If systems are not reliable and secure the entire software stack falls apart. How can we test effectively large and complex software systems? How can we build reliable systems that are concurrent and distributed? How can we diagnose failures and performance problems in complex systems? What are the limitations and challenges of leveraging trusted hardware? What is the relation between testing and formal verification techniques?

This seminar course addresses the above questions. It will be heavily based on class discussion and will involve reviewing the current state-of-the-art. This course will focus mostly on practical aspects of building and testing systems. We will discuss several topics in this context, including data race detectors, symbolic execution tools, techniques that expose concurrency and distributed bugs, trusted hardware approaches, application of formal techniques to systems, and the results of empirical studies on systems reliability. Knowledge of operating systems, distributed systems or C programming is a plus.


Date Paper Lead
8/23 Intro. Systems, reliability, and security.
8/25 Reliability and security.
8/30 Paper: Finding and understanding bugs in C compilers. PLDI'11. Tapti
9/1 Program analysis and testing.
9/6 Paper: Jenny: Securing Syscalls for PKU-based Memory Isolation Systems. Security'22. Dinglan
9/8 Program analysis and testing.
9/13 Paper: Nyx-net: network fuzzing with incremental snapshots. Eurosys'22. Congyu
9/15 Symbolic execution and verification.
9/20 Paper: Nightcore: Efficient and Scalable Serverless Computing for Latency-Sensitive, Interactive Microservices. ASPLOS'21. Bilal [R: Paul]
9/22 Symbolic execution and verification.
9/27 Paper: SAPIC+: protocol verifiers of the world, unite! Security'22. Paul [R: Edwin]
9/29 Reading
10/4 Paper: C11Tester: A Race Detector for C/C++ Atomics. ASPLOS'21. Edwin [R: George]
10/6 Performance debugging
10/11 NO CLASS (October break)
10/13 Technical writing
10/18 Paper: Lossless instruction-to-object memory tracing in the Linux kernel. SYSTOR '21. George [R: Azam]
10/20 Project Updates Dinglan, Congyu, Bilal, Paul
10/25 Paper: Fault-tolerant and Transactional Stateful Serverless Workflows. OSDI'20. Azam [R: Sishuai]
10/27 Project Updates Edwin, George, Azam
11/1 Reading day
11/3 Paper: XRP: In-Kernel Storage Functions with eBPF. OSDI'22. Sishuai [R: Dinglan]
11/8 Paper: Towards Memory Safe Enclave Programming with Rust-SGX. CCS'19. Tapti [R: Bilal]
11/10 Artifact evaluation Sishuai+Congyu
11/15 Paper: Debugging the OmniTable Way. OSDI'21. Bilal
11/17 Technical writing, Binary instrumentation
11/22 Paper: ClusterRR: A Record and Replay Framework for Virtual Machine Cluster. VEE'22. Paul
11/24 NO CLASS (Thanksgiving week)
11/29 Reading day
12/1 Evaluation, your numbers, performance debugging
12/4 DEADLINE: Project report
12/6 Project Updates Dinglan, Congyu, Bilal, Edwin
12/8 Project Updates Paul, George, Azam


Research Project: Students are expected to work on a research project within the scope of the course. The project can be individual or groups of student depending on the topic. Students will present the project proposal, status and results to class during the course.

Paper presentation: Each student is expected to present and lead the discussion of papers from the research literature to class (see the list of suggested papers). Students are expected to present the paper as if it was a conference talk: provide background, motivation, explain overall merit and technical details, and answer questions from the audience. Students should feel free to critique the paper (i.e., students do not need to be advocates of the paper). All students are expected to read the presented paper before class and participate in the class discussion.

Paper reviews: Each student will review six papers and write a written report for each of them, as if reviewing a conference paper.

For academic honesty refer to the Purdue integrity/code of conduct. Except as by prior arrangement or notification by the professor of an extension before the deadline, missing or late work will be counted as a zero/fail.