CS590 Z Software Defect Analysis Xiangyu Zhang

CS590F Software Reliability What is Software Defect Analysis  Given a software program, with or without inputs, identify and fix defects in the program. All sorts of defects: crashes, incorrect output, unreasonable use of resource, deadlock, data race, buffer overflow vulnerabilities, information leak,… Consists of techniques from : compilers, PL, program verification, hardware, OS, … >> debugging.

CS590F Software Reliability Requirements Design Programming Testing/Debugging Deployment

CS590F Software Reliability Why Is Defect Analysis Important?  One of the most prominent challenges for IT. Software bugs cost the U.S. economy about $59.5 billion each year (0.6% of the GDP) [NIST 02]. Companies.  Security is becoming a necessity. The worldwide economic loss caused by all forms of overt attacks is $226 billion. [CRS 03].  Software defects make programming so painful.  Stories The Role of Software in Spacecraft Accidents (

CS590F Software Reliability Why? (continued)  Almost all areas are open to defect analysis Software Engineering  covers all topics  conferences (FSE, ICSE, ASE, ISSTA, FASE, ICSM…) Programming Languages  language design, language support, program analysis  conferences (PLDI, POPL, OOPSLA,…) Computer Architecture  Architecture support for reliability  Conferences (ISCA, MICRO, ASPLOS,…) OS, Security.  The unit price of a CPU cycle is becoming cheaper and cheaper. Make it happen 25 years ago Make it fast 15 years ago Make it reliable now

CS590F Software Reliability CS 590 Z  Get to know this area. What are the topics? How people solve problems? Some are inspiring.  Use program analysis to solve interesting problems. Hands-on experience on designing and implementing program analysis.  Paper (PLDI submission(s))

CS590F Software Reliability Course Organization  Take turns to discuss papers. Every 2-3 meetings cover one topic; Each person handles one topic; One topic includes presenting related papers and leading discussion.  The discussion subject is distributed before the meeting.  Decide the projects within one month Submission deadline is mid Nov.  Not a requirement to submit paper. The term project is due at the end of the semester;

CS590F Software Reliability Course Requirements  Presentations and discussions (40%)  Term Project (50%)  Attendance (10%)  Change of meeting times

CS590F Software Reliability Topics Failure oblivious usersdevelopers

CS590F Software Reliability Debugging Failure oblivious Mining Code Base Static Analysis usersdevelopers dynamicstatic Model Checking

CS590F Software Reliability Topics Failure oblivious Mining Code Base Static Analysis Data Race Deterministic replay usersdevelopers dynamicstatic multi-threaded single-threaded Model Checking Atomicity Violation

CS590F Software Reliability Debugging Failure oblivious Mining Code Base Static Analysis Statistical debug Data Race Deterministic replay usersdevelopers dynamicstatic multi-threaded single-threaded single execution multiple executions atomicity violation Model Checking Testing

CS590F Software Reliability atomicity violation Topics Failure oblivious Mining Code Base Static Analysis Statistical debug Dynamic slicing Execution Reduction Data Race Deterministic replay Advanced debugger usersdevelopers dynamicstatic multi-threaded single-threaded single execution multiple executions Model Checking Testing

CS590F Software Reliability Topics Failure oblivious Mining Code Base Static Analysis Statistical debug Dynamic slicingExe. Reduction Data Race Deterministic replay Advanced debugger usersdevelopers dynamicstatic multi-threaded single-threaded single execution multiple executions Not Covered: transient errors, performance bugs, … Model Checking atomicity violation

CS590F Software Reliability My Research Projects  Auto debugging  Input analysis  Execution reduction  Dynamically matching program versions  Failure classification  Expanding: Auto program parallelization Debugging for concurrent programs