Software Performance Anomaly Detection Through Analysis Of Test Data By Multivariate Techniques

Salahshour Torshizi, Sara

January 2022

This thesis aims to uncover anomalies in the data describing the performance behavior of a "robot controller" as measured by software metrics. The purpose of analyzing data is mainly to identify the changes that have resulted in different performance behaviors which we refer to as performance anomalies. To address this issue, two separate pre-processing approaches have been developed: one that adds the principal component to the data after cleaning steps and another that does not regard the principal component. Next, Isolation Forest is employed, which uses an ensemble of isolation trees for data points to segregate anomalies and generate scores that can be used to discover anomalies. Further, in order to detect anomalies, the highest distances matching cluster centroids are employed in the clustering procedure. These two data preparation methods, along with two anomaly detection algorithms, identified software builds that are very likely to be anomalies. According to an industrial evaluation conducted based on engineers’ domain knowledge, around 70% of the detected software builds as anomalous builds were successfully identified, indicating system variable deviations or software bugs.

Software performance

Software builds

Anomaly detection

Test results

Isolation Forest

Probability Theory and Statistics

Sannolikhetsteori och statistik

Integration of Reproducibility Verification with Diffoscope in GNU Make / Integrering av reproducerbarhetsverifiering med diffoscope i GNU Make

Lagnöhed, Felix

January 2024

Software Supply Chain attacks are becoming more frequent. It is not enough to trust the source code of a project; the build process can insert malicious contents into build artefacts. This calls for the need of valid verification methods regarding the build process, and a good way of doing so is ensuring that the build process is deterministic. This means, that given two binaries built from the same source code and in the same environment, the resulting build artefacts should be bit-wise identical. There are existing tools that check this, but they are not integrated into build systems. This thesis resulted in an extension of GNU make which is called rmake, where diffoscope - a tool for detecting differences between a large number of file types - was integrated into the workflow of make. rmake was later used to answer the posed research questions for this thesis. We found that different build paths and offsets are a big problem as three out of three tested Free and Open Source Software projects all contained these variations. The results also showed that gcc’s optimisation levels did not affect reproducibility, but link-time optimisation embeds a lot of unreproducible information in build artefacts. Lastly, the results showed that build paths, build ID’s and randomness are the three most common groups of variations encountered in the wild and potential solutions for some variations were proposed.

reproducible builds

build systems

build process

software builds

make

diffoscope

Computer and Information Sciences

Data- och informationsvetenskap