CSCE 548 Building Secure Software Software Analysis Basics
|
|
- Esther Cook
- 5 years ago
- Views:
Transcription
1 CSCE 548 Building Secure Software Software Analysis Basics Professor Lisa Luo Spring 2018
2 Previous Class Ø Android Background Ø Two Android Security Problems: 1. Android App Repackaging o Very easy to repackage an app o Countermeasures 2. Android Permission System o Access control 2
3 Why should we learn software analysis? Learn methods to improve software quality reliability, security, performance, etc. Become a better software developer/tester Build specialized tools for software diagnosis and testing 3
4 The Ariane Rocket Disaster (1996)
5 Ariane Disaster Post Mortem Caused due to numeric overflow error Attempt to fit 64-bit format data in 16-bit space Cost $100M s for loss of mission Multi-year setback to the Ariane program Read more at
6 What is Program Analysis? Body of work to discover useful facts about programs Broadly classified into three kinds: Dynamic (execution-time) Static (compile-time) Hybrid (combines dynamic and static)
7 Dynamic Program Analysis Infer facts of program by monitoring its runs Examples: Array bound checking Purify Memory leak detection Valgrind Datarace detection Eraser Finding likely invariants Daikon
8 Static Program Analysis Infer facts of the program by inspecting its source (or binary) code Examples: Suspicious error patterns Lint, FindBugs, Coverity Memory leak detection Facebook Infer Checking API usage rules Microsoft SLAM Verifying invariants ESC/Java
9 Dynamic vs. Static Analysis Match each box with its corresponding feature. Cost Effectiveness Dynamic B. Proportional to program s execution time A. Incomplete (may miss errors) Static C. Proportional to program s size D. Unsound (may report spurious errors) A. Incomplete (may miss errors) B. Proportional to program s execution time C. Proportional to program s size D. Unsound (may report spurious errors)
10 Terminology Control-flow graph Basic block Execution path
11 Control-flow Graph (CFG) A control-flow graph is a representation of a program that makes certain analyses (including dataflow analyses) easier A CFG is a directed graph where Each node represents a statement Edges represent control flow 11
12 Control-flow Graph Example 12
13 Control-flow Graph with Basic Blocks May group statements into basic blocks 13
14 Terminology int foo (int a) { int r; if (a == 1234) { r = 1; else { r = 0; return r; A basic block An execution path int r; if (a == 1234) r = 1 r = 0 return r Control-flow graph 14
15 Example 1: Control-flow Graph Generation If-else statement While statement Switch-case statement 15
16 If-else statement 1 if (a == 1234) { 2 r = 1; else { 3 r = 0; 4 printf ( r=%d, r);
17 While statement 1 while ( x < 50 ) { 2 sum += x; 3 x++; 4 printf ( sum=%d, sum); 1 2;
18 Switch-case statement 1 switch (a) { case 0: 2 a += 2; case 1: 3 a += 20; default: 4 a += 10; 5 printf ( a=%d, a);
19 Practice: Draw a CFG while (x < 100) { if (a[x] % 2 == 0) { parity = 0; else { parity = 1; switch(parity) { case 0: println( even ); case 1: println( odd ); default: println( unexpected error ); x ++; p = true;
20 Example 2: Program Invariants int p(int x) { return x * x; An invariant at the end of the program is (z == c) for some constant c. What is c? void main() { int z; if (getc() == a ) z = p(6) + 6; else z = p(-7) 7; z =?
