The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Numerical software is used in a wide variety of applications including safety-critical systems, which have stringent correctness requirements, and whose failures have catastrophic consequences that endanger human life. Numerical bugs are known to be particularly difficult to diagnose and fix, largely due to the use of approximate representations of numbers such as floating point. Understanding the...
In the paper we describe a formalization of the notion of a nominative data with simple names and complex values in the Mizar proof assistant. Such data can be considered as a partial variable assignment which allows arbitrarily deep nesting and can be useful for formalizing semantics of programs that operate in real time environment and/or process complex data structures and for reasoning about the...
Network Function Virtualization (NFV) architectures are emerging to increase networks flexibility. However, this renewed scenario poses new challenges, because virtualized networks, need to be carefully verified before being actually deployed in production environments in order to preserve network coherency (e.g., absence of forwarding loops, preservation of security on network traffic, etc.). Nowadays,...
Differential testing uses similar programs as cross-referencing oracles to find semantic bugs that do not exhibit explicit erroneous behaviors like crashes or assertion failures. Unfortunately, existing differential testing tools are domain-specific and inefficient, requiring large numbers of test inputs to find a single bug. In this paper, we address these issues by designing and implementing NEZHA,...
Correct behaviour of X.509 certificate validation code in SSL/TLS implementations is crucial to ensure secure communication channels. Recently, there have been major efforts in testing these implementations, namely frankencerts and mucerts, which provide new ways to generate test certificates which are likely to reveal errors in the implementations of X.509 validation logic. However, it remains a...
Source code in software systems has been shown to have a good degree of repetitiveness at the lexical, syntactical, and API usage levels. This paper presents a large-scale study on the repetitiveness, containment, and composability of source code at the semantic level. We collected a large dataset consisting of 9,224 Java projects with 2.79M class files, 17.54M methods with 187M SLOCs. For each method...
Bug localisation is a core program comprehension task in software maintenance: given the observation of a bug, where is it located in the source code files? Information retrieval (IR) approaches see a bug report as the query, and the source code files as the documents to be retrieved, ranked by relevance. Such approaches have the advantage of not requiring expensive static or dynamic analysis of the...
Many performance engineering tasks, from long-term performance monitoring to post-mortem analysis and online tuning, require efficient runtime methods for introspection and performance data collection. To understand interactions between components in increasingly modular HPC software, performance introspection hooks must be integrated into runtime systems, libraries, and application codes across the...
Cascading Style Sheets (CSS) is the standard language for styling web documents and is extensively used in the industry. However, CSS lacks constructs that would allow code reuse (e.g., functions). Consequently, maintaining CSS code is often a cumbersome and error-prone task. Preprocessors (e.g., Less and Sass) have been introduced to fill this gap, by extending CSS with the missing constructs. Despite...
There are many illegal value use defects in C programs, for example, illegal computing, use of uninitialized variables and array out of bounds. When C programs are running, these defects may cause software failure, and may lead to serious consequences. For fully detecting these illegal value use defects, we apply abstract regions simulate memory blocks that allocated to memory objects at the runtime,...
The utilization of modular and reusable resources would reduce complexity and lead-time for the design of cyber-physical systems. Even if different theories have been proposed, there is not a general definition and metamodel applicable for reusable resources. Energetic approaches constitute the state of the art for modeling the dynamics of physical systems. Within this work, Power-Oriented Graphs...
Refactoring source code requires preserving a certain level of semantic behaviors, which are difficult to be checked by IDEs. Therefore, IDEs generally check syntactic pre-conditions instead before applying refactoring, which are often too restrictive than checking semantic behaviors. On the other hand, there are pure functions in the source code that do not have observable side-effects, of which...
In view of the lack of semantic information description in commonly-used knowledge representation modes such as framework and object-oriented mode, the domain ontology of electronic protective equipment fault diagnosis is designed by analyzing and summarizing the characteristics of the equipment fault cases. Considering that the traditional VSM (vector space model) ignores the role of the position...
Learning to use existing or new software libraries is a difficult task for software developers, which would impede their productivity. Most of existing work provided different techniques to mine API usage patterns from client programs, in order to help developers to understand and use existing libraries. However, considering only client programs to identify API usage patterns, is a strong constraint...
We present a new code transfer technique, program fracture and recombination, for automatically replacing, deleting, and/or combining code from multiple applications. Benefits include automatic generation of new applications incorporating the best or most desirable functionality developed anywhere, the automatic elimination of errors and security vulnerabilities, effective software rejuvenation, the...
Mining static code attributes for predicting software vulnerabilities has received some attention recently. There are a number of approaches for detecting vulnerabilities from source code, but commercial off the shelf components are, in general, distributed in binary form. Before using such third-party components it is imperative to check for presence of vulnerabilities. We investigate the use of...
Software components have played an important role in modern software and system development. The main contribution of software components is reuse which helps reduces development cost and time and increase productivity. There must be some system or an application which can efficiently store and retrieve software assets so they can be easily reused whenever same type of functionality is desired. There...
Return-oriented programming is a kind of codereuse technique for attackers, which is very effective to bypass the DEP defense. However, the instruction snippet (we call it gadget) is often unprintable 1. This shortcoming can limit the ROP attack to be deployed to practice, since non-ASCII scanning can detect such ROP payload. In this paper, we present a novel method that only uses the printable gadgets,...
Unintentional re-implementation of existing functionality is an issue frequently reported in practice and causes increased efforts for development and maintenance. However, instances are hard to find with existing approaches. For practitioners, this increases maintenance risks, such as inconsistent bug fixing, and hinders quality improvement efforts. For researchers, this hinders a reliable quantification...
This paper describes the MARKOS (the MARKet for Open Source) European Project, a FP7-ICT-2011-8 STREP project, which aims to realize a service and an interactive application providing an integrated view on the open source projects available on the web, focusing on functional, structural, and licenses aspects of software source code. MARKOS involves 7 partners from 5 countries, including industries,...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.