Back to the Future: Omniscient Debugging

This article presents TOD (trace oriented debugger), a prototype scalable omniscient debugger for Java, which aims at making omniscient debugging practical, at last. Omniscient debuggers, also known as back-in-time or reversible debuggers, record the whole history, or execution trace, of a debugged program and let the user freely explore it. This approach combines the advantages of both log-based (past activity is never lost) and breakpoint based debugging (interactive navigation, step-by-step execution, and complete stack inspection). Omniscient debuggers simulate step-by-step execution both forward and backward, avoiding having to rerun the whole program many times to pinpoint the bug's root cause. More importantly, they make it possible to navigate through the history of a program by following causal links, so questions that would otherwise require a significant effort can be answered instantly for instance, "When was variable x assigned a null value?" or "What was the state of object o when it was passed as an argument to method foo?".     

Mathematical modeling of software reliability testing with imperfect debugging

Software reliability testing is concerned with the quantitative relationship between software testing and software reliability. Our previous work develops a mathematically rigorous modeling framework for software reliability testing. However the modeling framework is confined to the case of perfect debugging, where detected defects are removed without introducing new defects. In this paper the modeling framework is extended to the case of imperfect debugging and two models are proposed. In the first model it is assumed that debugging is imperfect and may make the number of remaining defects reduce by one, remain intact, or increase by one. In the second model it is assumed that when the number of remaining defects reaches the upper bound, the probability that the number of remaining defects is increased by one by debugging is zero. The expected behaviors of the cumulative number of observed failures and the number of remaining defects in the first model show that the software testing process may induce a linear or nonlinear dynamic system, depending on the relationship between the probability of debugging introducing a new defect and that of debugging removing a detected defect. The second-order behaviors of the first model also show that in the case of imperfect debugging, although there may be unbiased estimator for the initial number of defects remaining in the software under test, the cumulative number of observed failures and the current number of remaining defects are not sufficient for precisely estimating the initial number of remaining defects. This is because the variance of the unbiased estimator approaches a non-zero constant as the software testing process proceeds. This may be treated as an intrinsic principle of uncertainty for software testing. The expected behaviors of the cumulative number of observed failures and the number of remaining defects in the second model show that the software testing process may induce a nonlinear dynamic system. However theoretical analysis and simulation results show that, if defects are more often removed from than introduced into the software under test, the expected behaviors of the two models tend to coincide with each other as the upper bound of the number of remaining defects approaches infinity.     

一种面向通用众核CPU的软件调试器设计

近年来,众核处理器技术飞速发展,而面向该体系架构的软件调试技术相对滞后。针对众核平台上软件调试的特点,提出了一种一对多的软件调试模型,基于开源调试器gdb,设计了指令移位断点算法。该设计克服了硬件断点数量的限制,提升了异常定位的精确度,改善了软件调试器的易用性。最后通过实例对采用该设计的软件调试器进行了验证。结果表明,该设计能够有效解决众核程序的调试问题,提高软件调试器的执行效率,帮助程序员快速定位软件错误。     

软件多缺陷定位方法研究综述

软件多缺陷定位(Multiple Fault Localization,简称MFL)尝试在含有多个缺陷的软件程序中自动标识出这些缺陷所在的位置.传统的缺陷定位研究一般假设被测软件内仅含有一个缺陷,而实际情况下软件内往往包含多个缺陷,因此MFL问题更加贴近实际场景.当程序中存在多个缺陷时,由于缺陷数量难以准确估计,同时缺...     

Debugging‐workflow‐aware software reliability growth analysis

Software reliability growth models support the prediction/assessment of product quality, release time, and testing/debugging cost. Several software reliability growth model extensions take into account the bug correction process. However, their estimates may be significantly inaccurate when debugging fails to fully fit modelling assumptions. This paper proposes debugging‐workflow‐aware software reliability growth method (DWA‐SRGM), a method for reliability growth analysis leveraging the debugging data usually managed by companies in bug tracking systems. On the basis of a characterization of the debugging workflow within the software project under consideration (in terms of bug features and treatment phases), DWA‐SRGM pinpoints the factors impacting the estimates and to spot bottlenecks, thus supporting process improvement decisions. Two industrial case studies are presented, a customer relationship management system and an enterprise resource planning system, whose defects span a period of about 17 and 13 months, respectively. DWA‐SRGM revealed effective to obtain more realistic estimates and to capitalize on the awareness of critical factors for improving debugging.     

UML model transformation and its application to MDA technology

Effective application of the MDA software development technology calls for design methods and techniques for specifying and automated execution of software model transformations. The paper presents fundamentals of MDA and the role of software model transformations for this technology. A special language designed for transformation definition is proposed, its properties are discussed, and an example of practical application is given.     

