Jia-Ju Bai scite author profile

Jia-Ju Bai

5Publications

62Citation Statements Received

102Citation Statements Given

How they've been cited

How they cite others

114

102

Affiliations

Beihang University, Tsinghua University

Publications

Order By: Most citations

Fuzzing Error Handling Code in Device Drivers Based on Software Fault Injection

Jiang

Bai

Lawall

et al. 2019

View full text Add to dashboard Cite

Device drivers remain a main source of runtime failures in operating systems. To detect bugs in device drivers, fuzzing has been commonly used in practice. However, a main limitation of existing fuzzing approaches is that they cannot effectively test error handling code. Indeed, these fuzzing approaches require effective inputs to cover target code, but much error handling code in drivers is triggered by occasional errors (such as insufficient memory and hardware malfunctions) that are not related to inputs. In this paper, based on software fault injection, we propose a new fuzzing approach named FIZZER, to test error handling code in device drivers. At compile time, FIZZER uses static analysis to recommend possible error sites that can trigger error handling code. During driver execution, by analyzing runtime information, it automatically fuzzes error-site sequences for fault injection to improve code coverage. We evaluate FIZZER on 18 device drivers in Linux 4.19, and in total find 22 real bugs. The code coverage is increased by over 15% compared to normal execution without fuzzing.

show abstract

Mining and checking paired functions in device drivers using characteristic fault injection

Bai

Wang

Liu

et al. 2016

Information and Software Technology

View full text Add to dashboard Cite

Effective Detection of Sleep-in-atomic-context Bugs in the Linux Kernel

Bai

Lawall

2018

ACM Trans. Comput. Syst.

View full text Add to dashboard Cite

Atomic context is an execution state of the Linux kernel in which kernel code monopolizes a CPU core. In this state, the Linux kernel may only perform operations that cannot sleep, as otherwise a system hang or crash may occur. We refer to this kind of concurrency bug as a sleep-in-atomic-context (SAC) bug. In practice, SAC bugs are hard to find, as they do not cause problems in all executions. In this article, we propose a practical static approach named DSAC to effectively detect SAC bugs in the Linux kernel. DSAC uses three key techniques: (1) a summary-based analysis to identify the code that may be executed in atomic context, (2) a connection-based alias analysis to identify the set of functions referenced by a function pointer, and (3) a path-check method to filter out repeated reports and false bugs. We evaluate DSAC on Linux 4.17 and find 1,159 SAC bugs. We manually check all the bugs and find that 1,068 bugs are real. We have randomly selected 300 of the real bugs and sent them to kernel developers. 220 of these bugs have been confirmed, and 51 of our patches fixing 115 bugs have been applied.

show abstract

Context-Sensitive and Directional Concurrency Fuzzing for Data-Race Detection

Jiang¹,

Bai²,

Lu³

et al. 2022

View full text Add to dashboard Cite

PF-Miner: A practical paired functions mining method for Android kernel in error paths

Liu

Wang

Bai

et al. 2016

Journal of Systems and Software

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jia-Ju Bai

Fuzzing Error Handling Code in Device Drivers Based on Software Fault Injection

Mining and checking paired functions in device drivers using characteristic fault injection

Effective Detection of Sleep-in-atomic-context Bugs in the Linux Kernel

Context-Sensitive and Directional Concurrency Fuzzing for Data-Race Detection

PF-Miner: A practical paired functions mining method for Android kernel in error paths

Contact Info

Product

Resources

About