A Generic Annotation Inference Algorithm for the Safety Certification of Automatically Generated Code

Code generators for realistic application domains are not directly verifiable in practice. In the certifiable code generation approach the generator is extended to generate logical annotations (i.e., pre- and postconditions and loop invariants) along with the programs, allowing fully automated program proofs of different safety properties. However, this requires access to the generator sources, and remains difficult to implement and maintain because the annotations are cross-cutting concerns, both on the object-level (i.e., in the generated code) and on the meta-level (i.e., in the generator). Here we describe a new generic post-generation annotation inference algorithm that circumvents these problems. We exploit the fact that the output of a code generator is highly idiomatic, so that patterns can be used to describe all code constructs that require annotations. The patterns are specific to the idioms of the targeted code generator and to the safety property to be shown, but the algorithm itself remains generic. It is based on a pattern matcher used to identify instances of the idioms and build a property-specific abstracted control flow graph, and a graph traversal that follows the paths from the use nodes backwards to all corresponding definitions, annotating the statements along these paths. This core is instantiated for two generators and successfully applied to automatically certify initialization safety for a range of generated programs

Relationship between Module Size, Alternative Cost and Bugs

Selle lõputöö eesmärgiks on uurida, kas alternatiivkulu (AC) ja mooduli suurus viivad suurema vigade arvuni tarkvaraprojektis. Kasutades nelja tarkvaraprojekti – JQuery, Font-Awesome, ReactJS ja Atom – versiooniajaloost ja vearaportitest eraldatud andmeid, arvutame me nende alternatiivkulud. Seejärel kasutame me Kendalli korrelatsiooni, et uurida AC ja vigade ning mooduli suuruse (mõõdetuna koodiridades) ja vigade vahelise seose tugevust. Me leidsime, et moodulite suuruse ja vigade vahel on tugev korrelatsioon kõigis neljas tarkvaraprojektis. Samas AC ja vigade vaheline seos jäi tõendamata. Oma uurimusest järeldame, et tarkvaraprojekti kvaliteeditagamise tegevuste käigus tuleks suurtele moodulitele pöörata rohkem tähelepanu. Alternatiivkulu ei ole oluline vigade asukoha tuvastamiseks.The aim of this thesis is to find out if Alternative Cost (AC) and size of modules lead to more bugs in a software project. Using the historical churn extracted from revisions data and bug reports data retrieved from four software projects namely, JQuery, Font-Awesome, ReactJS, and Atom, we calculate their AC. After which we use Kendall correlation to investigate the strength of association between AC and bugs, and module size (measured in Lines of Code) and bugs. We find a strong association between size of modules in all four software projects and bugs existing in them, while that of AC and bugs remain inconclusive. From our investigation, we conclude that when quality assurance activities are performed on a software project, modules with larger size should be given more attention. On the other hand, using our result, Alternative Cost is not relevant for bugs localization