Hi all,<br><br>I am a graduate student at the University of Wisconsin-Madison. My<br>advisor (Prof. Ben Liblit) and I have been working on performing<br>static analysis to find program points at which potential error-valued<br>
pointers are dereferenced in Linux file system implementations. <br><br>We have applied our analysis to 52 Linux file systems, the virtual<br>file system and the memory management module (Linux 2.6.35.4<br>kernel). We have manually inspected these reports and filtered out<br>
what we believe are false positives. We have identified 31 true bugs,<br>from which 13 are located or we think might be attributed to the Memory Management module. <br><br><br>Attached are two files:<br><br>1) mm-short-reports.txt<br>
<br>Contains short reports that include program location at which the<br>dereference occurs, variable name and list of error codes the pointer<br>variable may contain.<br><br>2) mm-detailed-reports.txt<br><br>Contains more detailed reports that include a complete sample trace<br>
and a slice. The complete sample trace illustrates how one error code<br>may reach the program point at which the variable is dereferenced. The<br>slice summarizes the complete sample trace by including only relevant<br>program points at which the error code is transferred from variable to<br>
variable or returned by a function. Each report is separated by<br>&quot;====&quot;. Each complete trace and slice is separated by a blank line.<br><br><br>Any feedback will be really appreciated. Should we submit these bug reports somewhere else? Are these true bugs? If not, a brief explanation could help us to improve our tool.<br>
<br>Please let us know if you have any questions.<br><br>Thank you,<br><br>Cindy<br><br>P.S. We have also reported bugs #5, #10, #11, #12, #13, #14 and #15 to VFS maintainers as these bugs might be attributed to the virtual file system instead. Similarly, we have reported bugs #21, #22 and #23 to the HFS Plus maintainers. <br>