bugs and what can be done about them
play

Bugs and what can be done about them... Bjoern Doebel Dresden, - PowerPoint PPT Presentation

Jul 28, 2023 •278 likes •755 views

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Bugs and what can be done about them... Bjoern Doebel Dresden, 2008-01-22 Outline What are bugs? Where do they come from? What are the special

  1. Faculty of Computer Science Institute for System Architecture, Operating Systems Group Bugs and what can be done about them... Bjoern Doebel Dresden, 2008-01-22

  2. Outline • What are bugs? • Where do they come from? • What are the special challenges related to systems software? • Tour of the developer's armory TU Dresden, 2008-01-22 Robustness Slide 2 von 46

  3. What are bugs? (IEEE 729) • Error: some (missing) action in a program's code that makes the program misbehave • Fault: corrupt program state because of an error • Failure: User-visible misbehavior of the program because of a fault • Bug: colloquial, most often means fault TU Dresden, 2008-01-22 Robustness Slide 3 von 46

  4. Bug Classification • Memory/Resource leak – forget to free a resource after use • Dangling pointers – use pointer after free • Buffer overrun – overwriting a statically allocated buffer • Race condition – multiple threads compete for access to the same resource Deadlock – applications compete for multiple resources in • different order • Timing expectations that don't hold (e.g., because of multithreaded / SMP systems) • Transient errors - errors that may go away without program intervention (e.g., hard disk is full) • ... TU Dresden, 2008-01-22 Robustness Slide 4 von 46

  5. Bug Classification – Another try • Bohrbugs: bugs that are easy to reproduce • Heisenbugs: bugs that go away when debugging Mandelbugs: the resulting fault seems chaotic and non- • deterministic • Schrödingbugs: bugs with a cause so complex that the developer doesn't fully understand it • Aging-bugs: bugs that manifest only after very long execution times TU Dresden, 2008-01-22 Robustness Slide 5 von 46

  6. Where do bugs come from? • Operator errors – largest error cause in large-scale systems – OS level: expect users to misuse system call • Hardware failure – especially important in systems SW – device drivers... • Software failure – Average programmers write average software! TU Dresden, 2008-01-22 Robustness Slide 6 von 46

  7. One Problem: Code Complexity • Software complexity approaching human brain's capacity of understanding. • Complexity measures: – S ource L ines o f C ode – Function points • assign “function point value” to each function and datastructure of system – Halstead Complexity • count different kinds of operands (variables, constants) and operators (keywords, operators) • relate to total number of used operators and operands TU Dresden, 2008-01-22 Robustness Slide 7 von 46

  8. Code Complexity Measures • Cyclomatic Complexity (McCabe) – based on application's control flow graph – M := number of branches in CFG + 1 • minimum of possible control flow paths • maximum of necessary test cases to cover all nodes at least once Co nstructive Co st Mo del • • introduce factors in addition to SLOC – number, experience, ... of developers – project complexity – reliability requirements – project schedule TU Dresden, 2008-01-22 Robustness Slide 8 von 46

  9. Special Problems With Systems Software • IDE / debugger integration: • no simple compile – run – breakpoint cycle • can't just run an OS in a debugger • but: HW debugging facilities – single-stepping of (machine) instructions – HW performance counters • stack traces, core dumps • printf() debugging • OS developers lack understanding of underlying HW • HW developers lack understanding of OS requirements TU Dresden, 2008-01-22 Robustness Slide 9 von 46

  10. Breakpoint - What can we do? • Verification • Static analysis • Dynamic analysis • Testing • Use of – careful programming – language and runtime environments – simulation / emulation / virtualization TU Dresden, 2008-01-22 Robustness Slide 10 von 46

  11. Verification • Goal: provide a mathematical proof that a program suits its specification. • Model-based approach – Generate (mathematical) application model, e.g. state machine – Prove that valid start states always lead to valid termination states. – Works well for verifying protocols • Model checking TU Dresden, 2008-01-22 Robustness Slide 11 von 46

  12. Model Checking • The good: – Active area of research, many tools. – In the end you are really, really sure. • The bad: – Often need to generate model manually – State space explosion • The ugly: – We check a mathematical model. Who checks code- to-model transformation? TU Dresden, 2008-01-22 Robustness Slide 12 von 46

  13. Once upon a time... - a war story • L4Linux CLI implementation with tamer thread • After some hours of wget L4Linux got blocked – Linux kenel was waiting for message from tamer – tamer was ready to receive • Manually debugging did not lead to success. • Manually implemented system model in Promela – language for the SPIN model checker – 2 days for translating C implementation – more time for correctly specifying the bug's criteria – model checking found the bug TU Dresden, 2008-01-22 Robustness Slide 13 von 46

