Filters








1,179 Hits in 3.1 sec

Using the Spec# Language, Methodology, and Tools to Write Bug-Free Programs [chapter]

K. Rustan M. Leino, Peter Müller
2010 Lecture Notes in Computer Science  
Spec# is a programming system for the development of correct programs. It consists of a programming language, a verification methodology, and tools.  ...  The verification methodology provides rules and guidelines for how to use the Spec# features to express and check properties of interesting implementations.  ...  Acknowledgments We are grateful to Rosemary Monahan and Valentin Wüstholz for the extensive feedback on drafts of this tutorial.  ... 
doi:10.1007/978-3-642-13010-6_4 fatcat:xtwxi2iyyjevlna5loahv3oi54

Verifying Verified Code [article]

Siddharth Priya, Xiang Zhou, Yusen Su, Yakir Vizel, Yuyan Bao, Arie Gurfinkel
2021 arXiv   pre-print
In this paper, we report on a follow up case study that explores the methodology from the perspective of three research questions: (a) can proof artifacts be used across verification tools; (b) are there  ...  To study these questions, we port the verification tasks for library to SEAHORN and KLEE.  ...  This research was supported by grants from WHJIL and NSERC CRDPJ 543583-19. 1 By continuous verification, we mean verification that is integrated with continuous integration (CI) and is checked during  ... 
arXiv:2107.00723v1 fatcat:zubyh5txnnf57mrypcyr7kqjj4

Full-Stack Memory Model Verification with TriCheck

Caroline Trippel, Yatin A. Manerkar, Daniel Lustig, Michael Pellauer, Margaret Martonosi
2018 IEEE Micro  
At the hardware level and for many programming languages, the primary mechanism for communication is shared memory. MCMs are central to performance and correctness in shared memory systems.  ...  Our verification methodology systematically compares permitted and forbidden language-level executions of HLL programs with their corresponding observable and unobservable ISA-level executions on microarchitectural  ...  The Check tools feature a domain-specific language (DSL) called μspec that hardware designers can use to construct a microarchitecture specification by defining a set of "ordering axioms."  ... 
doi:10.1109/mm.2018.032271062 fatcat:kquakrthvvfs7datheqf3dtnxa

A portable compiler-integrated approach to permanent checking

Nic Volanschi
2007 Automated Software Engineering : An International Journal  
Program checking technology is now a mature technology, but is not yet used on a large scale.  ...  Minimalist user properties and languageindependent code pattern matching ensure that our approach can be integrated almost for free in any compiler for any language.  ...  Tools defining a DSL to write code checkers include CodeCheck [1], tawk [20] , defining an imperative language close to C, Genoa [13] defining a functional language close to Lisp, and ASTLOG [11] ,  ... 
doi:10.1007/s10515-007-0022-4 fatcat:wadtd6eq4bhrvnuce5vsha6d5m

A Portable Compiler-Integrated Approach to Permanent Checking

Nic Volanschi
2006 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06)  
Program checking technology is now a mature technology, but is not yet used on a large scale.  ...  Minimalist user properties and languageindependent code pattern matching ensure that our approach can be integrated almost for free in any compiler for any language.  ...  Tools defining a DSL to write code checkers include CodeCheck [1], tawk [20] , defining an imperative language close to C, Genoa [13] defining a functional language close to Lisp, and ASTLOG [11] ,  ... 
doi:10.1109/ase.2006.8 dblp:conf/kbse/Volanschi06 fatcat:ilibv4jqz5ahvj6bifjvw3jmpu

Software Change Contracts

Jooyong Yi, Dawei Qi, Shin Hwei Tan, Abhik Roychoudhury
2015 ACM Transactions on Software Engineering and Methodology  
We conduct an user study to check the expressiveness of our change contract language and find that the language is expressive enough to capture a wide variety of real-life changes in three large software  ...  These incorrect program changes affect software quality and are difficult to detect/correct. In this paper, we propose the notion of "change contracts" to avoid incorrect program changes.  ...  When the programmer made changes in v1, the intended resultant program should be the bug-free program v3.  ... 
doi:10.1145/2729973 fatcat:ys3yeksv2rhbhnivhtbi6kriiy

Experiences evaluating the effectiveness of JML-JUnit testing

Roy Patrick Tan, Stephen H. Edwards
2004 Software engineering notes  
We conclude that a benchmark will enable the testing research community to meaningfully assess testing approaches.  ...  We present a mutation testing experiment that evaluates the effectiveness of this testing strategy, and the lessons learned from doing this experiment.  ...  Introduction Unit testing has come to the fore as a useful tool in the development of reliable software. However, writing unit tests can be a tedious and error prone process.  ... 
doi:10.1145/1022494.1022545 fatcat:gtfvv2ygujguhiz43luyymjfke

Random testing of C calling conventions

Christian Lindig
2005 Proceedings of the Sixth sixth international symposium on Automated analysis-driven debugging - AADEBUG'05  
Lua is a scripting language built into our testing tool that drives program generation.  ...  Using this method, we uncovered 13 new bugs in mature open-source and commercial C compilers.  ...  Christopher Krauß conducted the static analysis of SPEC benchmarks.  ... 
doi:10.1145/1085130.1085132 dblp:conf/aadebug/Lindig05 fatcat:3h2m3lbn5ffifmzewerofkllfy