21 Example 2: Program Invariants int p(int x) { return x * x; An invariant at the end of the program is (z == c) for some constant c. What is c? void main() { int z; if (getc() == a ) z = p(6) + 6; else z = p(-7) 7; Disaster averted! if (z!= 42) disaster(); z = 42
22 Discovering Invariants By Dynamic Analysis int p(int x) { return x * x; (z == 42) might be an invariant (z == 30) is definitely not an invariant void main() { int z; if (getc() == a ) z = p(6) + 6; else z = p(-7) 7; if (z!= 42) disaster(); z = 42
23 Discovering Invariants By Static Analysis is definitely (z == 42) might be an invariant (z == 30) is definitely not an invariant int p(int x) { return x * x; void main() { int z; if (getc() == a ) z = p(6) + 6; else z = p(-7) 7; if (z!= 42) disaster(); z = 42
24 Static Analysis: Iterative Approximation Find variables that have a constant value (i.e., invariant) at a given program point void main() { z = 3; while (true) { if (x == 1) y = 7; else y = z + 4; assert (y == 7);
25 Iterative Approximation [x=?, y=?, z=?] z =3 [x=?, y=?, z=3] while (x > 0) true false [x=?, y=?, z=3] [x=?, y=?, z=3] [x=1, y=?, z=3] true if (x == 1) false [x=?, y=?, z=3] y =7 y = z + 4 [x=1, y=7, z=3] [x=?, y=7, z=3] assert (y == 7)
26 Iterative Approximation Fill in the value of variable b that the analysis infers at: [b=?] b = 1 1) the loop header 2) entry of loop body 3) exit of loop body Enter? if a definite value cannot be inferred. 1) 2) 3) [b=1] false [b=?] [b=?] [b=1] while ( x < 50 ) true [b=1][b=?] b = b + 1 [b=2] [b=?]
27 Who Needs Program Invariants? Three primary consumers: Compilers Software Quality Tools Integrated Development Environments (IDEs)
28 Compilers Bridge between high-level languages and architectures Use program analysis to generate efficient code int p(int x) { return x * x; void main(int arg) { int z; if (arg!= 0) z = p(6) + 6; else z = p(-7) - 7; print (z); z = 42 int p(int x) { return x * x; void main() { print (42); Runs faster More energy-efficient Smaller in size
29 Software Quality Tools Tools for testing, debugging, and verification Use program analysis for: Finding programming errors Proving program invariants Generating test cases Localizing causes of errors int p(int x) { return x * x; void main() { int z; if (getc() == a ) z = p(6) + 6; else z = p(-7) 7; if (z!= 42) disaster(); z = 42
30 Integrated Development Environments Examples: Eclipse and Microsoft Visual Studio Use program analysis to help programmers: Understand programs Refactor programs Restructuring a program without changing its behavior Useful in dealing with large, complex programs
31 Summary What is program analysis? Dynamic vs. static analysis: pros and cons Examples Example 1: CFG generation Example 2: Program invariants Iterative approximation method for static analysis Who needs program analysis?
Welcome to Software Analysis and Testing.
Welcome to Software Analysis and Testing. In this course, we will be diving deep into the theory and practice of software analysis, which lies at the heart of many software development processes such as
More informationCSCE 548 Building Secure Software Data Flow Analysis
CSCE 548 Building Secure Software Data Flow Analysis Professor Lisa Luo Spring 2018 Previous Class Why we need reverse engineering? Tools for reverse engineering Debugger Disassembler System monitoring
More informationChecking Program Properties with ESC/Java
Checking Program Properties with ESC/Java 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich 1 ESC/Java A checker for Java programs Finds null pointers, array dereferences Checks Hoare logic
More informationStatic program checking and verification
Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Müller Static program checking and verification Correctness
More informationAutomatic Software Verification
Automatic Software Verification Instructor: Mooly Sagiv TA: Oded Padon Slides from Eran Yahav and the Noun Project, Wikipedia Course Requirements Summarize one lecture 10% one lecture notes 45% homework
More informationCUTE: A Concolic Unit Testing Engine for C
CUTE: A Concolic Unit Testing Engine for C Koushik Sen Darko Marinov Gul Agha University of Illinois Urbana-Champaign Goal Automated Scalable Unit Testing of real-world C Programs Generate test inputs
More informationAdvanced Programming Methods. Introduction in program analysis
Advanced Programming Methods Introduction in program analysis What is Program Analysis? Very broad topic, but generally speaking, automated analysis of program behavior Program analysis is about developing
More informationProgram Verification. Aarti Gupta
Program Verification Aarti Gupta 1 Agenda Famous bugs Common bugs Testing (from lecture 6) Reasoning about programs Techniques for program verification 2 Famous Bugs The first bug: A moth in a relay (1945)
More informationSoftware Analysis Tools
CSCE 790 Introduction to Software Analysis Software Analysis Tools Professor Lisa Luo Fall 2018 Overview Source code CFG generator Binary code analysis Code obfuscation Symbolic Execution Dynamic analysis
More informationLearning from Executions
Learning from Executions Dynamic analysis for program understanding and software engineering Michael D. Ernst and Jeff H. Perkins November 7, 2005 Tutorial at ASE 2005 Outline What is dynamic analysis?
