Software Reliability Estimation Based on Static Error Detection



Similar documents
Know or Go Practical Quest for Reliable Software

Cost Model: Work, Span and Parallelism. 1 The RAM model for sequential computation:

Open-source Versus Commercial Software: A Quantitative Comparison

Change Impact Analysis

Abstract Interpretation-based Static Analysis Tools:

Making Dynamic Memory Allocation Static To Support WCET Analyses

Software Testing & Analysis (F22ST3): Static Analysis Techniques 2. Andrew Ireland

Fundamentals of LoadRunner 9.0 (2 Days)

APPROACHES TO SOFTWARE TESTING PROGRAM VERIFICATION AND VALIDATION

An Introduction to. Metrics. used during. Software Development

MPI-Checker Static Analysis for MPI

CARAMEL: Detecting and Fixing Performance Problems That Have Non-Intrusive Fixes

Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science. Unit of Study / Textbook Correlation

Static Analysis of the Mars Exploration Rover Flight Software

The FDA Forensics Lab, New Tools and Capabilities

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

Real Time Programming: Concepts

TOOL EVALUATION REPORT: FORTIFY

Towards Checking the Usefulness of Verification Tools

Automated Validation & Verification of Software Paper Presentation

Real Time Scheduling Basic Concepts. Radek Pelánek

Visualizing Information Flow through C Programs

Secure Software Programming and Vulnerability Analysis

Big Data Processing with Google s MapReduce. Alexandru Costan

Towards practical reactive security audit using extended static checkers 1

Abstract Data Type. EECS 281: Data Structures and Algorithms. The Foundation: Data Structures and Abstract Data Types

Source Code Security Analysis Tool Functional Specification Version 1.0

On real-time delay monitoring in software-defined networks

FUZZY CLUSTERING ANALYSIS OF DATA MINING: APPLICATION TO AN ACCIDENT MINING SYSTEM

National University of Ireland, Maynooth MAYNOOTH, CO. KILDARE, IRELAND. Testing Guidelines for Student Projects

Software testing. Objectives

Real-Time Component Software. slide credits: H. Kopetz, P. Puschner

Oracle Solaris Studio Code Analyzer

Fully Automated Static Analysis of Fedora Packages

Lecture 11 Doubly Linked Lists & Array of Linked Lists. Doubly Linked Lists

A static analyzer for finding dynamic programming errors

Static Code Analysis Procedures in the Development Cycle

System Copy GT Manual 1.8 Last update: 2015/07/13 Basis Technologies

A Test Suite for Basic CWE Effectiveness. Paul E. Black.

Software Project Level Estimation Model Framework based on Bayesian Belief Networks

Software Testing Strategies and Techniques

Competencies for Secondary Teachers: Computer Science, Grades 4-12

SYSM 6304: Risk and Decision Analysis Lecture 5: Methods of Risk Analysis

Latest Research and Development on Software Testing Techniques and Tools

Algorithm & Flowchart & Pseudo code. Staff Incharge: S.Sasirekha

Standard for Software Component Testing

El Dorado Union High School District Educational Services

Memory Debugging with TotalView on AIX and Linux/Power

Static Analysis. Find the Bug! : Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled

Timofey Turenko. Kirill Krinkin St-Petersburg Electrotechnical University

Ensuring Code Quality in Multi-threaded Applications

AUTOMATING DISCRETE EVENT SIMULATION OUTPUT ANALYSIS AUTOMATIC ESTIMATION OF NUMBER OF REPLICATIONS, WARM-UP PERIOD AND RUN LENGTH.

MapReduce and Distributed Data Analysis. Sergei Vassilvitskii Google Research

So today we shall continue our discussion on the search engines and web crawlers. (Refer Slide Time: 01:02)

Coverity White Paper. Effective Management of Static Analysis Vulnerabilities and Defects

Testhouse Training Portfolio

WESTMORELAND COUNTY PUBLIC SCHOOLS Integrated Instructional Pacing Guide and Checklist Computer Math

MapReduce. MapReduce and SQL Injections. CS 3200 Final Lecture. Introduction. MapReduce. Programming Model. Example

How To Trace

Towards a Framework for Generating Tests to Satisfy Complex Code Coverage in Java Pathfinder

Eastern Washington University Department of Computer Science. Questionnaire for Prospective Masters in Computer Science Students

EVALUATING METRICS AT CLASS AND METHOD LEVEL FOR JAVA PROGRAMS USING KNOWLEDGE BASED SYSTEMS

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Signaling Conformance Option

A Business Process Driven Approach for Generating Software Modules

Lecture Notes on Static Analysis

Verifying Business Processes Extracted from E-Commerce Systems Using Dynamic Analysis

Technical paper review. Program visualization and explanation for novice C programmers by Matthew Heinsen Egan and Chris McDonald.