The ManyBugs and IntroClass Benchmarks for Automated Repair of C Programs

Claire Le Goues, Neal Holtschulte, Edward K. Smith, Yuriy Brun, Premkumar Devanbu, Stephanie Forrest, Westley Weimer
2015 IEEE Transactions on Software Engineering  
1446683, CNS-0905222), and the Santa Fe Institute.  ...  In addition, Martin Rinard provided insightful discussions regarding repair quality and identified and corrected several concerns in the defect scenarios.  ...  research code [32] . 3. gzip (GNU zip) is a data compression utility designed to be a free, superior alternative to compress [31] . 4. libtiff is a free, open-source library for reading, writing, and  ... 
doi:10.1109/tse.2015.2454513 fatcat:bfafmkqccjbd7i7lucwjjlkaau

SoK: Sanitizing for Security [article]

Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, Michael Franz
2018 arXiv   pre-print
The C and C++ programming languages are notoriously insecure yet remain indispensable. Developers therefore resort to a multi-pronged approach to find security issues before adversaries.  ...  Dynamic bug finding tools --- henceforth "sanitizers" --- can find bugs that elude other types of analysis because they observe the actual execution of a program, and can therefore directly observe incorrect  ...  Use-after-free vulnerability which can be exploited to hijack the control-flow of the program B.  ... 
arXiv:1806.04355v1 fatcat:a4z3tqmxlvakvp4ljxzuursbsu

High System-Code Security with Low Overhead

Jonas Wagner, Volodymyr Kuznetsov, George Candea, Johannes Kinder
2015 2015 IEEE Symposium on Security and Privacy  
We evaluate ASAP on programs from the Phoronix and SPEC benchmark suites. It can precisely select the best points in the security-performance spectrum.  ...  Two insights make this approach effective: most overhead in existing tools is due to only a few "hot" checks, whereas the checks most useful to security are typically "cold" and cheap.  ...  We are thankful to Ed Bugnion, John Regehr, and our colleagues at the Dependable Systems Lab for ideas and helpful discussions. We would also like to thank the anonymous reviewers for their feedback.  ... 
doi:10.1109/sp.2015.58 dblp:conf/sp/WagnerKCK15 fatcat:yfhzpvj4fnae3k5ryk2jqhzpce

Understanding Integer Overflow in C/C++

Will Dietz, Peng Li, John Regehr, Vikram Adve
2015 ACM Transactions on Software Engineering and Methodology  
Integer overflow bugs in C and C++ programs are difficult to track down and may lead to fatal errors or exploitable vulnerabilities.  ...  We developed IOC, a dynamic checking tool for integer overflows, and used it to conduct the first detailed empirical study of the prevalence and patterns of occurrence of integer overflows in C and C++  ...  This research was supported, in part, by an award from DARPA's Computer Science Study Group, and by the Air Force Research Laboratory (AFRL).  ... 
doi:10.1145/2743019 fatcat:bdhbpzt63bbd3p6ip22z6px4gy

TriCheck

Caroline Trippel, Yatin A. Manerkar, Daniel Lustig, Michael Pellauer, Margaret Martonosi
2017 Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS '17  
The work showcases TriCheck's ability to evaluate a proposed ISA MCM in order to ensure that each layer and each mapping is correct and complete.  ...  Specifically, we apply TriCheck to the open source RISC-V ISA, seeking to verify accurate, efficient, and legal compilations from C11.  ...  A hardware designer can use a domain-specific language called µSpec to describe a processor by defining a set of ordering axioms.  ... 
doi:10.1145/3037697.3037719 dblp:conf/asplos/TrippelMLPM17 fatcat:lu2r7t727jd6fmny6zjivmoeky

Automatically diagnosing and repairing error handling bugs in C

Yuchi Tian, Baishakhi Ray
2017 Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering - ESEC/FSE 2017  
To understand the nature of error handling bugs that occur in widely used C programs, we conduct a comprehensive study of real world error handling bugs and their fixes.  ...  However, in practice, the developers often make mistakes while writing the repetitive and tedious error handling code and inadvertently introduce bugs.  ...  The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of NSF.  ... 
doi:10.1145/3106237.3106300 dblp:conf/sigsoft/TianR17 fatcat:ewxet6dxrnhuhl6mjeyzafirje

Understanding integer overflow in C/C++

Will Dietz, Peng Li, John Regehr, Vikram Adve
2012 2012 34th International Conference on Software Engineering (ICSE)  
Integer overflow bugs in C and C++ programs are difficult to track down and may lead to fatal errors or exploitable vulnerabilities.  ...  We developed IOC, a dynamic checking tool for integer overflows, and used it to conduct the first detailed empirical study of the prevalence and patterns of occurrence of integer overflows in C and C++  ...  This research was supported, in part, by an award from DARPA's Computer Science Study Group, and by the Air Force Research Laboratory (AFRL).  ... 
doi:10.1109/icse.2012.6227142 dblp:conf/icse/DietzLRA12 fatcat:vhb3omehsjfsha76ive7soqdam
« Previous Showing results 1 — 15 out of 1,179 results