More informationA Gentle Introduction to Program Analysis
A Gentle Introduction to Program Analysis Işıl Dillig University of Texas, Austin January 21, 2014 Programming Languages Mentoring Workshop 1 / 24 What is Program Analysis? Very broad topic, but generally
More informationCSCE 813 Internet Security Final Exam Preview
CSCE 813 Internet Security Final Exam Preview Professor Lisa Luo Fall 2017 Coverage All contents! Week1 ~ Week 15 The nature of the exam: 12 questions: 3 multiple choices questions 1 true or false question
More informationn Specifying what each method does q Specify it in a comment before method's header n Precondition q Caller obligation n Postcondition
Programming as a contract Assertions, pre/postconditions and invariants Assertions: Section 4.2 in Savitch (p. 239) Loop invariants: Section 4.5 in Rosen Specifying what each method does q Specify it in
More informationCSCE 548 Building Secure Software Integers & Integer-related Attacks & Format String Attacks. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Integers & Integer-related Attacks & Format String Attacks Professor Lisa Luo Spring 2018 Previous Class Buffer overflows can be devastating It occurs when the access
More informationAnalysis of Software Artifacts
Analysis of Software Artifacts Properties with ESC/Java Jonathan Aldrich 1 ESC/Java A checker for Java programs Finds null pointers, array dereferences Checks Hoare logic specifications Expressed in Java
More informationSimple Overflow. #include <stdio.h> int main(void){ unsigned int num = 0xffffffff;
Simple Overflow 1 #include int main(void){ unsigned int num = 0xffffffff; printf("num is %d bits long\n", sizeof(num) * 8); printf("num = 0x%x\n", num); printf("num + 1 = 0x%x\n", num + 1); }
More informationProgram Analysis. Program Analysis
Program Analysis Class #4 Program Analysis Dynamic Analysis 1 Static VS Dynamic Analysis Static analysis operates on a model of the SW (without executing it) If successful, produces definitive information
More informationTesting. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?
Testing ECE/CS 5780/6780: Embedded System Design Scott R. Little Lecture 24: Introduction to Software Testing and Verification What is software testing? Running a program in order to find bugs (faults,
More informationGlobal Optimization. Lecture Outline. Global flow analysis. Global constant propagation. Liveness analysis. Local Optimization. Global Optimization
Lecture Outline Global Optimization Global flow analysis Global constant propagation Liveness analysis Compiler Design I (2011) 2 Local Optimization Recall the simple basic-block optimizations Constant
More informationfinding vulnerabilities
cs6 42 computer security finding vulnerabilities adam everspaugh ace@cs.wisc.edu hw1 Homework 1 will be posted after class today Due: Feb 22 Should be fun! TAs can help with setup Use Piazza as first step
More informationChristoph Csallner, University of Texas at Arlington (UTA)
Christoph Csallner, University of Texas at Arlington (UTA) Joint work with: Nikolai Tillmann (MSR), Yannis Smaragdakis (UMass), Ishtiaque Hussain (UTA), Chengkai Li (UTA) Dynamic symbolic execution Pioneered
More informationObjectives. Chapter 19. Verification vs. validation. Topics covered. Static and dynamic verification. The V&V process
Objectives Chapter 19 Verification and Validation Assuring that a software system meets a user s need are to introduce software verification and validation (V&V) and to discuss the distinction between
More informationCS2141 Software Development using C/C++ Debugging
CS2141 Software Development using C/C++ Debugging Debugging Tips Examine the most recent change Error likely in, or exposed by, code most recently added Developing code incrementally and testing along
More informationDEBUGGING: OBSERVING AND TRACKING
DEBUGGING: OBSERVING AND TRACKING WS 2017/2018 Martina Seidl Institute for Formal Models and Verification Observing a Program deduction tells what might happen observation tells what is actually happening
More informationASYMPTOTIC COMPLEXITY
Simplicity is a great virtue but it requires hard work to achieve it and education to appreciate it. And to make matters worse: complexity sells better. - Edsger Dijkstra ASYMPTOTIC COMPLEXITY Lecture
More informationChapter 3 (part 3) Describing Syntax and Semantics
Chapter 3 (part 3) Describing Syntax and Semantics Chapter 3 Topics Introduction The General Problem of Describing Syntax Formal Methods of Describing Syntax Attribute Grammars Describing the Meanings
