128,491 research outputs found
Contract-based approach to analyze software components
International audienceComponent-based software development focuses on building large software systems by integrating existing software components to reduce cost, risk and time. However, behavioural and compositional conflicts among components constitute a crucial barrier to successful software composition. In this paper, we present a contract-based approach to analyze and model the properties of components and their composition in order to detect and correct composition errors. With this approach we characterize the structural, interface and behavioural aspects, and a specific form of evolution of these components. Enabling this, we propose the use of the LOTOS language as an Architecture Description Language (ADL) for formalising these aspects
Contract-based approach to analyze software components
International audienceComponent-based software development focuses on building large software systems by integrating existing software components to reduce cost, risk and time. However, behavioural and compositional conflicts among components constitute a crucial barrier to successful software composition. In this paper, we present a contract-based approach to analyze and model the properties of components and their composition in order to detect and correct composition errors. With this approach we characterize the structural, interface and behavioural aspects, and a specific form of evolution of these components. Enabling this, we propose the use of the LOTOS language as an Architecture Description Language (ADL) for formalising these aspects
Towards a design-by-contract based approach for realizable connector-centric software architectures
Despite being a widely-used language for specifying software systems, UML remains less than ideal for software architectures. Architecture description languages (ADLs) were developed to provide more comprehensive support. However, so far the application of ADLs in practice has been impeded by at least one of the following problems: (i) advanced formal notations, (ii) lack of support for complex connectors, and (iii) potentially unrealizable designs. In this paper we propose a new ADL that is based on Design-by-Contract (DbC) for specifying software architectures. While DbC promotes a formal and precise way of specifying system behaviours, it is more familiar to practising developers, thus allowing for a more comfortable way of specifying architectures than using process algebras. Furthermore, by granting connectors a first-class status, our ADL allows designers to specify not only simple interaction mechanisms as connectors but also complex interaction protocols. Finally, in order to ensure that architectural designs are always realizable we eliminate potentially unrealizable constructs in connector specifications (the connector “glue”)
A Framework for Agile Development of Component-Based Applications
Agile development processes and component-based software architectures are
two software engineering approaches that contribute to enable the rapid
building and evolution of applications. Nevertheless, few approaches have
proposed a framework to combine agile and component-based development, allowing
an application to be tested throughout the entire development cycle. To address
this problematic, we have built CALICO, a model-based framework that allows
applications to be safely developed in an iterative and incremental manner. The
CALICO approach relies on the synchronization of a model view, which specifies
the application properties, and a runtime view, which contains the application
in its execution context. Tests on the application specifications that require
values only known at runtime, are automatically integrated by CALICO into the
running application, and the captured needed values are reified at execution
time to resume the tests and inform the architect of potential problems. Any
modification at the model level that does not introduce new errors is
automatically propagated to the running system, allowing the safe evolution of
the application. In this paper, we illustrate the CALICO development process
with a concrete example and provide information on the current implementation
of our framework
Contract Aware Components, 10 years after
The notion of contract aware components has been published roughly ten years
ago and is now becoming mainstream in several fields where the usage of
software components is seen as critical. The goal of this paper is to survey
domains such as Embedded Systems or Service Oriented Architecture where the
notion of contract aware components has been influential. For each of these
domains we briefly describe what has been done with this idea and we discuss
the remaining challenges.Comment: In Proceedings WCSI 2010, arXiv:1010.233
How Effective are Smart Contract Analysis Tools? Evaluating Smart Contract Static Analysis Tools Using Bug Injection
Security attacks targeting smart contracts have been on the rise, which have
led to financial loss and erosion of trust. Therefore, it is important to
enable developers to discover security vulnerabilities in smart contracts
before deployment. A number of static analysis tools have been developed for
finding security bugs in smart contracts. However, despite the numerous
bug-finding tools, there is no systematic approach to evaluate the proposed
tools and gauge their effectiveness. This paper proposes SolidiFI, an automated
and systematic approach for evaluating smart contract static analysis tools.
SolidiFI is based on injecting bugs (i.e., code defects) into all potential
locations in a smart contract to introduce targeted security vulnerabilities.
SolidiFI then checks the generated buggy contract using the static analysis
tools, and identifies the bugs that the tools are unable to detect
(false-negatives) along with identifying the bugs reported as false-positives.
SolidiFI is used to evaluate six widely-used static analysis tools, namely,
Oyente, Securify, Mythril, SmartCheck, Manticore and Slither, using a set of 50
contracts injected by 9369 distinct bugs. It finds several instances of bugs
that are not detected by the evaluated tools despite their claims of being able
to detect such bugs, and all the tools report many false positivesComment: ISSTA 202
Towards Validating Risk Indicators Based on Measurement Theory (Extended version)
Due to the lack of quantitative information and for cost-efficiency, most risk assessment methods use partially ordered values (e.g. high, medium, low) as risk indicators. In practice it is common to validate risk indicators by asking stakeholders whether they make sense. This way of validation is subjective, thus error prone. If the metrics are wrong (not meaningful), then they may lead system owners to distribute security investments inefficiently. For instance, in an extended enterprise this may mean over investing in service level agreements or obtaining a contract that provides a lower security level than the system requires. Therefore, when validating risk assessment methods it is important to validate the meaningfulness of the risk indicators that they use. In this paper we investigate how to validate the meaningfulness of risk indicators based on measurement theory. Furthermore, to analyze the applicability of the measurement theory to risk indicators, we analyze the indicators used by a risk assessment method specially developed for assessing confidentiality risks in networks of organizations
- …