William L. Scherlis: Direct Software Assurance

Abstract: The Fluid Project is focused on creating practicable tools for programmers to assure and evolve real programs. We focus on “mechanical” program properties that tend to defy traditional testing and inspection regimes. These are properties with a non-local character, in that there may be no single place in the code where they are manifest, and they may involve non-determinism.

We have explored properties including: race conditions and locking policies, unique references and other programmer-significant aliasing properties, effects, appropriate typing, realtime threading policies, single-threading policies, and others. These properties bear significantly on code safety, security, API compliance, and other attributes of dependability.

Composable static semantic program analyses are used to assure consistency of code and programmer expressed “low-level” models of design intent. Thus a failure to achieve assurance can indicate an error in the model, an error in the code, or an insufficiently precise analysis.

In order to facilitate evaluation and application, the Fluid Tool is presented as a seemingly benign plug-in in the widely adopted Eclipse IDE for Java. Case studies have identified numerous concurrency and other anomalies in large scale production code drawn from a variety of sources, including government, industry, and open source.

We are guided in our design by a set of principles related to practicability. Specifically: (1) Incrementality and early gratification. Any increment of effort we ask programmers to undertake should yield a generally immediate reward in the form of bug finding, assurance creation, guidance in evolution, or model expression. (2) Familiar expression. Properties should be expressed tersely and using terminology already familiar to programmers. (3) Cut points and composability. Components can be assured separately, and the assurances linked into chains of evidence.

The talk presents a technical summary of the analysis techniques, the case study results, and the lessons we have learned regarding market and economic issues associated with practicable software assurance.


Bio: William L. Scherlis is Professor in the School of Computer Science at Carnegie Mellon, and a member of CMU's International Software Research Institute (ISRI). He is the founding director of CMU's PhD Program in Software Engineering. He is Principal Investigator (with James H. Morris) of the five-year High Dependability Computing Project (HDCP), in which CMU leads a collaboration with five universities to help NASA address long-term software dependability challenges. His research relates to software assurance, software evolution, and technology to support software teams. Dr. Scherlis joined the CMU faculty after completing a PhD in Computer Science at Stanford University and an A.B. at Harvard University.

Maintainer Home > Seminar ]
Last modified: Tue Mar 8 10:17:47 EST 2005