IntRepair: Informed Repairing of Integer Overflows

Integer overflows have threatened software applications for decades. Thus, in this paper, we propose a novel technique to provide automatic repairs of integer overflows in C source code. Our technique, based on static symbolic execution, fuses detection, repair generation and validation. This technique is implemented in a prototype named IntRepair. We applied IntRepair to 2,052C programs (approx. 1 million lines of code) contained in SAMATE's Juliet test suite and 50 synthesized programs that range up to 20KLOC. Our experimental results show that IntRepair is able to effectively detect integer overflows and successfully repair them, while only increasing the source code (LOC) and binary (Kb) size by around 1%, respectively. Further, we present the results of a user study with 30 participants which shows that IntRepair repairs are more than 10x efficient as compared to manually generated code repairsComment: Accepted for publication at the IEEE TSE journal. arXiv admin note: text overlap with arXiv:1710.0372

A Tutoring Framework to Support Computer Science Programmes in Higher Education

Computing Support is the provision of academic supports such as individual tutoring and support classes to students studying computing at third level. Students can struggle with computing as it requires practice involving trial and error. This work proposes a research informed tutoring framework to support computer science students at third level. The tutoring framework combines three pillars; staff and training, pedagogies and activities. Support is put in place to help students develop technical and programming skills. Essential tutoring is provided for those who might otherwise drop out of college. The framework was applied to first and second-year undergraduate programmes and to the first semester in Higher Diploma conversion programmes. Results demonstrate that students\u27 attendance has increased by 14%. In addition, student feedback shows that the framework supports students in computer science. This framework is a useful resource for academic managers that wish to implement computing support at third level

Spatio-temporal insights into microbiology of the freshwater-to-hypersaline, oxic-hypoxic-euxinic waters of Ursu Lake

Ursu Lake is located in the Middle Miocene salt deposit of Central Romania. It is stratified, and the water column has three distinct water masses: an upper freshwater-to-moderately saline stratum (0–3 m), an intermediate stratum exhibiting a steep halocline (3–3.5 m), and a lower hypersaline stratum (4 m and below) that is euxinic (i.e. anoxic and sulphidic). Recent studies have characterized the lake's microbial taxonomy and given rise to intriguing ecological questions. Here, we explore whether the communities are dynamic or stable in relation to taxonomic composition, geochemistry, biophysics, and ecophysiological functions during the annual cycle. We found: (i) seasonally fluctuating, light-dependent communities in the upper layer (≥0.987–0.990 water-activity), a stable but phylogenetically diverse population of heterotrophs in the hypersaline stratum (water activities down to 0.762) and a persistent plate of green sulphur bacteria that connects these two (0.958–0.956 water activity) at 3–3.5 to 4 m; (ii) communities that might be involved in carbon- and sulphur-cycling between and within the lake's three main water masses; (iii) uncultured lineages including Acetothermia (OP1), Cloacimonetes (WWE1), Marinimicrobia (SAR406), Omnitrophicaeota (OP3), Parcubacteria (OD1) and other Candidate Phyla Radiation bacteria, and SR1 in the hypersaline stratum (likely involved in the anaerobic steps of carbon- and sulphur-cycling); and (iv) that species richness and habitat stability are associated with high redox-potentials. Ursu Lake has a unique and complex ecology, at the same time exhibiting dynamic fluctuations and stability, and can be used as a modern analogue for ancient euxinic water bodies and comparator system for other stratified hypersaline systems

Devil is Virtual: Reversing Virtual Inheritance in C++ Binaries

Complexities that arise from implementation of object-oriented concepts in C++ such as virtual dispatch and dynamic type casting have attracted the attention of attackers and defenders alike. Binary-level defenses are dependent on full and precise recovery of class inheritance tree of a given program. While current solutions focus on recovering single and multiple inheritances from the binary, they are oblivious to virtual inheritance. Conventional wisdom among binary-level defenses is that virtual inheritance is uncommon and/or support for single and multiple inheritances provides implicit support for virtual inheritance. In this paper, we show neither to be true. Specifically, (1) we present an efficient technique to detect virtual inheritance in C++ binaries and show through a study that virtual inheritance can be found in non-negligible number (more than 10\% on Linux and 12.5\% on Windows) of real-world C++ programs including Mysql and libstdc++. (2) we show that failure to handle virtual inheritance introduces both false positives and false negatives in the hierarchy tree. These false positves and negatives either introduce attack surface when the hierarchy recovered is used to enforce CFI policies, or make the hierarchy difficult to understand when it is needed for program understanding (e.g., during decompilation). (3) We present a solution to recover virtual inheritance from COTS binaries. We recover a maximum of 95\% and 95.5\% (GCC -O0) and a minimum of 77.5\% and 73.8\% (Clang -O2) of virtual and intermediate bases respectively in the virtual inheritance tree.Comment: Accepted at CCS20. This is a technical report versio