Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defect Detection at Microsoft – Where the Rubber Meets the Road Manuvir Das (and too many others to list) Program Analysis Group Center for Software Excellence.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Defect Detection at Microsoft – Where the Rubber Meets the Road Manuvir Das (and too many others to list) Program Analysis Group Center for Software Excellence."— Presentation transcript:

1 Defect Detection at Microsoft – Where the Rubber Meets the Road Manuvir Das (and too many others to list) Program Analysis Group Center for Software Excellence Microsoft Corporation

2 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 2 Bottom line Defect detection tools based on program analysis are here to stay A short story on adoption and deployment The target customer is a software developer, not a programmer

3 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 3 Why me? Program Analysis group this month – Filed 7000+ bugs – Automatically added 10,000+ specifications – Answered hundreds of emails (one future version of one product) We are program analysis researchers – but we live and breathe deployment & adoption – and we feel the pain of the customer

4 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 4 Defect detection tools based on program analysis are here to stay

5 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 5 Program analysis is here today … Inter-procedural symbolic evaluation – PREfix: filed 3000+ bugs this month Inter-procedural path-sensitive dataflow analysis – ESP: filed 500+ bugs this month Intra-procedural abstract interpretation – espX: filed 3000+ bugs this month Inter-procedural dataflow analysis – SALinfer: added 10,000+ specifications this month

6 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 6 … and will be here tomorrow Analysis tools are integrated into and enforced in the development process – opening the door for new and better tools 3000+ developers are adding specifications – opening the door for modular analysis Developers are getting access to extensible analysis tools – opening the door for domain specific tools

7 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 7 A short story on adoption and deployment

8 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 8 Longhorn today Monthly central runs of global analysis tools – PREfix, ESP – Defects auto-inserted into central bug database – Bug caps and RI criteria in place – Ranking, filtering, triage, support – Release management drives the bugs – Message suppression in the defect database

9 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 9 Longhorn today Developer desktop use of local analysis tools – PREfast, espX – Installed and enabled by default for all developers – Tools run incrementally with the build – Defects produce build breaks and errors – RIs are validated and rejected on failure – Message suppression in the source code

10 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 10 Longhorn today Mandated use of specifications that describe contracts on function interfaces – SAL: Standard Annotation Language – Focus: buffer overruns, pointer usage – Supported by Visual Studio – Windows public headers decorated with SAL

11 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 11 Longhorn today Central runs + desktop use of automatic specification inference – SALinfer – Run on special branch, results stored on a server – Desktop client queries server and patches code

12 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 12 Forcing functions for change Gen 1: Manual Review – Too many paths Gen 2: Massive Testing – Inefficient detection of common patterns Gen 3: Global Program Analysis – Stale results Gen 4: Local Program Analysis – Lack of context Gen 5: Specifications

13 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 13 The target customer is a software developer, not a programmer

14 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 14 See the big picture You are selling an expensive product – Time is REAL, in the large and the small The customer only cares about the end to end experience – Remember Amdahl’s Law! The customer is always right – Understand, then improve and educate

15 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 15 Don’t bother doing this without - No-brainer must-haves – Defect viewer, docs, champions, partners A mechanism for developers to teach the tool – Suppression, assertion, assumption A willingness to support the tool A positive attitude

16 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 16 Understand the customer Software developers are time constrained Software developers have other options Software developers must follow process Feel their pain!

17 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 17 Myth 1 – Accuracy matters The real measure is Fix Rate Centralized: >50% Desktop: >75% Specification inference – Is it much worse than manual insertion?

18 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 18 Myth 2 – Completeness matters Complete – find all the bugs There will never be a complete analysis – Partial specifications – Missing code Developers want consistent analysis – Tools should be stable w.r.t. minor code changes – Systematic, thorough, tunable program analysis

19 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 19 Myth 3 – Developers dislike specifications Control the power of the specifications This will work – Formalize invariants that are implicit in the code This will not work – Re-write code in a different language that is amenable to automated analysis Think like a developer

20 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 20 Don’t break the shipping code b = a + 16; Use(b); b = __invariant(a) + 16; Use(b); __invariant(a); b = a + 16; Use(b); Before: After (correct code): After (incorrect code): Incorrect usage silently breaks the code!

21 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 21 Summary Defect detection tools based on program analysis are here to stay A short story on adoption and deployment The target customer is a software developer, not a programmer Where does the rubber meet the road?

