- TextdokumentGroup-based Memory Management in Fyr(Tagungsband des FG-BS Herbsttreffens 2020, 2020) Weis, Torben; Zdankin, Peter; Carl, Oskar; Waltereit, MarianAlbeit being introduced decades ago, C and C++ are still the most commonly used programming languages for operating systems. These languages have no reliable mechanisms to deal with memory safety issues, such as use-after-free or data race conditions, that are a leading cause for security bugs in operating systems and other critical software. Tools such as Valgrind have been developed to identify errors, but the errors must occur during the analysis, as they are not found otherwise. Several modern programming languages such as Rust, Go and Swift have emerged aiming to solve some of the issues by providing memory safety guarantees at compile or run time. However, these languages introduce new limitations, especially concerning software development for performance-critical or resource-constrained systems. In this paper, we introduce a new approach to automatic memory management that manages the lifetime of object groups instead of individual objects. We show that group-based memory management can remove some of the restrictions of modern programming languages while satisfying important memory safety constraints. Furthermore, we show how group-based memory management is implemented in our new systems programming language Fyr.
- TextdokumentImproving Linux-Kernel Tests for LockDoc with Feedback-driven Fuzzing(Tagungsband des FG-BS Herbsttreffens 2020, 2020) Lochmann, Alexander; Thunig, Robin; Schirmeier, HorstLockDoc is an approach to extract locking rules for kernel data structures from a dynamic execution trace recorded while the system is under a benchmark load. These locking rules can e.g. be used to locate synchronization bugs. For high rule precision and thorough bug finding, the approach heavily depends on the choice of benchmarks: They must trigger the execution of as much code as possible in the kernel subsystem relevant for the targeted data structures. However, existing test suites such as those provided by the Linux Test Project (LTP) only achieve – in the case of LTP – about 35 percent basic-block coverage for the VFS subsystem, which is the relevant subsystem when extracting locking rules for filesystem-related data structures. In this article, we discuss how to complement the LTP suites to improve the code coverage for our LockDoc scenario. We repurpose syzkaller – a coverage-guided fuzzer with the goal to validate the robustness of kernel APIs – to 1) not aim for kernel crashes, and to 2) maximize code coverage for a specific kernel subsystem. Thereby, we generate new benchmark programs that can be run in addition to the LTP, and increase VFS basic-block coverage by 26.1 percent.