  14. Once upon a time... - a war story (2) • Modified Promela model – tested solution ideas • 2 of them were soon shown to be erroneous, too – finally found a working solution (checked a tree of depth ~200,000) • Conclusion – 4 OS staff members at least partially involved – needed to learn new language, new tool – Time-consuming translation phase finally paid off! – Additional outcome: runtime checker for bug criteria TU Dresden, 2008-01-22 Robustness Slide 14 von 46

  15. Model Checking: CEGAR / SATABS • C ounter e xample G uided A bstraction R efinement • SATABS toolchain (ETHZ) Proof! boolean C program program Predicate Model abstraction checking counter- example Predicate Simulation Bug! refinement invalid counterex. TU Dresden, 2008-01-22 Robustness Slide 15 von 46

  16. Static Analysis • Formal analysis does not (yet?) scale to large-scale systems. • Many errors can be found faster using informal automated code-parsing tools. • Approach: – Description of how code should behave. – Let a parser look at source code and generate description of how the code in fact behaves. – Compare both descriptions. TU Dresden, 2008-01-22 Robustness Slide 16 von 46

  17. Static Analysis (2) • Trade soundness and completeness of formal methods for scalability and performance. – Can lead to • false positives – find a bug where there is not • false negatives – find no bug where there is one • Many commercial and open source tools – wide and varying range of features TU Dresden, 2008-01-22 Robustness Slide 17 von 46

  18. Lint • 1979 • Mother of quite some static checking tools – xmllint – htmllint – jlint – SPLint – ... • Flag use of unsafe constructs in C code – e.g.: not checking return value of a function TU Dresden, 2008-01-22 Robustness Slide 18 von 46

  19. Flawfinder and Rats • Check C programs for use of well-known insecure functions – sprintf() instead of snprintf() – strcpy() instead of strncpy() – ... • List potential errors by severity • Provide advice to correct code • Basically regular expression matching • Demo TU Dresden, 2008-01-22 Robustness Slide 19 von 46

  20. Two Important Concepts • Source code annotations – Specially formatted comments inside code for giving hints to static checkers • /* @notnull@ */ int *foo -> “I really know that this pointer is never going to be NULL, so shut the **** up complaining about me not checking it!” – Problem: Someone needs to force programmers to write annotations. • List errors by severity – severe errors first TU Dresden, 2008-01-22 Robustness Slide 20 von 46

  21. SPLint • S ecure P rogramming Lint • Powerful annotation language • Checks – NULL pointer dereferences – Buffer overruns – Use-before-check errors – Use-after-free errors – Returning stack references – ... • Demo TU Dresden, 2008-01-22 Robustness Slide 21 von 46

  22. Other Use Cases • Support for program comprehension – Doxygen, JavaDoc – LXR – CScope/KScope • Data flow analysis – Does potentially malicious (tainted) input end up in (untainted) memory locations that trusted code depends on? TU Dresden, 2008-01-22 Robustness Slide 22 von 46

  23. Dynamic Analysis • Static analysis cannot know about environmental conditions at runtime – need to make conservative assumptions – may lead to false positives • Dynamic analysis approach: – Monitor application at runtime – Only inspects execution paths that are really used. • Problems – Instrumentation overhead – Checking is incomplete TU Dresden, 2008-01-22 Robustness Slide 23 von 46

  24. Dynamic Analysis (2) • Can also check timeliness constraints – But: take results with care – instrumentation overhead • How do we instrument applications? – Manually • L4/Ferret – Runtime mechanisms • DTrace, Linux Kernel Markers • Linux kProbes – Binary translation • Valgrind TU Dresden, 2008-01-22 Robustness Slide 24 von 46

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs Facts on Debugging Software bugs are

840 views • 63 slides
Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Failure is not an option * A journey through software bugs Philippe Biondi Nov 20 th 2015 / GreHack Failure is not an option * Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?! 4 Living with bugs

966 views • 63 slides
BED BUGS HOW TO HELP SOLVE THE PROBLEM WHAT ARE BED BUGS? Bed bugs are parasites that feed on

BED BUGS HOW TO HELP SOLVE THE PROBLEM WHAT ARE BED BUGS? Bed bugs are parasites that feed on

BED BUGS HOW TO HELP SOLVE THE PROBLEM WHAT ARE BED BUGS? Bed bugs are parasites that feed on blood They are reddish-brown in colour An adult bed bug is approximately the size of an apple seed An egg is approximately the size of a

163 views • 15 slides
1 Bug Triage Regression Testing Decide which bugs to fix Good: rerun the test that failed

