Abstract: This paper concerns static-analysis algorithms for analyzing x86 executables. The aim of the work is to recover intermediate representations that are similar to those that can be created for a program written in a high-level language. Our goal is to perform this task for programs such as plugins, mobile code, worms, and virus-infected code. For such programs, symbol-table and debugging information is either entirely absent, or cannot be relied upon if present; hence, the technique described in the paper makes no use of symbol-table/debugging information. Instead, an analysis is carried out to recover information about the contents of memory locations and how they are manipulated by the executable.

Abstract: Typically debugging begins when during a program execution a point is reached at which an obviously incorrect value is observed. A general and powerful approach to automated debugging can be based upon identifying modifications to the program state that will bring the execution to a successful conclusion. However, searching for arbitrary changes to the program state is difficult due to the extremely large search space. In this paper we demonstrate that by forcibly switching a predicate's outcome at runtime and altering the control flow, the program state can not only be inexpensively modified, but in addition it is often possible to bring the program execution to a successful completion (i.e., program produces the desired output). By examining the switched predicate, also called the critical predicate, the cause of the bug can then be identified. Since the outcome of a branch can only be either true or false, the number of modified states resulting by predicate switching is far less than those possible through arbitrary state changes. Thus, it is possible to automatically search through modified states to find one that leads to the correct output. We have developed an implementation based upon dynamic instrumentation to perform this search through program re-execution -- the program is executed from the beginning and a predicate's outcome is switched to produce the desired change in control flow. To evaluate our approach, we tried our technique on several reported bugs for a number of UNIX utility programs. Our technique was found to be practical (i.e., acceptable in time taken) and effective (i.e., we were able to automatically identify critical predicates). Moreover we show that bidirectional dynamic slices of critical predicates capture the faulty code.

Abstract: Inputs causing a program to fail are usually large and often contain information irrelevant to the failure. It thus helps debugging to simplify program inputs. The Delta Debugging algorithm is a general technique applicable to minimizing all failure-inducing inputs for more effective debugging. In this paper, we present HDD, a simple but effective algorithm that significantly speeds up Delta Debugging and increases its output quality on tree structured inputs such as XML. Instead of treating the inputs as one flat atomic list, we apply Delta Debugging to the very structure of the data. In particular, we apply the original Delta Debugging algorithm to each level of a program's input, working from the coarsest to the finest levels. We are thus able to prune the large irrelevant portions of the input early. All the generated input configurations are syntactically valid, reducing the number of inconclusive configurations that need to be tested and accordingly the amount of time spent simplifying. We have implemented HDD and evaluated it on a number of real failure-inducing inputs from the GCC and Mozilla bugzilla databases. Our Hierarchical Delta Debugging algorithm produces simpler outputs and takes orders of magnitude fewer test cases than the original Delta Debugging algorithm. It is able to scale to inputs of considerable size that the original Delta Debugging algorithm cannot process in practice. We argue that HDD is an effective tool for automatic debugging of programs expecting structured inputs.

Abstract: Current tool support for feature models is ad hoc, offering little or no support for debugging feature models or optimizing feature selections. Recent work shows how feature models can be reduced to propositional formulas or to constraint satisfaction problems, for which off-the-shelf tools can validate properties of models (e.g., confirming that a given set of features are incompatible or compatible) or to optimize the selection of features (e.g., performance) [1][2][4]. This opens up new possibilities for next-generation tools for specifying products in software product lines.

Abstract: The number of bugs (or fixes) is a common factor used to measure the quality of software and assist bug related analysis. For example, if software files have many bugs, they may be unstable. In comparison, the bug-fix time--the time to fix a bug after the bug was introduced--is neglected. We believe that the bug-fix time is an important factor for bug related analysis, such as measuring software quality. For example, if bugs in a file take a relatively long time to be fixed, the file may have some structural problems that make it difficult to make changes. In this report, we compute the bug-fix time of files in ArgoUML and PostgreSQL by identifying when bugs are introduced and when the bugs are fixed. This report includes bug-fix time statistics such as average bug-fix time, and distributions of bug-fix time. We also list the top 20 bug-fix time files of two projects.

