ABSTRACT
Feature-sensitive verification pursues effective analysis of the exponentially many variants of a program family. However, researchers lack examples of concrete bugs induced by variability, occurring in real large-scale systems. Such a collection of bugs is a requirement for goal-oriented research, serving to evaluate tool implementations of feature-sensitive analyses by testing them on real bugs. We present a qualitative study of 42 variability bugs collected from bug-fixing commits to the Linux kernel repository. We analyze each of the bugs, and record the results in a database. In addition, we provide self-contained simplified C99 versions of the bugs, facilitating understanding and tool evaluation. Our study provides insights into the nature and occurrence of variability bugs in a large C software system, and shows in what ways variability affects and increases the complexity of software bugs.
- S. Apel, D. Batory, C. Kästner, and G. Saake. Feature-Oriented Software Product Lines. Springer-Verlag, 2013. Google ScholarCross Ref
- S. Apel, C. Kästner, A. Grösslinger, and C. Lengauer. Type safety for feature-oriented product lines. Automated Software Engineering, 17, 2010. Google ScholarDigital Library
- S. Apel, H. Speidel, P. Wendler, A. von Rhein, and D. Beyer. Detection of feature interactions using feature-aware verification. In Proceedings of the 26th IEEE/ACM International Conference on Automated Software Engineering (ASE'11), Lawrence, USA, 2011. IEEE Computer Society. Google ScholarDigital Library
- T. Berger, R. Rublack, D. Nair, J. M. Atlee, M. Becker, K. Czarnecki, and A. Wasowski. A survey of variability modeling in industrial practice. In S. Gnesi, P. Collet, and K. Schmid, editors, VaMoS. ACM, 2013. Google ScholarDigital Library
- T. Berger, S. She, R. Lotufo, A. Wasowski, and K. Czarnecki. A study of variability models and languages in the systems software domain. IEEE Trans. Software Eng., 39(12). Google ScholarDigital Library
- E. Bodden, T. Tolêdo, M. Ribeiro, C. Brabrand, P. Borba, and M. Mezini. SPLLIFT - statically analyzing software product lines in minutes instead of years. In PLDI'13, 2013. Google ScholarDigital Library
- E. Bounimova, P. Godefroid, and D. Molnar. Billions and billions of constraints: Whitebox fuzz testing in production. In Proceedings of the 2013 International Conference on Software Engineering, ICSE '13, Piscataway, NJ, USA, 2013. IEEE Press. Google ScholarDigital Library
- D. Bovet and M. Cesati. Understanding the Linux Kernel. O'Reilly Media, 2005. Google ScholarDigital Library
- C. Brabrand, M. Ribeiro, T. Tol^edo, J. Winther, and P. Borba. Intraprocedural data flow analysis for software product lines. Transactions on Aspect-Oriented Software Development, 10, 2013. Google ScholarDigital Library
- W. R. Bush, J. D. Pincus, and D. J. Sielaff. A static analyzer for finding dynamic programming errors. Softw. Pract. Exper., 30(7), June 2000. Google ScholarDigital Library
- M. Calder, M. Kolberg, E. H. Magill, and S. Reiff-Marganiec. Feature interaction: A critical review and considered forecast. Comput. Netw., 41(1), 2003. Google ScholarDigital Library
- A. Classen, P. Heymans, P.-Y. Schobbens, and A. Legay. Symbolic model checking of software product lines. In ICSE, 2011. Google ScholarDigital Library
- A. Classen, P. Heymans, P.-Y. Schobbens, A. Legay, and J.-F. Raskin. Model checking lots of systems: efficient verification of temporal properties in software product lines. In ICSE'10, Cape Town, South Africa, 2010. ACM. Google ScholarDigital Library
- K. Czarnecki and K. Pietroszek. Verifying feature-based model templates against well-formedness OCL constraints. In Proceedings of the 5th international conference on Generative programming and component engineering, GPCE '06, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
- N. Dor, M. Rodeh, and M. Sagiv. CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Over flows in C. SIGPLAN Not., 38(5), 2003. Google ScholarDigital Library
- D. Evans. Static detection of dynamic memory errors. SIGPLAN Not., 31(5), 1996. Google ScholarDigital Library
- A. Gruler, M. Leucker, and K. D. Scheidemann. Modeling and model checking software product lines. In FMOODS, 2008. Google ScholarDigital Library
- G. Holl, M. Vierhauser, W. Heider, P. Grünbacher, and R. Rabiser. Product line bundles for tool support in multi product lines. In VaMoS, 2011. Google ScholarDigital Library
- D. Hovemeyer and W. Pugh. Finding more null pointer bugs, but not too many. In Proceedings of the 7th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, PASTE '07, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- K. Kang, S. Cohen, J. Hess, W. Nowak, and S. Peterson. Feature-oriented domain analysis (FODA) feasibility study. Tech.Rep.Carnegie Mellon University/SEI-90-TR-21, Carnegie Mellon University-SEI, 1990.Google ScholarCross Ref
