49,756 research outputs found
On the Way to SBOMs: Investigating Design Issues and Solutions in Practice
Software Bill of Materials (SBOM), offers improved transparency and supply
chain security by providing a machine-readable inventory of software components
used. With the rise in software supply chain attacks, the SBOM has attracted
attention from both academia and industry. This paper presents a study on the
practice of SBOM, based on the analysis of 4,786 GitHub discussions from 510
SBOM-related projects. Our study identifies key topics, challenges, and
solutions associated with effective SBOM usage. We also highlight commonly used
tools and frameworks for generating SBOMs, along with their respective
strengths and limitations. Our research underscores the importance of SBOMs in
software development and the need for their widespread adoption to enhance
supply chain security. Additionally, the insights gained from our study can
inform future research and development in this field
A Vernacular for Coherent Logic
We propose a simple, yet expressive proof representation from which proofs
for different proof assistants can easily be generated. The representation uses
only a few inference rules and is based on a frag- ment of first-order logic
called coherent logic. Coherent logic has been recognized by a number of
researchers as a suitable logic for many ev- eryday mathematical developments.
The proposed proof representation is accompanied by a corresponding XML format
and by a suite of XSL transformations for generating formal proofs for
Isabelle/Isar and Coq, as well as proofs expressed in a natural language form
(formatted in LATEX or in HTML). Also, our automated theorem prover for
coherent logic exports proofs in the proposed XML format. All tools are
publicly available, along with a set of sample theorems.Comment: CICM 2014 - Conferences on Intelligent Computer Mathematics (2014
Automatically Discovering, Reporting and Reproducing Android Application Crashes
Mobile developers face unique challenges when detecting and reporting crashes
in apps due to their prevailing GUI event-driven nature and additional sources
of inputs (e.g., sensor readings). To support developers in these tasks, we
introduce a novel, automated approach called CRASHSCOPE. This tool explores a
given Android app using systematic input generation, according to several
strategies informed by static and dynamic analyses, with the intrinsic goal of
triggering crashes. When a crash is detected, CRASHSCOPE generates an augmented
crash report containing screenshots, detailed crash reproduction steps, the
captured exception stack trace, and a fully replayable script that
automatically reproduces the crash on a target device(s). We evaluated
CRASHSCOPE's effectiveness in discovering crashes as compared to five
state-of-the-art Android input generation tools on 61 applications. The results
demonstrate that CRASHSCOPE performs about as well as current tools for
detecting crashes and provides more detailed fault information. Additionally,
in a study analyzing eight real-world Android app crashes, we found that
CRASHSCOPE's reports are easily readable and allow for reliable reproduction of
crashes by presenting more explicit information than human written reports.Comment: 12 pages, in Proceedings of 9th IEEE International Conference on
Software Testing, Verification and Validation (ICST'16), Chicago, IL, April
10-15, 2016, pp. 33-4
- …