The Impact of Generic Data Structures: Decoding the Role of Lists in the Linux Kernel

International audienceThe increasing adoption of the Linux kernel has been sustained by a large and constant maintenance effort, performed by a wide and heterogeneous base of contributors. One important problem that maintainers face in any code base is the rapid understanding of complex data structures. The Linux kernel is written in the C language, which enables the definition of arbitrarily uninformative datatypes, via the use of casts and pointer arithmetic, of which doubly linked lists are a prominent example. In this paper, we explore the advantages and disadvantages of such lists, for expressivity, for code understanding, and for code reliability. Based on our observations, we have developed a toolset that includes inference of descriptive list types and a tool for list visualization. Our tools identify more than 10,000 list fields and variables in recent Linux kernel releases and succeeds in typing 90%. We show how these tools could have been used to detect previously fixed bugs and identify 6 new ones

Formal Semantics and Scalable Verification for the Border Gateway Protocol using Proof Assistants and SMT Solvers

Thesis (Ph.D.)--University of Washington, 2017-03To reliably and securely route traffic across the Internet, Internet Service Providers (ISPs) must configure their Border Gateway Protocol (BGP) routers to implement policies restricting how routing information can be exchanged with other ISPs. Correctly implementing these policies in low-level router configuration languages, with configuration code distributed across all of an ISP’s routers, has proven challenging in practice, and misconfiguration has led to extended worldwide outages and traffic hijacks. We present Bagpipe, the first system that enables ISPs to declaratively specify control-plane policies and that automatically verifies that router configurations implement such policies using an SMT solver. We evaluated the expressiveness of Bagpipe’s policy specification language on 10 configuration scenarios from the Juniper TechLibrary, and evaluated the efficiency of Bagpipe on three ISPs with a total of over 240,000 lines of Cisco and Juniper BGP configuration. Bagpipe revealed 19 policy violations without issuing any false positives. To ensure Bagpipe correctly checks configurations, we verified its implementation in Coq, which required developing both the first formal semantics for BGP based on RFC 4271; and SpaceSearch, a new framework for verifying solver-aided tools. We provide evidence for the correctness and usefulness of our BGP semantics by verifying Bagpipe, formalizing Gao and Rexford’s pen-and-paper proof on the stability of BGP (this proof required a necessary extension to the original proof), and performing random differential testing of C-BGP (a BGP simulator) revealing 2 bugs in C-BGP, but none in our BGP semantics. We provide evidence for the general usefulness of SpaceSearch, by building and verifying two solver-aided tools. The first tool is Bagpipe, the second tool, SaltShaker, checks that RockSalt’s x86 semantics for a given instruction agrees with STOKE’s x86 semantics. SaltShaker identified 7 bugs in RockSalt and 1 bug in STOKE. After these systems were patched by their developers, SaltShaker verified the semantics’ agreement on 15,255 instructions in under 2h

A type system for format strings

Most programming languages support format strings, but their use is error-prone. Using the wrong format string syntax, or passing the wrong number or type of arguments, leads to unintelligible text output, program crashes, or security vulnerabilities. This paper presents a type system that guarantees that calls to format string APIs will never fail. In Java, this means that the API will not throw exceptions. In C, this means that the API will not return negative values, corrupt memory, etc. We instantiated this type system for Java’s Formatter API, and evaluated it on 6 large and well-maintained open-source projects. Format string bugs are common in practice (our type system found 104 bugs), and the annotation burden on the user of our type system is low (on average, for every bug found, only 1.0 annotations need to be written)

pyndl: Naïve discriminative learning in python

The pyndl package implements Naïve Discriminative Learning (NDL) in Python. NDL is an incremental learning algorithm grounded in the principles of discrimination learning (Rescorla & Wagner, 1972; Widrow & Hoff, 1960) and motivated by animal and human learning research (e.g. Baayen et al., 2011; Rescorla, 1988). Lately, NDL has become a popular tool in language research to examine large corpora and vocabularies, with 750,000 spoken word tokens (Shafaei-Bajestan et al., 2022) and a vocabulary size of 52,402 word types (Sering et al., 2018). In contrast to previous implementations, pyndl allows for a broader range of analysis, including non-English languages, adds further learning rules and provides better maintainability while having the same fast processing speed. As of today, it supports multiple research groups in their work and led to several scientific publications

Separating the impact of oxygen and water on the long-term stability of n-channel perylene diimide thin-film transistors

A detailed understanding for the mechanisms that control degradation of the electrical performance of organic thin-film transistors (TFTs) during exposure to various environments, such as oxygen and humidity, is still developing. This is particularly true for n-channel organic TFTs. Here we present an investigation of the long-term stability of n-channel TFTs based on the small-molecule organic semiconductor N,N'-bis(2,2,3,3,4,4,4-heptafluorobutyl-1,7-dicyano-perylene-(3,4: 9,10)-tetracarboxylic diimide (PDI-FCN2) during storage in dry nitrogen, dry air, wet nitrogen and ambient air. By monitoring the electrical characteristics of the TFTs over a period of six weeks, we are able to show that the degradation of the electrical parameters (charge-carrier mobility and the simultaneous shift of the threshold voltage) is caused by two distinct mechanisms with different time constants. Exposure to oxygen or nitrogen (in the absence of humidity) causes the carrier mobility to drop by a factor of two and the threshold voltage to shift towards more positive values within 20 days, possibly due to a slight rearrangement of the conjugated molecules within the semiconductor layer. Storing the TFTs in saturated water vapor or in ambient air causes the threshold voltage and the carrier mobility to change much more rapidly, within just one day. The observed degradation in ambient air can be explained by an electrochemical instability of the radical anion of the organic semiconductor. (C) 2015 Elsevier B.V. All rights reserved

Role of Microtubules in Stress Granule Assembly: MICROTUBULE DYNAMICAL INSTABILITY FAVORS THE FORMATION OF MICROMETRIC STRESS GRANULES IN CELLS*

Following exposure to various stresses (arsenite, UV, hyperthermia, and hypoxia), mRNAs are assembled into large cytoplasmic bodies known as “stress granules,” in which mRNAs and associated proteins may be processed by specific enzymes for different purposes like transient storing, sorting, silencing, or other still unknown processes. To limit mRNA damage during stress, the assembly of micrometric granules has to be rapid, and, indeed, it takes only ∼10–20 min in living cells. However, such a rapid assembly breaks the rules of hindered diffusion in the cytoplasm, which states that large cytoplasmic bodies are almost immobile. In the present work, using HeLa cells and YB-1 protein as a stress granule marker, we studied three hypotheses to understand how cells overcome the limitation of hindered diffusion: shuttling of small messenger ribonucleoprotein particles from small to large stress granules, sliding of messenger ribonucleoprotein particles along microtubules, microtubule-mediated stirring of large stress granules. Our data favor the two last hypotheses and underline that microtubule dynamic instability favors the formation of micrometric stress granules