Abstract: Earlier research on gender effects with software features intended to help problem-solvers in end-user debugging environments has shown that females are less likely to use unfamiliar software features. This poses a serious problem because these features may be key to helping them with debugging problems. Contrasting this with research documenting males' inclination for tinkering in unfamiliar environments, the question arises as to whether encouraging tinkering with new features would help females overcome the factors, such as low self-efficacy, that led to the earlier results. In this paper, we present an experiment with males and females in an end-user debugging setting, and investigate how tinkering behavior impacts several measures of their debugging success. Our results show that the factors of tinkering, reflection, and self-efficacy, can combine in multiple ways to impact debugging effectiveness differently for males than for females.

Abstract: We have developed a new replay debugging tool, liblog, for distributed C/C++ applications. It logs the execution of deployed application processes and replays them deterministically, faithfully reproducing race conditions and non-deterministic failures, enabling careful offline analysis. To our knowledge, liblog is the first replay tool to address the requirements of large distributed systems: lightweight support for long-running programs, consistent replay of arbitrary subsets of application nodes, and operation in a mixed environment of logging and nonlogging processes. In addition, it requires no special hardware or kernel patches, supports unmodified application executables, and integrates GDB into the replay mechanism for simultaneous source-level debugging of multiple processes. This paper presents liblog's design, an evaluation of its runtime overhead, and a discussion of our experience with the tool to date.

Abstract: We describe a statistical approach to software debugging in the presence of multiple bugs. Due to sparse sampling issues and complex interaction between program predicates, many generic off-the-shelf algorithms fail to select useful bug predictors. Taking inspiration from bi-clustering algorithms, we propose an iterative collective voting scheme for the program runs and predicates. We demonstrate successful debugging results on several real world programs and a large debugging benchmark suite.

Abstract: Over the past 30 years, many software reliability growth models (SRGM) have been proposed. Often, it is assumed that detected faults are immediately corrected when mathematical models are developed. This assumption may not be realistic in practice because the time to remove a detected fault depends on the complexity of the fault, the skill and experience of personnel, the size of debugging team, the technique(s) being used, and so on. During software testing, practical experiences show that mutually independent faults can be directly detected and removed, but mutually dependent faults can be removed iff the leading faults have been removed. That is, dependent faults may not be immediately removed, and the fault removal process lags behind the fault detection process. In this paper, we will first give a review of fault detection & correction processes in software reliability modeling. We will then illustrate the fact that detected faults cannot be immediately corrected with several examples. We also discuss the software fault dependency in detail, and study how to incorporate both fault dependency and debugging time lag into software reliability modeling. The proposed models are fairly general models that cover a variety of known SRGM under different conditions. Numerical examples are presented, and the results show that the proposed framework to incorporate both fault dependency and debugging time lag for SRGM has a better prediction capability. In addition, an optimal software release policy for the proposed models, based on cost-reliability criterion, is proposed. The main purpose is to minimize the cost of software development when a desired reliability objective is given

Abstract: Wide-area distributed applications are challenging to debug, optimize, and maintain. We present Wide-Area Project 5 (WAP5), which aims to make these tasks easier by exposing the causal structure of communication within an application and by exposing delays that imply bottlenecks. These bottlenecks might not otherwise be obvious, with or without the application's source code. Previous research projects have presented algorithms to reconstruct application structure and the corresponding timing information from black-box message traces of local-area systems. In this paper we present (1) a new algorithm for reconstructing application structure in both local- and wide-area distributed systems, (2) an infrastructure for gathering application traces in PlanetLab, and (3) our experiences tracing and analyzing three systems: CoDeeN and Coral, two content-distribution networks in PlanetLab; and Slurpee, an enterprise-scale incident-monitoring system.

Abstract: A system and method for providing a secure environment for mobile telephones and other devices are disclosed. The system and method may utilize trust zoning, layered memory, and a secure matrix model having, for example, a memory protection module for protecting memory; a secure debug module for ensuring security of the debug module; a secure file system module for protecting the secure file system; and a trusted time source module for protecting components. Embodiments of the present invention may protect against security attacks on a variety of hardware and software components while permitting suitable levels of accessibility for developmental and maintenance purposes.

Abstract: Methods and apparatuses to enable the development, deployment and update of composite applications on mobile devices. In one embodiment, a method processor in a mobile device may include a workflow engine and a cache manager which looks ahead of the current execution of a workflow to preload modules. The method processor may present modal user interfaces in a non-modal way to eliminate flicker, and use a logger to stamp the workflow related data with real time measurements, such as time, location, and vehicle bus information. The logger may capture screen images and global data of the workflow during the execution. The log data stream may be collected and sent from the mobile device in real time, or in a batch mode, for monitoring, debugging, diagnosing or tuning the execution of a workflow, for providing hot update, help and guidance against deviation during the execution, and for other features.