反向调试技术研究综述

在软件的开发测试部署过程中,调试工作耗费了开发人员非常多的精力和时间,有时一个很难被发现的错误会导致多次重启调试。反向调试是软件调试的一种技术,无需重启即可向后查看运行的指令及状态,这能够大大提高软件调试的速度,降低软件开发的难度,有效修复程序运行时发生的错误。该技术的核心问题是运行状态的恢复,目前针对该问题的解决方法主要有状态保存和状态重构。文中主要从反向调试的原理、学术研究、产品实现、技术应用等方面梳理其发展情况,对该技术进行分析研究,总结了基于时间和基于指令的状态保存反向调试技术以及两种反向执行重构状态的方法,并提出了有关记录重放程序执行、定位分析软件错误、反向数据流恢复这3方面的应用,可为反向调试技术的研究应用提供一定的参考。     

Debugging with dynamic slicing and backtracking

Programmers spend considerable time debugging code. Symbolic debuggers provide some help but the task remains complex and difficult. Other than breakpoints and tracing, these tools provide little high-level help. Programmers must perform many tasks manually that the tools could perform automatically, such as finding which statements in the program affect the value of an output variable for a given test case, and what was the value of a given variable when the control last reached a given program location. If debugging tools provided explicit support for these tasks, the debugging process could be automated to a significant extent. In this paper we present a debugging model, based on dynamic program slicing and execution backtracking techniques, that easily lends itself to automation. This model is based on experience with using these techniques to debug software. We also present a prototype debugging tool, SPYDER, that explicitly supports the proposed model, and with which we are performing further debugging research.     

软件执行路径的高层次可视化表示

软件的主要特征信息，如功能性信息，常常隐藏在它的结构里面，仅仅分析软件系统的结构不足以揭示它们，只能在对软件的各条执行路径的确认过程中获得，对软件执地路长的分析是软件理解过程是一个必可少的辅助手段，程序执行路径（ＥｘｅｃｕｔｉｏｎＰａｈｔ，ＥＰ）概念和它在程序测试，排障（纠错）和理解等方面的用途是大家所知晓的并已有记录，本文给出了一种系统性的方法，可根据从程序设计语言的说明规程产生的结构模型，自动     

面向语句的MBFL变异体约减策略

在软件调试过程中如何高效、精确地定位程序中的错误代码是软件开发人员普遍关注的问题。MBFL是一种基于变异分析的错误定位技术,它在获得较高错误定位精度的同时会生成大量变异体,并在变异体上执行测试用例集,开销庞大。为了减少MBFL的变异执行开销,提出面向语句的变异体约减策略,通过分析测试用例的执行信息, 按一定比例 对每条由失败测试用例覆盖的语句生成的变异体集合进行约减。实验结果表明,在7个程序包的112个错误版本上,应用面向语句的变异体约减策略的MBFL,在保持较高错误定位精度的同时,能够有效减少73.51%~79.98%的变异执行开销。     

软件DSM系统中的全局断点技术

软件DSM系统的并行调试环境已经成为制约其广泛应用的一个重要因素。全局断点技术是用户调试程序的一种基本方法。该文通过定义软件DSM程序执行的HB1序来描述程序的执行,并以此定义因果分布式断点。并使用重放方法和向量时间戳技术来获得因果分布式断点。应用测试结果表明,该方法产生很小的空间和时间开销。     

Using model transformation to refactor use case models based on antipatterns

Use Case modeling is a popular technique for documenting functional requirements of software systems. Refactoring is the process of enhancing the structure of a software artifact without changing its intended behavior. Refactoring, which was first introduced for source code, has been extended for use case models. Antipatterns are low quality solutions to commonly occurring design problems. The presence of antipatterns in a use case model is likely to propagate defects to other software artifacts. Therefore, detection and refactoring of antipatterns in use case models is crucial for ensuring the overall quality of a software system. Model transformation can greatly ease several software development activities including model refactoring. In this paper, a model transformation approach is proposed for improving the quality of use case models. Model transformations which can detect antipattern instances in a given use case model, and refactor them appropriately are defined and implemented. The practicability of the approach is demonstrated by applying it on a case study that pertains to biodiversity database system. The results show that model transformations can efficiently improve quality of use case models by saving time and effort.     

软件DSM系统的重放

软件DSM系统的并行调试环境已经成为制约其广泛应用的一个重要因素，重放方法使得用户能用循环调试技术来调试具有执行不确定性的软件DSM程序，本文定义了软件DSM程序执行的happen-before-1关系，并依据其提出一种在软件DMS系统JIAJIA上实现重放的方法，实际应用测试表明，该方法产生很小的空间和时间开销。     

Good System Structure Features: Their Complexity and Execution Time Cost

This paper describes a multistep technique that can be applied to improve system structure and to improve performance when necessary. The technique begins with the analysis of system structure via the structured design guidelines of coupling and cohesion. Next, manual system structure improvement transformations are applied. The effect of the transformations on execution time is then determined. Finally, vertical migration is used on the restructured system to improve its performance. Using the results of this paper, system programmers can identify specific cases where both good system structure and good performance are attainable, and others where tradeoffs must be made. The technique is most applicable during the maintenance phase of the software life cycle.     