Job Reference Guide. SLAMD Distributed Load Generation Engine. Version 1.8.2

Objective Criteria of Job Scheduling Problems. Uwe Schwiegelshohn, Robotics Research Lab, TU Dortmund University

InvGen: An Efficient Invariant Generator

How to Write a Checker in 24 Hours

A Formal Model of Program Dependences and Its Implications for Software Testing, Debugging, and Maintenance

Gold Standard Method for Benchmarking C Source Code Static Analysis Tools

Towards Load Balancing in SDN Networks During DDoS attacks

CHAPTER 1 INTRODUCTION

NNMi120 Network Node Manager i Software 9.x Essentials

Arithmetic Coding: Introduction

KITES TECHNOLOGY COURSE MODULE (C, C++, DS)

IVR Studio 3.0 Guide. May Knowlarity Product Team

Applying Clang Static Analyzer to Linux Kernel

VIRTUAL LABORATORY: MULTI-STYLE CODE EDITOR

Client-server Sockets

Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications

Eliminate Memory Errors and Improve Program Stability

Comprehensive Static Analysis Using Polyspace Products. A Solution to Today s Embedded Software Verification Challenges WHITE PAPER

Introduction to Static Analysis for Assurance

A framework for creating custom rules for static analysis tools

A Visualization System and Monitoring Tool to Measure Concurrency in MPICH Programs

Sample Testing Using Cleanroom

Software Project Measurement

EVALUATION. WA1844 WebSphere Process Server 7.0 Programming Using WebSphere Integration COPY. Developer

Securing software by enforcing data-flow integrity

Software Testing. Quality & Testing. Software Testing

LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages

Building Program Behavior Models

Eastern Washington University Department of Computer Science. Questionnaire for Prospective Masters in Computer Science Students

Compute Cluster Server Lab 3: Debugging the parallel MPI programs in Microsoft Visual Studio 2005

Monitoring and Managing a JVM

Appendix H Software Development Plan Template

Transcription:

7 th Central and Eastern European Software Engineering Conference in Russia - CEE-SECR 2011 October 31 November 3, Moscow Software Reliability Estimation Based on Static M. Moiseev, M. Glukhikh, A. Karpenko, H. Richter

Importance of Software Reliability Analysis Modern software contains errors Errors can lead to disasters Software Reliability Analysis Error detection should be organized 2

Known Approaches Heuristics approaches Dynamic approach Architecturebased approach Program metrics Development process 3

Known Approaches Program Metrics Based on simple code properties, such as number of statements number of conditions number of loops number of functions... 4

Known Approaches Development Process Metrics Based on development process properties, such as duration of development number & qualification of developers number & qualification of testers methodology used automation tools used 5

Known Approaches Others Runtime Based on failures observed at run-time Architecture-based Based on known reliability of program components 6

Our Approach Based on source code static analysis Delivers Ranking of errors (based on failure probability) Reliability characteristics Limitations Single-threaded C programs Error types uninitialized variable use incorrect pointer dereference pointer out of bounds 7

Features of Our Approach Analysis of a program model Analysis of all possible execution paths Advantages Reliability estimations is based on real errors Results are applicable for any exploitation conditions Makes debugging more effective Drawbacks Does not consider quantitative time Does not consider normal program exploitation Execution path probability estimation False positives problem 8

Program Classes Computational Programs Server 9

Reliability characteristics used Computational programs Probability of whole program successful execution P( ) Server programs Probability of n statements successful execution P(n) Mean executed statement number before failure n 10

Algorithms Model building State determination Error detection Error ranking Reliability estimation 11

Program Model Features Control flow graph Three-operand assignment form A = B op C If and Phi statements If Phi If Phi 12

State Determination Algorithms State representation Control flow analysis Statement analysis Sequential If statement analysis Phi statement analysis Loop analysis Interprocedural analysis 13

Program State Representation Based on obects, values, and probabilities set of triples = state probability Obect values intervals pointers Q, resource descriptors {( o, vk p k )} P( Q) 14

Probability normalization Control flow normalization Q in Input ( in ) P Q ( s ) = State normalization o : Q out ( o, v, p ) k k P Output ( out Q ) ( s) Q p ( o, v p ), k k k Q = P( Q) 15

