DOCSLIB.ORG

CSE 501 Principles and Applications of Program Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
CSE 501 Principles and Applications of Program Analysis CSE 501 ! Principles and Applications! of Program Analysis! " Alvin Cheung" Spring 15" Welcome to CSE 501!" The Cast" App–4 A. Cheung et al. Q, D, σ, h , e Q0, D0, σ, h0 ,(σ0, e ) h i i !h i i Q0, D0, σ, h0 , e Q00, D00, σ, h00 ,(σ00, e ) h i a !h i a force(Q00, D00,(σ0, e )) Q000, D000, v J K i ! i force(Q000, D000,(σ00, ea)) Q0000, D0000, va J K ! [Array deference] Q, D, σ, h , e [e ] Q0000, D0000, σ, h00 , h00[v , v ] h i a i !h i a i J K Q, D, σ, h , e Q0, D0, σ, h0 ,(σ0, e) Q000 = Q00[id (v, )] h i !h i ! ; force(Q0, D0,(σ0, e)) Q00, D00, v id is a fresh identifier ! [Read query] J Q, DK, σ, h , R(e) Q000, D00, σ, h0 , ([ ], id) h i !h i Semantics ofJ statements: K [Skip] Q, D, σ, h , skip Q, D, σ, h h i !h i J K Q, D, σ, h , e Q0, D0, σ, h0 ,(σ0, e) h i !h i Q0, D0, σ, h0 , el Q00, D00, σ, h00 , vl h i !h i [Assignment] Q, D, σ,Jh , e := e KQ00, D00, σ[v (σ0, e)], h00 h i l !h l ! i J K J K Q, D, σ, h , e Q0, D0, σ, h0 ,(σ0, e) h i !h i force(Q0, D0,(σ0, e)) Q00, D00, True ! J Q00, D00, σ, h0 K, s1 Q000, D00, σ0, h00 h i !h i [Conditional–true] Q, D, σ, h , if(e) then s else s Q000, D000, σ0, h00 h i 1 2 !h i J K J K Q, D, σ, h , e Q0, D0, σ, h0 ,(σ0, e) h i !h i force(Q0, D0,(σ0, e)) Q00, D00, False ! Q00, D00, σ, h0 , s2 Q000, D00, σ0, h00 Jh iK !h i [Conditional–false] Q, D, σ, h , if(e) then s1 else s2 Q000, D000, σ0, h00 h J i K !h i J K Q, D, σ, h , s Q0, D0, σ0, h0 h i !h i [Loop] Q, D, σ, h , while(True) do s Q0, D0, σ0, h0 h i !h i Instructor" J K J K Q, D, σ, h , e Q0, D0, σ, h0 ,(σ0, e) h i !h i force(Q0, D0,(σ0, e)) Q00, D00, v ! update(D00, v) D000 J K ! D000[Q00[id].s] if Q00[id].rs = Alvin Cheung" id Q00 . Q000[id]= ; 8 2 Q00[id].rs otherwise ⇢ [Write query] Q, D, σ, h , W (e) Q000, D000, σ, h0 CSE 530! h i !h i J K Q, D, σ, h , s1 Q0, D0, σ0, h0 Q, D0, σ0, h0 , s2 Q00, D00, σ00, h00 " h i !h i h i !h i [Sequence] Q, D, σ, h , s ; s Q00, D00, σ00, h00 h i 1 2 !h i J K J K J ACM TransactionsK on Database Systems, Vol. V, No. N, Article A, Publication date: January YYYY. TA Extraordinaire! Andre Baixo! Office hours: TBD" You!" Course Communication" • Discussion board" – HW help" – Find project partners" • Course website: ! courses.cs.washington.edu/501 • Email: [email protected] Course Goals" • What are the techniques used to understand programs?" – Mix of classical and recent advances" • What can we use these techniques for?" – Variety of applications across different domains" • How do we build tools that utilize such techniques?" Course Goals" • How to do research?" – How to choose problems" – How to devise solutions" – How to evaluate" – How to report results" Course Non-Goals" • How to build a compiler from scratch" – Check out CSE 401" • What are all the compiler optimizations out there?" – Check out list of references on website" • Cover all research topics in program analysis" – 35 years of PLDI but we only have 10 weeks!" Class Format" • Two class meetings per week" – Tuesday