Squashing the Bugs: Tools for Building Better Software

Similar documents
Ensuring Code Quality in Multi-threaded Applications

SSC - Concurrency and Multi-threading Java multithreading programming - Synchronisation (I)

Optimizing Generation of Object Graphs in Java PathFinder

Monitoring Java enviroment / applications

Topics. Producing Production Quality Software. Concurrent Environments. Why Use Concurrency? Models of concurrency Concurrency in Java

Chapter 6, The Operating System Machine Level

Last Class: OS and Computer Architecture. Last Class: OS and Computer Architecture

Model Checking based Software Verification

CSE 373: Data Structure & Algorithms Lecture 25: Programming Languages. Nicki Dell Spring 2014

Multi-core architectures. Jernej Barbic , Spring 2007 May 3, 2007

Parallel Computing: Strategies and Implications. Dori Exterman CTO IncrediBuild.

Programming Languages

Multi-core Programming System Overview

Advanced compiler construction. General course information. Teacher & assistant. Course goals. Evaluation. Grading scheme. Michel Schinz

CSC 2405: Computer Systems II

Virtuozzo Virtualization SDK

General Introduction

Real Time Programming: Concepts

An Easier Way for Cross-Platform Data Acquisition Application Development

Multithreading and Java Native Interface (JNI)!

No no-argument constructor. No default constructor found

Lesson Objectives. To provide a grand tour of the major operating systems components To provide coverage of basic computer system organization

Software. Programming Language. Software. Instructor Özgür ZEYDAN. Bülent Ecevit University Department of Environmental Engineering

Peter Mileff PhD SOFTWARE ENGINEERING. The Basics of Software Engineering. University of Miskolc Department of Information Technology

System Structures. Services Interface Structure

Operating Systems for Parallel Processing Assistent Lecturer Alecu Felician Economic Informatics Department Academy of Economic Studies Bucharest

Between Mutual Trust and Mutual Distrust: Practical Fine-grained Privilege Separation in Multithreaded Applications

CentOS Linux 5.2 and Apache 2.2 vs. Microsoft Windows Web Server 2008 and IIS 7.0 when Serving Static and PHP Content

Mutual Exclusion using Monitors

Course Development of Programming for General-Purpose Multicore Processors

First Java Programs. V. Paúl Pauca. CSC 111D Fall, Department of Computer Science Wake Forest University. Introduction to Computer Science

Compilers. Introduction to Compilers. Lecture 1. Spring term. Mick O Donnell: michael.odonnell@uam.es Alfonso Ortega: alfonso.ortega@uam.

MPI and Hybrid Programming Models. William Gropp

Fail early, fail often, succeed sooner!

Software testing. Objectives

Garbage Collection in the Java HotSpot Virtual Machine

Software and the Concurrency Revolution

CSE 120 Principles of Operating Systems. Modules, Interfaces, Structure

Introduction to Cloud Computing

Design Pattern for the Adaptive Scheduling of Real-Time Tasks with Multiple Versions in RTSJ

Crash Course in Java

3F6 - Software Engineering and Design. Handout 10 Distributed Systems I With Markup. Steve Young

X05. An Overview of Source Code Scanning Tools. Loulwa Salem. Las Vegas, NV. IBM Corporation IBM System p, AIX 5L & Linux Technical University

Jonathan Worthington Scarborough Linux User Group

CS423 Spring 2015 MP4: Dynamic Load Balancer Due April 27 th at 9:00 am 2015

Operating Systems: Basic Concepts and History

Java Garbage Collection Basics

PART IV Performance oriented design, Performance testing, Performance tuning & Performance solutions. Outline. Performance oriented design

================================================================

Network operating systems typically are used to run computers that act as servers. They provide the capabilities required for network operation.

The ROI from Optimizing Software Performance with Intel Parallel Studio XE

Common Errors in C/C++ Code and Static Analysis

We ( have extensive experience in enterprise and system architectures, system engineering, project management, and

Secure Software Programming and Vulnerability Analysis

The Course.

Massachusetts Institute of Technology 6.005: Elements of Software Construction Fall 2011 Quiz 2 November 21, 2011 SOLUTIONS.

Evolution of the Major Programming Languages

Eliminate Memory Errors and Improve Program Stability

Object-Oriented Software Engineering

How To Write A Multi Threaded Software On A Single Core (Or Multi Threaded) System

Custom Penetration Testing

ThinPoint Quick Start Guide

Chapter 18: Database System Architectures. Centralized Systems

Facing the Challenges for Real-Time Software Development on Multi-Cores

Software Engineering for LabVIEW Applications. Elijah Kerry LabVIEW Product Manager

Effective Java Programming. efficient software development

CatDV Pro Workgroup Serve r

Performance Analysis of Web based Applications on Single and Multi Core Servers

Functions of NOS Overview of NOS Characteristics Differences Between PC and a NOS Multiuser, Multitasking, and Multiprocessor Systems NOS Server