More informationCorrectness of specifications. Correctness. Correctness of specifications (2) Example of a Correctness Proof. Testing versus Correctness Proofs
CS 390 Lecture 17 Correctness A product is correct if it satisfies its output specifications when operated under permitted conditions Correctness of specifications Incorrect specification for a sort (Figure
More informationSoftware Security: Vulnerability Analysis
Computer Security Course. Software Security: Vulnerability Analysis Program Verification Program Verification How to prove a program free of buffer overflows? Precondition Postcondition Loop invariants
More informationGuidelines for Writing C Code
Guidelines for Writing C Code Issue 01-bugfix Martin Becker Institute for Real-Time Computer Systems (RCS) Technische Universität München becker@rcs.ei.tum.de June 9, 2014 Contents 1 Introduction 1 2 Pragmatic
More informationDEBUGGING: DYNAMIC PROGRAM ANALYSIS
DEBUGGING: DYNAMIC PROGRAM ANALYSIS WS 2017/2018 Martina Seidl Institute for Formal Models and Verification System Invariants properties of a program must hold over the entire run: integrity of data no
More informationModular and Verified Automatic Program Repairs
Modular and Verified Automatic Program Repairs from Francesco Logozzo and Thomas Ball at Microsoft Research, Redmond presenter name(s) removed for FERPA considerations Introduction Your programs will have
More informationASYMPTOTIC COMPLEXITY
Simplicity is a great virtue but it requires hard work to achieve it and education to appreciate it. And to make matters worse: complexity sells better. - Edsger Dijkstra ASYMPTOTIC COMPLEXITY Lecture
More informationThe JML Tool. Faculty of Engineering Pontificia Universidad Javeriana. The JML Tool p.1/23
The JML Tool Néstor Cataño ncatano@puj.edu.co Faculty of Engineering Pontificia Universidad Javeriana The JML Tool p.1/23 Tools for JML 1. Parsing and type-checking 2. Checking assertions at runtime 3.
More informationSpark verification features
Spark verification features Paul Jackson School of Informatics University of Edinburgh Formal Verification Spring 2018 Adding specification information to programs Verification concerns checking whether
More informationIntroduction to Java https://tinyurl.com/y7bvpa9z
Introduction to Java https://tinyurl.com/y7bvpa9z Eric Newhall - Laurence Meyers Team 2849 Alumni Java Object-Oriented Compiled Garbage-Collected WORA - Write Once, Run Anywhere IDE Integrated Development
More informationStatic Program Analysis Part 1 the TIP language
Static Program Analysis Part 1 the TIP language http://cs.au.dk/~amoeller/spa/ Anders Møller & Michael I. Schwartzbach Computer Science, Aarhus University Questions about programs Does the program terminate
More informationAssertions, pre/postconditions
Programming as a contract Assertions, pre/postconditions Assertions: Section 4.2 in Savitch (p. 239) Specifying what each method does q Specify it in a comment before method's header Precondition q What
More informationCMSC 330: Organization of Programming Languages. OCaml Expressions and Functions
CMSC 330: Organization of Programming Languages OCaml Expressions and Functions CMSC330 Spring 2018 1 Lecture Presentation Style Our focus: semantics and idioms for OCaml Semantics is what the language
More informationLecture 10 Design by Contract
CS 5959 Writing Solid Code Fall 2015 Nov-23 Lecture 10 Design by Contract Zvonimir Rakamarić University of Utah Design by Contract Also called assume-guarantee reasoning Developers annotate software components
More informationCSC 1052 Algorithms & Data Structures II: Linked Lists Revisited
CSC 1052 Algorithms & Data Structures II: Linked Lists Revisited Professor Henry Carter Spring 2018 Recap Recursion involves defining a solution based on smaller versions of the same solution Three components:
More informationLecture 1 - Introduction (Class Notes)
Lecture 1 - Introduction (Class Notes) Outline: How does a computer work? Very brief! What is programming? The evolution of programming languages Generations of programming languages Compiled vs. Interpreted
More informationCS 139 Practice Midterm Questions #2
CS 139 Practice Midterm Questions #2 Spring 2016 Name: 1. Write Java statements to accomplish each of the following. (a) Declares numbers to be an array of int s. (b) Initializes numbers to contain a reference
More informationQUIZ Lesson 4. Exercise 4: Write an if statement that assigns the value of x to the variable y if x is in between 1 and 20, otherwise y is unchanged.