Abstract: This paper presents techniques that enhance automatically generated hardware assertion checkers to facilitate debugging within the assertion-based verification paradigm. Starting with techniques based on dependency graphs, we construct the algorithms for counting and monitoring the activity of checkers, monitoring assertion completion, as well as introduce the concept of assertion threading. These debugging enhancements offer increased traceability and observability within assertion checkers, as well as the improved metrics relating to the coverage of assertion checkers. The proposed techniques have been successfully incorporated into the MBAC checker generator.

Abstract: If you have programming experience and a familiarity with C--the dominant language in embedded systems--Programming Embedded Systems, Second Edition is exactly what you need to get started with embedded software. This software is ubiquitous, hidden away inside our watches, DVD players, mobile phones, anti-lock brakes, and even a few toasters. The military uses embedded software to guide missiles, detect enemy aircraft, and pilot UAVs. Communication satellites, deep-space probes, and many medical instruments would have been nearly impossible to create without embedded software. The first edition of Programming Embedded Systems taught the subject to tens of thousands of people around the world and is now considered the bible of embedded programming. This second edition has been updated to cover all the latest hardware designs and development methodologies.The techniques and code examples presented here are directly applicable to real-world embedded software projects of all sorts. Examples use the free GNU software programming tools, the eCos and Linux operating systems, and a low-cost hardware platform specially developed for this book. If you obtain these tools along with Programming Embedded Systems, Second Edition, you'll have a full environment for exploring embedded systems in depth. But even if you work with different hardware and software, the principles covered in this book apply.Whether you are new to embedded systems or have done embedded work before, you'll benefit from the topics in this book, which include:How building and loading programs differ from desktop or server computersBasic debugging techniques--a critical skill when working with minimally endowed embedded systemsHandling different types of memoryInterrupts, and the monitoring and control of on-chip and external peripheralsDetermining whether you have real-time requirements, and whether your operating system and application can meet those requirementsTask synchronization with real-time operating systems and embedded LinuxOptimizing embedded software for size, speed, and power consumptionWorking examples for eCos and embedded LinuxSo whether you're writing your first embedded program, designing the latest generation of hand-held whatchamacalits, or managing the people who do, this book is for you. Programming Embedded Systems will help you develop the knowledge and skills you need to achieve proficiency with embedded software.Praise for the first edition: "This lively and readable book is the perfect introduction for those venturing into embedded systems software development for the first time. It provides in one place all the important topics necessary to orient programmers to the embedded development process. --Lindsey Vereen, Editor-in-Chief, Embedded Systems Programming

Abstract: Chip-multiprocessors are becoming the dominant vehicle for general-purpose processing, and parallel software will be needed to effectively utilize them. This parallel software is notoriously prone to synchronization bugs, which are often difficult to detect and repeat for debugging. While data race detection and order-recording for deterministic replay are useful in debugging such problems, only order-recording schemes are lightweight, whereas data race detection support scales poorly and degrades performance significantly. This paper presents our CORD (cost-effective order-recording and data race detection) mechanism. It is similar in cost to prior order-recording mechanisms, but costs considerably less then prior schemes for data race detection. CORD also has a negligible performance overhead (0.4% on average) and detects most dynamic manifestations of synchronization problems (77% on average). Overall, CORD is fast enough to run always (even in performance-sensitive production runs) and provides the support programmers need to deal with the complexities of writing, debugging, and maintaining parallel software for future multi-threaded and multi-core machines.

Abstract: Embodiments of methods and systems consistent with the present invention enable data-focused analysis of an application by reorganizing execution information generated by an application into categories associated with the data objects used by the application, and displaying or otherwise using the reorganized information for analysis, debugging, execution tracing, etc. of the application. Thus, the application execution information is presented from the data standpoint instead of from the execution sequence standpoint.

Abstract: Localizing a fault in program debugging is a complex and time-consuming process. In this paper we present a novel approach using execution slices and inter-block data dependency to effectively identify the locations of program faults. An execution slice with respect to a given test case is the set of code executed by this test, and two blocks are data dependent if one block contains a definition that is used by another block or vice versa. Not only can our approach reduce the search domain for program debugging, but also prioritize suspicious locations in the reduced domain based on their likelihood of containing faults. More specifically, we use multiple execution slices to prioritize the likelihood of a piece of code containing a specific fault. In addition, the likelihood also depends on whether this piece of code is data dependent on other suspicious code. A debugging tool, DESiD, was developed to support our method. A case study that shows the effectiveness of our method in locating faults on an application developed for the European Space Agency is also reported.

