Upload
dena
View
85
Download
6
Embed Size (px)
DESCRIPTION
프로그램 분석기술 Airac 의 예를 통해서. 이광근 교수 프로그래밍 연구실 서울대. 4/30/2005 @ mpsoc. 프로그램 분석 static program analysis. 실행전에 실행성질을 자동으로 안전하게 어림잡는 일반적인 방법. 프로그램 분석 static program analysis. “ 실행전 ” : 프로그램을 돌리기 전에 “ 실행성질 ” : 실행중의 프로그램 성질 “ 자동으로 ” : 프로그램이 프로그램을 분석 “ 안전하게 ” : 모든 실제상황을 포섭 - PowerPoint PPT Presentation
Citation preview
프로그램 분석기술 Airac 의 예를 통해서
이광근 교수프로그래밍 연구실
서울대4/30/2005 @ mpsoc
프로그램 분석static program analysis
실행전에 실행성질을 자동으로
안전하게 어림잡는 일반적인 방법
프로그램 분석static program analysis
• “ 실행전” : 프로그램을 돌리기 전에• “ 실행성질” : 실행중의 프로그램 성질• “ 자동으로” : 프로그램이 프로그램을 분석• “ 안전하게” : 모든 실제상황을 포섭• “ 어림잡는” : 군더더기가없을 순 없다• “ 일반적인” : 대상 소스 언어와 실행성질이
무제한
프로그램 분석 기술 static program analysis
• “semantic-based program analysis”– abstract interpretation– type system– model checking; theorem proving; data
flow analysis– etc.
AiracStatic Analyzer for Automatic
Verification of Array Index Ranges in C Programs
Airac
• C 프로그램의 메모리접근 오류 자동 검출 int *c = (int *)malloc(sizeof(int)*10);
c[i] = 1; c[i + f()] = 1; c[*k + (*g)()] = 1; x = c; x[1] = 1; y = c + f(); y[*(y+1)] = 1; z->a = c; (z->a)[i] = 1; foo(c+2); int foo(int *d) {… d[i] = 1; …}
Airac keywords
• C: analyzes ANSI C + (GNU) program– pointers(array, procedure)– controls(procedure, return, break, goto)– intra- and inter-procedural
• statically: no test runs• all: complete, no un-noticed bug• automatic: a software • always stops: for infinite-loop programs• modular: for large programs• correct: solid theoretical foundation
Airac: performance (1/3)(commercial softwares)
X Softwares AlarmsReal
ErrorsLOC
Time(min)
검증용 Code 46 34 4,688 306
A1 18 9 280,379 8
A2 196 56 3,584,664 789
A3 78 15 119,211 82
A4 435 7 806,829 112
A5 197 112 517,314 8
Airac: performance (2/3)Linux kernel
2.6.4Alarms
RealErrors
LOCTime(sec)
vmax302.c 1 1 246 0.28
xfrm_user.c 2 1 1,201 45.07
usb-midi.c 10 4 2,206 91.32
atkbd.c 2 2 811 1.99
keyboard.c 2 1 1,256 3.36
af_inet.c 1 1 1,273 1.17
eata_pio.c 3 1 984 7.50
cdc_acm.c 3 3 849 3.98
ip6_output.c 0 0 1,110 1.53
mptbase.c 1 1 6,158 0.79
aty128fb.c 1 1 2,466 0.32
Airac: performance (3/3)
GNU Softwares
AlarmsReal
ErrorsLOC
Time(sec)
tar-1.13 66 1 20,258 577
bison-1.875 50 0 15,907 809
sed-4.0.8 29 0 6,053 1154
gzip-1.2.4a 17 0 7,327 794
grep-2.5.1 2 0 9,297 604
Airac: scalability
Airac vs Swat (1/3)
Linux kernel 2.6.4 SWAT (Stanford,Coverit
y 사 )
AIRAC ( 서울대 )
Found Errors
Found Errors
/drivers/mtd/maps/vmax301.c 1 1
/net/xfrm/xfrm_user.c 1 1
/drivers/usb/class/usb-midi.c 2 2
/drivers/input/keyboard/atkbd.c 2 2
/drivers/char/keyboard.c 1 1
/net/ipv4/af_inet.c 1 1
/drivers/scsi/eata_pio.c 1 1
/drivers/usb/class/cdc-acm.c (*) 1 3
/net/ipv6/ip6_output.c (**) 1 0
/drivers/message/fusion/mptbase.c 1 1
/drivers/video/aty/aty128fb.c 1 1
Airac vs Swat (2/3)
Bugs
Airac
Coverity
Airac vs Swat (3/3)구분 SWAT (Coverity 社 ) AIRAC ( 서울대 )
에러 검출력 62% detect 율 (8/13) 100% detect 율 (13/13)
A 적용결과
#Alarms: 19 buffers#Real Errors: 2 buffers#False Alarms: 17 buffersTime: 7 min
#Alarms: 78#Real Errors: 15 access (5 buffers)#False Alarms: 63 access (18 buffers)Time: 82 min
B 적용결과
#Alarms: 2 buffers#Real Errors: 2 buffers#False Alarms: 0 buffersTime: 4 min
#Alarms: 18#Real Errors: 9 access (2 buffers)#False Alarms: 9 access (6 buffers)Time: 8 min
cdc_acm.c(Linux device driver)
New: 허위경보 다스리기• Bayesian statistical analysis
– after training: c– probability for being true alarm ~ beta distribution(c,x)
• Monte Carlo method– estimate the probability from the distribution
• Decision theory– parameterize the decision threshold by the risk ratio of siliencing true alarms to false alarming
• 결과 :– risk ratio = 3 then 74.83% false alarms removed– ranking alarms: order of presenting errors to the user
Sifting Out False Alarms by Bayesian Statistical Post Analysis
Alarms
a1, a2, a3, ....
Bayesian analysis
a1
0.97...a2
0.12
a3
0.82
Ranking False Alarms
• Ranking alarms by their trueness: “truer” alarms first
• Only 15.17% of false alarms were mixed up until the user observes 50% of the true alarms
New versions keep coming:cost/accuracy/interface/etc.
ropas.snu.ac.kr/airac