7 research outputs found
A Falsification View of Success Typing
Dynamic languages are praised for their flexibility and expressiveness, but
static analysis often yields many false positives and verification is
cumbersome for lack of structure. Hence, unit testing is the prevalent
incomplete method for validating programs in such languages.
Falsification is an alternative approach that uncovers definite errors in
programs. A falsifier computes a set of inputs that definitely crash a program.
Success typing is a type-based approach to document programs in dynamic
languages. We demonstrate that success typing is, in fact, an instance of
falsification by mapping success (input) types into suitable logic formulae.
Output types are represented by recursive types. We prove the correctness of
our mapping (which establishes that success typing is falsification) and we
report some experiences with a prototype implementation.Comment: extended versio
A novel process and its implementation for the multi-objective miniaturization of software
Smart phones, gaming consoles, wireless routers are ubiquitous;
the increasing diffusion of such devices with limited
resources, together with society’s unsatiated appetite
for new applications, pushes companies to miniaturize their
programs. Miniaturizing a program for a hand-held device
is a time-consuming task often requiring complex decisions.
Companies must accommodate conflicting constraints: customers’
satisfaction may be in conflict with a device’s limited
storage and memory. This paper proposes a process, MoMS,
for the multi-objective miniaturization of software to help
developers miniaturize programs while satisfying multiple
conflicting constraints. The process directs: the elicitation
of customer pre-requirements, their mapping to program features,
and the selection of the features to port. We present
two case studies based on Pooka, an email client, and SIP
Communicator, an instant messenger, to demonstrate that
MoMS supports miniaturization and helps reduce effort by
77%, on average, over a manual approach
Cautiously Optimistic Program Analyses for Secure and Reliable Software
Modern computer systems still have various security and reliability vulnerabilities. Well-known dynamic analyses solutions can mitigate them using runtime monitors that serve as lifeguards. But the additional work in enforcing these security and safety properties incurs exorbitant performance costs, and such tools are rarely used in practice. Our work addresses this problem by constructing a novel technique- Cautiously Optimistic Program Analysis (COPA).
COPA is optimistic- it infers likely program invariants from dynamic observations, and assumes them in its static reasoning to precisely identify and elide wasteful runtime monitors. The resulting system is fast, but also ensures soundness by recovering to a conservatively optimized analysis when a likely invariant rarely fails at runtime. COPA is also cautious- by carefully restricting optimizations to only safe elisions, the recovery is greatly simplified. It avoids unbounded rollbacks upon recovery, thereby enabling analysis for live production software.
We demonstrate the effectiveness of Cautiously Optimistic Program Analyses in three areas:
Information-Flow Tracking (IFT) can help prevent security breaches and information leaks. But they are rarely used in practice due to their high performance overhead (>500% for web/email servers). COPA dramatically reduces this cost by eliding wasteful IFT monitors to make it practical (9% overhead, 4x speedup).
Automatic Garbage Collection (GC) in managed languages (e.g. Java) simplifies programming tasks while ensuring memory safety. However, there is no correct GC for weakly-typed languages (e.g. C/C++), and manual memory management is prone to errors that have been exploited in high profile attacks. We develop the first sound GC for C/C++, and use COPA to optimize its performance (16% overhead).
Sequential Consistency (SC) provides intuitive semantics to concurrent programs that simplifies reasoning for their correctness. However, ensuring SC behavior on commodity hardware remains expensive. We use COPA to ensure SC for Java at the language-level efficiently, and significantly reduce its cost (from 24% down to 5% on x86).
COPA provides a way to realize strong software security, reliability and semantic guarantees at practical costs.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/170027/1/subarno_1.pd