Workshop on the Evaluation of Software Defect Detection Tools

Sunday, June 12th, 2005
Co-located with PLDI 2005

Workshop co-chairs: William Pugh (University of Maryland) and Jim Larus (Microsoft Research)

Program chair: Dawson Engler (Stanford University)

Program Committee: Andy Chou, Manuvir Das, Michael Ernst, Cormac Flanagan, Dan Grossman, Jonathan Pincus, Andreas Zeller

Time What
8:30 am
Discussion on Soundness

The Soundness of Bugs is What Matters, Patrice Godefroid, Bell Laboratories, Lucent Technologies
Soundness and its Role in Bug Detection Systems, Yichen Xie, Mayur Naik, Brian Hackett, Alex Aiken, Stanford University

9:15 am
break
9:30 am
Research presentations

Locating Matching Method Calls by Mining Revision History Data, Benjamin Livshits, Thomas Zimmermann, Stanford University
Evaluating a Lightweight Defect Localization Tool, Valentin Dallmeier, Christian Lindig, Andreas Zeller, Saarland University

10:30 am
break
10:45 am
Invited talk on Deployment and Adoption, Manuvir Das, Microsoft
11:15 am
Discussion of Deployment and Adoption

The Open Source Proving Grounds, Ben Liblit, University of Wisconsin-Madison
Issues in deploying SW defect detection tools, David Cok, Eastman Kodak R&D
False Positives Over Time: A Problem in Deploying Static Analysis Tools, Andy Chou, Coverity

12 noon
lunch
1:00 pm
Research presentations

Model Checking x86 Executables with CodeSurfer/x86 and WPDS++, Gogul Balakrishnan, Thomas Reps, Nick Kidd, Akash Lal, Junghee Lim, David Melski, Radu Gruian, Suan Yong, Chi-Hua Chen, Tim Teitelbaum, Univ. of Wisconsin
Empowering Software Debugging Through Architectural Support for Program Rollback, Radu Teodorescu, Josep Torrellas, UIUC Computer Science
EXPLODE: A Lightweight, General Approach to Finding Serious Errors in Storage Systems, Junfeng Yang, Paul Twohey, Ben Pfaff, Can Sar, Dawson Engler, Stanford University

2:30 pm
break
2:45 pm
Research presentations

Experience from Developing the Dialyzer: A Static Analysis Tool Detecting Defects in Erlang Applications, Kostis Sagonas, Uppsala University
Soundness by Static Analysis and False-alarm Removal by Statistical Analysis: Our Airac Experience, Yungbum Jung, Jaehwang Kim, Jaeho Sin, Kwangkeun Yi, Seoul National University

3:45 pm
break
4:00 pm
Discussion of Benchmarking

Dynamic Buffer Overflow Detection, Michael Zhivich, Tim Leek, Richard Lippmann, MIT Lincoln Laboratory
Using a Diagnostic Corpus of C Programs to Evaluate Buffer Overflow Detection by Static Analysis Tools, Kendra Kratkiewicz, Richard Lippmann, MIT Lincoln Laboratory
BugBench: A Benchmark for Evaluating Bug Detection Tools, Shan Lu, Zhenmin Li, Feng Qin, Lin Tan, Pin Zhou, Yuanyuan Zhou, UIUC
Benchmarking Bug Detection Tools. Roger Thornton, Fortify Software
A Call for a Public Bug and Tool Registry, Jeffrey Foster, Univ. of Maryland
Bug Specimens are Important, Jaime Spacco, David Hovemeyer, William Pugh, University Maryland
NIST Software Assurance Metrics and Tool Evaluation (SAMATE) Project, Michael Kass, NIST

5:00 pm
Discussion of New Ideas

Deploying Architectural Support for Software Defect Detection in Future Processors, Yuanyuan Zhou, Josep Torrellas, UIUC
Using Historical Information to Improve Bug Finding Techniques, Chadd Williams, Jeffrey Hollingsworth, Univ. of Maryland
Locating defects is uncertain, Andreas Zeller, Saarland University
Is a Bug Avoidable and How Could It Be Found?, Dan Grossman, Univ. of Washington

