Advancing Software Reliability from Code to Compilation
dc.contributor.author
Li, Shaohua
dc.contributor.supervisor
Su, Zhendong
dc.contributor.supervisor
Payer, Mathias
dc.contributor.supervisor
Zeller, Andreas
dc.date.accessioned
2024-06-03T08:43:36Z
dc.date.available
2024-06-02T09:26:14Z
dc.date.available
2024-06-03T08:43:36Z
dc.date.issued
2024
dc.identifier.uri
http://hdl.handle.net/20.500.11850/676103
dc.identifier.doi
10.3929/ethz-b-000676103
dc.description.abstract
Software takes charge of every critical aspect of our modern society, including communication, finance, transportation, and many more. It is thus crucial to ensure the reliability of software systems. Yet, guaranteeing that non-trivial software systems are free of defects is extremely difficult, if not impossible. Consequently, modern software systems are full of bugs, such as security vulnerabilities, semantic bugs, performance issues, etc.
The motivating question of this thesis is: where can software go wrong? Software development is an intricate process with many different procedures in the pipeline. Beyond the source code written by developers, there are many other tools involved, such as code analysis tools used for identifying defects and compilers used for translating source code into machine code. Unfortunately, they can all go wrong. In this thesis, we study the reliability problem from three different levels: code, code analysis, and code compilation. At a high level, we design new methodologies to identify and detect bugs at all of these levels.
For the reliability of code, we focus on eliminating undefined behavior, a major source of reliability bugs such as buffer-overflow and use-after-free, in modern C/C++ software. We develop a general detection approach to identify undefined behaviors practically and effectively. To improve detection efficiency, we further present two novel concepts to accelerate the existing detection frameworks. For the reliability of code analysis, we aim to validate existing bug detection tools for undefined behaviors. We propose and design the first program generator that can automatically produce a large number of programs with various undefined behaviors. We then use this generator to validate sanitizers, one of the most popular toolsets for undefined behavior detection. For the reliability of code compilation, we concentrate on solidifying the modern compiler implementations. We introduce a novel data-driven program generation technique that can generate expressive and well-formed programs based on real-world code snippets.
At the conceptual level, this thesis highlights the prevalence of reliability problems in the software development pipeline, from code to compilation. At the technical level, this thesis presents five new tools for detecting software defects in source code, code analysis tools, and compilers.
en_US
dc.format
application/pdf
en_US
dc.language.iso
en
en_US
dc.publisher
ETH Zurich
en_US
dc.rights.uri
http://rightsstatements.org/page/InC-NC/1.0/
dc.subject
Programming Languages
en_US
dc.subject
Computer security
en_US
dc.subject
Software engineering
en_US
dc.subject
Compilers
en_US
dc.title
Advancing Software Reliability from Code to Compilation
en_US
dc.type
Doctoral Thesis
dc.rights.license
In Copyright - Non-Commercial Use Permitted
dc.date.published
2024-06-03
ethz.size
221 p.
en_US
ethz.code.ddc
DDC - DDC::0 - Computer science, information & general works::004 - Data processing, computer science
en_US
ethz.identifier.diss
30279
en_US
ethz.publication.place
Zurich
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02664 - Inst. f. Programmiersprachen u. -systeme / Inst. Programming Languages and Systems::09628 - Su, Zhendong / Su, Zhendong
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02664 - Inst. f. Programmiersprachen u. -systeme / Inst. Programming Languages and Systems::09628 - Su, Zhendong / Su, Zhendong
ethz.date.deposited
2024-06-02T09:26:14Z
ethz.source
FORM
ethz.eth
yes
en_US
ethz.availability
Open access
en_US
ethz.rosetta.installDate
2024-06-03T08:43:37Z
ethz.rosetta.lastUpdated
2024-06-03T08:43:37Z
ethz.rosetta.exportRequired
true
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=Advancing%20Software%20Reliability%20from%20Code%20to%20Compilation&rft.date=2024&rft.au=Li,%20Shaohua&rft.genre=unknown&rft.btitle=Advancing%20Software%20Reliability%20from%20Code%20to%20Compilation
Files in this item
Publication type
-
Doctoral Thesis [30272]