and Thursday 11am – 12:20 pm" – Here!" • Occasional HW help and project feedback sessions" Class Format" • We will discuss 1-2 research papers during each class meeting" – Please read them beforehand" – We ask you to write a small commentary before class to share with everyone" – Be prepared to ask questions!" Grading" • Programming assignments (30%)" – Get to know available tools out there" – No late days" • Project (50%)" – Open-ended: find problems in your research area " – Work with a partner" – We will provide you with potential ideas" – Project milestones, end-of-quarter presentation, final report" • Paper summaries (20%)" – Submit paper summary 24-hrs before lecture" – See details on course website" Course Topics" • Dataflow frameworks" • Abstract interpretation" • Domain-specific languages" • Program verification" • Dynamic analysis" Course Topics" • Dataflow frameworks & abstract interpretation" – Pointer analysis" – Compiler optimizations" – Information flow" – Detecting malware" • Domain-specific languages" – Parallel programming" – High-performance computing" – New hardware" " Course Topics" • Program verification" – Finding program invariants" – Provably-correct compilers" • Dynamic analysis" – Program testing" – Model checking" • Compiler construction" Prerequisites" • Coding" • Data structures" • Mathematical logic" • [Optional] Knowledge about compilers" Now the fun begins…" Why understand programs?" • We all write code!" • It’s good to get some understanding about what we are coding" • It’s good to develop a formal framework for understanding programs" • It’s good to have somebody else do this for us, perhaps automatically" List of software bugs From Wikipedia, the free encyclopedia Many software bugs are merely annoying or inconvenient but some can have extremely serious consequences – either financially or as a threat to human well-being. The following is a list of notable software bugs with significant consequences: Contents 1 Space exploration 2 Medical 3 Tracking years In 1997, the Mars Pathfinder mission was jeopardised by a bug in concurrent software shortly after the 4 Electric power transmission rover landed, which had not been found in preflight testing because it only occurred in certain 5 Administration [5] u6n aTnetlieccipoamtemd uhneiacvayti-olnosad conditions. The problem, which was identified and corrected from Earth, [6][7] Februawr7ya Ms2 0dil0uit7ea ,rt yoa gcoromuppu otef rs rixes Fet-s2 2ca Rusaepdto brsy fplyriionrgit yfr oinmv eHrsiicokna.m AFB, Hawaii, experienced multiple compuTt8ehr Me c Ereadusirhaoepse caoni nScpidaceen tA wgiethn cthye'si rC crryoosSsiantg-1 o sfa ttheell i1te8 0wtha sm loesritd iina na olafu lnocnhg iftauidluer e(t hine 2In0t0e5rn dautieo ntoa la missing Date Lsi9hn ueVt)d.i doTewhoen g ccaoommminpmguatenrd f ianil uthre sf liingchltu cdoendt raot ll esaysstt enmav oigf aitsio Rn o(kcomt cpalrertieelry r olocskt)e ta.