Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Bugs Bite! Yuanyuan (YY) Zhou Associate Professor Dept. of Computer Science Univ. of Illinois, Urbana-Champaign

Published by Modified over 10 years ago

Similar presentations

Presentation on theme: "Software Bugs Bite! Yuanyuan (YY) Zhou Associate Professor Dept. of Computer Science Univ. of Illinois, Urbana-Champaign"— Presentation transcript:

1 Software Bugs Bite! Yuanyuan (YY) Zhou Associate Professor Dept. of Computer Science Univ. of Illinois, Urbana-Champaign yyzhou@cs.uiuc.edu

2 YY. Zhou University of Illinois, Urbana-Champaign Slide 2 My Story: Zig-zag my way to System When young--------------------parents want me to be a business woman College application-----------Applied for BioChemistry  But changed unknowingly to CS (Reason: parents were chemistry teachers) 1st graduate school----------Mathematics at Univ. of Virginia 1st research area at Princeton-------------Theory 1st year as a system student --------------Negative  Felt that system is trivial----you can actually understand system talks 2nd year at Princeton---Wanted to quit to go to medical school 1st job after Ph.D  Co-founded a startup for 2 years (realize that I am probably not a business woman) 1 st year at UIUC ------- in the architecture group Now-----try to be a doctor to cure software “diseases”

3 YY. Zhou University of Illinois, Urbana-Champaign Slide 3 Family & Fun A supportive husband + 2 girls  Husband is my motivation to work on software bugs  My daughters inspired several research ideas (e.g Rx) and help me realize life is much more than my career Hobby  Skiing, hiking.... but Illinois? Switched to ice skating and growing vegetables  Computer games (a Civilization fan)

4 YY. Zhou University of Illinois, Urbana-Champaign Slide 4 Health of Computers We want computers to be dependable  Aircraft control systems  Hospital monitor systems  Financial transactions systems  Internet services  Cell phones, PDAs, smart home appliances, cars

5 YY. Zhou University of Illinois, Urbana-Champaign Slide 5 Bad News: Software Bugs Software bug is a major concern  Counts for 40% system failure [Marcus2000]  Costs $59.5 billion annually [NIST]

6 YY. Zhou University of Illinois, Urbana-Champaign Slide 6 Severe Software Clinical Cases Therac-25 (radiation therapy machine ) accidents (1985-1987) Therac-25  the injured patients died from lethal dosage of radiation caused by a software bug Code Red worm exploited a buffer overflow in Microsoft ’ s IIS server  Cost over $2.6 billion and Infected 350,000 servers in <14 hours 2003 North America blackout  Caused by a race condition in GE Energy's XA/21 monitoring softwarerace condition

7 YY. Zhou University of Illinois, Urbana-Champaign Slide 7 Why Software Bugs? Why do we get ill?  Nature Answer: human nature  On average, programmers inject 10 bugs per thousand lines of code

8 YY. Zhou University of Illinois, Urbana-Champaign Slide 8 Debugging is Hard for large software Cure/diagnose a disease is hard… Impossible to test every cases  Many bugs are hidden, “latent bugs” Some bugs are hard to reproduce  Configuration, timing and running environment dependent Hard to find root causes  Root causes may be far away from the symptom

9 YY. Zhou University of Illinois, Urbana-Champaign Slide 9 Type of Software Defects Specification bugs  Even the specification is wrong Design bugs  The design is erroneous Implementation bugs  Buffer overflow, memory leak, memory corruption, etc.

10 YY. Zhou University of Illinois, Urbana-Champaign Slide 10 Classification of Implementation Bugs Deterministic vs. non-deterministic Root causes  Memory bugs Memory leaks ?? Memory corruption Buffer overflow ?? Dangling pointer ??..  Semantics Unhandled exceptions Copy-paste bugs …  Concurrency Data races ?? Atomicity violations ?? Deadlocks ?? …

11 YY. Zhou University of Illinois, Urbana-Champaign Slide 11 Bugs and Security Attacks? Why are we in the same session? Software bug is a major source of security vulnerabilities  Bouncer (Tuesday)  Memory safety (Wednesday) Example: Buffer overflow  Stack smashing attack Started from November 1996 Still the basis for many attacks Who knows this attack?