5:45 pm
wrap up and discussion of future workshops
6:00 pm
done

Time	What
8:30 am	Discussion on Soundness The Soundness of Bugs is What Matters, Patrice Godefroid, Bell Laboratories, Lucent Technologies Soundness and its Role in Bug Detection Systems, Yichen Xie, Mayur Naik, Brian Hackett, Alex Aiken, Stanford University
9:15 am	break
9:30 am	Research presentations Locating Matching Method Calls by Mining Revision History Data, Benjamin Livshits, Thomas Zimmermann, Stanford University Evaluating a Lightweight Defect Localization Tool, Valentin Dallmeier, Christian Lindig, Andreas Zeller, Saarland University
10:30 am	break
10:45 am	Invited talk on Deployment and Adoption, Manuvir Das, Microsoft
11:15 am	Discussion of Deployment and Adoption The Open Source Proving Grounds, Ben Liblit, University of Wisconsin-Madison Issues in deploying SW defect detection tools, David Cok, Eastman Kodak R&D False Positives Over Time: A Problem in Deploying Static Analysis Tools, Andy Chou, Coverity
12 noon	lunch
1:00 pm	Research presentations Model Checking x86 Executables with CodeSurfer/x86 and WPDS++, Gogul Balakrishnan, Thomas Reps, Nick Kidd, Akash Lal, Junghee Lim, David Melski, Radu Gruian, Suan Yong, Chi-Hua Chen, Tim Teitelbaum, Univ. of Wisconsin Empowering Software Debugging Through Architectural Support for Program Rollback, Radu Teodorescu, Josep Torrellas, UIUC Computer Science EXPLODE: A Lightweight, General Approach to Finding Serious Errors in Storage Systems, Junfeng Yang, Paul Twohey, Ben Pfaff, Can Sar, Dawson Engler, Stanford University
2:30 pm	break
2:45 pm	Research presentations Experience from Developing the Dialyzer: A Static Analysis Tool Detecting Defects in Erlang Applications, Kostis Sagonas, Uppsala University Soundness by Static Analysis and False-alarm Removal by Statistical Analysis: Our Airac Experience, Yungbum Jung, Jaehwang Kim, Jaeho Sin, Kwangkeun Yi, Seoul National University
3:45 pm	break
4:00 pm	Discussion of Benchmarking Dynamic Buffer Overflow Detection, Michael Zhivich, Tim Leek, Richard Lippmann, MIT Lincoln Laboratory Using a Diagnostic Corpus of C Programs to Evaluate Buffer Overflow Detection by Static Analysis Tools, Kendra Kratkiewicz, Richard Lippmann, MIT Lincoln Laboratory BugBench: A Benchmark for Evaluating Bug Detection Tools, Shan Lu, Zhenmin Li, Feng Qin, Lin Tan, Pin Zhou, Yuanyuan Zhou, UIUC Benchmarking Bug Detection Tools. Roger Thornton, Fortify Software A Call for a Public Bug and Tool Registry, Jeffrey Foster, Univ. of Maryland Bug Specimens are Important, Jaime Spacco, David Hovemeyer, William Pugh, University Maryland NIST Software Assurance Metrics and Tool Evaluation (SAMATE) Project, Michael Kass, NIST
5:00 pm	Discussion of New Ideas Deploying Architectural Support for Software Defect Detection in Future Processors, Yuanyuan Zhou, Josep Torrellas, UIUC Using Historical Information to Improve Bug Finding Techniques, Chadd Williams, Jeffrey Hollingsworth, Univ. of Maryland Locating defects is uncertain, Andreas Zeller, Saarland University Is a Bug Avoidable and How Could It Be Found?, Dan Grossman, Univ. of Washington
5:45 pm	wrap up and discussion of future workshops
6:00 pm	done