Abstract: The invention is directed to instrumenting object code of an application and/or an operating system on a target machine so that execution trace data can be generated, collected, and subsequently analyzed for various purposes, such as debugging and performance. Automatic instrumentation may be performed on an application's object code before, during or after linking. A target machine's operating system's object code can be manually or automatically instrumented. By identifying address space switches and thread switches in the operating system's object code, instrumented code can be inserted at locations that enable the execution trace data to be generated. The instrumentation of the operating system and application can enable visibility of total system behavior by enabling generation of trace information sufficient to reconstruct address space switches and context switches.

Abstract: Fixing runtime bugs in long running programs using trace based analyses such as dynamic slicing was believed to be prohibitively expensive. In this paper, we present a novel execution fast forwarding technique that makes this feasible. While a naive solution is to divide the entire execution by checkpoints, and then apply dynamic slicing enabled by tracing to one checkpoint interval at a time, it is still too costly even with state-of-the-art tracing techniques. Our technique is derived from two key observations. The first one is that long running programs are usually driven by events, which has been taken advantage of by checkpointing/replaying techniques to deterministically replay an execution from the event log. The second observation is that all the events are not relevant to replaying a particular part of the execution, in which the programmer suspects an error happened. We develop a slicing-like technique that can be used to prune irrelevant events from the event log. Driven by the reduced log, the replayed execution is now traced for fault location. This replayed execution has the effect of fast forwarding, i.e the amount of executed instructions is significantly reduced without losing the accuracy of reproducing a failure. Our evaluation shows that skipping irrelevant events can reduce the space requirement for dynamic slicing by factors ranging from 72 to 44490. We also describe how checkpointing and tracing enabled dynamic slicing are combined, which we believe is the first attempt to integrate these two techniques. Finally, the dynamic slices of a set of reported bugs for long running programs are studied to show the effectiveness of dynamic slicing.

Abstract: Debugging data races in parallel applications is a difficult task. Error-causing data races may appear to vanish due to changes in an application's optimization level, thread scheduling, whether or not a debugger is used, and other effects. Further, many race conditions cause incorrect program behavior only in rare scenarios and may lie undetected during software testing.Tools exist today that do a decent job in finding data races in multi-threaded applications. Some data-race detection tools are very efficient and can detect data races with less than a 2x performance penalty. Most such tools, however, do not provide enough information to the user, require recompilation, or impose other usage restrictions. Other tools, such as the one considered in this paper (Intel's Thread Checker), provide users with plenty of useful information and can be used with any application binary, but have high overheads - often over 200x. It is the goal of this paper to speed up Thread Checker by filtering out the vast majority of memory references that are highly unlikely to be involved in data races. In our work, we develop filters that filter 90-100% of all memory references from the datarace detection algorithm, resulting in speedups of 2.2-5.5x, with an average improvement of 3.3x.

Abstract: In this paper, we present an abstraction for heap-allocated storage, called the recency-abstraction, that allows abstract-interpretation algorithms to recover some non-trivial information for heap-allocated data objects. As an application of the recency-abstraction, we show how it can resolve virtual-function calls in stripped executables (i.e., executables from which debugging information has been removed). This approach succeeded in resolving 55% of virtual-function call-sites, whereas previous tools for analyzing executables fail to resolve any of the virtual-function call-sites.

Abstract: One of the main reasons for the difficulty of hardware verification is that hardware platforms are typically nondeterministic at clock-cycle granularity. Uninitialized state elements, I/O, and timing variations on high-speed buses all introduce nondeterminism that causes different behavior on different runs starting from the same initial state. To improve our ability to debug hardware, we would like to completely eliminate nondeterminism. This paper introduces the cycle-accurate deterministic replay (CADRE) architecture, which cost-effectively makes a board-level computer cycle-accurate deterministic. We characterize the sources of nondeterminism in computers and show how to address them. In particular, we introduce a novel scheme to ensure deterministic communication on source-synchronous buses that cross clock-domain boundaries. Experiments show that CADRE on a 4-way multiprocessor server enables cycle-accurate deterministic execution of one-second intervals with modest buffering requirements (around 200MB) and minimal performance loss (around 1%). Moreover, CADRE has modest hardware requirements