12 YY. Zhou University of Illinois, Urbana-Champaign Slide 12 The Stack

13 YY. Zhou University of Illinois, Urbana-Champaign Slide 13 Buggy Program void buggy(char * in){ int i; char buffer[4]; for(i=0; in[i]!=0; i++) buffer[i] = in[i]; } Where is the bug? What happens if in is “ Aleph One ”?

14 YY. Zhou University of Illinois, Urbana-Champaign Slide 14 Buggy Code’s Stack 0x6500000 0 0x00000000int i 0x6500000 4 0x00000000char buffer[4] 0x6500000 8 0x8000003Dsaved FP 0x6500000 C 0x02000000return address 0x6500001 0 0x10000000char * in 0x6500001 4 0x00000000old stack frame… A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 Program will start copying…

15 YY. Zhou University of Illinois, Urbana-Champaign Slide 15 Buggy Code’s Stack 0x6500000 0 0x00000001int i 0x6500000 4 0x41000000char buffer[4] 0x6500000 8 0x8000003Dsaved FP 0x6500000 C 0x02000000return address 0x6500001 0 0x10000000char * in 0x6500001 4 0x00000000old stack frame… A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 Program will start copying…

16 YY. Zhou University of Illinois, Urbana-Champaign Slide 16 Buggy Code’s Stack 0x6500000 0 0x00000002int i 0x6500000 4 0x416C0000char buffer[4] 0x6500000 8 0x8000003Dsaved FP 0x6500000 C 0x02000000return address 0x6500001 0 0x10000000char * in 0x6500001 4 0x00000000old stack frame… A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 Program will start copying…

17 YY. Zhou University of Illinois, Urbana-Champaign Slide 17 Buggy Code’s Stack 0x6500000 0 0x00000003int i 0x6500000 4 0x416C6500char buffer[4] 0x6500000 8 0x8000003Dsaved FP 0x6500000 C 0x02000000return address 0x6500001 0 0x10000000char * in 0x6500001 4 0x00000000old stack frame… A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 Program will start copying…

18 YY. Zhou University of Illinois, Urbana-Champaign Slide 18 Buggy Code’s Stack 0x6500000 0 0x00000004int i 0x6500000 4 0x416C6570char buffer[4] 0x6500000 8 0x8000003Dsaved FP 0x6500000 C 0x02000000return address 0x6500001 0 0x10000000char * in 0x6500001 4 0x00000000old stack frame… A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 Program will start copying… and continue.

19 YY. Zhou University of Illinois, Urbana-Champaign Slide 19 Buggy Code’s Stack 0x6500000 0 0x00000005int i 0x6500000 4 0x416C6570char buffer[4] 0x6500000 8 0x6800003Dsaved FP 0x6500000 C 0x02000000return address 0x6500001 0 0x10000000char * in 0x6500001 4 0x00000000old stack frame… A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 C isn’t bounds checked…

20 YY. Zhou University of Illinois, Urbana-Champaign Slide 20 Buggy Code’s Stack 0x6500000 0 0x00000008int i 0x6500000 4 0x416C6570char buffer[4] 0x6500000 8 0x68204F6Esaved FP 0x6500000 C 0x02000000return address 0x6500001 0 0x10000000char * in 0x6500001 4 0x00000000old stack frame… A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 What happens next?

21 YY. Zhou University of Illinois, Urbana-Champaign Slide 21 Buggy Code’s Stack 0x6500000 0 0x00000009int i 0x6500000 4 0x416C6570char buffer[4] 0x6500000 8 0x68204F6Esaved FP 0x6500000 C 0x65000000return address 0x6500001 0 0x10000000char * in 0x6500001 4 0x00000000old stack frame… A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 We’ve overwritten the return address!

22 YY. Zhou University of Illinois, Urbana-Champaign Slide 22 Buggy Code’s Stack 0x6500000 0 0x00000009int i 0x6500000 4 0x416C6570char buffer[4] 0x6500000 8 0x68204F6Esaved FP 0x6500000 C 0x65000000return address 0x6500001 0 0x10000000char * in 0x6500001 4 0x00000000old stack frame… A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 How to use it to hijack the program to do whatever you want?

