מושגי ליבה
A novel static analysis technique that infers field-based locking rules and checks the code against these rules to detect potential race conditions in complex software like the Linux kernel.
תקציר
The paper presents a new static analysis technique called LLIF (Linux Lock Issue Finder) to detect potential race conditions in the Linux kernel. The key aspects of the approach are:
Inferring Locking Rules:
- LLIF infers field-based locking rules by tracking which locks cover which field accesses in the code.
- This is done in a scalable, outlier-based manner, without relying on lockset analysis.
- The inferred rules capture which locks are required to protect each field.
Detecting Violations:
- LLIF checks the code against the inferred locking rules to detect potential race conditions.
- It uses a context-sensitive mechanism to reduce false positives by considering the context of similar field accesses.
- LLIF also applies several heuristics to filter out intentionally unprotected accesses, such as initialization/cleanup code, unlocked check-locked recheck patterns, and concurrency-safe functions.
Evaluation:
- LLIF was evaluated on Linux kernel version 5.14.11.
- It was able to detect 11 out of 14 known security vulnerabilities related to race conditions.
- For new issues, LLIF reported 1214 potential race conditions, which were manually categorized into 257 true positives, 169 false positives, and 185 unknowns.
- The context-sensitivity and heuristics were shown to be effective in reducing the false positive rate from 75.44% to 39.67%.
- LLIF found and reported 24 new bugs in Linux 5.14.11, 23 of which have been fixed.