1 Bug Triage Regression Testing Decide which bugs to fix Good: rerun the test that failed

What is a bug? Formally, a software defect A Bugs life SUT fails to perform to spec SUT causes something else to fail SUT functions, but does not satisfy Finding and Managing Bugs usability criteria CSE 403 If the

643 views • 3 slides
Bugs, Bugs, Bugs Uwe Schindler Apache Lucene Committer & PMC Member uschindler@apache.org

Bugs, Bugs, Bugs Uwe Schindler Apache Lucene Committer & PMC Member uschindler@apache.org

Testing Lucene and Solr with various JVMs: Bugs, Bugs, Bugs Uwe Schindler Apache Lucene Committer & PMC Member uschindler@apache.org http://www.thetaphi.de, http://blog.thetaphi.de @ThetaPh1 SD DataSolutions GmbH , Wtjenstr. 49, 28213

1.13k views • 71 slides
Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives Discuss the complexities in mitigating security bugs occurring in network protocols. Describe some current issues. Leave time for Q&A.

631 views • 50 slides
SCARC Bed Bug Training Education, Treatment and Prevention History of Bed Bugs Bed

SCARC Bed Bug Training Education, Treatment and Prevention History of Bed Bugs Bed

SCARC Bed Bug Training Education, Treatment and Prevention History of Bed Bugs Bed bugs and mankind Cavemen and bat bugs Humans moved out of caves and started agricultural civilization Early 1900s through 1945

651 views • 52 slides
Software has bugs To find them , we use testing and code reviews ! But some bugs are still

Software has bugs To find them , we use testing and code reviews ! But some bugs are still

Software has bugs To find them , we use testing and code reviews ! But some bugs are still missed Rare features Rare circumstances Nondeterminism Static analysis Can analyze all possible runs of a program An explosion

597 views • 25 slides
Finding Bugs Last time Run-time reordering transformations Today Program Analysis for

Finding Bugs Last time Run-time reordering transformations Today Program Analysis for

Finding Bugs Last time Run-time reordering transformations Today Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues CS553 Lecture Finding Bugs 2

461 views • 8 slides
Part I. Hunting for Bugs Vadim Mutilin Institute for System Programming of the Russian Academy of

Part I. Hunting for Bugs Vadim Mutilin Institute for System Programming of the Russian Academy of

Part I. Hunting for Bugs Vadim Mutilin Institute for System Programming of the Russian Academy of Sciences 2 Bugs Found for Subsystems 3 Bugs Found for Subsystems 4 5 Bugs Found by CPAchecker 6 Total Bugs Found 7 Top 10 of 35 Rules 8

505 views • 29 slides
30 minutes to fix bugs in Eclipse Eclipse Con Europe 2015 November 3 2015 I - Fixing bugs I

30 minutes to fix bugs in Eclipse Eclipse Con Europe 2015 November 3 2015 I - Fixing bugs I

30 minutes to fix bugs in Eclipse Eclipse Con Europe 2015 November 3 2015 I - Fixing bugs I Welcome / Agenda general issues on contribution a few words about the hackathon introduction to requirements (how to install, ...) and

362 views • 10 slides
Detecting and Avoiding Concurrency Bugs Pil Jae Jang Cyril Agbi Paper similarities Testing

Detecting and Avoiding Concurrency Bugs Pil Jae Jang Cyril Agbi Paper similarities Testing

Detecting and Avoiding Concurrency Bugs Pil Jae Jang Cyril Agbi Paper similarities Testing Parallel programming is hard to debug due to interleaving bugs A viable solution is to better equip programmers to detect and fix these bugs

585 views • 41 slides
A Bugs Life Definition Examples Computer Literacy 1 Lecture 16 Algorithms

A Bugs Life Definition Examples Computer Literacy 1 Lecture 16 Algorithms

Topics Bugs A Bugs Life Definition Examples Computer Literacy 1 Lecture 16 Algorithms Foundation of computer programs 27/10/2008 All applications are programs Software design Minimising the impact of bugs

231 views • 7 slides
1 Example Bugs Type Qualifiers [Shankar, et al 01] Idea null dereference Add tainted and

1 Example Bugs Type Qualifiers [Shankar, et al 01] Idea null dereference Add tainted and

Finding Bugs Problem Last time What is a bug? a path in the code that causes a run-time exception Alias/Pointer analysis a path through the code that causes incorrect results Today Issues Program Analysis for finding bugs,

214 views • 4 slides
Banana Root Borer Stink Bugs (Gandhi) and leaf-footed bugs Management | Insecticides Beetle

Banana Root Borer Stink Bugs (Gandhi) and leaf-footed bugs Management | Insecticides Beetle

