SHF: Small: Collaborative Research: Static Analysis Infrastructure for Variability-Aware Bug Detection and Translation of Highly-Configurable Software Systems

SHF：小型：协作研究：用于高度可配置软件系统的可变性缺陷检测和转换的静态分析基础设施

• 批准号: 1816951
• 负责人: Shiyi Wei
• 金额: $ 24.13万
• 依托单位: University of Texas at Dallas
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2022-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1816951&HistoricalAwards=false
• 关键词: SHF; Small; Collaborative; Research; Static

Highly-configurable systems, e.g., the Linux kernel, form our most critical infrastructure, underpinning everything from high-performance computing clusters to IoT devices. Keeping these systems secure and reliable with automated tools is essential. However, tool support is lacking for such systems because of the complexity and scale of their configurability. This leaves some of the most critical software with some of the least tool support. The problem is that most software tools are not variability-aware; that is, they do not account for the many configurations of the software. Serious defects, including null pointer errors and buffer overflows, can and do appear in specific configurations, making them hard to find without accounting for variability. The goal of this project is to advance the state of the art for systems development and debugging, resulting in more secure and less error-prone systems, benefiting the millions who rely on highly-configurable software infrastructure.To solve these challenges, this project aims to develop the infrastructure, analysis techniques, and language support for debugging and maintaining configurable software systems written in C-family languages, currently lacking for software developers. The first part of the project is to develop a front-end infrastructure that captures these sources of variability in a new intermediate representation. Such reusable infrastructure is crucial to the development of state-of-the-art analyses. The second part seeks to create variability-aware versions of static analyses and propose new inter-procedural analyses that enable tradeoffs between scalability and precision. While static analysis has proven useful for detecting bugs, accounting for configurations increases the complexity of analysis. Systematic extensions to bug detection algorithms based on these new analyses can target previously obscured bugs. Since the C preprocessor has long been recognized as a source of problems, the third part of this project is to develop new language extensions to C, supplanting preprocessor usage and enabling compiler support for variability specifications. Translators to the new language based on our front-end analysis infrastructure will enable existing software to benefit from the new language. The PIs on this project will mentor graduate students and are committed to promoting female and under-represented minority participation. Artifacts developed in this project will be used in courses to introduce students to state-of-the-art software tool development.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

高度可配置的系统（例如 Linux 内核）构成了我们最关键的基础设施，支撑着从高性能计算集群到物联网设备的一切。 使用自动化工具保持这些系统的安全和可靠至关重要。 然而，由于此类系统的可配置性的复杂性和规模，缺乏工具支持。 这使得一些最关键的软件只能得到一些最少的工具支持。 问题是大多数软件工具都不能感知可变性。也就是说，它们没有考虑到软件的许多配置。 严重的缺陷，包括空指针错误和缓冲区溢出，可能而且确实出现在特定的配置中，如果不考虑可变性，就很难发现它们。 该项目的目标是提高系统开发和调试的技术水平，从而产生更安全、更不易出错的系统，使数以百万计依赖高度可配置软件基础设施的人受益。为了解决这些挑战，该项目的目标是开发基础设施、分析技术和语言支持，以调试和维护用 C 系列语言编写的可配置软件系统，而这些是软件开发人员目前所缺乏的。 该项目的第一部分是开发一个前端基础设施，以新的中间表示形式捕获这些可变性来源。这种可重用的基础设施对于最先进的分析的发展至关重要。 第二部分旨在创建静态分析的可变性感知版本，并提出新的过程间分析，以实现可扩展性和精度之间的权衡。 虽然静态分析已被证明对于检测错误很有用，但考虑配置会增加分析的复杂性。 基于这些新分析的错误检测算法的系统扩展可以针对以前被掩盖的错误。 由于 C 预处理器长期以来被认为是问题的根源，因此该项目的第三部分是开发新的 C 语言扩展，取代预处理器的使用并使编译器支持可变性规范。 基于我们的前端分析基础设施的新语言翻译器将使现有软件能够从新语言中受益。 该项目的 PI 将指导研究生，并致力于促进女性和代表性不足的少数族裔的参与。 该项目中开发的工件将用于课程中，向学生介绍最先进的软件工具开发。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

SugarC: scalable desugaring of real-world preprocessor usage into pure C

SugarC：将现实世界的预处理器使用可扩展地脱糖为纯 C

• DOI: 10.1145/3510003.3512763
• 发表时间: 2022-05
• 期刊: ICSE '22: Proceedings of the 44th International Conference on Software Engineering
• 作者: Patterson, Zachary;Zhang, Zenong;Pappas, Brent;Wei, Shiyi;Gazzillo, Paul
• 通讯作者: Gazzillo, Paul

Conditional compilation is dead, long live conditional compilation!

条件编译已死，条件编译万岁！

• DOI: 10.1109/icse-nier.2019.00035
• 发表时间: 2019-05
• 期刊: Proceedings - International Conference on Software Engineering
• 作者: Gazzillo, Paul;Wei, Shiyi
• 通讯作者: Wei, Shiyi

An Empirical Study of Real-World Variability Bugs Detected by Variability-Oblivious Tools

通过可变性遗忘工具检测到的现实世界可变性错误的实证研究

• DOI: 10.1145/3338906.3338967
• 发表时间: 2019-08
• 期刊: ESEC/FSE 2019: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
• 作者: Mordahl, Austin;Oh, Jeho;Koc, Ugur;Wei, Shiyi;Gazzillo, Paul
• 通讯作者: Gazzillo, Paul

Static data-flow analysis for software product lines in C: Revoking the preprocessor’s special role

C 语言中软件产品线的静态数据流分析：撤销预处理器的特殊角色

• DOI: 10.1007/s10515-022-00333-1
• 发表时间: 2022-05
• 期刊: Automated Software Engineering
• 影响因子: 3.4
• 作者: Schubert, Philipp Dominik;Gazzillo, Paul;Patterson, Zach;Braha, Julian;Schiebel, Fabian;Hermann, Ben;Wei, Shiyi;Bodden, Eric
• 通讯作者: Bodden, Eric

Toward detection and characterization of variability bugs in configurable C software: an empirical study

可配置 C 软件中可变性错误的检测和表征：一项实证研究

• DOI: 10.1109/icse-companion.2019.00064
• 发表时间: 2019-05
• 期刊: Proceedings - International Conference on Software Engineering
• 作者: Mordahl; Austin
• 通讯作者: Austin