CSCI 8060 - Advanced Software Engineering


Instructor Kyu Hyung Lee
(kyuhlee@cs.uga.edu)
BYOD 638B
Times TR - 12:30 ~ 13:45
W - 12:20 ~ 13:10
Location TR - Building: 1061, Room: 1503
W - Building: 1060, Room: 0531
Office Hours Thursday 13:45 ~ 15:00 (after class)
Course Webpage http://cs.uga.edu/~kyuhlee/spring2015

Course Overview

This is the advanced level course on Software Engineering. This course will focus on recent advances in program verification, debugging and maintenance techniques. A large portion of the course will be devoted to topics in testing and debugging of concurrent applications, distributed applications and mobile applications. The goal of this course is to introduce students to fundamentals and current techniques to generate test cases, identify software problems and correct misbehaving programs. At the end, the students are expected to deeply understand the principles, get familiar with the tools, and acquire experience in applying these techniques.

In addition, each student will address relevant research problem in the area covered by the course. Students will choose relevant research problems, propose solutions and present results by the end of the semester.

Required Textbooks:
There is no textbook required. We will read and discuss academic research papers. All of the papers for the class will be available on-line.

Recommended Textbooks:
  • "Foundataions of Software Testing", 2nd edition, Aditya P. Mathur
  • “Fundamental of Software Engineering”, 2nd edition, Carlo Ghezzi, Mehdi Jazayeri, and Dino Mandrioli


  • Prerequisites

    Solid programming and debugging skills (C, C++, Linux) and good understanding of “Operating Systems” and “Software Engineering” concepts are required for this class.


    Grading (Tentative)


    Small Projects

    2 or 3 small projects will be assigned in lectures. Late submissions will automatically lose 20% of the total point value per 24hour period.


    Term Project

    The research project for this course is open-ended. You can pick any topic as long as there is some direct connection to course topics. You can work individually or with a partner. Research project will be evaluated based on creativity, effort, technical correctness, organization of the experiments, and clarity of presentation.


    Presentation and Class Participation

    Each student will be responsible for presenting research papers over the semester. Each presenter will prepare a 30-40 minute talk on the paper that he or she presents. Slides for the talk must be emailed to the instructor by midnight before the class. The presenter also leads another 15-20 minutes of discussion during or after the talk. The presenter will prepare discussion questions that lead to a deeper analysis of the paper’s content, strengths, weaknesses, and future works.


    Course Schedule (Tentative)

    Date Topic Presenter
    1/6 Introduction Instructor
    1/7 Lecture Instructor
    1/8 Lecture Instructor
    Program Analysis
    1/13 Lecture Instructor
    1/14 Lecture Instructor
    1/15 Lecture Instructor
    1/20 1. All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution [S&P 2010] David Robinson
    1/21 7. ShadowReplica: Efficient Parallelization of Dynamic Data Flow Tracking [CCS 2013] Jonathan Myers
    1/22 3. A Study of Effectiveness of Dynamic Slicing in Locating Real Faults [FSE 2007] Jienan Liu
    Software Testing
    1/27 Lecture Instructor
    1/28 Lecture Instructor
    1/29 11. PathExpander: Architectural Support for Increasing the Path Coverage of Dynamic Bug Detection [MICRO 2006] David Robinson
    2/3 Lecture Instructor
    2/4 Project proposal presentation  
    2/5 Project proposal presentation  
    2/10 13. Locating Faults Through Automated Predicate Switching [ICSE 2006] Michael Church
    2/11 Unleashing MAYHEM on Binary Code [S&P 2012] Guodong Zhu
    2/12 16. Comparing Static Bug Finders and Statistical Prediction [ICSE 2014] Sara Vahid
    Software Debugging
    2/17 Lecture Instructor
    2/18 Lecture Instructor
    2/19 Lecture Instructor
    2/24 24. ROOT : Replaying Multithreaded Traces with Resource-Oriented Ordering [SOSP 2013] Michael Church
    2/25 22. Understanding and detecting real-world performance bugs [PLDI 2012] Joey Ruberti
    2/26 25. Toddler: Detecting Performance Problems via Similar Memory-Access Patterns [ICSE 2013] Jienan Liu
    3/3 23. CLAP: Recording Local Executions to Reproduce Concurrency Failures [PLDI 2013] Mostafa Ads
    Fault Tolerant Systems
    3/4 Lecture Instructor
    3/5 33. Automatically Generated Patches as Debugging Aids: A Human Study [FSE 2014] Arun Kumar
    3/17 30. Tolerating concurrency bugs using transactions as lifeguards [MICRO 2010] Mostafa Ads
    3/18 Project progress presentation  
    3/19 Project progress presentation  
    3/24 32. Automated Concurrency-Bug Fixing [OSDI 2012] Sara Vahid
    3/25 29. Rx: Treating Bugs as Allergies - A Safe Method to Survive Software Failures [SOSP 2005] Joey Ruberti
    Web, Mobile, Distributed Systems
    3/26 Lecture Instructor
    3/31 10. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs [OSDI 2008] Sara Vahid
    4/1 Jalangi: A Selective Record-Replay and Dynamic Analysis Framework for JavaScript [FSE 2013] Yibin Liao
    4/2 49. HYPNOS: Understanding and Treating Sleep Conflicts in Smartphones [EuroSys 2013] Jonathan Myers
    4/7 SymDrive: Testing Drivers without Devices Guodong Zhu
    4/8 46. Static Analysis for Independent App Developers [OOPSLA 2014] Arun Kumar
    4/9 Phosphor: Illuminating Dynamic Data Flow in Commodity JVMs [OOPSLA 2014] David Robinson
    4/14 EvoDroid: Segmented Evolutionary Testing of Android Apps [FSE 2014] David Robinson
    4/15 35. Characterizing and Detecting Performance Bugs for Smartphone Applications [ICSE 2014] Mostafa Ads
    4/16 38. Practical Blended Taint Analysis for JavaScript [ISSTA 2013] Yibin Liao
    4/21 Project final presentation  
    4/22 Project final presentation  
    4/23 Project final presentation  
    5/5 Final Exam  

