On the Concept of Variable Roles and its Use in Software Analysis

Human written source code in imperative programming languages exhibits typical patterns for variable use such as flags, loop iterators, counters, indices, bitvectors etc. Although it is widely understood by practitioners that these variable roles are important for automated software analysis tools, they are not systematically studied by the formal methods community, and not well documented in the research literature. In this paper, we study the notion of variable roles on the example of basic types (int, float, char) in C. We propose a classification of the variables in a program by variable roles, and demonstrate that classical data flow analysis lends itself naturally both as a specification formalism and an analysis paradigm for this classification problem. We demonstrate the practical applicability of our method by predicting membership of source files to the different categories of the software verification competition SVCOMP 2013

A Simple and Practical Approach to Unit Testing: The JML and JUnit Way

Writing unit test code is labor-intensive, hence it is often not done as an integral part of programming. However, unit testing is a practical approach to increasing the correctness and quality of software; for example, the Extreme Programming approach relies on frequent unit testing. In this paper we present a new approach that makes writing unit tests easier. It uses a formal specification language\u27s runtime assertion checker to decide whether methods are working correctly, thus automating the writing of unit test oracles. These oracles can be easily combined with hand-written test data. Instead of writing testing code, the programmer writes formal specifications (e.g., pre- and postconditions). This makes the programmer\u27s task easier, because specifications are more concise and abstract than the equivalent test code, and hence more readable and maintainable. Furthermore, by using specifications in testing, specification errors are quickly discovered, so the specifications are more likely to provide useful documentation and inputs to other tools. We have implemented this idea using the Java Modeling Language (JML) and the JUnit testing framework, but the approach could be easily implemented with other combinations of formal specification languages and unit test tools

A Simple and Practical Approach to Unit Testing: The JML and JUnit Way

Writing unit test code is labor-intensive, hence it is often not done as an integral part of programming. However, unit testing is a practical approach to increasing the correctness and quality of software; for example, the Extreme Programming approach relies on frequent unit testing. In this paper we present a new approach that makes writing unit tests easier. It uses a formal specification language\u27s runtime assertion checker to decide whether methods are working correctly, thus automating the writing of unit test oracles. These oracles can be easily combined with hand-written test data. Instead of writing testing code, the programmer writes formal specifications (e.g., pre- and postconditions). This makes the programmer\u27s task easier, because specifications are more concise and abstract than the equivalent test code, and hence more readable and maintainable. Furthermore, by using specifications in testing, specification errors are quickly discovered, so the specifications are more likely to provide useful documentation and inputs to other tools. We have implemented this idea using the Java Modeling Language (JML) and the JUnit testing framework, but the approach could be easily implemented with other combinations of formal specification languages and unit test tools

Use of Sensitivity Analysis to Assess the Effect of Model Uncertainty in Analyzing Accelerated Life Test Data

Accelerated life tests are used to obtain timely information on the durability and reliability of materials. Test units are subjected to higher than usual levels of “stress” and a model is used to estimate life at use conditions. Although it is desirable to use a physically-based model to justify the required extrapolation, in many practical situations, no such model is available or the physical basis for extrapolation is uncertain. In such situations, extrapolation is based on an empirical model. Sensitivity analysis tools then become important to assess the effect of model error and to allow engineers to make safe design decisions. This paper presents models, methods, and a description of software tools for performing systematic sensitivity analysis to assess potential model error. These methods are illustrated with an experiment that was conducted to determine if the fatigue life of a spring would meet a given specification

Implementing Value-Added Models of School Assessment

This paper considers value-added models of school assessment and their implementation in Poland. Value-added estimates can be very helpful for schools and policy makers who need a reliable way to control teaching effectiveness, or for parents who need information about school quality in their area. However, their usefulness depends on several statistical issues and specific decisions made during implementation. The paper discusses several value-added models and describes details of the solution implemented in Poland. Statistical problems are discussed according to their policy relevance. It is shown that what bothers statisticians is less important in practice than several problems encountered when one wants to apply these models to a policy relevant context. Problems of proper regression specification, omitted variables bias, and measurement error are discussed, but the ways value-added estimates could be published and used as policy evaluation tools are also presented. All this problems are discussed from a practical point of view using three years of experience in implementation of these methods in Poland.education, school assessment, school effectiveness, value-added models

Forensic support for the international search

The purpose of the article is to formulate the basic theoretical principles and practical recommendations for forensic support for the international search. Subject of research: The subject of research is the concept, content, objectives and features of the implementation of forensic support for the international search. Methodology: In the course of the research general scientific methods, such as the methods of analysis and synthesis, induction and deduction, specification, summarization and analogy, etc. were used. Research results: According to the results of the research, it is substantiated that the international search is a complex legal institution and a separate form of international cooperation. Forensic support in this context is to create the conditions of preparedness and implementation of methods, tools, techniques of forensics in order to solve the problems of the international search. Practical consequences: It is proved that the international search is carried out according to certain stages, where certain measures of forensic support are necessary to be applied. Value / originality: Forensic support for the international search is to maximize the use of modern advances in science and technology to expand the range of sources of forensic information that can be applied in the international search

A Domain Specific Language for Digital Forensics and Incident Response Analysis

One of the longstanding conceptual problems in digital forensics is the dichotomy between the need for verifiable and reproducible forensic investigations, and the lack of practical mechanisms to accomplish them. With nearly four decades of professional digital forensic practice, investigator notes are still the primary source of reproducibility information, and much of it is tied to the functions of specific, often proprietary, tools. The lack of a formal means of specification for digital forensic operations results in three major problems. Specifically, there is a critical lack of: a) standardized and automated means to scientifically verify accuracy of digital forensic tools; b) methods to reliably reproduce forensic computations (their results); and c) framework for inter-operability among forensic tools. Additionally, there is no standardized means for communicating software requirements between users, researchers and developers, resulting in a mismatch in expectations. Combined with the exponential growth in data volume and complexity of applications and systems to be investigated, all of these concerns result in major case backlogs and inherently reduce the reliability of the digital forensic analyses. This work proposes a new approach to the specification of forensic computations, such that the above concerns can be addressed on a scientific basis with a new domain specific language (DSL) called nugget. DSLs are specialized languages that aim to address the concerns of particular domains by providing practical abstractions. Successful DSLs, such as SQL, can transform an application domain by providing a standardized way for users to communicate what they need without specifying how the computation should be performed. This is the first effort to build a DSL for (digital) forensic computations with the following research goals: 1) provide an intuitive formal specification language that covers core types of forensic computations and common data types; 2) provide a mechanism to extend the language that can incorporate arbitrary computations; 3) provide a prototype execution environment that allows the fully automatic execution of the computation; 4) provide a complete, formal, and auditable log of computations that can be used to reproduce an investigation; 5) demonstrate cloud-ready processing that can match the growth in data volumes and complexity