133,680 research outputs found
Combining over- and under-approximating program analyses for automatic software testing
This dissertation attacks the well-known problem of path-imprecision in static program analysis. Our starting point is an existing static program analysis that over-approximates the execution paths of the analyzed program. We then make this over-approximating program analysis more precise for automatic testing in an object-oriented programming language. We achieve this by combining the over-approximating program analysis with usage-observing and under-approximating analyses. More specifically, we make the following contributions.
We present a technique to eliminate language-level unsound bug warnings produced by an execution-path-over-approximating analysis for object-oriented programs that is based on the weakest precondition calculus. Our technique post-processes the results of the over-approximating analysis by solving the produced constraint systems and generating and executing concrete test-cases that satisfy the given constraint systems. Only test-cases that confirm the results of the over-approximating static analysis are presented to the user. This technique has the important side-benefit of making the results of a weakest-precondition based static analysis easier to understand for human consumers. We show examples from our experiments that visually demonstrate the difference between hundreds of complicated constraints and a simple corresponding JUnit test-case.
Besides eliminating language-level unsound bug warnings, we present an additional technique that also addresses user-level unsound bug warnings. This technique pre-processes the testee with a dynamic analysis that takes advantage of actual user data. It annotates the testee with the knowledge obtained from this pre-processing step and thereby provides guidance for the over-approximating analysis.
We also present an improvement to dynamic invariant detection for object-oriented programming languages. Previous approaches do not take behavioral subtyping into account and therefore may produce inconsistent results, which can throw off automated analyses such as the ones we are performing for bug-finding.
Finally, we address the problem of unwanted dependencies between test-cases caused by global state. We present two techniques for efficiently re-initializing global state between test-case executions and discuss their trade-offs.
We have implemented the above techniques in the JCrasher, Check 'n' Crash, and DSD-Crasher tools and present initial experience in using them for automated bug finding in real-world Java programs.Ph.D.Committee Chair: Smaragdakis, Yannis; Committee Member: Dwyer, Matthew; Committee Member: Orso, Alessandro; Committee Member: Pande, Santosh; Committee Member: Rugaber, Spence
History-sensitive versus future-sensitive approaches to security in distributed systems
We consider the use of aspect-oriented techniques as a flexible way to deal
with security policies in distributed systems. Recent work suggests to use
aspects for analysing the future behaviour of programs and to make access
control decisions based on this; this gives the flavour of dealing with
information flow rather than mere access control. We show in this paper that it
is beneficial to augment this approach with history-based components as is the
traditional approach in reference monitor-based approaches to mandatory access
control. Our developments are performed in an aspect-oriented coordination
language aiming to describe the Bell-LaPadula policy as elegantly as possible.
Furthermore, the resulting language has the capability of combining both
history- and future-sensitive policies, providing even more flexibility and
power.Comment: In Proceedings ICE 2010, arXiv:1010.530
Combining multiple resolutions into hierarchical representations for kernel-based image classification
Geographic object-based image analysis (GEOBIA) framework has gained
increasing interest recently. Following this popular paradigm, we propose a
novel multiscale classification approach operating on a hierarchical image
representation built from two images at different resolutions. They capture the
same scene with different sensors and are naturally fused together through the
hierarchical representation, where coarser levels are built from a Low Spatial
Resolution (LSR) or Medium Spatial Resolution (MSR) image while finer levels
are generated from a High Spatial Resolution (HSR) or Very High Spatial
Resolution (VHSR) image. Such a representation allows one to benefit from the
context information thanks to the coarser levels, and subregions spatial
arrangement information thanks to the finer levels. Two dedicated structured
kernels are then used to perform machine learning directly on the constructed
hierarchical representation. This strategy overcomes the limits of conventional
GEOBIA classification procedures that can handle only one or very few
pre-selected scales. Experiments run on an urban classification task show that
the proposed approach can highly improve the classification accuracy w.r.t.
conventional approaches working on a single scale.Comment: International Conference on Geographic Object-Based Image Analysis
(GEOBIA 2016), University of Twente in Enschede, The Netherland
Towards a service-oriented e-infrastructure for multidisciplinary environmental research
Research e-infrastructures are considered to have generic and thematic parts. The generic part provids high-speed networks, grid (large-scale distributed computing) and database systems (digital repositories and data transfer systems) applicable to all research commnities irrespective of discipline. Thematic parts are specific deployments of e-infrastructures to support diverse virtual research communities. The needs of a virtual community of multidisciplinary envronmental researchers are yet to be investigated. We envisage and argue for an e-infrastructure that will enable environmental researchers to develop environmental models and software entirely out of existing components through loose coupling of diverse digital resources based on the service-oriented achitecture. We discuss four specific aspects for consideration for a future e-infrastructure: 1) provision of digital resources (data, models & tools) as web services, 2) dealing with stateless and non-transactional nature of web services using workflow management systems, 3) enabling web servce discovery, composition and orchestration through semantic registries, and 4) creating synergy with existing grid infrastructures
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
Integrating the common variability language with multilanguage annotations for web engineering
Web applications development involves managing a high diversity of files and resources like code, pages or style sheets, implemented in different languages. To deal with the automatic generation of
custom-made configurations of web applications, industry usually adopts annotation-based approaches even though the majority of studies encourage the use of composition-based approaches to implement
Software Product Lines. Recent work tries to combine both approaches to get the complementary benefits. However, technological companies are reticent to adopt new development paradigms
such as feature-oriented programming or aspect-oriented programming.
Moreover, it is extremely difficult, or even impossible, to apply
these programming models to web applications, mainly because of
their multilingual nature, since their development involves multiple
types of source code (Java, Groovy, JavaScript), templates (HTML,
Markdown, XML), style sheet files (CSS and its variants, such as
SCSS), and other files (JSON, YML, shell scripts). We propose to
use the Common Variability Language as a composition-based approach
and integrate annotations to manage fine grained variability
of a Software Product Line for web applications. In this paper, we (i)
show that existing composition and annotation-based approaches,
including some well-known combinations, are not appropriate to
model and implement the variability of web applications; and (ii)
present a combined approach that effectively integrates annotations
into a composition-based approach for web applications. We implement
our approach and show its applicability with an industrial
real-world system.Universidad de Málaga. Campus de Excelencia Internacional AndalucĂa Tech
- …