QUIZ Lesson 4 Exercise 4: Write an if statement that assigns the value of x to the variable y if x is in between 1 and 20, otherwise y is unchanged. QUIZ Lesson 4 Exercise 4: Write an if statement that
More informationECE264 Spring 2013 Final Exam, April 30, 2013
ECE264 Spring 2013 Final Exam, April 30, 2013 In signing this statement, I hereby certify that the work on this exam is my own and that I have not copied the work of any other student while completing
More informationCS111: PROGRAMMING LANGUAGE II
1 CS111: PROGRAMMING LANGUAGE II Computer Science Department Lecture 1: Introduction Lecture Contents 2 Course info Why programming?? Why Java?? Write once, run anywhere!! Java basics Input/output Variables
More information(A) 99 ** (B) 100 (C) 101 (D) 100 initial integers plus any additional integers required during program execution
Ch 5 Arrays Multiple Choice Test 01. An array is a ** (A) data structure with one, or more, elements of the same type. (B) data structure with LIFO access. (C) data structure, which allows transfer between
More informationFoundations of Software Engineering
Foundations of Software Engineering Dynamic Analysis Christian Kästner 1 15-313 Software Engineering Adminstrativa Midterm Participation Midsemester grades 2 15-313 Software Engineering How are we doing?
More informationb. Suppose you enter input from the console, when you run the program. What is the output?
Part I. Show the printout of the following code: (write the printout next to each println statement if the println statement is executed in the program). a. Show the output of the following code: public
More informationCS111: PROGRAMMING LANGUAGE II
CS111: PROGRAMMING LANGUAGE II Computer Science Department Lecture 1(c): Java Basics (II) Lecture Contents Java basics (part II) Conditions Loops Methods Conditions & Branching Conditional Statements A
More informationCSC 1351: Quiz 6: Sort and Search
CSC 1351: Quiz 6: Sort and Search Name: 0.1 You want to implement combat within a role playing game on a computer. Specifically, the game rules for damage inflicted by a hit are: In order to figure out
More informationExam Review. CSE 331 Section 10 12/6/12. Slides by Kellen Donohue with material from Mike Ernst
Exam Review CSE 331 Section 10 12/6/12 Slides by Kellen Donohue with material from Mike Ernst Course Logistics All homework s done (except late days) HW8 returned HW7 being graded HW9 will be graded during
More informationDynamic Inference of Abstract Types
Dynamic Inference of Abstract Types Philip J. Guo, Jeff H. Perkins, Stephen McCamant, Michael D. Ernst Computer Science and A.I. Lab Massachusetts Institute of Technology Declared types // Order cost =
More informationRecap. Juan Pablo Galeotti,Alessandra Gorla, Software Engineering Chair Computer Science Saarland University, Germany
Recap Juan Pablo Galeotti,Alessandra Gorla, Software Engineering Chair Computer Science Saarland University, Germany 30% projects (10% each) At least 50% threshold for exam admittance Groups of 2 70% final
More informationunsigned char memory[] STACK ¼ 0x xC of address space globals function KERNEL code local variables
Graded assignment 0 will be handed out in section Assignment 1 Not that bad Check your work (run it through the compiler) Factorial Program Prints out ENTERING, LEAVING, and other pointers unsigned char
More informationC Review. MaxMSP Developers Workshop Summer 2009 CNMAT
C Review MaxMSP Developers Workshop Summer 2009 CNMAT C Syntax Program control (loops, branches): Function calls Math: +, -, *, /, ++, -- Variables, types, structures, assignment Pointers and memory (***
More informationThis test is not formatted for your answers. Submit your answers via to:
Page 1 of 7 Computer Science 320: Final Examination May 17, 2017 You have as much time as you like before the Monday May 22 nd 3:00PM ET deadline to answer the following questions. For partial credit,
More informationCOMP-202. Recursion. COMP Recursion, 2011 Jörg Kienzle and others
COMP-202 Recursion Recursion Recursive Definitions Run-time Stacks Recursive Programming Recursion vs. Iteration Indirect Recursion Lecture Outline 2 Recursive Definitions (1) A recursive definition is
More informationAnalysis/Bug-finding/Verification for Security
Analysis/Bug-finding/Verification for Security VIJAY GANESH University of Waterloo Winter 2013 Analysis/Test/Verify for Security Instrument code for testing Heap memory: Purify Perl tainting (information
More informationhttps://www.lri.fr/ linaye/gl.html
Software Engineering https://www.lri.fr/ linaye/gl.html lina.ye@centralesupelec.fr Sequence 3, 2017-2018 1/61 Software Engineering Plan 1 2 3 4 5 2/61 Software Engineering Software Testing 3/61 Software
More informationAssignment: 1. (Unit-1 Flowchart and Algorithm)
Assignment: 1 (Unit-1 Flowchart and Algorithm) 1. Explain: Flowchart with its symbols. 2. Explain: Types of flowchart with example. 3. Explain: Algorithm with example. 4. Draw a flowchart to find the area
More informationVerification and Validation
Verification and Validation Minsoo Ryu Hanyang University Topics Covered 1. Verification and Validation 2. Software Inspections 3. Automated Static Analysis 4. Verification and Formal Methods 2 2 1. Verification
More informationDavid Glasser Michael D. Ernst CSAIL, MIT
static dynamic intraprocedural interprocedural Shay Artzi, Adam Kiezun, David Glasser Michael D. Ernst CSAIL, MIT Parameter P of method M is: Mutable if some execution of M can change the state of P s
More informationTesting! The material for this lecture is drawn, in part, from! The Practice of Programming (Kernighan & Pike) Chapter 6!
Testing The material for this lecture is drawn, in part, from The Practice of Programming (Kernighan & Pike) Chapter 6 1 Goals of this Lecture Help you learn about: Internal testing External testing General
More informationCMSC 132: Object-Oriented Programming II. Recursive Algorithms. Department of Computer Science University of Maryland, College Park
CMSC 132: Object-Oriented Programming II Recursive Algorithms Department of Computer Science University of Maryland, College Park Recursion Recursion is a strategy for solving problems A procedure that
More informationAutomatic Generation of Program Specifications
Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science http://pag.lcs.mit.edu/ Joint work with Michael Ernst Jeremy Nimmer, page 1 Synopsis Specifications are useful
More informationRecap. Advanced static analysis jobs. Secure Programming Lecture 14: Static Analysis II. Program understanding tools
Recap Advanced static analysis jobs Secure Programming Lecture 14: Static Analysis II David Aspinall 17th March 2017 We re looking at principles and tools for ensuring software security. This lecture looks
More informationVerification and Validation
2014-2015 Verification and Validation Part I : Extended Static Analysis Burkhart Wolff Département Informatique Université Paris-Sud / Orsay Static Analysis! We have seen test methods, and proof methods.
More informationMEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING
FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE MEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING Herbert Rocha, Raimundo Barreto,
More informationCS 261 Fall C Introduction. Variables, Memory Model, Pointers, and Debugging. Mike Lam, Professor
CS 261 Fall 2017 Mike Lam, Professor C Introduction Variables, Memory Model, Pointers, and Debugging The C Language Systems language originally developed for Unix Imperative, compiled language with static
More informationTesting, code coverage and static analysis. COSC345 Software Engineering
Testing, code coverage and static analysis COSC345 Software Engineering Outline Various testing processes ad hoc / formal / automatic Unit tests and test driven development Code coverage metrics Integration
More informationCMSC430 Spring 2014 Midterm 2 Solutions
CMSC430 Spring 2014 Midterm 2 Solutions 1. (12 pts) Syntax directed translation & type checking Consider the following grammar fragment for an expression for C--: exp CONST IDENT 1 IDENT 2 [ exp 1 ] Assume
More informationProgram Analysis Tools
CMPT 473 Software Quality Assurance Program Analysis Tools Nick Sumner Fixing bugs is costly Why? 2 Fixing bugs is costly The longer broken code exists, the more code depends upon it. 3 Fixing bugs is
More informationESC/Java2 extended static checking for Java Erik Poll Radboud University Nijmegen
ESC/Java2 extended static checking for Java Erik Poll Radboud University Nijmegen Erik Poll - JML p.1/19 Extended static checker for Java ESC/Java by Rustan Leino et.al. Extension ESC/Java2 by David Cok
More informationCptS 360 (System Programming) Unit 4: Debugging
CptS 360 (System Programming) Unit 4: Debugging Bob Lewis School of Engineering and Applied Sciences Washington State University Spring, 2018 Motivation You re probably going to spend most of your code
More informationUniversity of Cape Town ~ Department of Computer Science Computer Science 1015F ~ June Exam
Name: Please fill in your Student Number and Name. Student Number : Student Number: University of Cape Town ~ Department of Computer Science Computer Science 1015F ~ 2009 June Exam Question Max Internal
More informationStatic and dynamic analysis: synergy and duality
Static and dynamic analysis: synergy and duality Michael Ernst MIT Computer Science & Artificial Intelligence Lab http://pag.csail.mit.edu/~mernst/ PASTE June 7, 2004 Michael Ernst, page 1 Goals Theme:
More informationLinux Systems Administration Shell Scripting Basics. Mike Jager Network Startup Resource Center
Linux Systems Administration Shell Scripting Basics Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial
More informationCSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Entity Authentication Professor Lisa Luo Spring 2018 Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know
More informationEmbedded Software TI2726 B. 3. C tools. Koen Langendoen. Embedded Software Group
Embedded Software 3. C tools TI2726 B Koen Langendoen Embedded Software Group C development cycle 1. [Think] 2. Edit 3. Compile 4. Test 5. Debug 6. Tune UNIX toolbox 2. vi, emacs, gedit 3. gcc, make 4.
More informationStatic Analysis in Practice
in Practice 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich 1 Quick Poll Who is familiar and comfortable with design patterns? e.g. what is a Factory and why use it? 2 1 Outline: in Practice
More informationTesting. Topics. Types of Testing. Types of Testing
Topics 1) What are common types of testing? a) Testing like a user: through the UI. b) Testing like a dev: through the code. 2) What makes a good bug report? 3) How can we write code to test code (via
More informationSymbolic Execution, Dynamic Analysis
Symbolic Execution, Dynamic Analysis http://d3s.mff.cuni.cz Pavel Parízek CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Symbolic execution Pavel Parízek Symbolic Execution, Dynamic Analysis
More informationDynamic Binary Instrumentation: Introduction to Pin
Dynamic Binary Instrumentation: Introduction to Pin Instrumentation A technique that injects instrumentation code into a binary to collect run-time information 2 Instrumentation A technique that injects
More informationAGENDA Binary Operations CS 3330 Samira Khan
AGENDA Binary Operations CS 3330 Logistics Review from last Lecture Samira Khan University of Virginia Jan 31, 2017 Binary Operations Logical Operations Bitwise Operations Examples 2 Feedbacks Quizzes
More informationSeminar in Software Engineering Presented by Dima Pavlov, November 2010
