Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?"— Presentation transcript:

1 Software Reliability Methods Sorin Lerner

2 Software reliability methods: issues What are the issues?

3 Software reliability methods: issues What is software reliability? How to measure it? –Bug counts ? Will we ever have bug-free software? –How many 9’s ? –Service Level Agreements ? What is a bug? –Adherence to specifications –But what is a specification… –User unhappy: is that a bug? –Different levels of severity

4 Software reliability methods: issues Cost of the methods for achieving reliability –Independently develop 5 versions of the software, run them all in parallel ) less likely that they fail at the same time in the same way. But… cost… is… high –For tools, cost of development of the tools Burden on the programmer –fully automated vs. semi-automated methods –allow progressive adoption

5 Software reliability methods: issues Level of guarantee provided by the method –Hard guarantees, statistical guarantees, no formal guarantee –What if tool is broken: trusted computing base When is the method used? –compile-time, link-time, load-time, run-time What does the tool see? –source code, assembly, the whole program or part of the program

6 One way of dividing the spectrum Compiler if (…) { x := …; } else { y := …; } …; 0100101 1010010 1011011

7 One way of dividing the spectrum if (…) { x := …; } else { y := …; } …; 0100101 1010010 1011011 Static techniques Testing techniques Run-time techniques Compiler if (…) { x := …; } else { y := …; } …; 0100101 1010010 1011011

8 One way of dividing the spectrum if (…) { x := …; } else { y := …; } …; Static techniques 0100101 1010010 1011011 Testing techniques Run-time techniques Static techniques

9 Static Techniques Spec: says what code should and should not do Complete spec: specifies all behaviors (hard to formalize) Incomplete spec: only defines some behaviors –e.g. “no null derefs”, “requests received are eventually processed” Many formalisms exist for specs (Pre/Post conditions, FSMs, Temporal Logic, Abstract State Machines etc.) if (…) { x := …; } else { y := …; } …; Spec   «  ¬   $  \ r t  l Code satisfies spec?

10 Static Techniques Language Design –Clean language design –Type Systems –Domain-specific languages –…–… if (…) { x := …; } else { y := …; } …; Spec   «  ¬   $  \ r t  l Code satisfies spec? Program Analysis –Dataflow analysis –WP/SP –Model checking –Automated Theorem Proving –… Interaction between the two CleanL TSys DSL DFA WP/SP MC ATP

11 ESC/Java [Leino et al PLDI 2002] object Foo { //@ PRE (FORMULA) method bar(...) {... } //@ POST (FORMULA) } Compute Weakest Precondition WP(POST, bar) = weakest condition Q such that Q at entry to bar establishes POST at exist ) Programmer annotates code with pre- and post- conditions, tool verifies that these hold Automated Theorem Prover CleanL TSys DSL DFA WP/SP MC ATP

12 Parser Code Gen Compiler DSL Opt DSL Opt DSL Opt DSL Opt DSL Opt DSL Opt Checker Rhodium [Lerner et al POPL 2005] CleanL TSys DSL DFA WP/SP MC ATP

13 DSL Opt DSL Opt DSL Opt Checker DSL Opt Checker DSL Opt Checker DSL Opt Rhodium [Lerner et al POPL 2005] CleanL TSys DSL DFA WP/SP MC ATP

14 Rhodium [Lerner et al POPL 2005] VCGen Local VC Automatic Theorem Prover Rdm Opt Checker Lemma For any Rhodium opt: If Local VC is true Then opt is OK Proof   «  ¬   $  \ r t  l Opt-independent Opt- dependent CleanL TSys DSL DFA WP/SP MC ATP

15 ESP [Das et al PLDI 2002] Interface usage rules in documentation –Order of operations, data access –Resource management –Incomplete, wordy, not checked Violated rules ) crashes –Failed runtime checks –Unreliable software CleanL TSys DSL DFA WP/SP MC ATP

16 ESP [Das et al PLDI 2002] C Program Safe Not Safe Rules ESP CleanL TSys DSL DFA WP/SP MC ATP

17 ESP [Das et al PLDI 2002] ESP is a program analysis that keeps track of object state at each program point –e.g.: is file handle open or closed? Challenge: scale to large programs –One of scalability issues: merge nodes –Always analyze both sides of merge node ) exponential (or non-terminating) program analyses ESP has a heuristic for handling merges that –avoids exponential blow-up and runs fast in practice –maintains enough precision to verify programs CleanL TSys DSL DFA WP/SP MC ATP

18 BLAST [Henzinger et al POPL 2000] Interface usage rules in documentation –Order of operations, data access –Resource management –Incomplete, wordy, not checked Violated rules ) crashes –Failed runtime checks –Unreliable software

19 BLAST [Henzinger et al POPL 2000] C Program Safe Error Trace Rules BLAST

20 BLAST [Henzinger et al POPL 2000] C Program Safe Error Trace Rules BLAST

21 BLAST [Henzinger et al POPL 2000] Perform “Predicate Abstraction” C Program Rules start with a set of predicates Safe Refine set of predicates No errors found Analyze trace Trace feasible Error Trace Trace infeasible BLAST error trace found augmented set of predicates

22 BLAST [Henzinger et al POPL 2000] Perform “Predicate Abstraction” C Program Rules start with a set of predicates Safe Refine set of predicates No errors found Analyze trace Trace feasible Error Trace Trace infeasible BLAST error trace found augmented set of predicates CleanL TSys DSL DFA WP/SP MC ATP

23 Type Systems What is a type system? A discipline for writing code that can be mechanically checked, and can prevent certain kinds of run-time errors For example, java type system prevents calling methods that don’t exists, or calling methods with parameters of the wrong type CleanL TSys DSL DFA WP/SP MC ATP

24 Type Systems Type systems can track and provide guarantees about many other aspects of computation: –Safe explicit memory management (Crary, Walker and Morrisett, POPL 99) –Execution time bounds (Crary and Weirich, POPL 00) –Information flow (Myers, POPL 00) –Security automata (Walker, POPL 00) CleanL TSys DSL DFA WP/SP MC ATP

25 Type Systems MultiJava [Clifton et al 2000] adds to Java: –multi-methods: methods that dispatch symetrically on the type of all params, not just the first –open classes: classes Adding these features makes modular type checking harder, and required innovations on the type system side Interplay between language design and type systems CleanL TSys DSL DFA WP/SP MC ATP

Download ppt "Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?"

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Advanced programming tools at Microsoft

Advanced programming tools at Microsoft
Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 0 Summer school on Formal Models.

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 0 Summer school on Formal Models.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.

An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
© Chinese University, CSE Dept. Software Engineering / 1 - 1 Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.

© Chinese University, CSE Dept. Software Engineering / Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.

Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.
An Introduction to Proof-Carrying Code David Walker Princeton University (slides kindly donated by George Necula; modified by David Walker)

An Introduction to Proof-Carrying Code David Walker Princeton University (slides kindly donated by George Necula; modified by David Walker)
The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI 297 5.31.2005.

The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
1.7.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.
Building Reliable Software Requirements and Methods.

Building Reliable Software Requirements and Methods.
ESC Java. Static Analysis Spectrum Power Cost Type checking Data-flow analysis Model checking Program verification AutomatedManual ESC.

ESC Java. Static Analysis Spectrum Power Cost Type checking Data-flow analysis Model checking Program verification AutomatedManual ESC.
Proof-system search ( ` ) Interpretation search ( ² ) Main search strategy DPLL Backtracking Incremental SAT Natural deduction Sequents Resolution Main.

Proof-system search ( ` ) Interpretation search ( ² ) Main search strategy DPLL Backtracking Incremental SAT Natural deduction Sequents Resolution Main.
Automatically Proving the Correctness of Compiler Optimizations Sorin Lerner Todd Millstein Craig Chambers University of Washington.

Automatically Proving the Correctness of Compiler Optimizations Sorin Lerner Todd Millstein Craig Chambers University of Washington.
Final exam week Three things on finals week: –final exam –final project presentations –final project report.

Final exam week Three things on finals week: –final exam –final project presentations –final project report.

Similar presentations

Ads by Google