A General Model of Unit Testing Efficacy

Much of software engineering is targeted towards identifying and removing existing defects while preventing the injection of new ones. Defect management is therefore one important software development process whose principal aim is to ensure that the software produced reaches the required quality standard before it is shipped into the market place. In this paper, we report on the results of research conducted to develop a predictive model of the efficacy of one important defect management technique, that of unit testing. We have taken an empirical approach. We commence with a number of assumptions that led to a theoretical model which describes the relationship between effort expended and the number of defects remaining in a software code module tested (the latter measure being termed correctness). This model is general enough to capture the possibility that debugging of a software defect is not perfect and could lead to new defects being injected. The Model is examined empirically against actual data and validated as a good predictive model under specific conditions. The work has been done in such a way that models are derived not only for the case of overall correctness but also for specific types of correctness such as correctness arising from the removal of defects contributing to shortcoming in reliability (R-type), functionality (F-type), usability (U-type) and maintainability (M-type) aspects of the program subject to defect management.     

Software dependability in the Tandem GUARDIAN system

Based on extensive field failure data for Tandem's GUARDIAN operating system, the paper discusses evaluation of the dependability of operational software. Software faults considered are major defects that result in processor failures and invoke backup processes to take over. The paper categorizes the underlying causes of software failures and evaluates the effectiveness of the process pair technique in tolerating software faults. A model to describe the impact of software faults on the reliability of an overall system is proposed. The model is used to evaluate the significance of key factors that determine software dependability and to identify areas for improvement. An analysis of the data shows that about 77% of processor failures that are initially considered due to software are confirmed as software problems. The analysis shows that the use of process pairs to provide checkpointing and restart (originally intended for tolerating hardware faults) allows the system to tolerate about 75% of reported software faults that result in processor failures. The loose coupling between processors, which results in the backup execution (the processor state and the sequence of events) being different from the original execution, is a major reason for the measured software fault tolerance. Over two-thirds (72%) of measured software failures are recurrences of previously reported faults. Modeling, based on the data, shows that, in addition to reducing the number of software faults, software dependability can be enhanced by reducing the recurrence rate     

Improving the performance of reverse debugging

Reverse debugging is the software development technique that effectively helps fix bugs occurring at the nondeterministic program behavior. It allows one to examine the past states of the program without rerunning it. An implementation of reverse debugging based on deterministic replay in the QEMU 2.0 emulator is described. A number of techniques improving the debugging performance due to reducing the amount of saved data, optimized storage of system snapshots, indexing, and compressing of the event log are proposed. The emulator can work together with the interactive GDB debugger, which makes it possible to use the reverse-continue, reverse-nexti, reverse-stepi and reverse-finish commands in the course of debugging. The execution time of these commands depends on the frequency of recording the system’s state snapshots. An estimate of the optimal frequency for the reverse-continue command is obtained.     

Maintaining the health of software monitors

Software health management (SWHM) techniques complement the rigorous verification and validation processes that are applied to safety-critical systems prior to their deployment. These techniques are used to monitor deployed software in its execution environment, serving as the last line of defense against the effects of a critical fault. SWHM monitors use information from the specification and implementation of the monitored software to detect violations, predict possible failures, and help the system recover from faults. Changes to the monitored software, such as adding new functionality or fixing defects, therefore, have the potential to impact the correctness of both the monitored software and the SWHM monitor. In this work, we describe how the results of a software change impact analysis technique, Directed Incremental Symbolic Execution (DiSE ), can be applied to monitored software to identify the potential impact of the changes on the SWHM monitor software. The results of DiSE can then be used by other analysis techniques, e.g., testing, debugging, to help preserve and improve the integrity of the SWHM monitor as the monitored software evolves.     

PROVIDE: a process visualization and debugging environment

The author introduces PROVIDE, a source-level process visualization and debugging environment currently under development at the University of Illinois at Chicago. PROVIDE is a modern coding and debugging environment that is designed to allow the user to configure interaction at a desired level of abstraction. It emphasizes the use of interactive computer graphics for the illustration of program execution, with special attention to the requirements of program debugging. The major features of PROVIDE are presented, especially the concepts of deferred-binding program animation, which allows users to interactively change the depiction of program execution during the debugging task, and process history consistency maintenance, which guarantees a consistent (automatically updated) record of program execution in the face of changes to program instructions and run-time data values. The current PROVIDE prototype is implemented on Macintosh workstations networked to a VAX 11/780 running 4.2 BSD Unix     

On Using B in the Design of Secure Micro-controllers: An Experience Report

The stepwise formal development of safety critical software is now a well established engineering practice, noticeably in railway systems. However, it has not been applied as successfully to hardware development, where formal methods are mainly used for verification and gate level transformations and optimizations. In this paper, we report our recent experience in the stepwise formal development of a real macro-cell, that opens the way to the design of synchronous digital circuits with zero functional bugs. We propose a development flow suited for obtaining proven correct-by-construction circuits that further possess additional robustness properties desirable for secure chips. The reported work is prospective and is meant to show the feasibility of such a technique for high confidence trustful devices.