A Bug's Life – ABL

Open source infrastructure software, such as the Linux operating system, Web browsers and n-tier servers, has become a well-recognized solution for implementing critical functions of modern life. Companies and local governments are finding that the use of open source software reduces costs and allows them to pool their resources to build and maintain infrastructure software in critical niche areas. Nevertheless, the increasing reliance on open source infrastructure software introduces new demands in terms of security and safety. In principle, infrastructure software contains security features that protect against data loss, data corruption, and inadvertent transmission of data to third parties. In practice, however, these security features are compromised by a simple fact: software contains bugs. This project proposes a new approach to finding and fixing bugs in infrastructure software, building on the Coccinelle program matching and transformation engine. A unique feature of Coccinelle is the ability to specify desired searches and transformations in a notation that is very close to the programming language used by software developers. Our thesis is thus that allowing developers to directly express rules for finding various kinds of bugs in a syntax that is similar to that of the processed code will make the bug finding process more successful and predictable. In this project, we will perform a study of the kinds of bugs that occur in open source infrastructure software and then explore a variety of avenues for developing and using Coccinelle specifications and related techniques for finding and fixing these bugs. An important component of this project is the connection with the open source community, building on our experience in the Coccinelle project. As designers of bug-finding tools, we benefit from open source software as a large freely available code base, for which the entire development history is available. We will in turn give back to the open source community, by making the developed tools freely available. Finally, interacting with the open source community gives us the ability to reach a wide range of potential users and to receive quick feedback to improve the underlying approach and developed tools. In contrast to much of the other work on bug finding, a main goal of this work is thus to create a collection of tools that are practical and intuitive to use for open source developers, which they can easily customize to the needs of their particular software.