Software Quality Assurance

• Prüfungen
  • Seminar Grade

Beschreibung

This seminar introduces the students to different aspects of software quality assurance (QA): state of the art techniques, tools, case studies, challenges and opportunities.
Students will have to give a presentation about a topic and write a report.

The seminar will be held online.

Preliminary Schedule (dates subject to poll results)

The seminar will take place on ZOOM (link will be distributed)..

Nov 11: Introduction of the topic; organizational matters (presented by the organizers)
Nov 18: Group discussions: criteria for good presentations and good written reports; distribution of topics. Homework: record a two mins, 1 slide presentation on the topic
Nov 25: We watch all two mins presentations together and discuss
Dec 2: (maybe): academic writing, literature research (presented by the organizers)

After the winter break (deadlines & dates to be decided)

• each participant submits the recording of the full talk
• each participant prepares a question for her/his own video
• each participant watches a few (2-4) videos and provides: 1) answer to the respective question + a few notes on 2) what was great about the presentation 3) what could be improved

At the end of the semester, we meet again for a final round of discussion (feedback on the organization of the seminar will be appreciated then)

Finally, the written report is due (deadline to be decided)

Requirements

The students are expected to:

• review scientific literature, experiment with tools (where available) to understand the details of the assigned topic,
• submit a report of approx. 10 pages, style: LNCS
  https://www.springer.com/gp/computer-science/lncs/conference-proceedings-guidelines
• give a presentation of 25 minutes including a practical demo if possible
• watch selected other’s videos and provide (brief) feedback

Language

The seminar will be conducted in English.
Students are expected to discuss with their mentors, write the reports and give the presentations in English.

Topics

Goals/Criteria:

• do your own literature review!
• introduce project, technique, tool, or field
• clearly state: what is the problem being addressed?
• use illustrative examples
• expose key achievements
• explain relevance in broader context
• discuss theoretical contributions
• discuss potential practical use as well as limitations

Overview

1. Starting point:
   • Arun Rai and Haidong Song and Marvin D. Troutt:
     Software quality assurance: An analytical survey and research prioritization
     https://www.sciencedirect.com/science/article/abs/pii/S0164121297001465

Quality Assurance in the Real World

2. seL4 Kernel: the world’s first fully verified operating system kernel
   • Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, Simon Winwood:
     seL4 - formal verification of an OS kernel
   • Toby C. Murray, Daniel Matichuk, Matthew Brassil, Peter Gammie, Timothy Bourke, Sean Seefried, Corey Lewis, Xin Gao, Gerwin Klein:
     seL4 - From General Purpose to a Proof of Information Flow Enforcement.
3. Formal methods at Microsoft (survey/practical, Gidon)
   • A decade of software model checking with SLAM
     
   • DART: directed automated random testing
     
   • Also: Z3, Dafny, Everest, F*, Lean
4. Amazon AWS verified infrastructure (survey, Gidon)
   • Continuous formal verification of Amazon s2n
   • How Amazon web services uses formal methods
   • Stratified abstraction of access control policies
   • Reachability analysis for AWS-based networks
5. Formal methods at Google (survey, Gidon)
   • Lessons from building static analysis tools at Google
   • Project Zero
6. Formal methods at Facebook (survey/practical, Gidon)
   • Moving Fast with Software Verification
   • Scaling static analyses at Facebook
   • Continuous reasoning: Scaling the impact of formal methods
   • From Start-ups to Scale-ups: Opportunities and Open Problems for Static and Dynamic Program Analysis
7. Akita Software API documentation (Gidon)
   • Yang, Jean: How APIs Are Both the Illness and the Cure: The Software Heterogeneity Problem in Modern Web Applications
   • https://www.akitasoftware.com/

Software Testing/Fuzzing

8. Fuzzing SMT solvers (survey/practical, already assigned, Gidon)
   • Fuzzing and delta-debugging SMT solvers
   • Stringfuzz: A fuzzer for string solvers
   • BanditFuzz: Fuzzing SMT Solvers with Reinforcement Learning
   • Detecting Critical Bugs in SMT Solvers Using Blackbox Mutational Fuzzing
9. Property based random testing (survey/practical, Gidon)
   • Fink, George, and Matt Bishop. Property-based testing: a new approach to testing for assurance.
10. MAGMA ground truth fuzzing benchmark set (practical, Gidon)
    • Hazimeh, Ahmad, Adrian Herrera, and Mathias Payer. Magma: A Ground-Truth Fuzzing Benchmark
    • https://hexhive.epfl.ch/magma/
11. Runtime verification (survey, Sudeep)
    • A brief account of runtime verification
      Martin Leucker, and Christian Schallhart
      http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.149.8280&rep=rep1&type=pdf
      
    • Some thoughts on runtime verification
      Oded Maler
      http://www-verimag.imag.fr/~maler/Papers/runtime.pdf
      
