WYSIWIB: A Declarative Approach to Finding Protocols and Bugs in Linux Code

14 p.Research report 08/1/INFO, Ecole des Mines de NantesAlthough a number of approaches to finding bugs in systems code have been proposed, bugs still remain to be found. Current approaches have emphasized scalability more than usability, and as a result it is difficult to relate the results to particular patterns found in the source code and to control the tools to be able to find specific kinds of bugs. In this paper, we propose a declarative approach based on a control-flow based program search engine. Our approach is WYSIWIB (What You See Is Where It Bugs), since the programmer is able to express specifications for protocol and bug finding using a syntax that is close to that of ordinary C code. Search specifications, called semantic matches, can be easily tailored so as to either eliminate false positives or catch more potential bugs. We introduce our approach by describing three case studies which have allowed us to find 395 bugs

WYSIWIB: A Declarative Approach to Finding API Protocols and Bugs in Linux Code

International audienceEliminating OS bugs is essential to ensuring the reliability of infrastructures ranging from embedded systems to servers. Several tools based on static analysis have been proposed for finding bugs in OS code. They have, however, emphasized scalability over usability, making it difficult to focus the tools on specific kinds of bugs and to relate the results to patterns in the source code. We propose a declarative approach to bug finding in Linux OS code using a control-flow based program search engine. Our approach is WYSIWIB (What You See Is Where It Bugs), since the programmer expresses specifications for bug finding using a syntax close to that of ordinary C code. The key advantage of our approach is that search specifications can be easily tailored, to eliminate false positives or catch more bugs. We present three case studies that have allowed us to find hundreds of potential bugs

Uma abordagem para a definição de valores de referência de métricas de software baseada em contexto usando redes Bayesianas.

Métricas possuem um papel fundamental no processo de gerenciamento da qualidade de software. Apesar dos seus potenciais benefícios, elas geralmente são utilizadas apenas para quantificação, não oferecendo suporte adequado à tomada de decisão durante o ciclo de vida do software. Para potencializar a utilização das métricas, é essencial definir valores de referência significativos (i.e., thresholds), atribuindo, assim, significado para os números coletados. O objetivo deste trabalho é apresentar uma abordagem para definição de valores de referência de métricas de software de acordo com o contexto do projeto. A abordagem consiste em definir os fatores de contexto que influenciam os valores de referência da métrica em questão a partir de conhecimento elicitado de especialistas. Essas informações são utilizadas para construir uma rede Bayesiana que pode ser utilizada para auxiliar na tomada de decisão. A solução proposta foi avaliada por meio de um estudo piloto realizado com três gerentes de projetos reais de desenvolvimento de software. Os dados foram coletados com os profissionais para construir redes Bayesianas, para identificar e validar os valores de referência para as métricas Número de Bugs Minor, Número de Alertas de Análise Estática e Porcentagem de Cobertura de Código. A abordagem proposta mostrou-se promissora para auxiliar os profissionais a identificar valores de referência representativos, potencializando tomadas de decisões mais assertivas no processo de gerenciamento de projetos de softwareMetrics play a key role in the software quality management process. Despite their potential benefits, they are generally only used for quantification, not providing adequate support to the decision-making process during the software’s life cycle. To enhance the use of metrics, it is essential to define meaningful reference values (i.e., thresholds), thus giving meaning to the data collected. This work aims to propose an approach to define the software metrics’ reference values according to the project’s context. The approach consists of using the specialists’ elicited knowledge to define context factors that influence the metric’s reference values. This information is used to build a Bayesian network that can be used to aid in the decision-making process. The proposed solution was evaluated through a pilot study conducted with three managers of real software development projecst. Data were collected from the software project managers in order to build Bayesian networks to identify and validate reference values for the Number of Minor Bugs, the Number of Static Analysis Alerts, and the Code Coverage Percentage metrics. Each metric was validated in three scenarios. The proposed approach has shown to be promising in helping professionals to identify representative reference values, promoting a more assertive decision making when it comes to the software project management proces

Dynamic code coverage with progressive detail levels

Tese de Mestrado Integrado. Engenharia Informática e Computação. Faculdade de Engenharia. Universidade do Porto. 201

Certifications of Critical Systems – The CECRIS Experience

In recent years, a considerable amount of effort has been devoted, both in industry and academia, to the development, validation and verification of critical systems, i.e. those systems whose malfunctions or failures reach a critical level both in terms of risks to human life as well as having a large economic impact.Certifications of Critical Systems – The CECRIS Experience documents the main insights on Cost Effective Verification and Validation processes that were gained during work in the European Research Project CECRIS (acronym for Certification of Critical Systems). The objective of the research was to tackle the challenges of certification by focusing on those aspects that turn out to be more difficult/important for current and future critical systems industry: the effective use of methodologies, processes and tools.The CECRIS project took a step forward in the growing field of development, verification and validation and certification of critical systems. It focused on the more difficult/important aspects of critical system development, verification and validation and certification process. Starting from both the scientific and industrial state of the art methodologies for system development and the impact of their usage on the verification and validation and certification of critical systems, the project aimed at developing strategies and techniques supported by automatic or semi-automatic tools and methods for these activities, setting guidelines to support engineers during the planning of the verification and validation phases