MISRA C, for Security's Sake!

A third of United States new cellular subscriptions in Q1 2016 were for cars. There are now more than 112 million vehicles connected around the world. The percentage of new cars shipped with Internet connectivity is expected to rise from 13% in 2015 to 75% in 2020, and 98% of all vehicles will likely be connected by 2025. Moreover, the news continuously report about "white hat" hackers intruding on car software. For these reasons, security concerns in automotive and other industries have skyrocketed. MISRA C, which is widely respected as a safety-related coding standard, is equally applicable as a security-related coding standard. In this presentation, we will show that security-critical and safety-critical software have the same requirements. We will then introduce the new documents MISRA C:2012 Amendment 1 (Additional security guidelines for MISRA C:2012) and MISRA C:2012 Addendum 2 (Coverage of MISRA C:2012 against ISO/IEC TS 17961:2013 "C Secure Coding Rules"). We will illustrate the relationship between MISRA C, CERT C and ISO/IEC TS 17961, with a particular focus on the objective of preventing security vulnerabilities (and of course safety hazards) as opposed to trying to eradicate them once they have been inserted in the code.Comment: 4 pages, 2 tables, presented at the "14th Workshop on Automotive Software & Systems", Milan, November 10, 201

Enhanced sharing analysis techniques: a comprehensive evaluation

Sharing, an abstract domain developed by D. Jacobs and A. Langen for the analysis of logic programs, derives useful aliasing information. It is well-known that a commonly used core of techniques, such as the integration of Sharing with freeness and linearity information, can significantly improve the precision of the analysis. However, a number of other proposals for refined domain combinations have been circulating for years. One feature that is common to these proposals is that they do not seem to have undergone a thorough experimental evaluation even with respect to the expected precision gains. In this paper we experimentally evaluate: helping Sharing with the definitely ground variables found using Pos, the domain of positive Boolean formulas; the incorporation of explicit structural information; a full implementation of the reduced product of Sharing and Pos; the issue of reordering the bindings in the computation of the abstract mgu; an original proposal for the addition of a new mode recording the set of variables that are deemed to be ground or free; a refined way of using linearity to improve the analysis; the recovery of hidden information in the combination of Sharing with freeness information. Finally, we discuss the issue of whether tracking compoundness allows the computation of more sharing information

A correct, precise and efficient integration of set-sharing, freeness and linearity for the analysis of finite and rational tree languages

It is well known that freeness and linearity information positively interact with aliasing information, allowing both the precision and the efficiency of the sharing analysis of logic programs to be improved. In this paper, we present a novel combination of set-sharing with freeness and linearity information, which is characterized by an improved abstract unification operator. We provide a new abstraction function and prove the correctness of the analysis for both the finite tree and the rational tree cases. Moreover, we show that the same notion of redundant information as identified in Bagnara et al. (2000) and Zaffanella et al. (2002) also applies to this abstract domain combination: this allows for the implementation of an abstract unification operator running in polynomial time and achieving the same precision on all the considered observable properties

Soundness, idempotence and commutativity of set-sharing

It is important that practical data-flow analyzers are backed by reliably proven theoretical results. Abstract interpretation provides a sound mathematical framework and necessary generic properties for an abstract domain to be well-defined and sound with respect to the concrete semantics. In logic programming, the abstract domain Sharing is a standard choice for sharing analysis for both practical work and further theoretical study. In spite of this, we found that there were no satisfactory proofs for the key properties of commutativity and idempotence that are essential for Sharing to be well-defined and that published statements of the soundness of Sharing assume the occurs-check. This paper provides a generalization of the abstraction function for Sharing that can be applied to any language, with or without the occurs-check. Results for soundness, idempotence and commutativity for abstract unification using this abstraction function are proven

CHANGES OF THE EU POLICIES IN HORTICULTURE

The EU policy in horticulture has switched its aim from price support to integration of farmers' income. Regulation 2200/96 established the new European Market Regulation (CMO) in horticulture. On this base the producers' organizations (PO) are no longer a political institution but a real economic organization with the objectives of planning and concentrating the production. At the same time, the UE has promulgated another plan (Decision n.2796 of 10/10/96 applying the objectives of the Reg. 2081/93), which is specific for Italian regions in "Objective 1" namely with low average income. This issue establishes the commercial macro organizations with the target of concentrating the supply of the producers' organizations in order to achieve countervailing power and economies of scale in services and trade. These new issues come out within a general framework of international agreements promoting cooperation and free trade areas (Mediterranean, Magreb, PECO,...). The impact on the European horticultural system will be tremendous in terms of production assessment and food chain organization and management.horticulture, European Union, market, policy, Agricultural and Food Policy, Q13,

An Improved Tight Closure Algorithm for Integer Octagonal Constraints

Integer octagonal constraints (a.k.a. ``Unit Two Variables Per Inequality'' or ``UTVPI integer constraints'') constitute an interesting class of constraints for the representation and solution of integer problems in the fields of constraint programming and formal analysis and verification of software and hardware systems, since they couple algorithms having polynomial complexity with a relatively good expressive power. The main algorithms required for the manipulation of such constraints are the satisfiability check and the computation of the inferential closure of a set of constraints. The latter is called `tight' closure to mark the difference with the (incomplete) closure algorithm that does not exploit the integrality of the variables. In this paper we present and fully justify an O(n^3) algorithm to compute the tight closure of a set of UTVPI integer constraints.Comment: 15 pages, 2 figure

The Parma Polyhedra Library: Toward a Complete Set of Numerical Abstractions for the Analysis and Verification of Hardware and Software Systems

Since its inception as a student project in 2001, initially just for the handling (as the name implies) of convex polyhedra, the Parma Polyhedra Library has been continuously improved and extended by joining scrupulous research on the theoretical foundations of (possibly non-convex) numerical abstractions to a total adherence to the best available practices in software development. Even though it is still not fully mature and functionally complete, the Parma Polyhedra Library already offers a combination of functionality, reliability, usability and performance that is not matched by similar, freely available libraries. In this paper, we present the main features of the current version of the library, emphasizing those that distinguish it from other similar libraries and those that are important for applications in the field of analysis and verification of hardware and software systems.Comment: 38 pages, 2 figures, 3 listings, 3 table

C-rusted: The Advantages of Rust, in C, without the Disadvantages

C-rusted is an innovative technology whereby C programs can be (partly) annotated so as to express: ownership, exclusivity and shareability of language, system and user-defined resources; dynamic properties of objects and the way they evolve during program execution; nominal typing and subtyping. The (partially) annotated C programs can be translated with unmodified versions of any compilation toolchain capable of processing ISO C code. The annotated C program parts can be validated by static analysis: if the static analyzer flags no error, then the annotations are provably coherent among themselves and with respect to annotated C code, in which case said annotated parts are provably exempt from a large class of logic, security, and run-time errors.Comment: 7 pages, 4 figure