Bug Isolation and Program Behavior Analysis

exercise 34 linting review n.w
1 / 28
Embed
Share

Explore the process of bug isolation in programming, from identifying defects to tracing back failures and exploits. Learn how to effectively isolate bugs and improve software security through careful consideration and proper logging.

  • Bug Isolation
  • Program Behavior
  • Software Security
  • Defect Analysis
rayaanacharya
jveron Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. EXERCISE #34 LINTING REVIEW Write your name and answer the following on a piece of paper Give an example of a program that a linter might flag as a problem and explain why it would do so. 1

  2. EXERCISE #34: SOLUTION LINTING REVIEW 2

  3. Grades still not done ADMINISTRIVIA AND ANNOUNCEMENTS

  4. EECS 665 Quiz 4 and EECS 677 Replacement test conflict ADMINISTRIVIA AND ANNOUNCEMENTS

  5. P3 up tonight ADMINISTRIVIA AND ANNOUNCEMENTS

  6. BUG ISOLATION EECS 677: Software Security Evaluation Drew Davidson

  7. 7 WHERE WE RE AT GRAB-BAG TOPICS!

  8. 8 PREVIOUSLY: SECURE DESIGN REVIEW LAST LECTURE DESCRIBEDSOMEOFTHEBESTPRACTICES INWRITINGSECURESOFTWARE The principle of least privilege / privilege separation Simplicity Open design Defense in depth Complete mediation Fail safe

  9. 9 THIS LECTURE BUG ISOLATION ISOLATING CAUSE-EFFECT CHAINSIN PROGRAMMISBEHAVIOR Why we isolate bugs How we isolate bugs Bug

  10. 10 FROM DEFECT TO FAILURE BUG ISOLATION THEANATOMYOFAPROBLEM Step 1. The programmer creates a defect (an error in the code) We care about this Step 2. When executed, the program creates an infection (an error in the state) Step 3. The infection propagates Step 4. The infection causes a failure / exploit We see this

  11. 11 HOW TO FIX A BUG BUG ISOLATION UNWINDINGACOMPLEXISSUEREQUIRESCAREFULCONSIDERATION Sufficient logging to detect failure / exploit Insert Simplification Sufficient logging to trace back the propagation Identification of the defect

  12. 12 SIMPLIFICATION BUG ISOLATION WHATPARTOFANINFECTIONISRELEVANTTOTHEDEFECT? Does the problem really depend on 10,000 lines of input? Does the failure really require this exact schedule? Do we need this sequence of calls? EXPERIMENT-BASED SIMPLIFICATION - For every aspect of the problem, check whether it is relevant for the problem to occur. - If it is not, remove that aspect from the report or test case

  13. 13 BUG REPORTS BUG ISOLATION INPRACTICE, EVENADEBUGTRACEMIGHTNOTBEAVAILABLE Consider most open source software a bug report is likely to only provide a failing case

  14. 14 ACTING ON BUG REPORTS BUG ISOLATION ANECDOTE In 1999 Bugzilla, the bug database for the browser Firefox, listed more than 370 open bugs Each bug in the database describes a scenario which caused software to fail these scenarios are not simplified they may contain a lot of irrelevant information a lot of the bug reports could be equivalent Overwhelmed with this work Mozilla developers sent out a call for volunteers Process the bug reports by producing simplified bug reports Simplifying means: turning the bug reports into minimal test cases where every part of the input would be significant in reproducing the failure

