Institute for Software Research Seminar
- Gates Hillman Centers
- Traffic21 Classroom 6501
- JONATHAN BELL
- Assistant Professor
- oftware Engineering and Software Systems
- George Mason University
Testing and Analysis: Better Together
The line between high-assurance and general-purpose software is increasingly blurred, as nowadays nearly any insecure or buggy software can have severe economic consequences. When developers release software, it is critical that there be as few defects (and vulnerabilities) as possible. To check the quality of their code, developers typically write and run test cases, and some may also use off-the-shelf program analyses that inspect their code. Yet code is still released with bugs and critical vulnerabilities: static analysis tools often overwhelm developers with false positive reports and are often not adopted except in high-assurance settings, yet testing can never prove the absence of defects. I argue that new dynamic program analyses can act as a force multiplier for developers' test suites: increasing the number of defects that tests can find without burdening developers with false positive reports. In this talk, I will describe some of my recent work building dynamic analysis systems for taint tracking and checkpointing, as well as a case study that shows how to use these systems in conjunction with developer’s tests to detect critical security vulnerabilities otherwise missed by state-of-the-art approaches.
Jon Bell is an Assistant Professor directing research in Software Engineering and Software Systems at George Mason University. His research makes it easier for developers to create reliable and secure software by improving software testing and program analysis. Jon's work on accelerating software testing has been recognized with an ACM SIGSOFT Distinguished Paper Award (ICSE '14 - Unit Test Virtualization with VMVM), and was the basis for an industrial collaboration with Electric Cloud (now CloudBees). His program analysis research has resulted in several widely adopted runtime systems for the JVM, including the Phosphor taint tracking system (OOPSLA '14) and CROCHET checkpoint/rollback tool (ECOOP '18). His research has been funded by the NSA and the NSF, and he is a recipient of the NSF CAREER award. At George Mason, Jon teaches courses in distributed systems, web development, and program analysis. His teaching at GMU has been recognized with a departmental award. Jon serves on a variety of program committees, and in 2020 will be the Co-Chair of the PLDI Artifact Evaluation Committee. As part of his efforts to broaden the participation of underrepresented groups in computing, Jon co-organizes the PL/SE mentoring workshop at SPLASH (in 2017, 2018 and 2019).
Faculty Host: Christian Kästner