3,648 research outputs found
Multi-Threaded Actors
In this paper we introduce a new programming model of multi-threaded actors
which feature the parallel processing of their messages. In this model an actor
consists of a group of active objects which share a message queue. We provide a
formal operational semantics, and a description of a Java-based implementation
for the basic programming abstractions describing multi-threaded actors.
Finally, we evaluate our proposal by means of an example application.Comment: In Proceedings ICE 2016, arXiv:1608.0313
The Impact of IPv6 on Penetration Testing
In this paper we discuss the impact the use of IPv6 has on remote penetration testing of servers and web applications. Several modifications to the penetration testing process are proposed to accommodate IPv6. Among these modifications are ways of performing fragmentation attacks, host discovery and brute-force protection. We also propose new checks for IPv6-specific vulnerabilities, such as bypassing firewalls using extension headers and reaching internal hosts through available transition mechanisms. The changes to the penetration testing process proposed in this paper can be used by security companies to make their penetration testing process applicable to IPv6 targets
Interacting via the Heap in the Presence of Recursion
Almost all modern imperative programming languages include operations for
dynamically manipulating the heap, for example by allocating and deallocating
objects, and by updating reference fields. In the presence of recursive
procedures and local variables the interactions of a program with the heap can
become rather complex, as an unbounded number of objects can be allocated
either on the call stack using local variables, or, anonymously, on the heap
using reference fields. As such a static analysis is, in general, undecidable.
In this paper we study the verification of recursive programs with unbounded
allocation of objects, in a simple imperative language for heap manipulation.
We present an improved semantics for this language, using an abstraction that
is precise. For any program with a bounded visible heap, meaning that the
number of objects reachable from variables at any point of execution is
bounded, this abstraction is a finitary representation of its behaviour, even
though an unbounded number of objects can appear in the state. As a
consequence, for such programs model checking is decidable.
Finally we introduce a specification language for temporal properties of the
heap, and discuss model checking these properties against heap-manipulating
programs.Comment: In Proceedings ICE 2012, arXiv:1212.345
Fixing the Sorting Algorithm for Android, Java and Python
Tim Peters developed the Timsort hybrid sorting algorithm in 2002. TimSort was first developed for Python, a popular programming language, but later ported to Java (where it appears as java.util.Collections.sort and java.util.Arrays.sort). TimSort is today used as the default sorting algorithm in Java, in Android (a widely used platform by Google for mobile devices), in Python and many other programming languages and frameworks. Given the popularity of these platforms this means that the number of computers, cloud services and mobile phones that use TimSort for sorting is well into the billions.
After we had successfully verified Counting and Radix sort implementations in Java [1] with a formal verification tool called KeY, we were looking for a new challenge. TimSort seemed to fit the bill, as it is rather complex and widely used. Unfortunately, we werenāt able to prove its correctness. A closer analysis showed that this was, quite simply, because
Run-Time Verification of Black-Box Components Using Behavioral Specifications: An Experience Report on Tool Development
We introduce a generic component-based design of a run-time checker,
identify its components and their requirements, and evaluate
existing state of the art tools instantiating each component
Run-time checking multi-threaded java programs
Assertion checking traditionally focused on state-based properties. In a multi-threaded environment, approaches based on sharedstate require complex locking mechanisms to ensure that specifications are checked atomically (in the same state). In addition to this increased complexity, locks also negatively affect performance. In this paper, we extend both the underlying theory and the practical implementation of SAGA, a run-time checker for single-threaded Java programs, to multi-threading, while avoiding locks
Combining Monitoring with Run-Time Assertion Checking
According to a study in 2002 commissioned by a US Department, software bugs annually costs the US economy an estimated 312 billion globally.
There exists various ways to prevent, isolate and fix software bugs, ranging from lightweight methods that are (semi)-automatic, to heavyweight methods that require significant user interaction. Our own method described in this tutorial is based on automated run-time checking of a combination of protocol- and data-oriented properties of object-oriented programs
Being and Change: Reasoning About Invariance
We introduce a new way of reasoning about invariance in terms of foot-prints in a Hoare logic for recursive programs with (unbounded) arrays. A foot-print of a statement is a predicate that describes that part of the state that can be changed by the statement. We define invariance of an assertion with respect to a foot-print by means of a logical operation. This new Hoare logic is applied in a new simpler and modular proof of correctness of the well-known Quicksort sorting algorithm
- ā¦