Fault Diagnosis of Embedded Software using Program Spectra

Similar documents
Survey of Software Fault Localization for Web Application

TRACE PERFORMANCE TESTING APPROACH. Overview. Approach. Flow. Attributes

Client-Side Validation and Verification of PHP Dynamic Websites

Finding Execution Faults in Dynamic Web Application

Localizing SQL Faults in Database Applications

Trader: Reliability of high-volume consumer products

SERG. Detecting and Analyzing I/O Performance Regressions. Delft University of Technology Software Engineering Research Group Technical Report Series

Introduction to Computers and Programming. Testing

Dataflow approach to testing Java programs supported with DFC

Configuration Management

Testing Introduction. IEEE Definitions

Using HTML5 Visualizations in Software Fault Localization

Trace-Based and Sample-Based Profiling in Rational Application Developer

ASSEMBLY PROGRAMMING ON A VIRTUAL COMPUTER

Software Engineering. How does software fail? Terminology CS / COE 1530

Appendix M INFORMATION TECHNOLOGY (IT) YOUTH APPRENTICESHIP

EZ DUPE DVD/CD Duplicator

Java VM monitoring and the Health Center API. William Smith

IPTV STB QUICK GUIDE. Detailed user manual download from

DSTV DECODER SETUP MANUAL July 2013

The Improvement of Test Case Selection for the Process Software Maintenance

Localizing Defects in Multithreaded Programs by Mining Dynamic Call Graphs

Systems Software. Introduction to Information System Components. Chapter 1 Part 2 of 4 CA M S Mehta, FCA

PTC System Monitor Solution Training

Semantic Concept Based Retrieval of Software Bug Report with Feedback

Test Specification. Introduction

Regression Testing Based on Comparing Fault Detection by multi criteria before prioritization and after prioritization

I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich

The Parts of the System

Business Application Services Testing

DVB-T TV Stcik User s Manual Ver Table of Contents

Application Notes. Introduction. Contents. Managing IP Centrex & Hosted PBX Services. Series. VoIP Performance Management. Overview.

PUBLIC REPORT. Red Team Testing of the ES&S Unity Voting System. Freeman Craft McGregor Group (FCMG) Red Team

Performance Comparison of RTOS

Notice. Reverse engineering and disassembly are prohibited.

Understanding the Boot Process and Command Line Chapter #3

STEP 7 MICRO/WIN TUTORIAL. Step-1: How to open Step 7 Micro/WIN

Motivation: Smartphone Market

Wait-Time Analysis Method: New Best Practice for Performance Management

Argus: Online Statistical Bug Detection

America s Most Wanted a metric to detect persistently faulty machines in Hadoop

#9011 GeoMedia WebMap Performance Analysis and Tuning (a quick guide to improving system performance)

Compute Cluster Server Lab 3: Debugging the parallel MPI programs in Microsoft Visual Studio 2005

Installing the Operating System with Express Setup

find model parameters, to validate models, and to develop inputs for models. c 1994 Raj Jain 7.1

Building Analytics. Managed Services. Better Building Alliance Department of Energy April 17, 2015

Web Application Regression Testing: A Session Based Test Case Prioritization Approach

CABLE ONE ALL DIGITAL

Impact of Control Theory on QoS Adaptation in Distributed Middleware Systems

Outline: Operating Systems

Automation can dramatically increase product quality, leading to lower field service, product support and

ESP-CV Custom Design Formal Equivalence Checking Based on Symbolic Simulation

Configuration and Utilization of the OLAP Cache to Improve the Query Response Time

Tech Tip: Understanding Server Memory Counters

AUTOMATED REAL-TIME TESTING (ARTT) FOR EMBEDDED CONTROL SYSTEMS (ECS)

Outline. 1 Denitions. 2 Principles. 4 Implementation and Evaluation. 5 Debugging. 6 References

INF5820, Obligatory Assignment 3: Development of a Spoken Dialogue System

Stellar Phoenix Exchange Server Backup

EEcoMark v2. An overview of BAPCo EEcoMark v2. Oct

Lotus Foundations Start Getting Started

1.1 Difficulty in Fault Localization in Large-Scale Computing Systems

IBM Tivoli Composite Application Manager for WebSphere

CORE: Visualization tool for fault localization in concurrent programs

Lab Testing Summary Report

Guide to Performance and Tuning: Query Performance and Sampled Selectivity

Software Engineering for LabVIEW Applications. Elijah Kerry LabVIEW Product Manager

PROFINET IO Diagnostics 1


Static Analysis. Find the Bug! : Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled

Software Fault Isolation using HALT and HASS

STB- 2. Installation and Operation Manual

How to analyse your system to optimise performance and throughput in IIBv9

DAC Digital To Analog Converter

Recommender Systems Seminar Topic : Application Tung Do. 28. Januar 2014 TU Darmstadt Thanh Tung Do 1

T R O U B L E S H O O T I N G T I P S

How To Compare Two Servers For A Test On A Poweredge R710 And Poweredge G5P (Poweredge) (Power Edge) (Dell) Poweredge Poweredge And Powerpowerpoweredge (Powerpower) G5I (

How to test and debug an ASP.NET application

Integrating Quality Assurance into the GIS Project Life Cycle

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

Performance Testing Process A Whitepaper

A FRAMEWORK FOR MANAGING RUNTIME ENVIRONMENT OF JAVA APPLICATIONS

Tuning WebSphere Application Server ND 7.0. Royal Cyber Inc.