Abstract: Concurrency is a fundamental attribute of systems software. Asynchronous computation is the norm in important software components such as operating systems, databases, and web servers. As multi-core architectures find their way into mainstream desktop computers, we are likely to see an increasing use of multithreading in application software as well. Unfortunately, the design of concurrent programs is a very challenging task. The main intellectual difficulty of this task lies in reasoning about the interaction between concurrently executing threads. Nondeterministic thread scheduling makes it extremely difficult to reproduce behavior from one run of the program to another. As a result, the process of debugging concurrent software becomes tedious resulting in a drastic decrease in the productivity of programmers. Since concurrency is both important and difficult to get right, it is imperative that we develop techniques and tools to automatically detect and pinpoint errors in concurrent programs.

Abstract: Recent achievements in formal verification techniques allow for fault detection even in large real-world designs. Tool support for localizing the faulty statements is critical, because it reduces development time and overall project costs. Automated source-level debugging and a new and novel debugging model allow for source-level debugging of large VHDL designs at the granularity of statements and expressions. This technique is fully automated and does not require that an engineer be familiar with formal verification techniques.

Abstract: Techniques for the design and use of a digital signal processor, including (but not limited to) for processing transmissions in a communications (e.g., CDMA) system. The disclosed method and system provide for processing instructions in a multi-threaded process including the use of breakpoint instructions for generating debugging event(s). Generating a debugging event occurs in response to the execution of breakpoint instructions and executes debugging instructions in response to the debugging event. The debugging instructions debug processing instructions in the multi-threaded processor by transitioning at least one or more threads into a debugging mode. The disclosure generates a debugging return for reporting the executing debugging instructions in the subset of the threads of the multi-threaded processor.

Abstract: This paper surveys the state-of-the-art in developing multi-agent systems, and sets out to answer the questions: "what are the key current issues in developing multi-agent systems?" and "what should we, as a research community, be paying particular attention to, over the next few years?". Based on our characterisation of the current state-of-the-art in developing MAS, we identify three key areas for future work: techniques for integrating design and code; extending agent-oriented programming languages to cover certain aspects that are currently weak or missing (e.g., social concepts, and modelling the environment); and development of debugging and verification techniques, with a particular focus on using model checking also in testing and debugging, and applying model checking to design artefacts.

Abstract: Techniques are disclosed for debugging heterogeneous applications in a distributed environment. In one embodiment, an architecture for debugging heterogeneous applications in a distributed environment is configured to enable both location transparency and dynamic exposure of service state. Regardless of where the physical application state resides, the architecture describes or otherwise provides a mechanism that allows seamless debugging and troubleshooting of distributed applications. The location of the state is transparent to the debugger and the application being debugged. In addition, the architecture enables an individual service to expose its state dynamically at run-time. It is possible for the service to expose its state in a self-describing fashion, allowing service state to be exposed in the architecture regardless of the service environment. The architecture allows for all the capabilities of debuggers running in non-distributed, homogeneous environments in a distributed heterogeneous environment.

Abstract: A large number of software reliability growth models have been proposed to analyse the reliability of a software application based on the failure data collected during the testing phase of the application. To ensure analytical tractability, most of these models are based on simplifying assumptions of instantaneous & perfect debugging. As a result, the estimates of the residual number of faults, failure rate, reliability, and optimal software release time obtained from these models tend to be optimistic. To obtain realistic estimates, it is desirable that the assumptions of instantaneous & perfect debugging be amended. In this paper we discuss the various policies according to which debugging may be conducted. We then describe a rate-based simulation framework to incorporate explicit debugging activities, which may be conducted according to the different debugging policies, into software reliability growth models. The simulation framework can also consider the possibility of imperfect debugging in conjunction with any of the debugging policies. Further, we also present a technique to compute the failure rate, and the reliability of the software, taking into consideration explicit debugging. An economic cost model to determine the optimal software release time in the presence of debugging activities is also described. We illustrate the potential of the simulation framework using two case studies.

Abstract: Embodiments of methods and systems consistent with the present invention enable data-focused analysis and filtering of a business application data event log by reorganizing information generated by an application into categories associated with the objects used by the application, and filtering the reorganized information for analysis, debugging, execution tracing, etc. of the application. Thus, the application execution information may be filtered and analyzed from the data standpoint instead of from the execution sequence standpoint.