23 YY. Zhou University of Illinois, Urbana-Champaign Slide 23 So How to Deal with Bugs? Compile time Run time Recovery Safe Language  Example:  Java  Transactional Memory (Mon)  Analogy:  Eat healthy, exercise…  Pro: can prevent some bugs  Cons:  Other types of bugs still occur  May be inefficient for some apps: server, OS. On-line Debugging Off-line Design time Diagnosis

24 YY. Zhou University of Illinois, Urbana-Champaign Slide 24 So How to Deal with Bugs? Static Checking  Program analysis & Model checking  Example:  Engler’s group  iComment [Tuesday]  Analogy:  CAT Scan  Pros:  No run time overhead  Good Coverage  Cons:  No accurate information  Need specification, annotation Compile time Run time Recovery On-line Debugging Off-line Design time Diagnosis

25 YY. Zhou University of Illinois, Urbana-Champaign Slide 25 So How to Deal with Bugs?  Check during execution  Example:  MUVI [Monday]  Analogy:  Heart monitor  Pros:  Accurate run-time information  Cons:  Large overhead  Coverage limitation Dynamic Checking Compile time Run time Recovery On-line Debugging Off-line Design time Diagnosis

26 YY. Zhou University of Illinois, Urbana-Champaign Slide 26 So How to Deal with Bugs?  Example:  gdb  Time travel machine  Analogy:  Doctor’s appointment  Pros:  Program-specific  Cons:  Time and effort-consuming Interactive Debugging Compile time Run time Recovery On-line debugging Off-line Design time Diagnosis

27 YY. Zhou University of Illinois, Urbana-Champaign Slide 27 So How to Deal with Bugs?  Example:  simple restart  rollback and reexecute  Analogy:  Electric shock  Advantage:  Simple and general  Limitation:  Cannot recover from all failures  Output commit problem Generic Recovery Compile time Run time Recovery On-line Debugging Off-line Design time Diagnosis

28 YY. Zhou University of Illinois, Urbana-Champaign Slide 28 So How to Deal with Bugs?  Example:  Core dump  Execution traces  Triage (Tuesday)  Analogy:  Triage (self-diagnosis)  Advantage:  Simple and general  Limitation:  Require significant offline manual efforts  Privacy concerns Online Diagnosis Compile time Run time Recovery On-line Debugging Off-line Design time Diagnosis

29 YY. Zhou University of Illinois, Urbana-Champaign Slide 29 Evaluation Methodology Benchmarks  Siemens benchmark  Too small Bug injection  May not be representative Find new bugs in open source code Better to be confirmed by developers Use existing bugs  Especially dynamic checking----need bugs to manifest

30 YY. Zhou University of Illinois, Urbana-Champaign Slide 30 Evaluation Metrics for Bug Detection Soundness: No false negatives  Prove there is no such violation  May report many false bugs Completeness: No false positives  All violations detected are true  May not find all the bugs Scalability: scalable to real programs Very hard to achieve all  Always need to tradeoff one for the others

31 YY. Zhou University of Illinois, Urbana-Champaign Slide 31 Open Problems Bug Detection  Detecting semantic and concurrency bugs  Reduce false positives Bug diagnosis  On-site diagnosis  Distributed systems diagnosis  Deterministic replay on multicore /multiprocessors Bug recovery  Automatic bug fixing  Bug survival with reduced functionality

32 YY. Zhou University of Illinois, Urbana-Champaign Slide 32 Conclusions Software bugs have existed for decades and will continue to exist Fighting bugs is important Fighting bugs is a fun and interdisciplinary  Compiler, software engineering, systems, hardware, data mining, machine learning, statistics, …

33 YY. Zhou University of Illinois, Urbana-Champaign Slide 33 Thanks!

34 YY. Zhou University of Illinois, Urbana-Champaign Slide 34 More Bug’s Cartoon

Download ppt "Software Bugs Bite! Yuanyuan (YY) Zhou Associate Professor Dept. of Computer Science Univ. of Illinois, Urbana-Champaign"

Similar presentations

Triage: Diagnosing Production Run Failures at the Users Site Joseph Tucek, Shan Lu, Chengdu Huang, Spiros Xanthos, and Yuanyuan Zhou Department of Computer.

