Nov 7, 2019 | Atlanta, GA
Georgia Tech researchers have developed a new tool that can find one of the most challenging types of bug.
Called Hydra, the framework provides building blocks for file system fuzzers to find semantic errors, helping developers save time. Using Hydra, the researchers have found 155 new bugs in Linux file systems.
“The name Hydra comes from the Greek mythological monster that has multiple heads because our approach brings multiple bug checkers into a unified framework, enabling the testing of multiple aspects of file systems,” said School of Computer Science (SCS) Ph.D. student Seulbae Kim.
Finding Semantic Bugs
File systems are the center of any operating systems. Yet as they grow larger, the potential for bugs only increases. Bugs can cause chaos for users, from unwanted reboots to corruption of an entire system — not to mention security vulnerabilities.
Eliminating bugs individually is nearly impossible, so developers often rely on fuzzing to expedite the process. The generalized automatic software testing technique injects mutated inputs to discover bugs and test how robust the system is. Typically, fuzzing is only designed for detecting memory errors, but the researchers wanted to tackle a more challenging category, semantic bugs.
Sematic bugs come in many forms, from violating main properties of the system like crash safety to the developers’ incorrect assumptions. Each issue often requires a specialized checker to find the bug. Yet, all semantic bugs have one thing in common: Their failure does not register in the kernel in the same way memory bugs do. Their undetectable nature means previous fuzzers can’t be used out of the box.
“Semantic bugs do not explicitly manifest themselves,” Kim said. “They are silent. The effects are often internal and only revealed upon some special condition.”
Hydra enables plugged-in bug checkers to work on their own while offloading file system checking to Hydra. This helps eliminate any type of file system bugs, including three common types:
·Crash inconsistency, when a file system fails to recover to a correct state after a crash
·Specification violation (often known as POSIX standards), when the file system’s behavior does not conform to the specifications of how it should behave
·Logic bugs, when bugs are specific to a file system’s implementation of an algorithm or an invalid assumption
[RELATED CONTENT: Janus Finds More Bugs in File Systems than any Fuzzer]
Building from the researchers’ prior work with the fuzzer Janus, Hydra provides common tools developers need to debug a file system, including:
·Input mutator to generate test cases that are likely to trigger bugs
· libOS-based executor that executes the test case against targeted file system and runs plugged-in bug checkers
· Feedback engines that summarize the effects of test cases and determine if they are effective enough to further mutate
·Bug reproducer with a test case minimizer that automatically verifies the reported test cases and reduces the size of the test case, respectively
“With these jobs offloaded, a developer now can only focus on writing a reliable bug checker (if it does not already exist) for the bug type he or she is interested in finding,” Kim said.
Kim presented the work at ACM Symposium on Operating Systems Principles (SOSP) in Huntsville, Ontario, Canada from Oct. 27 to 30. He co-wrote the paper, Finding Semantic Bugs in File Systems with an Extensible Fuzzing Framework with SCS Ph.D. students Meng Xu, Sanidhya Kashyap, Jungyeon Yoon, and Wen Xu, and SCS Associate Professor Taesoo Kim.