Julia Lawall: An Introduction to Coccinelle Bug Finding and Code Evolution for the Linux Kernel





Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Nov 3, 2014

The need to find repetitive patterns of code, and potentially to transform them, is pervasive in software development. For example, when an API changes, all of the clients of the API must be updated to respect the new usage protocol. Likewise, any bug that is found may also be lurking in other parts of the software. These issues are particularly relevant to the Linux kernel, which is low-level critical software, is very large, and is implemented by developers with a wide range of expertise. For example, between Linux 3.10 and 3.15, 197 exported functions with total of 1053 uses in Linux 3.10 had a change in their number of arguments or return type. Finding the relevant calls and deciding how to update them is tedious and error-prone. For bugs, finding all occurrences of a bug is essential if the bugs can crash the system or pose a security risk. But finding scattered occurrences of specific code patterns is difficult in software containing millions of lines of code, like the Linux kernel. Solutions such as using grep and sed are fragile, and may miss relevant code fragments due to differences in spacing, variable names, etc.

To address the need for identifying and possibly modifying recurring fragments of code, the Inria Whisper team has proposed the tool Coccinelle (coccinelle.lip6.fr). Coccinelle has been under development for over 7 years, and is available in a number of Linux distributions (Open Suse, Ubuntu, Debian, Fedora, etc.). Our goal for Coccinelle is to provide an easy-to-use tool that will allow developers to express patterns and transformations, and to apply these patterns and transformations to the code efficiently and without disrupting the overall structure of the code base. To this end, Coccinelle is designed around a language for expressing matching and transformation rules in terms of fragments of C code. More precisely, Coccinelle specifications have the form of a patch, in which code to add and remove is highlighted by using + and -, respectively, at the beginning of the affected lines. Coccinelle semantic patches, however, permit abstracting away from irrelevant details, such as spacing and variaable names, thus allowing a single specification to apply across an entire code base. Coccinelle has been used in the development of almost 2000 patches found in the Linux kernel. Over 40 Coccinelle rules are distributed with the Linux kernel source code.

In this tutorial, we will present Coccinelle through a number of examples, including API evo- lutions and security-relevant bugs. We will conclude by considering how Coccinelle can be used to introduce managed memory (devm functions) into Linux drivers, an evolution that has so far required 7 years and remains substantially incomplete.

The tutorial will be highly interactive, with many exercises to allow the participants to test Coccinelle in a realistic setting. Participants should have Coccinelle and the source code of Linux 3.2 installed on their machines.

coccinelle-1.0.0-rc21 is required and available via:

zypper ar obs://devel:tools dt

zypper in -f coccinelle

-- This talk was presented at SUSE Labs Conference 2014 in České Budějovice.


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...