- C. Kästner. Virtual Separation of Concerns: Toward Preprocessors 2.0. PhD thesis, Marburg, Germany, 2010.Google Scholar
- C. Kästner and S. Apel. Type-checking software product lines - a formal approach. In Proceedings of the 23rd IEEE/ACM International Conference on Automated Software Engineering (ASE'08), L'Aquila, Italy, 2008. Google ScholarDigital Library
- A. Kenner, C. Kästner, S. Haase, and T. Leich. Typechef: Toward type checking #ifdef variability in c. In Proceedings of the 2Nd International Workshop on Feature-Oriented Software Development, FOSD '10, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
- C. H. P. Kim, E. Bodden, D. Batory, and S. Khurshid. Reducing configurations to monitor in a software product line. In 1st International Conference on Runtime Verification (RV), volume 6418 of LNCS, Malta, 2010. Springer. Google ScholarDigital Library
- R. Love. Linux Kernel Development. Developer's Library. Pearson Education, 2010. Google ScholarDigital Library
- F. Medeiros, M. Ribeiro, and R. Gheyi. Investigating preprocessor-based syntax errors. In Proceedings of the 12th International Conference on Generative Programming: Concepts & Experiences, GPCE '13, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
- S. Nadi, T. Berger, C. Kästner, and K. Czarnecki. Mining configuration constraints: Static analyses and empirical results. In 36th International Conference on Software Engineering (ICSE'14), 2014. Google ScholarDigital Library
- S. Nadi, C. Dietrich, R. Tartler, R. C. Holt, and D. Lohmann. Linux variability anomalies: what causes them and how do they get fixed? In T. Zimmermann, M. D. Penta, and S. Kim, editors, MSR. IEEE / ACM, 2013. Google ScholarDigital Library
- Y. Padioleau, J. L. Lawall, and G. Muller. Understanding collateral evolution in linux device drivers. In Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006, EuroSys '06, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
- H. Post and C. Sinz. Configuration lifting: Verification meets software configuration. In Proceedings of the 23rd IEEE/ACM International Conference on Automated Software Engineering (ASE'08), L'Aquila, Italy, 2008. IEEE Computer Society. Google ScholarDigital Library
- J. Slaby, J. Strejçek, and M. Trtík. ClabureDB: Classified Bug-Reports Database. In R. Giacobazzi, J. Berdine, and I. Mastroeni, editors, Verification, Model Checking, and Abstract Interpretation, volume 7737 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2013.Google Scholar
- The Institute of Electrical and Eletronics Engineers. IEEE Standard Glossary of Software Engineering Terminology. IEEE Standard, 1990.Google Scholar
- T. Thüm, S. Apel, C. Kästner, I. Schaefer, and G. Saake. A classification and survey of analysis strategies for software product lines. ACM Computing Surveys, 2014. Google ScholarDigital Library
- Y. Tian, J. Lawall, and D. Lo. Identifying linux bug fixing patches. In Proceedings of the 2012 International Conference on Software Engineering, ICSE 2012, Piscataway, NJ, USA, 2012. IEEE Press. Google ScholarDigital Library
- D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In NDSS. The Internet Society, 2000.Google Scholar
- Z. Yin, X. Ma, J. Zheng, Y. Zhou, L. N. Bairavasundaram, and S. Pasupathy. An empirical study on configuration errors in commercial and open source systems. In Proc. of the Twenty-Third ACM Symposium on Operating Systems Principles SOSP '11, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
Index Terms
- 42 variability bugs in the linux kernel: a qualitative analysis
Recommendations
Variability Bugs in Highly Configurable Systems: A Qualitative Analysis
Variability-sensitive verification pursues effective analysis of the exponentially many variants of a program family. Several variability-aware techniques have been proposed, but researchers still lack examples of concrete bugs induced by variability, ...
The Linux kernel: a case study of build system variability
Although build systems control what code gets compiled into the final built product, they are often overlooked when studying software variability. The Linux kernel is one of the biggest open source software systems supporting variability and contains ...
Do bugs lead to unnaturalness of source code?
ESEC/FSE 2022: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software EngineeringTexts in natural languages are highly repetitive and predictable because of the naturalness of natural languages. Recent research validated that source code in programming languages is also repetitive and predictable, and naturalness is an inherent ...
Comments