Banana Root Borer Stink Bugs (Gandhi) and leaf-footed bugs Management | Insecticides Beetle Karatax (Lambda-Cyhalothrin) MoA: 3A Foliar; broad spectrum can target beneficial insects as well Attacks all species of AzaDirect

476 views • 10 slides
IN SCRUM PROJECTS Ramesh Shiraddi Bugs Current sprint bugs -- Created and found in current

IN SCRUM PROJECTS Ramesh Shiraddi Bugs Current sprint bugs -- Created and found in current

HANDLING BUGS IN SCRUM PROJECTS Ramesh Shiraddi Bugs Current sprint bugs -- Created and found in current sprint. -- Created in previous sprints but found in current sprint Inherited Bugs -- Created before scrum introduction to the

743 views • 4 slides
Talk is cheap. IT tale by an embittered storyteller #talkischeap

Talk is cheap. IT tale by an embittered storyteller #talkischeap

Talk is cheap. IT tale by an embittered storyteller #talkischeap http://creativecommons.org/licenses/by-sa/3.0/es/ #talkischeap Pedro Gonzlez Serrano (aka NITEMAN) Performance and process consultant Sysadmin 10,5 years working with

456 views • 34 slides
Procurement at the Heart of Business Richard Masser FCIPS Leading global excellence in

Procurement at the Heart of Business Richard Masser FCIPS Leading global excellence in

Procurement at the Heart of Business Richard Masser FCIPS Leading global excellence in procurement and supply Richard Masser Procurement at the Heart of Business Harnessing your inner entrepreneur Leading global excellence in procurement and

498 views • 14 slides
LibReDE A Library for Resource Demand Estimation Simon Spinner, Jrgen Walter Dept. of Computer

LibReDE A Library for Resource Demand Estimation Simon Spinner, Jrgen Walter Dept. of Computer

LibReDE A Library for Resource Demand Estimation Simon Spinner, Jrgen Walter Dept. of Computer Science, University of Wrzburg Symposium on Software Performance, Nov 27 th 2014, Stuttgart, Germany What are resource demands? Example SEFF in

334 views • 29 slides
Restorative Restorative Soundscapes Soundscapes Dr Sarah Payne Associate Professor of Health

Restorative Restorative Soundscapes Soundscapes Dr Sarah Payne Associate Professor of Health

15/04/2019 Restorative Restorative Soundscapes Soundscapes Dr Sarah Payne Associate Professor of Health in the Built Environment Heriot-Watt University Presentation at Urban Sound Symposium, Gent, Belgium 3 rd April 2019 The problem: Mental

263 views • 14 slides
Autonomic Monitoring and Management of Component-based Services Cristian RUZ Th` ese dirig

Autonomic Monitoring and Management of Component-based Services Cristian RUZ Th` ese dirig

Autonomic Monitoring and Management of Component-based Services Cristian RUZ Th` ese dirig ee par Fran coise BAUDE, au sein de l equipe OASIS Jury Pr. Mireille BLAY-FORNARINO Pr esident du Jury Pr. Philippe LALANDA

1.28k views • 127 slides
Scalable and Live Trace Processing with Kieker Utilizing Cloud Computing Florian Fittkau, Jan

Scalable and Live Trace Processing with Kieker Utilizing Cloud Computing Florian Fittkau, Jan

Scalable and Live Trace Processing with Kieker Utilizing Cloud Computing Florian Fittkau, Jan Waller, Peer Brauer, and Wilhelm Hasselbring 2013-11-28 Fittkau, Waller, Brauer, Hasselbring Scalable and Live Trace Processing 2013-11-28 1 / 18

439 views • 20 slides
For Friday No reading Program 5 due Program 5 Any questions? Questions before the

For Friday No reading Program 5 due Program 5 Any questions? Questions before the

For Friday No reading Program 5 due Program 5 Any questions? Questions before the quiz? Quiz isPalindrome Lets write a method that accepts a string and determines whether that string is a palindrome. Class Variables

342 views • 15 slides
RADIX 2/10 SYSTEM LEIBNIZ 10 Bit Binary/Decimal Desktop Slide Rule By C Tombeur O VERVIEW

RADIX 2/10 SYSTEM LEIBNIZ 10 Bit Binary/Decimal Desktop Slide Rule By C Tombeur O VERVIEW

October 2013 RADIX 2/10 SYSTEM LEIBNIZ 10 Bit Binary/Decimal Desktop Slide Rule By C Tombeur O VERVIEW The Radix 2/10 is a logarithmic 10 bit binary desktop slide rule with decimal equivalent scales. Where a normal slide rule is used

600 views • 4 slides

More recommend