Information Technology Reference
In-Depth Information
send
s
2
connect
close
recv
socket
s
1
s
3
close
Fig. 1.
Partial socket protocol
In this paper we describe our own approach for runtime detection of incorrect
use of APIs for C programs. Moreover, we discuss how we think such a tool should
be integrated as part of a development environment in order for it to be adopted
as a useful tool. We also introduce a proof-of-concept framework that seamlessly
integrates our own approach into an existing development environment.
The remainder of the paper is structured as follows. First, in Section 2 we
shortly discuss our own approach to detecting protocol violations. Next, in Sec-
tion 3 we introduce our proof-of-concept implementation of the approach and
describe how we have integrated it as a part of a development environment.
Finally, in Section 4 we discuss the possible future directions of our work.
2 Our Approach
Sockets are a good example of the abstractions discussed is the previous sec-
tion. Figure 1 illustrates, in a form of a state machine, a partial protocol for
using sockets: before data can be sent or received, a socket must be created and
connected to an address. After a socket is not used anymore, it should be closed.
Aliasing is one of the main problems of detecting violations of such protocols.
Often abstraction instance is represented by a reference to it, e.g., file descriptor,
that may be freely copied. A change in one of the copies should also affect all the
others. Compared to static analysis, dynamic analysis simplifies identification of
aliases. However, often it is not possible to detect aliases by just comparing
references, as implementations may reuse resources. For example, a file descrip-
tor may be reused after a file has been closed. Using the newly allocated file
descriptor via an old reference, while possible, is clearly semantically an error.
Our approach originates from dynamic data flow tracking that considers tag-
ging and tracking of interesting data as it propagates through the program during
execution. We solve the aliasing problem by using tags to track which memory
areas actually represent the same abstraction instances. All these areas share the
same tag. With each tag we associate a state and a type. The state represents
the current abstract state of the abstraction instance. As an example, that a
socket is bound or connected. The type defines which protocol to apply on the
state, i.e., the valid state changes.
