TRANSCODE: Detecting Status Code Mapping Errors in Large-Scale Systems

Status code mappings reveal state shifts of a program, mapping one status code to another. Due to careless programming or the lack of the system-wide knowledge of a whole program, developers can make incorrect mappings. Such errors are widely spread across modern software, some of which have even become critical vulnerabilities. Unfortunately, existing solutions merely focus on single status code values, while never considering the relationships, that is, mappings, among them. Therefore, it is imperative to propose an effective method to detect status code mapping errors. In this paper, we propose TRANSCODE to detect potential status code mapping errors. It firstly conducts value flow analysis to efficiently and precisely collect candidate status code values, that is, the integer values, which are checked by following conditional comparisons. Then, it aggregates the correlated status codes according to whether they are propagated with the same variable. Finally, TRANSCODE extracts mappings based on control dependencies and reports the mapping error if one status code is mapped to two others of the same kind. We have implemented TRANSCODE as a prototype system, and evaluated it with 5 real-world software projects, each of which possesses in the order of a million lines of code. The experimental results show that TRANSCODE is capable of handling large-scale systems in both a precise and efficient manner. Furthermore, it has discovered 59 new errors in the tested projects, among which 13 have been fixed by the community. We also deploy TRANSCODE in WeChat, a widely-used instant messaging service, and have succeeded in finding real mapping errors in the industrial settings.