Sequential Statement Analysis 16 a = b + c ( ) ( ) ( ) ( ) =,1,... 3..6,,1, 1..2, c b Q in ( ) ( ) { },1,... 4..8 a, Q out = =,... 4 1,6,, 4 1,5,, 4 1,4,, 4 1,3, 2 1,2,, 2 1,1, c c c c b b =,... 8 1,8,, 4 1,7,, 4 1,6,, 4 1,5,, 8 1,4, a a a a a

If Statement Analysis True and false combination consideration ( true ) P Q ( false ) P Q = = c C p ( o, v, p ) c C true false p ( o, v, p ) k k k k k c, k c. Normalization of state probabilities Normalization of non-affected triples probabilities 17

If Statement Analysis Example 172 combinations where a < b 28 combinations where a >= b Q in = ( a, ( 1..10),1), ( b, ( 4..23 ),1 ),... Q false true Q ( a,( 1..10),0.86) ( a, ( 4..10),0.14) ( b, ( 4..23 ),0.86) ( b, ( 4..10),0.14) Normalization: 0.86 for true, 0.14 for false 18

Phi Statement Analysis Identical triples are added together o ( ) in o, v, p Q,( o, v, r ) ( ) out o, v, p + r Q in, vk : k k 1 k k Q2 k k k Control flow normalization ( out ) ( in ) ( in Q = P Q P Q ) P 1 + 2 In 1 In 2 Phi 19

Based on incorrect values in state uninitialized variable use o, v, pointer dereference ( o, v, p ) null out of bounds correct if k otherwise error is detected ( p ) ( o, v, p ) noninit ( o, v, p ) invalid ( o,( o, offset ), p ) i 0 offset < sizeof k noninit k k ( ) o k 20

Error Inhibition ob use (ob, valid, p1) (ob, invalid, p2) P(Q)=p1+p2 (ob, valid, p1) P(Q)=p1 21

Error Ranking Errors are sorted according to probability of occurrence Most dangerous errors can be corrected first Probabilities are summarized for same errors in the same statement 22

Overall reliability estimation probability of successful execution ( n) = P P( Q) end statements probability of n statements successful execution ( n) = P P( Q) n statements executed mean executed statements number before failure n n ( P( n) P( n + 1) ) = max n= 0 n 23

Implementation AEGIS static analyzer analysis of C/C++ source code interval, points to, resource analysis loop & interprocedural analysis spread range of program errors detected Results error ranking table P(n) table P( ) mean executed statements number before failure 24

Experiments made Purpose Testing of our approach Debugging example Test programs Students' proects Real-world proects (embedded software) 25

Sample of reliability analysis while (!(feof(f))) // 0.5 { i = t = 0; // Failure in one of three cases prov(&t, strlen(st), st); } Probability of successful execution is 0.75 = 0.5 + 0.5 * 0.33 + 0.5 * 0.33 2 +... 26

Amount of errors in real-world proects 100 More than 500 errors, 2/3 of considered types Density about 0.8/1KLOC 80 Error number 60 40 20 0 A B C D E F G H I J K L Proect name 27

Distribution of error number 175 150 125 Error number 100 75 50 25 0 1.E-06 1.E-05 1.E-04 1.E-03 1.E-02 1.E-01 0,25 0,5 1,0 Error probability 28

Debugging results 1.00 0.90 0.80 0.70 0.60 0.50 0.40 0.30 0.20 0.10 0.00 Original Corrected 32 33 34 35 36 37 38 39 40 41 n, Mstatements 29

Directions for Future Work Reliability estimation Annotations for path probability estimations Run-time analysis for path probability estimation Execution time estimation Static analysis itself Soundness & precision Parallel program analysis Annotations for functional error detection 30

Conclusion Approach for software reliability estimation based on error detection using static analysis Implementation in AEGIS tool (prototype) ranking of errors by the probability of occurrence probability of successful execution probability of N statement successful execution mean number of executed statements before failure 31

Contacts Saint Petersburg State Polytechnical University Digitek Labs http://digiteklabs.ru Mikhail Glukhikh, Mikhail Moiseev, Anatoly Karpenko E-mail: glukhikh@kspt.ftk.spbstu.ru E-mail: mikhail.moiseev@gmail.com E-mail: karpenko@kspt.ftk.spbstu.ru Clausthal University of Technology Harald Richter E-mail: hri@tu-clausthal.de 32

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information