Assistant Professor Karim Ali studies static analysis, a method of learning about programs and applications without actually running them. Photo credit: John Ulan
Computing scientist Karim Ali is developing new ways to debug software--without even executing it. The process is called static analysis and has applications ranging from your cell phone to spacecraft and everything in between.
"Static analysis is a way of reasoning about the behaviour of programs and applications without actually running them," explained Ali, a research associate-turned assistant professor in the Department of Computing Science. "So, before a new program hits the market, we can learn about and improve it as much as possible."
Consider using an app on your cell phone. In order to find all possible features, paths, and commands on your own, you would need to tap each element in every possible combination. Static analysis allows researchers to determine these outcomes safely and securely without ever opening the application.
Major implications
Now consider something bigger. Perhaps you are in the aviation industry and you need to verify that the program that will be deployed on a space shuttle conforms to certain standards. You don't have the luxury of deploying this program for a trial run in outer space and seeing what happens. "That's where static analysis comes in," said Ali. "The same thing applies in vehicles and medical implants, like pacemakers or insulin pumps."
The cost of software debugging over a five-year period from 2008 to 2013 was 1.6 trillion USD worldwide. That hefty price tag would have included damages due to failure in software debugging, recalls, and the time that developers spent fixing software bugs. For instance, the 2009-11 Toyota recall for anti-lock braking software and faulty accelerator pads resulted in the recall of millions of vehicles and the deaths of up to 20 people. This bug also cost Toyota approximately $3 billion in damages.
Serious savings
"Static analysis allows us to avoid many of these costs in the first place, because we can detect bugs in the software before it is deployed, saving potentially billions of dollars--and lives," explained Ali.
Another element of Ali's research involves making static analysis easier for developers to use, developers in tech giants such as Google and Apple. "Making static analysis more usable for industry is the first step in encouraging wider adoption," he explained. It also makes our devices and our world safer and more efficient from the start--one application at a time.