  15. 15 MOZILLA ANECDOTE: EXAMPLE BUG ISOLATION PRINTINGTHE FOLLOWINGFILECAUSED FIREFOXTOCRASH <td align=left valign=top> <SELECT NAME="op sys" MULTIPLE SIZE=7> <OPTION VALUE="All">All<OPTION VALUE="Windows 3.1">Windows 3.1<OPTION VALUE="Windows 95">Windows 95<OPTION VALUE="Windows 98">Windows 98<OPTION VALUE="Windows ME">Windows ME<OPTION VALUE="Windows 2000">Windows 2000<OPTION VALUE="Windows NT">Windows NT<OPTION VALUE="Mac System 7">Mac System 7<OPTION VALUE="Mac System 7.5">Mac System 7.5<OPTION VALUE="Mac System 7.6.1">Mac System 7.6.1<OPTION VALUE="Mac System 8.0">Mac System 8.0<OPTION VALUE="Mac System 8.5">Mac System 8.5<OPTION VALUE="Mac System 8.6">Mac System 8.6<OPTION VALUE="Mac System 9.x">Mac System 9.x<OPTION VALUE="MacOS X">MacOS X<OPTION VALUE="Linux">Linux<OPTION VALUE="BSDI">BSDI<OPTION VALUE="FreeBSD">FreeBSD<OPTION VALUE="NetBSD">NetBSD<OPTION VALUE="OpenBSD">OpenBSD<OPTION VALUE="AIX">AIX <OPTION VALUE="BeOS">BeOS<OPTION VALUE="HP-UX">HP-UX<OPTION VALUE="IRIX">IRIX<OPTION VALUE="Neutrino">Neutrino<OPTION VALUE="OpenVMS"> OpenVMS<OPTION VALUE="OS/2">OS/2<OPTION VALUE="OSF/1">OSF/1<OPTION VALUE="Solaris">Solaris<OPTION VALUE="SunOS">SunOS<OPTION VALUE="other">other</SELECT></td> <td align=left valign=top> <SELECT NAME="priority" MULTIPLE SIZE=7> <OPTION VALUE="--">--<OPTION VALUE="P1">P1<OPTION VALUE="P2">P2<OPTION VALUE="P3">P3<OPTION VALUE="P4">P4<OPTION VALUE="P5">P5</SELECT> </td> <td align=left valign=top> <SELECT NAME="bug severity" MULTIPLE SIZE=7> <OPTION VALUE="blocker">blocker<OPTION VALUE="critical">critical<OPTION VALUE="major">major<OPTION VALUE="normal">normal<OPTION VALUE="minor">minor<OPTION VALUE="trivial">trivial<OPTION VALUE="enhancement">enhancement</SELECT> </tr> </table> WHY?

  16. 16 CAUSE AND EFFECT BUG ISOLATION FREQUENTLY, ASUBSETOFINPUTWILLBETHECULPRITANDTHERESTISINCIDENTAL This circumstance creates both the means and motivation for minimizing test cases View minimization as a binary search (or at least a reduction of search space)

  17. 17 CAUSE AND EFFECT BUG ISOLATION 1 <SELECT NAME="priority" MULTIPLE SIZE=7> F 2 <SELECT NAME="priority" MULTIPLE SIZE=7> P 3 <SELECT NAME="priority" MULTIPLE SIZE=7> P 4 <SELECT NAME="priority" MULTIPLE SIZE=7> P 5 <SELECT NAME="priority" MULTIPLE SIZE=7> F 6 <SELECT NAME="priority" MULTIPLE SIZE=7> F 7 <SELECT NAME="priority" MULTIPLE SIZE=7> P 8 <SELECT NAME="priority" MULTIPLE SIZE=7> P 9 <SELECT NAME="priority" MULTIPLE SIZE=7> P 10 <SELECT NAME="priority" MULTIPLE SIZE=7> F 11 <SELECT NAME="priority" MULTIPLE SIZE=7> P 12 <SELECT NAME="priority" MULTIPLE SIZE=7> P 13 <SELECT NAME="priority" MULTIPLE SIZE=7> P 14 <SELECT NAME="priority" MULTIPLE SIZE=7> P 15 <SELECT NAME="priority" MULTIPLE SIZE=7> P 16 <SELECT NAME="priority" MULTIPLE SIZE=7> F 17 <SELECT NAME="priority" MULTIPLE SIZE=7> F 18 <SELECT NAME="priority" MULTIPLE SIZE=7> F 19 <SELECT NAME="priority" MULTIPLE SIZE=7> P 20 <SELECT NAME="priority" MULTIPLE SIZE=7> P 21 <SELECT NAME="priority" MULTIPLE SIZE=7> P 22 <SELECT NAME="priority" MULTIPLE SIZE=7> P 23 <SELECT NAME="priority" MULTIPLE SIZE=7> P 24 <SELECT NAME="priority" MULTIPLE SIZE=7> P 25 <SELECT NAME="priority" MULTIPLE SIZE=7> P 26 <SELECT NAME="priority" MULTIPLE SIZE=7> F

