Mastering Variability Challenges in Linux and Related Highly-Configurable System Software
Total Page:16
File Type:pdf, Size:1020Kb
Mastering Variability Challenges in Linux and Related Highly-Configurable System Software Der Technischen Fakultät der Friedrich-Alexander-Universität Erlangen-Nürnberg zur Erlangung des Doktorgrades DOKTOR-INGENIEUR vorgelegt von Reinhard Tartler aus Nürnberg Als Dissertation genehmigt von der Technischen Fakultät Friedrich-Alexander-Universität Erlangen-Nürnberg Tag der mündlichen Prüfung: 8. August 2013 Vorsitzender des Promotionsorgans: Prof. Dr. Marion Merklein Gutachter: Prof. Dr.-Ing. Wolfgang Schröder-Preikschat Dr.-Ing. Sven Apel Beherrschung von Variabilitätsproblemen in Linux und verwandter hoch-konfigurierbarer Systemsoftware Die von moderner Systemsoftware angebotenen Konfigurationsmechanismen erlauben die Anpassung an eine breite Auswahl von unterstützten Hard- warearchitekturen und Anwendungsdomänen. Linux ist hierbei ein sowohl prominentes als auch gutes Beispiel: In Version 3.2 bietet Linux mehr als 12;000 vom Benutzer steuerbare Konfigurationsschalter, mit stark steigender Tendenz. Dieses hohe Maß an Konfigurierbarkeit stellt Entwickler vor große Heraus- forderungen. Zum einen muss die in den Konfigurationswerkzeugen deklari- erte, mit der im Programmtext umgesetzten Variabilität in Einklang gehalten werden. Bei händischer Durchführung stellt dies einen mühsamen und fehler- anfälligen Arbeitsschritt dar. Zum anderen erschweren die im Programmtext programmierten Alternativen den Einsatz von statischen Analysewerkzeugen. Schließlich macht die überwältigende Anzahl an Konfigurationsoptionen es Systemintegratoren und Entwicklern schwer, die für einen gegebenen Anwen- dungsfall beste Belegung der Konfigurationsschalter zu finden. In dieser Arbeit analysiere ich die Variabilitätsmechanismen in Linux und verwandter Systemsoftware, bei der ich im ersten Schritt viele Inkonsistenzen zwischen der Deklaration und Umsetzung von Variabilität aufdecke. Viele dieser Inkonsistenzen sind dabei nachweislich tatsächliche Programmierfehler. Es stellt sich dabei heraus, dass das extrahierte Variabilitätsmodell auch für weitere Anwendungen nützlich ist. So hilft das formalisierte Modell Entwick- lern bestehende statische Analysewerkzeuge effektiver einsetzen zu können. Dies erlaubt die systematische Aufdeckung von Programmfehlern, die in selten gewählten Konfigurationen verborgen sind. Darüber hinaus ermöglicht mein Ansatz die Konstruktion einer minimalen Konfiguration mit dem extrahierten Variabilitätsmodell und einer Laufzeitanalyse des Systems. Dies ermöglicht es Systemadministratoren einen Linux-Kern mit einer deutlich verkleinerten Angriffsfläche zu übersetzen und zu betreiben, was die Sicherheit des Gesamt- systems deutlich erhöht. Letztendlich erlaubt mein Ansatz die ganzheitliche Beherrschung der Variabilität in Linux zur Übersetzungszeit über die Sprach- grenzen der eingesetzten Werkzeuge KCONFIG, MAKE und CPP, hinweg. Mastering Variability Challenges in Linux and Related Highly-Configurable System Software The compile-time configuration mechanisms of modern system software allow the adaptation to a broad range of supported hardware architectures and application domains. Linux is hereby a both prominent and good example: In version 3.2, Linux provides more than 12;000 user-configurable configuration options, growing rapidly. This high amount of configurability imposes big challenges for developers. First, the declared variability in the configuration tooling, and what is actually implemented in the code, have to be kept in sync. If performed manually, this is a tedious and error-prone task. Second, alternatives implemented in the code make the use of tools for static analysis challenging. Finally, the overwhelming amount of configuration options make finding the best configuration for a given use-case hard for system integrators and developers. In this thesis, I analyze the variability mechanisms in Linux and related system software, in which I reveal many inconsistencies between the variability declaration and implementation. Many of these inconsistencies are hereby provably actual programming errors. It turns out that the extracted variability model is useful for additional applications. The formalized model helps developers with employing existing tools for static analysis more effectively. This allows the systematic revelation of bugs that are hidden under seldom tested configurations. Moreover, my approach enables the construction of a minimal Linux configuration with the extracted variability model and a run- time analysis of the system. This enables system administrators to compile and operate a Linux kernel with significantly reduced attack-surface, which makes the system more secure. In the end, my approach allows the holistic mastering of compile-time