaluation results show that DiEH is critical and widely exists in system software, and HERO is effective in detecting DiEH, a novel technique that precisely pairs both common and custom functions based on the unique error-handling structures, which allows it to infer expected cleanup functions.
Effective error-specification inference via domain-knowledge expansion
TLDR
A tool ECC is built to demonstrate how the function error-specifications inferred by EESI can be used to automatically find bugs related to incorrect error handling, and to bootstrap the analysis with domain knowledge related to error handling provided by a developer.
Identifying error code misuses in complex system
TLDR
This approach takes error code definition and error domain assignment as the input, and uses a novel static analysis method to detect the occurrence of the three categories of error code misuses in the source code.
Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection
TLDR
An in-depth study on Exaggerated Error Handling is conducted, and an approach, EeCatch, is proposed, to detect EEH bugs in a context-aware manner and automatically infers the appropriate severity level for error handling.
Ares: Inferring Error Specifications through Static Analysis
TLDR
Ares is a tool for automatic inferring error specifications for C code through static analysis that outperforms the state-of-the-art tool APEx by 37% in precision and can identify more error specifications than APEx.
Improving the Correctness of Automated Program Repair
TLDR
This thesis proposes novel APR techniques to repair more bugs correctly, by leveraging human knowledge, so that APR techniques can repair new types of bugs that are not currently targeted by G&V APR techniques.
Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences
TLDR
CRIX can scalably and precisely evaluate whether any security checks are missing for critical variables, using an inter-procedural, semanticand context-aware analysis, and CRIX’s modeling and cross-checking of the semantics of conditional statements in the peer slices of critical variables infer their criticalness, which allows it to effectively detect missing-check bugs.
Detecting and reproducing error-code propagation bugs in MPI implementations
TLDR
This work combines static analysis and program repair for bug detection, and applies fault injection to reproduce error propagation bugs found in MPI libraries written in C, uncovering 447 previously unknown bugs.
Automatically Repairing Programs Using Both Tests and Bug Reports
TLDR
This paper is the first to use combined FL for APR, apply a more rigorous methodology for measuring patch correctness, and evaluate on the new, substantially larger version of Defects4J.
...
1
2
3
4
...

References

SHOWING 1-10 OF 26 REFERENCES
Automatically Detecting Error Handling Bugs Using Error Specifications
TLDR
EPEX is a tool that uses error specifications to identify and symbolically explore different error paths and reports bugs when any errors are handled incorrectly along these paths because real-world programs often handle errors only in a limited number of ways.
APEx: Automated inference of error specifications for C APIs
  • Y. Kang, Baishakhi Ray, S. Jana
  • Computer Science
    2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE)
  • 2016
TLDR
A new technique is presented that automatically infers error specifications of API functions based on their usage patterns in C programs, finding that error-handling code tend to have fewer branching points and program statements than the code implementing regular functionality.
Finding and preventing run-time error handling mistakes
TLDR
A dataflow analysis for finding a certain class of error-handling mistakes: those that arise from a failure to release resources or to clean up properly along all paths, and a programming language feature that keeps track of obligations at run time and ensures that they are discharged.
Hector: Detecting Resource-Release Omission Faults in error-handling code for systems software
TLDR
This work proposes a novel microscopic approach to finding resource-release omission faults in systems software, which focuses on the error-handling code of each function in the C language.
Exceptional situations and program reliability
TLDR
A programming language feature is proposed, the compensation stack, that keeps track of obligations at run time and ensures that they are discharged and a type system for compensation stacks that tracks collections of obligations is presented.
EIO: Error Handling is Occasionally Correct
TLDR
A static analysis technique, EDP, is developed that analyzes how file systems and storage device drivers propagate error codes and finds that errors are often incorrectly propagated.
Bugs as deviant behavior: a general approach to inferring errors in systems code
A major obstacle to finding program errors in a real system is knowing what correctness rules the system must obey. These rules are often undocumented or specified in an ad hoc manner. This paper
Finding Error Handling Bugs in OpenSSL Using Coccinelle
TLDR
This work has detected over 30 bugs in a recent OpenSSL snapshot, and in many cases it was possible to correct the bugs automatically and confirm the applicability of the proposed methodology for finding API usage protocols in Linux kernel code using the program matching and transformation engine Coccinelle.
A systematic study of automated program repair: Fixing 55 out of 105 bugs for $8 each
TLDR
This paper evaluates GenProg, which uses genetic programming to repair defects in off-the-shelf C programs, and proposes novel algorithmic improvements that allow it to scale to large programs and find repairs 68% more often.
Error propagation analysis for file systems
TLDR
This work proposes an interprocedural static analysis that tracks errors as they propagate through file system code, and detects overwritten, out-of-scope, and unsaved unchecked errors.
...
1
2
3
...