ABSTRACT Semantic Type Qualifiers

We present a new approach for supporting user-defined type refinements, which augment existing types to statically ensure additional invariants of interest to programmers. We provide an expressive language in which users define explicit type rules for new refinements. These rules are automatically incorporated by our framework’s extensible typechecker during static typechecking. Separately, our framework’s soundness checker automatically guarantees, once and for all, that a refinement’s type rules ensure the intended invariant, for all possible type-correct programs. We have formalized our approach and have instantiated it as a framework for adding new type qualifiers to C programs. We have used this framework to define and automatically prove sound a host of type qualifiers of different sorts, including nonnull, nonzero, untainted, andunique, and we have applied our qualifiers to ensure important invariants on open-source C programs. 1

Inference of User-Defined Type Qualifiers and Qualifier Rules

Abstract. In previous work, we described a new approach to supporting userdefined type qualifiers, which augment existing types to specify and check additional properties of interest. For each qualifier, users define a set of rules that are enforced during static typechecking of programs. Separately, these rules are automatically validated with respect to a user-defined predicate that formalizes the qualifier’s intended run-time invariant. We instantiated this approach as a framework for user-defined type qualifiers in C programs, called CLARITY. In this paper, we extend our earlier approach by resolving two usability issues. First, we show how to perform qualifier inference in the presence of userdefined rules by generating and solving a system of conditional set constraints, thereby relieving users of the burden of explicitly annotating programs. Second, we show how to automatically infer rules that respect a given user-defined invariant, thereby relieving qualifier designers of the burden of manually producing such rules. We have formalized both qualifier and rule inference and proven their correctness. We have also extended CLARITY to support qualifier and rule inference, and we illustrate their utility in practice through experiments with several type qualifiers and open-source C programs.

Program Analysis for Reliable Sensor Network Software

This work examines proactive techniques to help developers overcome the difficulty of writing software for the sensor network domain. A framework for static program analysis is used to implement a collection of small "checkers" to verify that programs follow established safety conventions and conform to system resource models. Initial analysis of the SOS code base has revealed interesting errors and helped to pinpoint regions of overly complex program constructs. From this foundation we hope to develop a suite of staged checks to support program development from compile time through execution time

Mobile contagion: Simulation of infection and defense

For worms with known signatures, properly configured firewalls can prevent infection of a network from the outside. However, as several recent worms have shown, portable computers provide worms with an entry point into such networks, since these computers are connected behind the firewall. Once inside, the firewall provides no protection against the worm's further spread. Wireless networks are particularly dangerous in this regard, as the act of connection is often invisible, and improperly configured wireless networks will allow anyone within radio range to connect. In this paper, we use real data on a large-scale wireless deployment to analyze the speed with which a worm could spread if it used only this propagation vector. We discuss several possible solutions and provide analysis on how much protection those solutions would provide. 1