RID: Finding Reference Count Bugs with Inconsistent Path Pair Checking.

Junjie Mao,Yu Chen,Qixue Xiao,Yuanchun Shi
DOI: https://doi.org/10.1145/2980024.2872389
2016-01-01
Abstract:Reference counts are widely used in OS kernels for resource management. However, reference counts are not trivial to be used correctly in large scale programs because it is left to developers to make sure that an increment to a reference count is always paired with a decrement. This paper proposes inconsistent path pair checking, a novel technique that can statically discover bugs related to reference counts without knowing how reference counts should be changed in a function. A prototype called RID is implemented and evaluations show that RID can discover more than 80 bugs which were confirmed by the developers in the latest Linux kernel. The results also show that RID tends to reveal bugs caused by developersu0027 misunderstanding on API specifications or error conditions that are not handled properly.
What problem does this paper attempt to address?