Loading...

Coccinelle: Finding bugs in open source systems code

2,135 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Feb 14, 2010

Bugs are pervasive in code. And when one finds one bug there are often others of the same type lurking in other parts of the code base. The difficulty then is how to find them efficiently within thousands or millions of lines of code.

by Julia Lawall

At the University of Copenhagen, in collaboration with researchers in Paris and Aalborg, we have been developing the Coccinelle program matching and transformation engine (http://coccinelle.lip6.fr). Coccinelle provides a language, SmPL (semantic patch language), for writing complex code patterns that may perform simple searching or that can be annotated with transformation information. A novelty of Coccinelle is that these patterns look very similar to ordinary source code. Nevertheless, SmPL patterns can be made generic using pattern variables, and are matched according to the semantics of the source code rather than the line-by-line syntax, and hence we have given them the name semantic patches.

In this talk, we will introduce Coccinelle and the SmPL language, and then illustrate its use with examples based on bugs that we have found and fixed in Linux kernel code. In particular, we will focus on how the source-code like language makes it easy to customize the bug finding process to very specific problems and to fine-tune semantic patches to reduce the number of false positives, which plague automated bug finding tools. To date, over 400 patches derived from the use of Coccinelle have been accepted into the Linux kernel source tree.

Coccinelle is a program matching and transformation system targeting C code. Coccinelle provides a language, SmPL (semantic patch language), for writing complex code patterns that may perform simple searching or that can be annotated with transformation information. A novelty of Coccinelle is that these patterns look very similar to ordinary source code. Nevertheless, SmPL patterns can be made generic using pattern variables, and are matched according to the semantics of the source code rather than the line-by-line syntax.

In developing Coccinelle, we have particularly targeted Linux kernel code. Nevertheless, Coccinelle has been applied in the context of other open source software projects, such as OpenSSL and Wine. To date, over 400 patches derived from the use of Coccinelle have been accepted into the Linux kernel source tree.

Links:
http://coccinelle.lip6.fr


FOSDEM (Free and Open Source Development European Meeting) is a European event centered around Free and Open Source software development. It is aimed at developers and all interested in the Free and Open Source news in the world. Its goals are to enable developers to meet and to promote the awareness and use of free and open source software. More info at http://fosdem.org

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...