Dagstuhl Seminar 23131
Software Bug Detection: Challenges and Synergies
( Mar 26 – Mar 31, 2023 )
Permalink
Organizers
- Marcel Böhme (MPI-SP - Bochum, DE & Monash University - Melbourne, AU)
- Maria Christakis (TU Wien, AT)
- Rohan Padhye (Carnegie Mellon University - Pittsburgh, US & Amazon Web Services, US)
- Kostya Serebryany (Google - Mountain View, US)
- Andreas Zeller (CISPA - Saarbrücken, DE)
Contact
- Andreas Dolzmann (for scientific matters)
- Simone Schilke (for administrative matters)
Schedule
Software bugs are inevitable when engineering complex systems, and the cost of their consequences can be enormous. Over the past several decades, there has been tremendous progress in advancing the state-of-the-art in automatic bug finding. Popular techniques include static analysis, dynamic analysis, formal methods and specification, verification, symbolic execution, fuzzing, and search-based test generation. However, with the rapid growth of new application domains and the ever-increasing complexity of software, practitioners are rarely faced with a one-size-fits-all solution for finding bugs in their software. Domain-specific trade-offs must be made in choosing the right technique, in configuring a tool to work for a particular context, or in combining multiple approaches to provide better assurances. Currently, this is largely a manual activity and the burden is mainly on practitioners.
This Dagstuhl Seminar brought together researchers from academia and industry working on various aspects of software bug detection, with two broad goals: identifying challenges in practical deployment of bug-finding tools and discovering new synergies among bug-finding techniques and research methods.
The seminar focused discussion on bug-finding tools and their relevance and adoption in industry. Other questions that came up included: What are effective approaches to discover software bugs as fast as possible? How can we formally verify the absence of bugs? Which guarantees do our approaches provide about the correctness, reliability, and security of the software when no bugs are discovered? Which concerns do practitioners have when bug finding tools are integrated into their development process? What are effective approaches to automatically mitigate, diagnose, or repair certain kinds of bugs?
The seminar was organized to maximize time for open discussion. Seven attendees were invited to give short keynote talks of a topic of their choice, which occurred on mornings of the seminar. The afternoons were reserved for working groups and panel discussions. The topics for these discussions were crowdsourced using an ad-hoc voting system in the main seminar room. Working groups then broke out for discussion in smaller rooms and reconvened with summaries.
Overall, in the opinion of the organizers, the seminar was a huge success. The strong participation from researchers in industry and the diverse set of expertise among researchers in academia enabled open-minded discussion on topics of key importance that are not easily exchanged via traditional conference proceedings.
Overview. Software controls everything in our lives. Today more than ever. Hence, it is important to develop tools and techniques that can automatically test or verify the correctness, reliability, and security of our software systems. Researchers from different communities, both in research and industry, are working on different aspects of the automated discovery of such software bugs: What are effective approaches to discover software bugs as fast as possible? How can we formally verify the absence of bugs? Which guarantees do our approaches provide about the correctness, reliability, and security of the software when no bugs are discovered? Which concerns do practitioners have when bug finding tools are integrated into their development process? What are effective approaches to automatically mitigate, diagnose, or repair certain kinds of bugs?
Timeliness & Relevance to Industry. While these questions all revolve around the same problem, they are investigated in different research communities and often in isolation. It is time to bring together researchers from the different communities to identify synergies, to share our approaches, to discuss pitfalls, and to recognize the joint open challenges. We are hoping to maximize participation from industry to learn about key concerns in practice and effective recipes for the successful adoption and deployment of our bug finding tools. This Dagstuhl Seminar will lay the foundations for a cross-disciplinary research agenda in software bug detection that is grounded in practice.
- Cornelius Aschermann (Meta - Seattle, US) [dblp]
- Sébastien Bardin (CEA LIST, FR) [dblp]
- Lukas Bernhard (CISPA - Saarbrücken, DE)
- Dirk Beyer (LMU München, DE) [dblp]
- Eric Bodden (Universität Paderborn, DE) [dblp]
- Marcel Böhme (MPI-SP - Bochum, DE & Monash University - Melbourne, AU) [dblp]
- Herbert Bos (VU University Amsterdam, NL) [dblp]
- Cristian Cadar (Imperial College London, GB) [dblp]
- Sang Kil Cha (KAIST - Daejeon, KR) [dblp]
- Maria Christakis (TU Wien, AT) [dblp]
- Jürgen Cito (TU Wien, AT) [dblp]
- Alastair F. Donaldson (Imperial College London, GB) [dblp]
- Hasan Ferit Eniser (MPI-SWS - Kaiserslautern, DE) [dblp]
- Rahul Gopinath (The University of Sydney, AU) [dblp]
- Alessandra Gorla (IMDEA Software Institute - Madrid, ES) [dblp]
- Reiner Hähnle (TU Darmstadt, DE) [dblp]
- Marc Heuse (marc heuse it security - Berlin, DE)
- Christian Holler (Mozilla - Berlin, DE) [dblp]
- Miryung Kim (UCLA, US) [dblp]
- Caroline Lemieux (University of British Columbia - Vancouver, CA) [dblp]
- Jonathan Metzman (Google - New York, US) [dblp]
- Anders Møller (Aarhus University, DK) [dblp]
- Peter Müller (ETH Zürich, CH) [dblp]
- Yannic Noller (National University of Singapore, SG) [dblp]
- Peter O'Hearn (University College London, GB) [dblp]
- Hakjoo Oh (Korea University - Seoul, KR) [dblp]
- Alessandro Orso (Georgia Institute of Technology - Atlanta, US) [dblp]
- Rohan Padhye (Carnegie Mellon University - Pittsburgh, US & Amazon Web Services, US) [dblp]
- Mathias Payer (EPFL - Lausanne, CH) [dblp]
- Van-Thuan Pham (The University of Melbourne, AU) [dblp]
- Michael Pradel (Universität Stuttgart, DE) [dblp]
- Manuel Rigger (National University of Singapore, SG) [dblp]
- Kostya Serebryany (Google - Mountain View, US) [dblp]
- Dominic Steinhöfel (CISPA - Saarbrücken, DE) [dblp]
- Dmitrii Viukov (Google - München, DE)
- Valentin Wüstholz (ConsenSys - Wien, AT) [dblp]
- Anna Zaks (Apple Computer Inc. - Sunnyvale, US) [dblp]
- Andreas Zeller (CISPA - Saarbrücken, DE) [dblp]
- Lingming Zhang (University of Illinois - Urbana-Champaign, US) [dblp]
Classification
- Cryptography and Security
- Programming Languages
- Software Engineering
Keywords
- bug finding
- testing
- verification
- static analysis
- human aspects