Sample Career Ladder/Lattice for Information Technology

Advanced Operating Systems (M) Dr Colin Perkins School of Computing Science University of Glasgow

Model Checking based Software Verification

Monitor Characteristics

A Survey of Software Fault Localization

Eliminate Memory Errors and Improve Program Stability

DVBLink TVSource. Installation and configuration manual

FREE FALL. Introduction. Reference Young and Freedman, University Physics, 12 th Edition: Chapter 2, section 2.5

Software testing. Objectives

SATA Blu-ray/DVD/CD Duplicator Controller

Fault Localization for Java Programs Using Probabilistic Program Dependence Graph

Performance Tuning Guide for ECM 2.0

INFORMATION TECHNOLOGY PROGRAMMER/ANALYST

IPC series IP camera user manual

Wireless Internet Camera

Field Service Application

ORACLE DATABASE 10G ENTERPRISE EDITION

Adobe Flash Player 11.9 Voluntary Product Accessibility Template

Transcription:

Fault Diagnosis of Embedded Software using Program Spectra Peter Zoeteweij Rui Abreu, Rob Golsteijn 2, Arjan van Gemund Embedded Software Lab / SERG, TU Delft 2 NXP

TRADER project Improve the user-perceived reliability of highvolume consumer electronics devices Test case: television platform from NXP Partners: Universities of Delft, Twente, Leiden, Embedded Systems Institute, Design Technology Institute, IMEC Leuven NXP, NXP Corporate Research, Philips TASS

3 Spectrum-based diagnosis Localize the faults that are the root cause of detected errors In software: computer aided, or automated debugging Improves the efficiency of the debugging stage: more bugs solved leads to more reliable systems Spectrum-based diagnosis lends itself well for integration with (automated) testing

4 Integration with testing Test suite t t2 t3 t4 t5

5 Integration with testing Test suite t2 t3 t4 t5 Status t

6 Integration with testing Test suite t3 t4 t5 Status t t2

7 Integration with testing Test suite t4 t5 Status t t2 t3

8 Integration with testing Test suite t5 Status t t2 t3 t4

9 Integration with testing Status t t2 t3 t4 t5

Integration with testing System components are ranked according to likelihood of causing the detected errors 2 2 Status t t2 t3 t4 t5

Spectrum-based diagnosis Debugging technique Easy to integrate with testing Low memory / CPU overhead: well suited for embedded systems Black box diagnosis: Does not rely on modeling No guarantee on accuracy Effective in practice

2 Outline Spectrum-based fault localization Case study Research

3 Terminology failure delivered service correct service (segmentation fault) error system state that may cause a failure (index out of bounds) fault the cause of an error in the system (bug: array index un-initialized)

4 Program spectra Execution profiles that indicate, or count which parts of a software system are used in a particular test case Introduced in [Reps97] for diagnosing Y2K problems Many different forms exist [Harrold98]: Spectra of program locations Spectra of branches / paths Spectra of data dependencies Spectra of method call sub-sequences

5 Block / function hit spectra Function hit spectrum : function i called : function i not called x x 2 x i x n Block hit spectrum : block i executed : block i not executed Block: C statement (compound stmt) cases of a switch statement

6 Fault diagnosis. Spectra for m test cases n blocks m cases x x 2 x n e x 2... x 22... x 2n... e 2 x m x m2 x mn e m

7 Fault diagnosis. Spectra for m test cases x x 2 x n e x 2... x 22... x 2n... e 2 x m x m2 x mn e m Row i: the blocks that are executed in case i

8 Fault diagnosis. Spectra for m test cases x x 2 x n e x 2... x 22... x 2n... e 2 x m x m2 x mn e m Column j : the test cases in which block j was executed

9 Fault diagnosis. Spectra for m test cases 2. Error detection per test case x x 2 x n e x 2... x 22... x 2n... e 2 x m x m2 x mn e m e i = : error in the i-th test e i = : no error in the i-th test

2 Fault diagnosis Compare every column vector with the error vector. block j error vector x x 2 x n e x 2... x 22... x 2n... e 2 x m x m2 x mn e m similarity s j

2 Fault diagnosis Jaccard similarity coefficient: block j error vector a s j = a +a +a

22 Fault diagnosis Jaccard similarity coefficient: block j error vector s j = a a +a +a

23 Fault diagnosis Jaccard similarity coefficient: block j error vector s j = 2 2 +a +a

24 Fault diagnosis Jaccard similarity coefficient: block j error vector s j = 2 2 + +a

25 Fault diagnosis Jaccard similarity coefficient: block j error vector s j = 2 2 + +

26 Fault diagnosis For every block: similarity with the error block m cases x x 2 x n e x 2... x 22 n blocks error vector... x 2n... e 2 x m x m2 x mn e m s s 2 s n The block with the highest s i most likely contains the fault.