  18. 18 DELTA DEBUGGING BUG ISOLATION WHATPARTOFANINFECTIONISRELEVANTTOTHEDEFECT? It is very tedious (but highly mechanical) to modify and re-test program aspects

  19. 19 DELTA DEBUGGING: NEEDS BUG ISOLATION A FAILINGTEST CASEANDA PASSINGTEST CASE

  20. 20 DELTA DEBUGGING: ALGORITHM BUG ISOLATION def dd(c_pass, c_fail): n = 2 while true: delta = listminus(c_fail, c_pass) deltas = split(delta, n); offset = 0; j = 0 while j < n: i = (j + offset) % n next_c_pass = listunion(c_pass, deltas[i]) next_c_fail = listminus(c_fail, deltas[i]) if test(next_c_fail) == FAIL and n == 2: c_fail = next_c_fail; n = 2; offset = 0; break elif test(next_c_fail) == PASS: c_pass = next_c_fail; n = 2; offset = 0; break elif test(next_c_pass) == FAIL: c_fail = next_c_pass; n = 2; offset = 0; break elif test(next_c_fail) == FAIL: c_fail = next_c_fail; n = max(n - 1, 2); offset = i; break elif test(next_c_pass) == PASS: c_pass = next_c_pass; n = max(n - 1, 2); offset = i; break else: j = j + 1 if j >= n: if n >= len(delta): return (delta, c_pass, c_fail) else: n = min(len(delta), n * 2)

  21. 21 DELTA DEBUGGING: APPLICATIONS BUG ISOLATION IT SNOTJUSTFORMANIPULATINGINPUT! Consider determining bugs caused by - Code changes - Thread interleavings

  22. 22 COOPERATIVE BUG ISOLATION BUG ISOLATION FAULT LOCALIZATION IS EXPENSIVE! Gathering sufficient telemetry slows down programs Much of the logging won t be useful in the end KEY IDEA Statistically distribute logging across the userbase Good news! Works best in the circumstances where it is most needed

  23. 23 COOPERATIVE BUG ISOLATION BUG ISOLATION BASIC SCHEME Each user records 1% of everything Adapts the sparse sampling scheme by Arnold and Ryder HOWTO SAMPLE? One idea: randomize check (p != NULL); p = p->next; check (i < max); total += sizes[i]; if (rand(100)== 0){ check (p != NULL); } p = p->next; if (rand(100) == 0){ check (i < max); } total += sizes[i]; but rand(100) is super expensive!

  24. 24 COOPERATIVE BUG ISOLATION BUG ISOLATION HOWTO SAMPLE? One idea: randomize check (p != NULL); p = p->next; check (i < max); total += sizes[i]; if (rand(100)== 0){ check (p != NULL); } p = p->next; if (rand(100) == 0){ check (i < max); } total += sizes[i]; but rand(100) is super expensive! Another idea: global counter if (k++ % 100 == 0){ check (p != NULL); } p = p->next; if (k++ % 100 == 0){ check (i < max); } total += sizes[i]; You ll never get the second check!

  25. 25 COOPERATIVE BUG ISOLATION BUG ISOLATION HOWTO SAMPLE? One idea: randomize check (p != NULL); p = p->next; check (i < max); total += sizes[i]; if (rand(100)== 0){ check (p != NULL); } p = p->next; if (rand(100) == 0){ check (i < max); } total += sizes[i]; but rand(100) is super expensive! CBI s working solution Another idea: global counter - Use a randomized global countdown - Restore the countdown by sampling from a geometric distribution if (k++ % 100 == 0){ check (p != NULL); } p = p->next; if (k++ % 100 == 0){ check (i < max); } total += sizes[i]; You ll never get the second check!