Triage: Diagnosing Production Run Failures at the Users Site Joseph Tucek, Shan Lu, Chengdu Huang, Spiros Xanthos, and Yuanyuan Zhou Department of Computer.
Software & Services Group PinPlay: A Framework for Deterministic Replay and Reproducible Analysis of Parallel Programs Harish Patil, Cristiano Pereira,

Software & Services Group PinPlay: A Framework for Deterministic Replay and Reproducible Analysis of Parallel Programs Harish Patil, Cristiano Pereira,
Enabling Speculative Parallelization via Merge Semantics in STMs Kaushik Ravichandran Santosh Pande College.

Enabling Speculative Parallelization via Merge Semantics in STMs Kaushik Ravichandran Santosh Pande College.
Automatic Memory Management Noam Rinetzky Schreiber 123A 2015/seminar/seminar1415a.html.

Automatic Memory Management Noam Rinetzky Schreiber 123A /seminar/seminar1415a.html.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science 2007 Exterminator: Automatically Correcting Memory Errors with High Probability Gene.

U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science 2007 Exterminator: Automatically Correcting Memory Errors with High Probability Gene.
CSE 788.07, Autumn 2011 Michael Bond.  Name  Program & year  Where are you coming from?  Research interests  Or what’s something you find interesting?

CSE , Autumn 2011 Michael Bond.  Name  Program & year  Where are you coming from?  Research interests  Or what’s something you find interesting?
SHelp: Automatic Self-healing for Multiple Application Instances in a Virtual Machine Environment Gang Chen, Hai Jin, Deqing Zou, Weizhong Qiang, Gang.

SHelp: Automatic Self-healing for Multiple Application Instances in a Virtual Machine Environment Gang Chen, Hai Jin, Deqing Zou, Weizhong Qiang, Gang.
1 Rx: Treating Bugs as Allergies – A Safe Method to Survive Software Failures Feng Qin Joseph Tucek Jagadeesan Sundaresan Yuanyuan Zhou Presentation by.

1 Rx: Treating Bugs as Allergies – A Safe Method to Survive Software Failures Feng Qin Joseph Tucek Jagadeesan Sundaresan Yuanyuan Zhou Presentation by.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
The Future of Correct Software George Necula. 2 Software Correctness is Important ► Where there is software, there are bugs ► It is estimated that software.

The Future of Correct Software George Necula. 2 Software Correctness is Important ► Where there is software, there are bugs ► It is estimated that software.
S. Narayanasamy, Z. Wang, J. Tigani, A. Edwards, B. Calder UCSD and Microsoft PLDI 2007.

S. Narayanasamy, Z. Wang, J. Tigani, A. Edwards, B. Calder UCSD and Microsoft PLDI 2007.
Buffer Overflow By: John Quach and Napoleon N. Valdez.

Buffer Overflow By: John Quach and Napoleon N. Valdez.
Software and Security Buffer Overflow 1.

Software and Security Buffer Overflow 1.
Microsoft Research Faculty Summit 2008. Yuanyuan(YY) Zhou Associate Professor University of Illinois, Urbana-Champaign.

Microsoft Research Faculty Summit Yuanyuan(YY) Zhou Associate Professor University of Illinois, Urbana-Champaign.
Yuanyuan ZhouUIUC-CS Architectural Support for Software Bug Detection Yuanyuan (YY) Zhou and Josep Torrellas University of Illinois at Urbana-Champaign.

Yuanyuan ZhouUIUC-CS Architectural Support for Software Bug Detection Yuanyuan (YY) Zhou and Josep Torrellas University of Illinois at Urbana-Champaign.
1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.

1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.
CS590 Z Software Defect Analysis Xiangyu Zhang. CS590F Software Reliability What is Software Defect Analysis  Given a software program, with or without.

CS590 Z Software Defect Analysis Xiangyu Zhang. CS590F Software Reliability What is Software Defect Analysis  Given a software program, with or without.

Similar presentations

Ads by Google