8,510 research outputs found
Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach
The adoption of blockchain-based distributed computation platforms is growing
fast. Some of these platforms, such as Ethereum, provide support for
implementing smart contracts, which are envisioned to have novel applications
in a broad range of areas, including finance and Internet-of-Things. However, a
significant number of smart contracts deployed in practice suffer from security
vulnerabilities, which enable malicious users to steal assets from a contract
or to cause damage. Vulnerabilities present a serious issue since contracts may
handle financial assets of considerable value, and contract bugs are
non-fixable by design. To help developers create more secure smart contracts,
we introduce FSolidM, a framework rooted in rigorous semantics for designing
con- tracts as Finite State Machines (FSM). We present a tool for creating FSM
on an easy-to-use graphical interface and for automatically generating Ethereum
contracts. Further, we introduce a set of design patterns, which we implement
as plugins that developers can easily add to their contracts to enhance
security and functionality
Abmash: Mashing Up Legacy Web Applications by Automated Imitation of Human Actions
Many business web-based applications do not offer applications programming
interfaces (APIs) to enable other applications to access their data and
functions in a programmatic manner. This makes their composition difficult (for
instance to synchronize data between two applications). To address this
challenge, this paper presents Abmash, an approach to facilitate the
integration of such legacy web applications by automatically imitating human
interactions with them. By automatically interacting with the graphical user
interface (GUI) of web applications, the system supports all forms of
integrations including bi-directional interactions and is able to interact with
AJAX-based applications. Furthermore, the integration programs are easy to
write since they deal with end-user, visual user-interface elements. The
integration code is simple enough to be called a "mashup".Comment: Software: Practice and Experience (2013)
Deductive Verification of Unmodified Linux Kernel Library Functions
This paper presents results from the development and evaluation of a
deductive verification benchmark consisting of 26 unmodified Linux kernel
library functions implementing conventional memory and string operations. The
formal contract of the functions was extracted from their source code and was
represented in the form of preconditions and postconditions. The correctness of
23 functions was completely proved using AstraVer toolset, although success for
11 functions was achieved using 2 new specification language constructs.
Another 2 functions were proved after a minor modification of their source
code, while the final one cannot be completely proved using the existing memory
model. The benchmark can be used for the testing and evaluation of deductive
verification tools and as a starting point for verifying other parts of the
Linux kernel.Comment: 18 pages, 2 tables, 6 listings. Accepted to ISoLA 2018 conference.
Evaluating Tools for Software Verification trac
Evaluation of Kermeta for Solving Graph-based Problems
Kermeta is a meta-language for specifying the structure and behavior of graphs of interconnected objects called models. In this paper,\ud
we show that Kermeta is relatively suitable for solving three graph-based\ud
problems. First, Kermeta allows the specification of generic model\ud
transformations such as refactorings that we apply to different metamodels\ud
including Ecore, Java, and Uml. Second, we demonstrate the extensibility\ud
of Kermeta to the formal language Alloy using an inter-language model\ud
transformation. Kermeta uses Alloy to generate recommendations for\ud
completing partially specified models. Third, we show that the Kermeta\ud
compiler achieves better execution time and memory performance compared\ud
to similar graph-based approaches using a common case study. The\ud
three solutions proposed for those graph-based problems and their\ud
evaluation with Kermeta according to the criteria of genericity,\ud
extensibility, and performance are the main contribution of the paper.\ud
Another contribution is the comparison of these solutions with those\ud
proposed by other graph-based tools
Populous: A tool for populating ontology templates
We present Populous, a tool for gathering content with which to populate an
ontology. Domain experts need to add content, that is often repetitive in its
form, but without having to tackle the underlying ontological representation.
Populous presents users with a table based form in which columns are
constrained to take values from particular ontologies; the user can select a
concept from an ontology via its meaningful label to give a value for a given
entity attribute. Populated tables are mapped to patterns that can then be used
to automatically generate the ontology's content. Populous's contribution is in
the knowledge gathering stage of ontology development. It separates knowledge
gathering from the conceptualisation and also separates the user from the
standard ontology authoring environments. As a result, Populous can allow
knowledge to be gathered in a straight-forward manner that can then be used to
do mass production of ontology content.Comment: in Adrian Paschke, Albert Burger begin_of_the_skype_highlighting
end_of_the_skype_highlighting, Andrea Splendiani, M. Scott Marshall, Paolo
Romano: Proceedings of the 3rd International Workshop on Semantic Web
Applications and Tools for the Life Sciences, Berlin,Germany, December 8-10,
201
A heuristic-based approach to code-smell detection
Encapsulation and data hiding are central tenets of the object oriented paradigm. Deciding what data and behaviour to form into a class and where to draw the line between its public and private details can make the difference between a class that is an understandable, flexible and reusable abstraction and one which is not. This decision is a difficult one and may easily result in poor encapsulation which can then have serious implications for a number of system qualities. It is often hard to identify such encapsulation problems within large software systems until they cause a maintenance problem (which is usually too late) and attempting to perform such analysis manually can also be tedious and error prone. Two of the common encapsulation problems that can arise as a consequence of this decomposition process are data classes and god classes. Typically, these two problems occur together – data classes are lacking in functionality that has typically been sucked into an over-complicated and domineering god class. This paper describes the architecture of a tool which automatically detects data and god classes that has been developed as a plug-in for the Eclipse IDE. The technique has been evaluated in a controlled study on two large open source systems which compare the tool results to similar work by Marinescu, who employs a metrics-based approach to detecting such features. The study provides some valuable insights into the strengths and weaknesses of the two approache
- …