    • Introduction to runtime verification
      Ezio Bartocci, Yliès Falcone, Adrian Francalanza, Giles Reger
      https://hal.inria.fr/hal-01762297/document

Overview of techniques in an area

12. Automatic program repair (survey, Sudeep)
    • Automatic Software Repair: A Survey
      Luca Gazzola, Daniela Micucci, and Leonardo Mariani
      https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8089448
    • Automatic Software Repair: a Bibliography
      Martin Monperrus
      https://dl.acm.org/doi/abs/10.1145/3105906
      https://arxiv.org/pdf/1807.00515.pdf
13. Fault localization (survey, Sudeep)
    • A survey on software fault localization
      W Eric Wong, Ruizhi Gao, Yihao Li , Rui Abreu, Franz Wotawa
      https://ieeexplore.ieee.org/document/7390282
14. SeaHorn verification framework (practical, Sudeep)
    • The SeaHorn Verification Framework
      Arie Gurfinkel, Temesghen Kahsai, Anvesh Komuravelli, and Jorge A.Navas
      https://doi.org/10.1007/978-3-319-21690-4_20
    • http://seahorn.github.io/
15. Crab (CoRnucopia of ABstractions) (practical, Sudeep)
    • https://github.com/seahorn/crab
16. Program synthesis (survey/practical, Gidon or Sudeep)
    • Allamanis, Miltiadis, et al.: Mining semantic loop idioms, https://discovery.ucl.ac.uk/id/eprint/10062734/1/Barr_coils.pdf
    • Shin, Eui Chul, et al: Program Synthesis and Semantic Parsing with Learned Code Idioms, https://papers.nips.cc/paper/9265-program-synthesis-and-semantic-parsing-with-learned-code-idioms.pdf
    • Alur et al: Syntax Guided Synthesis
    • Possible directions via tools: Synquid, Liquid Haskell, Leon, Lifty
    • Sumit Gulwani, Oleksandr Polozov, Rishabh Singh
      https://www.microsoft.com/en-us/research/wp-content/uploads/2017/10/program_synthesis_now.pdf
17. Function summaries from formal analyses (survey, Thomas)
    • Patrice Godefroid: Compositional dynamic test generation. POPL 2007: 47-54
    • Ondrej Sery, Grigory Fedyukovich, Natasha Sharygina: Function Summarization-Based Bounded Model Checking. Validation of Evolving Software 2015: 37-53
    • Sery2015: https://link.springer.com/chapter/10.1007/978-3-319-10623-6_5
18. Function summaries/invariants from dynamic analyses (survey, Thomas)
    • Earl T. Barr, Mark Harman, Phil McMinn, Muzammil Shahbaz, Shin Yoo: The Oracle Problem in Software Testing: A Survey. IEEE Trans. Software Eng. 41(5): 507-525 (2015)
    • Michael D. Ernst, Jeff H. Perkins, Philip J. Guo, Stephen McCamant, Carlos Pacheco, Matthew S. Tschantz, Chen Xiao: The Daikon system for dynamic detection of likely invariants. Sci. Comput. Program. 69(1-3): 35-45 (2007)
    • Gordon Fraser, Andrea Arcuri: EvoSuite: automatic test suite generation for object-oriented software. SIGSOFT FSE 2011: 416-419][Fraser2011]
19. Function summaries/invariants from machine learning (survey, Thomas)
    • Seyed Reza Shahamiri, Wan Mohd Nasir Wan-Kadir, Suhaimi Ibrahim, Siti Zaiton Mohd Hashim: An automated framework for software test oracle. Inf. Softw. Technol. 53(7): 774-788 (2011)
    • Facundo Molina, Renzo Degiovanni, Pablo Ponzio, Germán Regis, Nazareno Aguirre, Marcelo F. Frias: Training binary classifiers as data structure invariants. ICSE 2019: 759-770

Institut

Institut für Informatik

Dozierende

• Gidon Ernst
• Sudeep Kanav
• Thomas Lemberger

Kursteilnehmer:innen

13 von 20

Zentralanmeldung

Hauptseminare (Master)

Anweisungen zur Bewerbung

Please submit a short statement of motivation, in English, for your participation in this seminar (5-10 sentences). You might refer to both your interest as well as your prior experience with the topic of the seminar.

Material

Das Kursmaterial ist nur für Mitglieder des Kurses einsehbar, also z.B. für Teilnehmer:innen, Tutor:innen, Korrektor:innen und Verwalter:innen.

Prüfungen

NameName	Anmeldung abAnmeldung ab	Anmeldung bisAnmeldung bis	TerminTermin	PrüfungsanmeldungPrüfungsanmeldung
Seminar Grade				Nicht zur Prüfung angemeldet

Termine

ArtArt	ZeitZeit	Regulärer RaumRegulärer Raum	NotizNotiz
Seminar	Mi 10:15–12:00	Zoom