variability across the language barriers of the employed tools KCONFIG, MAKE and CPP. Acknowledgements Many people have supported me in writing this thesis, for which I am very thankful. Special thanks go to my supervising professor WOLFGANG SCHRÖDER- PREIKSCHAT, who has given me the opportunity to work in a tremendous environment of research and teaching! I am thankful for having met DANIEL LOHMANN, who has not only supervised my master thesis, but has always acted as a thoughtful and great mentor. I am very thankful for the enduring support from my wife KATHRIN, who continuously motivated me during both my studies and research. Also many thanks to my parents, and my in-laws INGRID and BURCKHARD, for their assistance and backing that I received over the many years. I wish all the best for the future to the VAMOS team, which at the time of writing consisting of CHRISTIAN DIETRICH and CHRISTOPH EGGER, with whom I kick-started the very first ideas of this dissertation. Also many thanks to the “tracewars” team: VALENTIN ROTHBERG, ANDREAS RUPRECHT and BERNHARD HEINLOTH for the great time we spent together. I wish all the best to STEFAN HENGELEIN and MANUEL ZERPIES for the future. I’m am overwhelmed by the friendliness, openness and support of the research staff at the Department of Computer Science 4. I’m happy to have met JÜRGEN KLEINÖDER, who has enabled me to join the group. It was more than pleasure to work with JULIO SINCERO—thank you for the great time. Many thanks to my former colleagues MICHAEL GERNOTH, FABIAN SCHELER, PETER ULBRICH, MORITZ STRÜBE, BENJAMIN OECHSLEIN, and TOBIAS DISTLER, who always assisted me with idea and provided inspiration. My respect and thanks also go to the rest of the remarkable and very vivid team of researchers of this department, who made my former workplace a joyful and inspirational, and successful place. Thanks! Erlangen, August 2013 vii Contents 1. Introduction1 1.1. Variability in Configurable System Software...........2 1.2. Problem Statement and Contributions of this Thesis.......4 1.3. Structure of this Thesis.......................5 2. Problem Analysis and State of the Art7 2.1. Variability Realization in Linux..................9 2.1.1. The Variability Declaration................ 11 2.1.2. Variability Implementation................. 12 2.1.3. Granularity of Variability Implementations........ 14 2.1.4. Generalization....................... 14 2.2. Related Work............................ 15 2.2.1. Program Families and Software Product Lines...... 15 2.2.2. Management of Variability in Operating Systems.... 16 2.2.3. Variability-Aware Analysis of Source Code........ 18 2.2.4. Implementation of Features in Operating Systems.... 19 2.3. Chapter Summary......................... 22 3. Extraction and Validation of Variability Implementations 23 3.1. The Variability Language of the Linux Kernel........... 25 3.1.1. General Characteristics of the Linux Configuration Model 26 3.1.2. Translation into Propositional Logic............ 27 3.1.3. Analysis of the KCONFIG Model.............. 28 3.1.4. Related Work and Limitations............... 29 3.1.5. Summary: The Variability Language of the Linux Kernel 30 3.2. Robust Extraction of Variability from the Linux Build System.. 31 3.2.1. The Role of the Build System............... 31 3.2.2. Related Approaches for Build System Variability Extraction 33 3.2.3. Common KBUILD Idioms.................. 34 3.2.4. Challenges in Build-System Analysis........... 35 3.2.5. Experimental Probing for Build-System Variability.... 38 3.2.6. Benefits and Limitations.................. 43 3.2.7. Application to Real-World Software Projects....... 44 ix Contents 3.2.8. Summary: Robust Extraction of Variability from the Linux Build System..................... 50 3.3. Variability with the C Preprocessor................ 51 3.3.1. The use of C preprocessor (CPP) in Linux........ 51 3.3.2. Conditional Compilation.................. 52 3.3.3. Expressing the Variability of CPP in Propositional Formulas 53 3.3.4. Non-Boolean expression.................. 58 3.3.5. Extraction of Code Variability in BUSYBOX ........ 59 3.3.6. Experimental Validation of the Extracted Formula.... 60 3.3.7. Further Related Work................... 60 3.3.8. Summary: Variability with the C Preprocessor...... 61 3.4. Chapter Summary......................... 63 4. Case Studies 65 4.1. Configuration Consistency..................... 67 4.1.1. Manifestations of Configuration Inconsistencies..... 67 4.1.2. Ensuring Configuration Consistency........... 70 4.1.3. Application on Linux.................... 74 4.1.4. Improvements by Makefile Constraints.......... 78 4.1.5. Accuracy.......................... 79 4.1.6. General Applicability of the Approach.......... 79 4.1.7. Further Related Work................... 81 4.1.8. Summary: Configuration Consistency........... 81 4.2. Configuration