Seminar in Software Engineering-236800 Presented by Dima Pavlov, November 2010 1. Introduction 2. Overview CBMC and SAT 3. CBMC Loop Unwinding 4. Running CBMC 5. Lets Compare 6. How does it work? 7. Conclusions
More informationLecture Compiler Middle-End
Lecture 16-18 18 Compiler Middle-End Jianwen Zhu Electrical and Computer Engineering University of Toronto Jianwen Zhu 2009 - P. 1 What We Have Done A lot! Compiler Frontend Defining language Generating
More informationJML tool-supported specification for Java Erik Poll Radboud University Nijmegen
JML tool-supported specification for Java Erik Poll Radboud University Nijmegen Erik Poll - JML p.1/41 Overview The specification language JML Tools for JML, in particular runtime assertion checking using
More informationCOMP 202 Recursion. CONTENTS: Recursion. COMP Recursion 1
COMP 202 Recursion CONTENTS: Recursion COMP 202 - Recursion 1 Recursive Thinking A recursive definition is one which uses the word or concept being defined in the definition itself COMP 202 - Recursion
More informationSemantics. There is no single widely acceptable notation or formalism for describing semantics Operational Semantics
There is no single widely acceptable notation or formalism for describing semantics Operational Describe the meaning of a program by executing its statements on a machine, either simulated or actual. The
More informationThe Checker Framework: pluggable static analysis for Java
The Checker Framework: pluggable static analysis for Java http://checkerframework.org/ Werner Dietl University of Waterloo https://ece.uwaterloo.ca/~wdietl/ Joint work with Michael D. Ernst and many others.
More informationCSCE 206: Structured Programming in C++
CSCE 206: Structured Programming in C++ 2017 Spring Exam 2 Monday, March 20, 2017 Total - 100 Points B Instructions: Total of 13 pages, including this cover and the last page. Before starting the exam,
More informationVerification Using Static Analysis
Verification Using Static Analysis Outline Today we will discuss static analysis and how it differs from dynamic analysis We will also look at the different types of static analysis including: Control
More informationVerifying source code
Software and Systems Verification (VIMIMA01) Verifying source code Akos Hajdu, Istvan Majzik, Zoltan Micskei Budapest University of Technology and Economics Fault Tolerant Systems Research Group Budapest
More informationRipple: Reflection Analysis for Android Apps in Incomplete Information Environments
Ripple: Reflection Analysis for Android Apps in Incomplete Information Environments Yifei Zhang, Tian Tan, Yue Li and Jingling Xue Programming Languages and Compilers Group University of New South Wales
More informationRecursion CSCI 136: Fundamentals of Computer Science II Keith Vertanen Copyright 2011
Recursion CSCI 136: Fundamentals of Computer Science II Keith Vertanen Copyright 2011 Recursion A method calling itself Overview A new way of thinking about a problem Divide and conquer A powerful programming
More informationDepartment of Computer Science Purdue University, West Lafayette
Department of Computer Science Purdue University, West Lafayette Fall 2011: CS 180 Problem Solving and OO Programming Exam 1 Solutions Q 1 Answer the questions below assuming that binary integers are represented
More informationMidterm Examination (MTA)
M105: Introduction to Programming with Java Midterm Examination (MTA) Spring 2013 / 2014 Question One: [6 marks] Choose the correct answer and write it on the external answer booklet. 1. Compilers and
More informationRanking Functions for Loops with Disjunctive Exit-Conditions
Ranking Functions for Loops with Disjunctive Exit-Conditions Rody Kersten 1 Marko van Eekelen 1,2 1 Institute for Computing and Information Sciences (icis), Radboud University Nijmegen 2 School for Computer
More informationLab #1: A Quick Introduction to the Eclipse IDE
Lab #1: A Quick Introduction to the Eclipse IDE Eclipse is an integrated development environment (IDE) for Java programming. Actually, it is capable of much more than just compiling Java programs but that
More informationRecursion. Overview. Mathematical induction. Hello recursion. Recursion. Example applications. Goal: Compute factorial N! = 1 * 2 * 3...
Recursion Recursion Overview A method calling itself A new way of thinking about a problem Divide and conquer A powerful programming paradigm Related to mathematical induction Example applications Factorial
More information