Taazr detects bugs in live web applications through statistical inference.
Think of a web application as a black box, with its inputs as HTTP requests and its outputs as HTTP response data. After a client instruments her web app with our javascript, Taazr will collect request/response data to build a model of expected behavior. When an “anomalous” response is detected, we notify our client, sending along details about the potentially faulty request/response pair.
For a mobile development class, we created a Barefoot Running application[1] for the iPhone. The app allows users to report and view the location of glass shards — centralized in an off-site database — and keeps track of speed and distance data throughout a run.
We also jointly created BijectKarma, a community connecting designers and developers[2]. We had trouble attracting initial users, however, and the site was taken offline.
Ethan was admitted to CS PhD programs at Stanford, Berkeley, and MIT for research on automatic software development (e.g. automatically finding bugs, fixing bugs, generating test suites).
Muzzammil is a member of the core development team for GuardRails, a secure web application framework, which will be published at USENIX 2011 and presented at RubyNation. He is also the founder of Wahoobooks, a site where U.Va. students can list used textbooks.
A Computer Science degree from U.Va. typically requires that you complete many courses within a variety of unrelated disciplines. Most of our peers must take classes in Physics, Chemistry, and a “fake” humanities listing called Science, Technology and Society. We escaped such requirements through a little-known option to pursue a BA in Computer Science, in place of the Engineering School’s BS. With this degree, we completed the core CS curriculum and any other classes that caught our interest, but we avoided the rigidly defined ABET requirements of the Engineering school. This left us more time to pursue research and hack on web applications.
1.5 years. Ethan was Muzzammil’s TA.
While working on a problem set, Muzzammil mentioned his interest in startups. Ethan asked if he had heard of Y Combinator, which of course Muzzammil had. As it turned out, we were both fishing for potential co-founders.
Finding and fixing software bugs is expensive. Taazr will save companies time and money by identifying bugs and potential fixes in web applications. We chose to work on Taazr primarily due to our familiarly with related research fields, but also because it represents a challenging problem.
Ethan has two years of experience hacking with the Automatic Program Repair (APR) research group at U.Va, where he’s worked with state-of-the-art techniques in program analysis, testing, and statistical debugging. He has published work increasing the efficiency and scalability of APR.
Muzzammil has a year of experience with the GuardRails research group at UVA, where he helped create a secure web framework for Ruby on Rails. His work is published in USENIX 2011 and will also be presented at RubyNation.
More generally, Taazr was inspired by the Cooperative Bug Isolation Project [2], in combination with ideas gleaned from our respective research groups at U.Va.
Uncaught program bugs are expensive, and for this reason, good developers take care in testing their code. However, even the best test suites will not catch all program bugs. Taazr will identify such bugs earlier in the development cycle, and companies will save money that otherwise might have been spent on code maintenance and customer support.
We believe that statistical debugging is uniquely suited to web applications, due to the relative ease with which web apps can be instrumented through lightweight and unobtrusive javascript. While statistical debugging has succeeded in a research context on desktop software, automatically finding bugs in live web applications remains an open industrial problem.
However, our ultimate aim is not just to find bugs in web applications, but also to fix them. This will likely require tighter integration — server-side — between our tools and a developer’s code.
Coverity and Klocwork also find program bugs, but they don’t target web applications. Moreover, engineers use their products throughout the development process, whereas Taazr operates, automatically, on live production code.
Writing code is much like putting words to paper, an act of creation. When you write, it is important to spell things correctly, but few writers spend much time on this task, for they have spellcheckers. We think that testing should be just as straightforward. It is quite important, but should not monopolize your attention.
Taazr will charge clients monthly. We see a market opportunity in the tens of millions.
You can start small word-memes among family and friends. Choose a word that is fairly obscure (but not obviously so), something like pedantic, sycophant or obsequious. Over a few days, casually inject it into conversation.
Listen throughout the next week. The word will come up with surprising frequency. You can also do this with unique inflections, and distinct rhythms of speech.
Comments