22 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. http://www.microsoft.com/cse http://www.microsoft.com/cse/pa http://research.microsoft.com/manuvir

23 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 23 Backup slides

24 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 24 Generation 1: Manual Review Code reviews, penetration teams Lessons: – Test all the execution paths Environmental changes: – Size of codebase starts to increase

25 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 25 Generation 2: Massive Testing More testers than developers Massive pre-release testing effort Lessons: – Many bugs follow similar patterns Environmental changes: – Internet changes exposure of interfaces

26 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 26 Generation 3: Global Analysis Centralized use of PREfix – Inter-procedural symbolic evaluation Lessons: – Ease of fix is the critical criterion – Late results equal stale results Environmental changes: – Security becomes Priority 1

27 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 27 Generation 4: Local Analysis Desktop use of PREfast – Intra-procedural syntactic & dataflow analysis Lessons: – Lack of context leads to noise – Source code lacks information Environmental changes: – Security becomes Priority 0

28 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 28 Generation 5: Specifications Annotations on function interfaces + deep local analysis of function implementations Focus: buffer overruns, pointer usage Standard Annotation Language (SAL) – Will be supported by Visual Studio – Will be used to decorate Windows public headers – Interface contracts (preconditions/postconditions) – Extensions to the type system

29 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 29 SAL Example void foo(pre elementCount(len) int *buf, int len) { … memset(buf, 0, len*sizeof(int)); } int *memset(pre byteCount(len) void *dest, int c, size_t len); Requirement on foo’s callers: must pass a buffer that is len elements long Assumption made by foo: buf is count elements long Requirement on foo: argument buf is len*4 bytes long Requirement on memset’s callers: must pass a buffer that is len bytes long Local Checker: Do the assumptions imply the requirements?

30 Bugs 05, 6/12/05Manuvir Das, Microsoft Corporation 30 Defect Detection Process

Download ppt "Defect Detection at Microsoft – Where the Rubber Meets the Road Manuvir Das (and too many others to list) Program Analysis Group Center for Software Excellence."

Similar presentations

Advanced programming tools at Microsoft

Advanced programming tools at Microsoft
Formal Specifications on Industrial Strength Code: From Myth to Reality Manuvir Das Principal Researcher Center for Software Excellence Microsoft Corporation.

Formal Specifications on Industrial Strength Code: From Myth to Reality Manuvir Das Principal Researcher Center for Software Excellence Microsoft Corporation.
Taming Win32 Threads with Static Analysis Jason Yang Program Analysis Group Center for Software Excellence (CSE) Microsoft Corporation.

Taming Win32 Threads with Static Analysis Jason Yang Program Analysis Group Center for Software Excellence (CSE) Microsoft Corporation.
04b | Manage Test Execution (2 of 2) Steven Borg | Co-founder & Strategist, Northwest Cadence Anthony Borton | ALM Consultant, Enhance ALM.

04b | Manage Test Execution (2 of 2) Steven Borg | Co-founder & Strategist, Northwest Cadence Anthony Borton | ALM Consultant, Enhance ALM.
DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.

DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.
Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.
Software Factory Assembling Applications with Models, Patterns, Frameworks and Tools Anna Liu Senior Architect Advisor Microsoft Australia.

Software Factory Assembling Applications with Models, Patterns, Frameworks and Tools Anna Liu Senior Architect Advisor Microsoft Australia.
Interpret Application Specifications

Interpret Application Specifications
Software Excellence via Program Verification at Microsoft Manuvir Das Center for Software Excellence Microsoft Corporation.

Software Excellence via Program Verification at Microsoft Manuvir Das Center for Software Excellence Microsoft Corporation.
Tom Hollander Solution Architect Solutions Development Centre Microsoft Australia ARC308.

Tom Hollander Solution Architect Solutions Development Centre Microsoft Australia ARC308.
DEV365 Visual Studio Team Edition for Software Architects: Overview Alex Torone Lead Program Manager Enterprise Tools Microsoft Corporation.

DEV365 Visual Studio Team Edition for Software Architects: Overview Alex Torone Lead Program Manager Enterprise Tools Microsoft Corporation.
Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.

Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
PASTE at Microsoft Manuvir Das Center for Software Excellence Microsoft Corporation.

PASTE at Microsoft Manuvir Das Center for Software Excellence Microsoft Corporation.
ESupport Shifting Customers to the Internet for Support Published: January 2002.

ESupport Shifting Customers to the Internet for Support Published: January 2002.
Symbolic Path Simulation in Path-Sensitive Dataflow Analysis Hari Hampapuram Jason Yue Yang Manuvir Das Center for Software Excellence (CSE) Microsoft.

Symbolic Path Simulation in Path-Sensitive Dataflow Analysis Hari Hampapuram Jason Yue Yang Manuvir Das Center for Software Excellence (CSE) Microsoft.
Introduction to Software Testing

Introduction to Software Testing
NameTitle Microsoft Corporation. For businesses with Visual Basic 6.0 assets, Visual Basic 2008 is the natural, most productive choice for Windows, Web,

NameTitle Microsoft Corporation. For businesses with Visual Basic 6.0 assets, Visual Basic 2008 is the natural, most productive choice for Windows, Web,
WDK Driver Test Manager. Outline HCT and the history of driver testing Problems to solve Goals of the WDK Driver Test Manager (DTM) Automated Deployment.

WDK Driver Test Manager. Outline HCT and the history of driver testing Problems to solve Goals of the WDK Driver Test Manager (DTM) Automated Deployment.
Deploying Visual Studio Team System 2008 Team Foundation Server at Microsoft Published: June 2008 Using Visual Studio 2008 to Improve Software Development.

Deploying Visual Studio Team System 2008 Team Foundation Server at Microsoft Published: June 2008 Using Visual Studio 2008 to Improve Software Development.

Similar presentations

Ads by Google