JCML: A specification language for the runtime verification of Java Card programs

AbstractJava Card is a version of Java developed to run on devices with severe storage and processing restrictions. The applets that run on these devices are frequently intended for use in critical, highly distributed, mobile conditions. They are required to be portable and safe. Often, the requirements of the application impose the use of dynamic, on-card verifications, but most of the research developed to improve the safety of Java Card applets concentrates on static verification methods. This work presents a runtime verification approach based on Design by Contract to improve the safety of Java Card applications. To this end, we propose JCML (Java Card Modelling Language) a specification language derived from JML (Java Modelling Language) and its implementation: a compiler that generates runtime verification code. We also present some experiments and quality indicators. This paper extends previous published work from the authors with a more complete and precise definition of the JCML language and new experiments and results

Specification Based Bug Detection for Embedded Software

Traditional compilers do not automatically analyze processor specifications, thousands of pages of which are available for modern processors. The specifications describe constraints and requirements for processors, and therefore, are useful for software development for these processors. To bridge this gap, our tool em-SPADE analyzes processor specifications and creates processor-specific rules to detect low-level programming errors. This work shows the potential of automatically analyzing processor specifications to detect low-level programming errors at compile time. em-SPADE is a compiler extension to automatically detect software bugs in low-level programs. From processor specifications, em-SPADE preprocessor extracts target-specific rules such as register use and read-only or reserved registers. A special LLVM pass in em-SPADE then uses these rules to detect incorrect register assignments. Our experiments with em-SPADE have correctly extracted 652 rules from 15 specifications and consequently found 20 bugs in ten software projects. In addition, we explore the use of data mining techniques to learn more about the nature and type of complex checkable rules other than access and reserved bit rules. After applying the frequent itemset mining technique on three specifications, we found that the mining can report complex checkable rules from the specifications with a precision of 53.53% to 82.22% and recall of 36.88% to 75.18%. Thus, the data mining approach is useful for learning complex type of rules in large specifications. These techniques help us identify complex rules. In addition, insights gained from the mining results can be used to improve and standardize specifications. The work is generalizable to other types of specifications and shows the clear prospects of using processor specifications to enhance compilers

Verification-based software-fault detection

Software is used in many safety- and security-critical systems. Software development is, however, an error-prone task. In this work new techniques for the detection of software faults (or software "bugs") are described which are based on a formal deductive verification technology. The described techniques take advantage of information obtained during verification and combine verification technology with deductive fault detection and test generation in a very unified way

Verification-based Software-fault Detection

Software is used in many safety- and security-critical systems. Software development is, however, an error-prone task. In this dissertation new techniques for the detection of software faults (or software "bugs") are described which are based on a formal deductive verification technology. The described techniques take advantage of information obtained during verification and combine verification technology with deductive fault detection and test generation in a very unified way

Helping end-user programmers find and fix performance problems in visual code

End-user programmers often struggle to create programs that run quickly and effectively, which can be a major deterrent in completing their tasks as desired. Current research has primarily focused on catching user mistakes, such as errors or misused formulas. However, end users deal with issues other than just correctness. In particular, there are very few tools and very little research aimed at helping end-user programmers to find and fix performance issues. This thesis details three specific methods: detecting code smells, combining static code smell detection with profiling information, and the semi-automatic or tool-guided removal of code smells. These methods have been prototyped to interface with the Labview IDE with the support of National Instruments. These methods have been evaluated through several user studies to ensure that they are effective and helpful