CSCI E 98: Managed Environments for the Execution of Programs

UEFI Development in HP

CS 451 Software Engineering Winter 2009

CHAPTER 1 INTRODUCTION

Experimental Comparison of Concolic and Random Testing for Java Card Applets

Dell Reliable Memory Technology

Integrated Error-Detection Techniques: Find More Bugs in Java Applications

Pattern Insight Clone Detection

In4073 Embedded Real-Time Systems. Koen Langendoen (course instructor) Arjan van Gemund (founding father) Embedded Software group

Intro to GPU computing. Spring 2015 Mark Silberstein, , Technion 1

CS4507 Advanced Software Engineering

Definiens XD Release Notes

Republic Polytechnic School of Information and Communications Technology C226 Operating System Concepts. Module Curriculum

So today we shall continue our discussion on the search engines and web crawlers. (Refer Slide Time: 01:02)

Motivation and Contents Overview

Java Coding Practices for Improved Application Performance

MASSACHUSETTS INSTITUTE OF TECHNOLOGY Computer Systems Engineering: Spring Quiz I Solutions

CS 106 Introduction to Computer Science I

Virtual Servers. Virtual machines. Virtualization. Design of IBM s VM. Virtual machine systems can give everyone the OS (and hardware) that they want.

Emulated Digital Control System Validation in Nuclear Power Plant Training Simulators

Whitepaper: performance of SqlBulkCopy

Transcription:

Squashing the Bugs: Tools for Building Better Software Stephen Freund Williams College The Blue Screen of Death (BSOD) USS Yorktown Smart Ship 27 Pentium-based PCs Windows NT 4.0 September 21, 1997: data entry error caused a "Divide-By-0" error entire system failed ship dead in the water for over 2 hours [Wired 1997] 1

Mars Climate Orbiter French Guyana, June 4, 1996 $800 million software failure Mars Polar Lander Purpose: Lander to study the Mars climate ($120M) Purpose: Collect data. Relay signals from Mars Polar Lander ($165M) Failure: Smashed into Mars (2000) Failure: Smashed into Mars (1999) Bug: Spurious signals from sensors caused premature engine shutoff Bug: Failed to convert English to metric units Therac25 Radiation Therapy Purpose: Computercontrolled radiation therapy machine USS Vincennes Failure: Shot down an Airbus jet that was mistaken for a F-14. 290 people died. (1988) Failure: gave fatal radiation doses to 2 cancer patients (1986) Bug: tracking software displayed cryptic and misleading output Bug: timing bug Software Complexity Huge costs $60 billion / year [NIST 2003] convenience, security, safety Windows Vista Windows XP Why is it so hard to get right? systems are too large to understand completely small mistakes can compromise whole system many failure modes unreliable network, media, hardware, users, half of code is to handle failures programs evolve over time Windows 2000 Windows NT 4.0 Windows NT Windows 3.1 [Tanenbaum,Wheeler] 400 horses 100 microprocessors Red Hat Linux Windows [Tanenbaum,Wheeler] 2

Managing Software Complexity People Next Generation Rovers "Mythical Man Month" [Brooks 75] Voyager (1977) Galileo (1989) Cassini (1997) Mars Polar Lander Mars Climate Orbiter Mars Rover: Spirit Mars Rover: Opportunity [Lowry (NASA) 2002] Process Tools Software Processes Organization of large software project other examples: army, company, college admin planning, responsibilities, interactions Benefits avoid miscommunication, misunderstandings predict time and cost recognize problems early Process failures do happen (frequently) Air Traffic Control system, $2.6Billion, 1983-1996 Waterfall Model Requirements System Design Implementation and Unit Testing Integration and System Testing Cost to Fix Bugs Maintenance Defect Density in Delivered Software Managing Software Complexity People [Davis-Mullaney 2003] Process Tools 3

Computer Architecture Computer Architecture 0: 1: 2: 3: 4: 5: 10100100 00000000 00000001 11111111 0: 1: 2: 3: 4: 5: 'A' 0 1-1 6: store 0, $(2) 7: store 1, $(3) 8: cmp $(3), 5 9: bgt 13 10: add $(3), $(2) 11: add 1, $(3) 12: goto 8 13: 6: 7: 8: 9: 10: 11001101 01001000 10011001 10001111 6: store 0, $(2) 7: store 1, $(3) 8: 9: 10: cmp $(3), 5 bgt 13 Abstraction In Programming Languages sum = 0; i = 1; while (i <= 5) { sum = sum + i; i = i + 1; Compiler High-level programming languages: hide details of hardware store 0, $(2) store 1, $(3) cmp $(3), 5 bgt 13 add $(3), $(2) add 1, $(3) goto 8 simplify programming process Can add language features to avoid mistakes Memory Management Must allocate and free memory for arrays in C: free(name); Memory Management Memory Management Must allocate and free memory for arrays in C: free(name); name 'f' 'r' 'e' 'u' 'n' 'd' Potential errors: forget to free memory free memory twice free too early? overwrite memory block name 'f' 'r' 'e' 'u' 'n' 'd' 4

