S3 – Semantics of Software Systems
In this project, funded with an Advanced Grant by the European Research Council, CISPA Faculty Prof. Dr. Andreas Zeller and his team are developing software bots that automatically test, debug, and monitor software systems – everything, everywhere, anytime.
©ERC
What if we had software bots that tirelessly test, debug, and monitor our software systems?
IT workers are expensive and scarce. So why can’t we further automate boring, repetitive activities such as testing and debugging? The problem is that we lack computer-readable specifications (so-called oracles) for what the system should do or not do. For decades, this oracle problem has been a roadblock to automated test generation, trusted software repairs, and accurate monitoring of software.
Building on groundbreaking research to infer input languages of systems, S3 introduces a unified approach to learning oracles automatically. It takes a given software system; infers and decodes its inputs and outputs; and runs experiments to extract models of how the system behaves, capturing its semantics by predicting output features for given input features. These models, named system invariants, allow to fully automate critical software development activities:
System invariants encode languages for automatically generating test inputs and provide oracles for checking test results: “In the TLS server, the <payload> in the <heartbeat-response> must be the same as in the <heartbeat-request>.”
System invariants allow narrowing down causes of software behavior (“The X.509 public key certificate is not recognized if <subject-name> contains a zero byte”). Generated tests and oracles ensure reliable automated repair.
System invariants enable detecting abnormal behavior at runtime (“In log4j, logging a <user-agent> containing "${jndi:<url>}" opens <url>”). Problematic queries can be isolated and investigated until the problem is fixed.
In the future, testing, debugging, and monitoring would thus be taken over by software bots who would autonomously explore software behavior, report issues, and suggest actions to their human co-workers, boosting developer productivity and software reliability.
More about the goal, the challenges and the approach of the S3 project can be found in the research proposal that Andreas Zeller submitted to the ERC. The document can be viewed here and can serve as inspiration for further research projects.
More about the goal, the challenges and the approach of the S3 project can be found in the research proposal that Andreas Zeller submitted to the ERC. The document can be viewed here and can serve as inspiration for further research projects.
CISPA Faculty Prof. Dr. Andreas Zeller has done it again – he receives a second ERC Advanced grant worth 2.5 million euros! In this episode, he tells us about his vision to make every piece of software in the world automatically testable, how he managed to convince the European Research Council to fund his new project S3 and how his software testing tool will benefit society as a whole.
We are looking for:
Postdocs who want to combine their independent research agenda with S3 techniques, and
Ph.D. students who would like to work on some of the S3 topics as laid out in the proposal.
CISPA and Andreas' group offer a thriving ecosystem that is fully devoted to groundbreaking research. Contact Andreas Zeller or apply here directly: