Interface Compliance of Inline Assembly: Automatically Check, Patch and Refine

TL;DR

This paper introduces RUSTInA, an automated formal verification tool for checking inline assembly compliance in C programs, which detects issues, proposes patches, and has been successfully applied to real-world packages.

Contribution

RUSTInA is the first tool to automatically verify inline assembly compliance, propose patches, and refine assembly interfaces using formal methods and novel algorithms.

Findings

Detected 2183 issues in 85 packages, including major projects.

Proposed patches for 92% of issues, with 38 patches accepted.

Positive feedback from development teams on patch effectiveness.

Abstract

Inline assembly is still a common practice in low-level C programming, typically for efficiency reasons or for accessing specific hardware resources. Such embedded assembly codes in the GNU syntax (supported by major compilers such as GCC, Clang and ICC) have an interface specifying how the assembly codes interact with the C environment. For simplicity reasons, the compiler treats GNU inline assembly codes as blackboxes and relies only on their interface to correctly glue them into the compiled C code. Therefore, the adequacy between the assembly chunk and its interface (named compliance) is of primary importance, as such compliance issues can lead to subtle and hard-to-find bugs. We propose RUSTInA, the first automated technique for formally checking inline assembly compliance, with the extra ability to propose (proven) patches and (optimization) refinements in certain cases. RUSTInA is based on an original formalization of the inline assembly compliance problem together with novel dedicated algorithms. Our prototype has been evaluated on 202 Debian packages with inline assembly (2656 chunks), finding 2183 issues in 85 packages -- 986 significant issues in 54 packages (including major projects such as ffmpeg or ALSA), and proposing patches for 92% of them. Currently, 38 patches have already been accepted (solving 156 significant issues), with positive feedback from development teams.