Garbage Collection Never explicitly free memory Program periodically pauses to find and reclaim unused memory Used in Java, C#, Python, Tradeoffs in Design No free lunch features impact performance / expressiveness can be prohibitively expensive (or impossible!) Other features object-oriented languages / modules exception handling threads Program Checking Buffer Overruns in C Design algorithm to automatically identify errors Example 1: type errors WebPage w = new WebPage("http://"); int x = w - 3; BAD free(name); name 'f' 'r' 'e' 'u' 'n' 'd' String s = "hello"; if (s < 100) BAD Example 2: buffer overruns in C programs 0-1 10 500 Buffer Overruns in C Dynamic Monitors free(name); name 'P' 'u' 'r' 'p' 'l' 'e' ' ' 'C' 'o' 'w' 10 500 Check program as it executes example: buffer overruns Pros: identify cause of bug faster than testing easy to add to development process Cons: coverage performance must run whole program 5

Static Checkers Set of All Programs Static Checkers Set of All Programs Source Code Checker Good Bad Source Code Checker Good Bad Pros: catch errors sooner (even before running) check program for all inputs / all possible paths Cons: Pros: catch errors sooner (even before running) check program for all inputs / all possible paths Cons: cannot distinguish "good" from "bad" exactly computers cannot compute everything undecidability of the Halting Problem [Turing 1936] Static Checkers Source Code Checker Set of All Programs Verifiably Good Bad or Not Verifiable Pros: catch errors sooner (even before running) check program for all inputs / all possible paths Cons: cannot distinguish "good" from "bad" exactly computers cannot compute everything undecidability of the Halting Problem [Turing 1936] Multi-Processors and Multi-Core Chips core #1 core #2 Concurrent Programming With Threads Decompose into pieces that run in parallel Improve throughput Demo network Web Server data 6

Multithreaded Program Execution Multithreaded Program Execution Race condition t1=bal bal=t1+100 t2=bal bal=t2-100 bal=500 o o o o o bal=500 t1=bal bal=t1+100 t2=bal bal=t2-100 bal=500 o o o o o bal=500 bal=500 o t1=bal o t2=bal bal=t1+100 bal=t2-100 o o o bal=400 bal=500 o t1=bal o t2=bal bal=t1+100 bal=t2-100 o o o bal=400 Race Conditions Common Hard to find via testing scheduler dependent Memory, files, printers, Therac-25 Preventing Race Conditions Using Locks acquire(m); release(m); acquire(m); release(m); 2003 Blackout ($6 Billion) Mars Rovers o o o o o o o o o Preventing Race Conditions Using Locks Demo o o o o o o o o o 7

Checkers For Race Conditions int bal; //# guarded_by m Good: Bad: Threads always hold m when accessing bal Thread accesses bal without holding m Tools: Eraser [Savage et al. 97], RccJava, Statically Checking Real Systems RccJava [with Flanagan (UCSC), Peter Applegate '03] Annotated Java Program RccJava OK! Warnings Found bugs in many pieces of software commercial products, Java libraries, web servers false positive rate of 75-80% benign races, other forms of synchronization better than not finding errors java.util.vector 2 0 1 2 a b java.util.vector 1 0 a class Vector { Object elementdata[] // guarded_by this int elementcount // guarded_by this class Vector { Object elementdata[] // guarded_by this int elementcount // guarded_by this synchronized int lastindexof(object elem, int n) { for (int i = n ; i >= 0 ; i--) if (elem.equals(elementdata[i])) return i; return -1; int lastindexof(object elem) { return lastindexof(elem, elementcount - 1); // race! synchronized void trimtosize() { synchronized boolean remove(int index) { synchronized int lastindexof(object elem, int n) { for (int i = n ; i >= 0 ; i--) if (elem.equals(elementdata[i])) return i; return -1; int lastindexof(object elem) { return lastindexof(elem, elementcount - 1); // race! synchronized void trimtosize() { synchronized boolean remove(int index) { Atomicity Violations int bal; //# guarded_by m Demo o o o o o o o o o o o 8

Atomicity Violations int bal; //# guarded_by m atomic { atomic { Bohr Compute atomic annotations automatically Identify methods that may suffer interference With Masha Lifshin '05 Unannotated Java Program Bohr data race inference atomicity inference Program with Atomicity Annotations Atomicity Warnings The (Long) Road to Reliable Software Bugs are a real problem Checking tools will improve life for everyone Industry starting to adopt checkers Lots of problems (and fun) left tools often hard to use, imprecise simple tools pave way for more sophisticated need teachable design methodologies Thanks Pete Applegate '03 Masha Lifshin '05 Cormac Flanagan (UCSC) Martín Abadi (UCSC and Microsoft) Shaz Qadeer (Microsoft) NSF/NASA HDCCSR Program 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information