1,822 research outputs found
Statically analyzing the energy efficiency of software product lines
Optimizing software to become (more) energy efficient is an important concern for the software industry. Although several techniques have been proposed to measure energy consumption within software engineering, little work has specifically addressed Software Product Lines (SPLs). SPLs are a widely used software development approach, where the core concept is to study the systematic development of products that can be deployed in a variable way, e.g., to include different features for different clients. The traditional approach for measuring energy consumption in SPLs is to generate and individually measure all products, which, given their large number, is impractical. We present a technique, implemented in a tool, to statically estimate the worst-case energy consumption for SPLs. The goal is to reason about energy consumption in all products of a SPL, without having to individually analyze each product. Our technique combines static analysis and worst-case prediction with energy consumption analysis, in order to analyze products in a feature-sensitive manner: a feature that is used in several products is analyzed only once, while the energy consumption is estimated once per product. This paper describes not only our previous work on worst-case prediction, for comprehensibility, but also a significant extension of such work. This extension has been realized in two different axis: firstly, we incorporated in our methodology a simulated annealing algorithm to improve our worst-case energy consumption estimation. Secondly, we evaluated our new approach in four real-world SPLs, containing a total of 99 software products. Our new results show that our technique is able to estimate the worst-case energy consumption with a mean error percentage of 17.3% and standard deviation of 11.2%.This paper acknowledges the support of the Erasmus+ Key Action 2 (Strategic partnership
for higher education) project No. 2020-1-PT01-KA203-078646: SusTrainable-Promoting Sustainability
as a Fundamental Driver in Software Development Training and Education
A Survey of Symbolic Execution Techniques
Many security and software testing applications require checking whether
certain properties of a program hold for any possible usage scenario. For
instance, a tool for identifying software vulnerabilities may need to rule out
the existence of any backdoor to bypass a program's authentication. One
approach would be to test the program using different, possibly random inputs.
As the backdoor may only be hit for very specific program workloads, automated
exploration of the space of possible inputs is of the essence. Symbolic
execution provides an elegant solution to the problem, by systematically
exploring many possible execution paths at the same time without necessarily
requiring concrete inputs. Rather than taking on fully specified input values,
the technique abstractly represents them as symbols, resorting to constraint
solvers to construct actual instances that would cause property violations.
Symbolic execution has been incubated in dozens of tools developed over the
last four decades, leading to major practical breakthroughs in a number of
prominent software reliability applications. The goal of this survey is to
provide an overview of the main ideas, challenges, and solutions developed in
the area, distilling them for a broad audience.
The present survey has been accepted for publication at ACM Computing
Surveys. If you are considering citing this survey, we would appreciate if you
could use the following BibTeX entry: http://goo.gl/Hf5FvcComment: This is the authors pre-print copy. If you are considering citing
this survey, we would appreciate if you could use the following BibTeX entry:
http://goo.gl/Hf5Fv
The zombies strike back: Towards client-side beef detection
A web browser is an application that comes bundled with every consumer operating system, including both desktop and mobile platforms. A modern web browser is complex software that has access to system-level features, includes various plugins and requires the availability of an Internet connection. Like any multifaceted software products, web browsers are prone to numerous vulnerabilities. Exploitation of these vulnerabilities can result in destructive consequences ranging from identity theft to network infrastructure damage. BeEF, the Browser Exploitation Framework, allows taking advantage of these vulnerabilities to launch a diverse range of readily available attacks from within the browser context. Existing defensive approaches aimed at hardening network perimeters and detecting common threats based on traffic analysis have not been found successful in the context of BeEF detection. This paper presents a proof-of-concept approach to BeEF detection in its own operating environment – the web browser – based on global context monitoring, abstract syntax tree fingerprinting and real-time network traffic analysis
Variability-aware Datalog
Variability-aware computing is the efficient application of programs to
different sets of inputs that exhibit some variability. One example is program
analyses applied to Software Product Lines (SPLs). In this paper we present the
design and development of a variability-aware version of the Souffl\'{e}
Datalog engine. The engine can take facts annotated with Presence Conditions
(PCs) as input, and compute the PCs of its inferred facts, eliminating facts
that do not exist in any valid configuration. We evaluate our variability-aware
Souffl\'{e} implementation on several fact sets annotated with PCs to measure
the associated overhead in terms of processing time and database size.Comment: PADL'20 pape
Data dependent energy modelling for worst case energy consumption analysis
Safely meeting Worst Case Energy Consumption (WCEC) criteria requires
accurate energy modeling of software. We investigate the impact of instruction
operand values upon energy consumption in cacheless embedded processors.
Existing instruction-level energy models typically use measurements from random
input data, providing estimates unsuitable for safe WCEC analysis.
We examine probabilistic energy distributions of instructions and propose a
model for composing instruction sequences using distributions, enabling WCEC
analysis on program basic blocks. The worst case is predicted with statistical
analysis. Further, we verify that the energy of embedded benchmarks can be
characterised as a distribution, and compare our proposed technique with other
methods of estimating energy consumption
- …