27 Fault diagnosis n blocks error vector m cases

28 Fault diagnosis ½ ¼ ¾ ¼ ⅔ ⅓ ⅔ m cases n blocks error vector

29 Fault diagnosis ½ ¼ ¾ ¼ ⅔ ⅓ ⅔ m cases n blocks error vector

3 Spectrum-based diagnosis Large on-line transaction processing systems (search engines, web mail) [Chen2] Java software (method call sequences) [Dallmeier5] Visualizing test information to aid manual debugging [Jones2]

3 Embedded systems Low overhead Little infrastructure needed Consumer electronics No time for exhaustive debugging Helps to identify responsible teams / developers Diagnosis can drive a recovery mechanism, e.g., rebooting suspect processes

32 Case study platform Control software of an analog TV Decoding RC input, displays the on-screen menu, teletext, optimizes parameters for audio / video processing based on signal analysis, etc. 45 K lines of C code 2 MB of RAM + 2 MB in development version CPU: MIPS running a small multi-tasking OS Work is organized in 35 logical threads

33 Case study. Load problem: TV TXT TV 2 8 load % 6 4 2 2 4 6 8 2 4 6 8 samples

34 Diagnosis 5 hit spectra of 35 functions, corresponding to the logical threads (one per second): 6 sec. TV, 3 sec. TXT, 6 sec. TV Marked the last 6 spectra as failed 2 nd in ranking of 35 functions

35 Case study 2. Teletext lock-up: Existing problem in another product line Copied to our platform, triggered by a remote control key sequence Inconsistency in two state variables, for which only specific combinations are allowed

36 Diagnosis 23 spectra (one per key pressed): Verify that TV and teletext are working properly Trigger the fault Check that the teletext system is locked up Automatic instrumentation of the source code for recording block hit spectra using Front parser generator Error detection based on comparing state variables Shared st position in ranking of >6, blocks; 3 more key presses yield a perfect diagnosis

37 Conclusion Spectrum-based fault diagnosis can help to improve the efficiency of the debugging phase It can easily be integrated with testing It is a feasible technique in the area of embedded systems Proof of concept tested on industrial code (TV software) and representative errors

38 Outlook What is the effect of various external factors on the diagnostic accuracy? Quality of the error detection information Number of observations available Strategies for selecting passed tests How to exploit knowledge about a system? Known data / control dependencies Known hierarchical relationships Compiler that generates code for Recording spectra Various error detection mechanisms Diagnosis

39 References [Chen2] Chen et al. Problem determination in large dynamic internet services. DSN 2 [Dallmeier5] Dallmeier, Lindig, Zeller, Lightweight defect localization for Java. ECOOP 5 [Jones2] Jones, Harrold, Stasko, Visualization of test information to assist fault localization. ICSE 2 [Hutchins94] Hitchins, Foster, Goradia, Ostrand, Experiments on the effectiveness of dataflow- and controlflow-based test adequacy criteria. ICSE 94 [Harrold98] Harrold, Rothermel, Wu, Yi, An empirical investigation of program spectra. PASTE 98 [Reps97] Reps, Ball, Das, Larus, The use of program profiling for software maintenance with applications to the year 2 problem. ESEC/FSE 97

4 Current research Effect of quality of error detection Effect of quantity of observations Siemens test set [Hutchins94]: 7 programs, 2 24 blocks 7 32 faulty versions per program: 32 faults in total Up to 5 test cases per program: full code coverage

4 Error detection quality Small fraction of fault activations detected is enough diagnostic accuracy 95 93 9 89 87 85 83 8 79 77 75 Ochiai Jaccard Tarantula 2 3 4 5 6 7 8 9 % faults -> errors

42 Number of runs On average, for the Siemens set: Adding more failed tests is safe 6 failed tests are enough The number of passed tests has no influence However: For individual runs the effect of adding passed tests differs It stabilizes around 2 passed tests

43 Influence of #runs

44 Influence of #runs On average, for our benchmark: Adding failed runs is safe 6 failed runs is enough The number of passed runs has no influence However For individual runs, the effect of more passed runs differs It stabilizes around 2

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information