Open AccessEffective Detection of Sleep-in-atomic-context Bugs in the Linux Kernel
Author(s) -
Jia-Ju Bai,
Julia Lawall,
ShiMin Hu
Publication year - 2018
Publication title -
acm transactions on computer systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.343
H-Index - 70
eISSN - 1557-7333
pISSN - 0734-2071
DOI - 10.1145/3381990
Subject(s) - computer science , linux kernel , operating system , software bug , atomicity , configfs , context (archaeology) , concurrency , kernel (algebra) , context switch , programming language , software , paleontology , database transaction , mathematics , combinatorics , biology
Atomic context is an execution state of the Linux kernel in which kernel code monopolizes a CPU core. In this state, the Linux kernel may only perform operations that cannot sleep, as otherwise a system hang or crash may occur. We refer to this kind of concurrency bug as a sleep-in-atomic-context (SAC) bug. In practice, SAC bugs are hard to find, as they do not cause problems in all executions.In this article, we propose a practical static approach named DSAC to effectively detect SAC bugs in the Linux kernel. DSAC uses three key techniques: (1) a summary-based analysis to identify the code that may be executed in atomic context, (2) a connection-based alias analysis to identify the set of functions referenced by a function pointer, and (3) a path-check method to filter out repeated reports and false bugs. We evaluate DSAC on Linux 4.17 and find 1,159 SAC bugs. We manually check all the bugs and find that 1,068 bugs are real. We have randomly selected 300 of the real bugs and sent them to kernel developers. 220 of these bugs have been confirmed, and 51 of our patches fixing 115 bugs have been applied.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom