1 / 34

Software Bugs Bite!

Software Bugs Bite!. Yuanyuan (YY) Zhou Associate Professor Dept. of Computer Science Univ. of Illinois, Urbana-Champaign yyzhou@cs.uiuc.edu. My Story: Zig-zag my way to System. When young--------------------parents want me to be a business woman

ashlyn
Download Presentation

Software Bugs Bite!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Software Bugs Bite! Yuanyuan (YY) Zhou Associate Professor Dept. of Computer Science Univ. of Illinois, Urbana-Champaign yyzhou@cs.uiuc.edu

  2. My Story: Zig-zag my way to System • When young--------------------parents want me to be a business woman • College application-----------Applied for BioChemistry • But changed unknowingly to CS (Reason: parents were chemistry teachers) • 1st graduate school----------Mathematics at Univ. of Virginia • 1st research area at Princeton-------------Theory • 1st year as a system student --------------Negative • Felt that system is trivial----you can actually understand system talks • 2nd year at Princeton---Wanted to quit to go to medical school • 1st job after Ph.D • Co-founded a startup for 2 years (realize that I am probably not a business woman) • 1st year at UIUC ------- in the architecture group • Now-----try to be a doctor to cure software “diseases” University of Illinois, Urbana-Champaign Slide 2

  3. Family & Fun • A supportive husband + 2 girls • Husband is my motivation to work on software bugs • My daughters inspired several research ideas (e.g Rx) and help me realize life is much more than my career • Hobby • Skiing, hiking .... but Illinois? • Switched to ice skating and growing vegetables • Computer games (a Civilization fan) University of Illinois, Urbana-Champaign Slide 3

  4. Health of Computers • We want computers to be dependable • Aircraft control systems • Hospital monitor systems • Financial transactions systems • Internet services • Cell phones, PDAs,smart home appliances, cars University of Illinois, Urbana-Champaign Slide 4

  5. Bad News: Software Bugs • Software bug is a major concern • Counts for 40% system failure [Marcus2000] • Costs $59.5 billion annually [NIST] University of Illinois, Urbana-Champaign Slide 5

  6. Severe Software Clinical Cases • Therac-25 (radiation therapy machine ) accidents (1985-1987) • the injured patients died from lethal dosage of radiation caused by a software bug • Code Red worm exploited a buffer overflow in Microsoft’s IIS server • Cost over $2.6 billion and Infected 350,000 servers in <14 hours • 2003 North America blackout • Caused by a race condition in GE Energy's XA/21 monitoring software University of Illinois, Urbana-Champaign Slide 6

  7. Why Software Bugs? • Why do we get ill? • Nature • Answer: human nature • On average, programmers inject 10 bugs per thousand lines of code University of Illinois, Urbana-Champaign Slide 7

  8. Debugging is Hard for large software • Cure/diagnose a disease is hard… • Impossible to test every cases • Many bugs are hidden, “latent bugs” • Some bugs are hard to reproduce • Configuration, timing and running environment dependent • Hard to find root causes • Root causes may be far away from the symptom University of Illinois, Urbana-Champaign Slide 8

  9. Type of Software Defects • Specification bugs • Even the specification is wrong • Design bugs • The design is erroneous • Implementation bugs • Buffer overflow, memory leak, memory corruption, etc. University of Illinois, Urbana-Champaign Slide 9

  10. Classification of Implementation Bugs • Deterministic vs. non-deterministic • Root causes • Memory bugs • Memory leaks ?? • Memory corruption • Buffer overflow ?? • Dangling pointer ?? • .. • Semantics • Unhandled exceptions • Copy-paste bugs • … • Concurrency • Data races ?? • Atomicity violations ?? • Deadlocks ?? • … University of Illinois, Urbana-Champaign Slide 10

  11. Bugs and Security Attacks? • Why are we in the same session? • Software bug is a major source of security vulnerabilities • Bouncer (Tuesday) • Memory safety (Wednesday) • Example: Buffer overflow • Stack smashing attack • Started from November 1996 • Still the basis for many attacks • Who knows this attack? University of Illinois, Urbana-Champaign Slide 11

  12. The Stack University of Illinois, Urbana-Champaign Slide 12

  13. Buggy Program void buggy(char * in){ int i; char buffer[4]; for(i=0; in[i]!=0; i++) buffer[i] = in[i]; } Where is the bug? What happens if in is “Aleph One”? University of Illinois, Urbana-Champaign Slide 13

  14. Buggy Code’s Stack A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 • Program will start copying… University of Illinois, Urbana-Champaign Slide 14

  15. Buggy Code’s Stack A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 • Program will start copying… University of Illinois, Urbana-Champaign Slide 15

  16. Buggy Code’s Stack A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 • Program will start copying… University of Illinois, Urbana-Champaign Slide 16

  17. Buggy Code’s Stack A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 • Program will start copying… University of Illinois, Urbana-Champaign Slide 17

  18. Buggy Code’s Stack A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 • Program will start copying… and continue. University of Illinois, Urbana-Champaign Slide 18

  19. Buggy Code’s Stack A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 • C isn’t bounds checked… University of Illinois, Urbana-Champaign Slide 19

  20. Buggy Code’s Stack A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 • What happens next? University of Illinois, Urbana-Champaign Slide 20

  21. Buggy Code’s Stack A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 • We’ve overwritten the return address! University of Illinois, Urbana-Champaign Slide 21

  22. Buggy Code’s Stack A l e p h _ O n e \0 41 6C 65 70 68 20 4F 6E 65 00 • How to use it to hijack the program to do whatever you want? University of Illinois, Urbana-Champaign Slide 22

  23. So How to Deal with Bugs? Safe Language Design time • Example: • Java • Transactional Memory (Mon) • Analogy: • Eat healthy, exercise… • Pro: can prevent some bugs • Cons: • Other types of bugs still occur • May be inefficient for some apps: server, OS. Compile time Run time Off-line On-line Debugging Recovery Diagnosis University of Illinois, Urbana-Champaign Slide 23

  24. So How to Deal with Bugs? Design time Static Checking • Program analysis & Model checking • Example: • Engler’s group • iComment [Tuesday] • Analogy: • CAT Scan • Pros: • No run time overhead • Good Coverage • Cons: • No accurate information • Need specification, annotation Compile time Run time Off-line On-line Debugging Recovery Diagnosis University of Illinois, Urbana-Champaign Slide 24

  25. So How to Deal with Bugs? Design time Dynamic Checking • Check during execution • Example: • MUVI [Monday] • Analogy: • Heart monitor • Pros: • Accurate run-time information • Cons: • Large overhead • Coverage limitation Compile time Run time Off-line On-line Debugging Recovery Diagnosis University of Illinois, Urbana-Champaign Slide 25

  26. So How to Deal with Bugs? Design time Interactive Debugging • Example: • gdb • Time travel machine • Analogy: • Doctor’s appointment • Pros: • Program-specific • Cons: • Time and effort-consuming Compile time Run time Off-line On-line debugging Recovery Diagnosis University of Illinois, Urbana-Champaign Slide 26

  27. So How to Deal with Bugs? Design time Generic Recovery • Example: • simple restart • rollback and reexecute • Analogy: • Electric shock • Advantage: • Simple and general • Limitation: • Cannot recover from all failures • Output commit problem Compile time Run time Off-line On-line Debugging Recovery Diagnosis University of Illinois, Urbana-Champaign Slide 27

  28. So How to Deal with Bugs? Online Diagnosis Design time • Example: • Core dump • Execution traces • Triage (Tuesday) • Analogy: • Triage (self-diagnosis) • Advantage: • Simple and general • Limitation: • Require significant offline manual efforts • Privacy concerns Compile time Run time Off-line On-line Debugging Recovery Diagnosis University of Illinois, Urbana-Champaign Slide 28

  29. Evaluation Methodology • Benchmarks • Siemens benchmark • Too small • Bug injection • May not be representative • Find new bugs in open source code • Better to be confirmed by developers • Use existing bugs • Especially dynamic checking----need bugs to manifest University of Illinois, Urbana-Champaign Slide 29

  30. Evaluation Metrics for Bug Detection • Soundness: No false negatives • Prove there is no such violation • May report many false bugs • Completeness: No false positives • All violations detected are true • May not find all the bugs • Scalability: scalable to real programs • Very hard to achieve all • Always need to tradeoff one for the others University of Illinois, Urbana-Champaign Slide 30

  31. Open Problems • Bug Detection • Detecting semantic and concurrency bugs • Reduce false positives • Bug diagnosis • On-site diagnosis • Distributed systems diagnosis • Deterministic replay on multicore /multiprocessors • Bug recovery • Automatic bug fixing • Bug survival with reduced functionality University of Illinois, Urbana-Champaign Slide 31

  32. Conclusions • Software bugs have existed for decades and will continue to exist • Fighting bugs is important • Fighting bugs is a fun and interdisciplinary • Compiler, software engineering, systems, hardware, data mining, machine learning, statistics, … University of Illinois, Urbana-Champaign Slide 32

  33. Thanks! University of Illinois, Urbana-Champaign Slide 33

  34. More Bug’s Cartoon University of Illinois, Urbana-Champaign Slide 34

More Related