  26. 26 COOPERATIVE BUG ISOLATION BUG ISOLATION CBI S SAMPLING METHOD - Use a randomized global countdown - Restore the countdown by sampling from a geometric distribution Benefits - Doesn t use clock interrupt - Isn t periodic - Deciding to check is relatively quick

  27. 27 COOPERATIVE BUG ISOLATION BUG ISOLATION REAL CBI ISSLIGHTLYMORECOMPLEX Smart(er) about what points to instrument - Essentially finds acyclic regions of the control flow and instruments intelligently - Clones regions of code with a fast variant and a slow variant A number of optimizations exist to make countdown lookup faster - e.g. Caching a global variable in local function such that it might be better optimized without interprocedural analysis

  28. 28 WRAP-UP BUG ISOLATION IMPORTANCEOFSIMPLIFICATIONINFIXING/SECURINGPROGRAMS Methods include collaborative bug isolation / delta debugging

Related


Rashford's Exclusion Raises Questions as Southgate Navigates Delicate Balance Euro 2024

Rashford's Exclusion Raises Questions as Southgate Navigates Delicate Balance Euro 2024

WorldWide
Locksmith in Ireland

Locksmith in Ireland

Tejaswini
Predicting Spain's Lineup for UEFA Euro 2024

Predicting Spain's Lineup for UEFA Euro 2024

WorldWide
Roland Sallai Primed for Success at Euro 2024

Roland Sallai Primed for Success at Euro 2024

WorldWide
Fernandes Thriving in United's Resurgent Attack^J Euro 2024 Success

Fernandes Thriving in United's Resurgent Attack^J Euro 2024 Success

WorldWide
No Clear Plan Beyond Euro 2024, Says England Manager

No Clear Plan Beyond Euro 2024, Says England Manager

WorldWide
Christoph Baumgartner Expectations and Preparations for Euro 2024

Christoph Baumgartner Expectations and Preparations for Euro 2024

WorldWide
Christoph Baumgartner Expectations and Preparations for Euro 2024

Christoph Baumgartner Expectations and Preparations for Euro 2024

WorldWide
Building England's Euro 2024 Team around Phil Foden

Building England's Euro 2024 Team around Phil Foden

WorldWide
Scotland Superfan since 1974 Robbie Jenkins Prepares for Euro 2024

Scotland Superfan since 1974 Robbie Jenkins Prepares for Euro 2024

WorldWide
Press-Release-Newswire-Improve-Brand-Credibility-in-US

Press-Release-Newswire-Improve-Brand-Credibility-in-US

book
The Benefits of SEO for Startups and New Businesses

The Benefits of SEO for Startups and New Businesses

Digi3
Exploring the Flavor Trends in Disposable Vapes for 2024

Exploring the Flavor Trends in Disposable Vapes for 2024

Vape
SUD Life Century Gold - Individual Saving Life Insurance Plan

SUD Life Century Gold - Individual Saving Life Insurance Plan

mariah
Choose the Perfect PPT Template for Your Presentation Needs

Choose the Perfect PPT Template for Your Presentation Needs

sukie
The 5 Most Powerful Desktop Computers of 2024

The 5 Most Powerful Desktop Computers of 2024

aayun
Salinity in Seawater: Density, Composition, and Variations

Salinity in Seawater: Density, Composition, and Variations

kyliann
Guidelines for Uploading Presentation Files at ASP-DAC 2019

Guidelines for Uploading Presentation Files at ASP-DAC 2019

zaer271
SALESFORCE PPT QUE

SALESFORCE PPT QUE

Sapalogy
Modern Teaching Technologies and Productivity Apps

Modern Teaching Technologies and Productivity Apps

erdem
History of Delhi Sultanate (A.D. 1200 - A.D. 1526) Presentation

History of Delhi Sultanate (A.D. 1200 - A.D. 1526) Presentation

mlang

More Related Content