We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Coccinelle: Finding bugs in open source systems code

19
 Zitieren
 Teilen
 Zugehöriges Material
 Herunterladen
 Bestellen
Logo von FOSDEM VZWFOSDEM VZW
 Lawall, Julia

Formale Metadaten

Titel
Coccinelle: Finding bugs in open source systems code
Serientitel
Anzahl der Teile
97
Autor
Lizenz
CC-Namensnennung 2.0 Belgien:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
Bugs are pervasive in code. And when one finds one bug there are often others of the same type lurking in other parts of the code base. The difficulty then is how to find them efficiently within thousands or millions of lines of code. At the University of Copenhagen, in collaboration with researchers in Paris and Aalborg, we have been developing the Coccinelle program matching and transformation engine. Coccinelle provides a language, SmPL (semantic patch language), for writing complex code patterns that may perform simple searching or that can be annotated with transformation information. A novelty of Coccinelle is that these patterns look very similar to ordinary source code. Nevertheless, SmPL patterns can be made generic using pattern variables, and are matched according to the semantics of the source code rather than the line-by-line syntax, and hence we have given them the name semantic patches. In this talk, we will introduce Coccinelle and the SmPL language, and then illustrate its use with examples based on bugs that we have found and fixed in Linux kernel code. In particular, we will focus on how the source-code like language makes it easy to customize the bug finding process to very specific problems and to fine-tune semantic patches to reduce the number of false positives, which plague automated bug finding tools. To date, over 400 patches derived from the use of Coccinelle have been accepted into the Linux kernel source tree. Coccinelle is a program matching and transformation system targeting C code. Coccinelle provides a language, SmPL (semantic patch language), for writing complex code patterns that may perform simple searching or that can be annotated with transformation information. A novelty of Coccinelle is that these patterns look very similar to ordinary source code. Nevertheless, SmPL patterns can be made generic using pattern variables, and are matched according to the semantics of the source code rather than the line-by-line syntax. In developing Coccinelle, we have particularly targeted Linux kernel code. Nevertheless, Coccinelle has been applied in the context of other open source software projects, such as OpenSSL and Wine. To date, over 400 patches derived from the use of Coccinelle have been accepted into the Linux kernel source tree.