    Reading List

    Program Analysis

    1. All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask) [S&P 2010]
    2. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software [NDSS 2005]
    3. A Study of Effectiveness of Dynamic Slicing in Locating Real Faults [FSE 2007]
    4. Simplifying and Isolating Failure Inducing Input [TSE 2002]
    5. Empirical Evaluation of the Tarantula Automatic Fault-localization Technique [ASE 2005]
    6. Framework for Instruction-level Tracing and Analysis of Programs [VEE 2006]
    7. ShadowReplica: Efficient Parallelization of Dynamic Data Flow Tracking [CCS 2013]
    8. QEMU - A Fast and Portable Dynamic Translator [USENIX ATC 2005]
    9. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation [CGO 2004]


    Software Testing

    1. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs [OSDI 2008]
    2. PathExpander: Architectural Support for Increasing the Path Coverage of Dynamic Bug Detection [MICRO 2006]
    3. AVIO: Detecting Atomicity Violations via Access Interleaving Invariants [ASPLOS 2006]
    4. Locating Faults Through Automated Predicate Switching [ICSE 2006]
    5. Finding Latent Performance Bugs in Systems Implementations [FSE 2010]
    6. MUVI: Automatically Inferring Multi-Variable Access Correlations and Detecting Related Semantic and Concurrency Bugs [SOSP 2007]
    7. Comparing Static Bug Finders and Statistical Prediction [ICSE 2014]
    8. Enhancing Symbolic Execution with Veritesting [ICSE 2014]
    9. Inferring Models of Concurrent Systems from Logs of Their Behavior with CSight [ICSE 2014]
    10. Symbolic Execution of Multithreaded Programs from Arbitrary Program Contexts [OOPSLA 2014]


    Software Debugging

    1. CP-Miner: A Tool for Finding Copy-paste and Related Bugs in Operating System Code [OSDI 2004]
    2. Performance debugging for distributed systems of black boxes [SOSP 2003]
    3. Understanding and detecting real-world performance bugs [PLDI 2012]
    4. CLAP: Recording Local Executions to Reproduce Concurrency Failures [PLDI 2013]
    5. ROOT : Replaying Multithreaded Traces with Resource-Oriented Ordering [SOSP 2013]
    6. Toddler: Detecting Performance Problems via Similar Memory-Access Patterns [ICSE 2013]
    7. Automatic Runtime Error Repair and Containment via Recovery Shepherding [PLDI 2014]
    8. Statistical Debugging for Real-World Performance Problems [OOPSLA 2014]
    9. IntroPerf: Transparent Context-Sensitive Multi-Layer Performance Inference using System Stack Traces [SIGMETRICS 2014]


    Fault Tolerant Systems

    1. Rx: Treating Bugs as Allergies - A Safe Method to Survive Software Failures [SOSP 2005]
    2. Tolerating concurrency bugs using transactions as lifeguards [MICRO 2010]
    3. Detecting and surviving data races using complementary schedules [SOSP 2011]
    4. Automated Concurrency-Bug Fixing [OSDI 2012]
    5. Automatically Generated Patches as Debugging Aids: A Human Study [FSE 2014]
    6. AI: A Lightweight System for Tolerating Concurrency Bugs [FSE 2014]


    Web, Mobile and Distributed Systems

    1. Characterizing and Detecting Performance Bugs for Smartphone Applications [ICSE 2014]
    2. Race Detection for Android Applications [PLDI 2014]
    3. Mantis: Automatic Performance Prediction for Smartphone Applications [ATC 2013]
    4. Practical Blended Taint Analysis for JavaScript [ISSTA 2013]
    5. JSAI: A Static Analysis Platform for JavaScript [FSE 2014]
    6. Rivet: Browser-agnostic Remote Debugging for Web Applications [ATC 2012]
    7. SAFEWAPI: Web API Misuse Detector for Web Applications [FSE 2014]
    8. Building Call Graphs for Embedded Client-Side Code in Dynamic Web Applications [FSE 2014]
    9. Detecting Energy Bugs and Hotspots in Mobile Apps [FSE 2014]
    10. EvoDroid: Segmented Evolutionary Testing of Android Apps [FSE 2014]
    11. Phosphor: Illuminating Dynamic Data Flow in Commodity JVMs [OOPSLA 2014]
    12. Static Analysis for Independent App Developers [OOPSLA 2014]
    13. Pip: Detecting the Unexpected in Distributed Systems [NSDI 2006]
    14. MaceMC: Checking for Liveness Bugs in Distributed Systems [OSDI 2006]
    15. HYPNOS: Understanding and Treating Sleep Conflicts in Smartphones [EuroSys 2013]
    16. Fine-grained Power Modeling for Smartphones Using Systemcall Tracing [EuroSys 2011]


    Academic Integrity and Ethics

    We will strictly follow UGA's Academic Honesty Policy. Dishonest behavior will not be tolerated and may result into failing the course. If you have any questions regarding this issue, please contact the instructor.