[n8d] communication. The figNh1At0e SrEsA nwc Mreyraepr tasio bPnleo ltaor rLeatunrdne tro w Haas wdeasiit rboyy efodl lboewcainugse t hitesi rf ltiagnhkt esrosf,t wsoamree tmhiinstgo othka tv mibirgahtito hnas vdeu be eteon pLrobilesma1tma1 t iooTcs rphafhan desrs ptihcoo ertt uawfrtbiteouanwltehnecra en rofot reb ee vebind egunocoegd .t hsTaht eth eer rvoerh wicales hfiaxde dla wnditehdin a n4d8 shhouutr so,f fa ltlhoew eingi na edse 4la0y medeters from From Wikipedia, the free encyclopedia deployFtmh1ee2eb n MrBut.au[2rsy9tiin] a2en0s s0u7r,f ac ger o(Dupe coefm sbixe rF 3-2, 21 9R9a9p)t.o[9r]s flying from Hickam AFB, Hawaii, experienced multiple Manyc s1oo3mf tRpwueIatftereser r s ecbinsruatcegserhss seapsr aecc omeicnercraeifdlty eM natna wnrsoi tCyhil nitmhge aoitrre c iOnrocrsobsniitnveger n woiefa ntsht aebl su1ot8 s0dotehms tmero ceyareind i,ha danvu oef et olxo tsnroegfmittwuedlayer e s( etohrnieo tuIhnset e cgronrnoasuteinoqdnuaelnces – either financially or as a threat to human well-being. The following is a list of notable software bugs with Date Line). The computer failures included at least navigation (completely lost) and communication. Medsiiagnificant cgoennseqrauteinngc ecso:mmands in pound-force (lbf), while the orbiter expected newtons (N). TAh me ifsig-shetnetr sc owmerme aanbdle f rtom re Etuarrnt hto c aHuasweda itih bey s ofoftlwloawrein ogf tthheei rN taAnSkAer sM, saorms Getlhoibnagl tShuatr vmeiygohrt thoa ivnec obrereenctly ISn pthae cpSasroeosnu byemle Bxem MptahtGlaicot ahCr amDado tcthioeopr wyhn aepdar etfhvaeeilrne ntdio, tnc ba suecesainn dga oilto (tdOo. cpTtoohiben ete ror r2no0er0 ow5f)a ,is tSs f oibxnaeytdt eB rwiMeisthG aitn pt h4roe8d shuuocnue.dr Ts ,ah aVilsl oacnwa uZinsaegnd ta t hdee lbaaytetedry music CD that emp[2lo9y] ed a copy protect[i1o0n][ 1sc1h] eme that covertly installed a rootkit on any Windows PC InC 19o9d7ntoe, tptohelvoeney Mrmhteasearnstt .(PNatohvfeinmdbeer rm 2i,s s2i0o0n6 w).as jeopardised by a bug in concurrent software shortly after the that waAs ubsoeods tteor pwlaeyn ti to. fTf hcoeiurr isnet ednutr iwngas l atou nhcidhe, rtehseu cltoinpgy ipnr othtec dtieosntr umceticohna noifs mN AtoS mAa Mkea irti nhearr d1e. rT thois was the rover laNnAdeSdA, 'ws hSipcihri th raodv neor tb beeceanm feo uunnrde sinp opnrseifvlieg hotn t eJastninugar bye 2c1a,u 2se0 0it4 o, nal yfe owc cwurereekds ianf tceerr tlainnding on Mars. circumrve1esnu Stl.tp Uoafcn etfh oeerx tfpualniolaurtareetli yoo,nf t ha et rraonostckriitb ienra tdov neortteicnetl ya no poevneerbda ar isne cau writryit theonl es precsuiflitcinatgio in fao wr tahvee g oufidance uMnanetdicEiipnaagtiende ehresa fvoyu-nloda tdh acto tnodoi tmioanns.y[5 f]i lTesh eh apdro abclceumm, uwlahtiecdh iwn aths ei dreonvteifri'es df lanshd mcoermreocrtyed. Iftr womas E reasrtho,red to [30] [1] succespsfr2uo lgM trraeomdjai,cn ra ehlsourlstien agt tianc tkhse o cno dthine gc oomf apnu tienrcso orrfe tchto fsoer [mw12uh]loa hina dit sin FnOocReTntRlyA pNla ysoefdt wthaer eC. D(J.uly 2 S2o, n1y9'6s2). working condition after deleting unnecessary files[.6][7] was due to computer resets caused by priority inversion. [2] subseqINun3eo tn thTete ret ahSfcfaooktn ritntyhsg eBt oyiMn epiatGriroas vlC irdDeep ocaor tupintyigl ip toyrfe t vothe feni xtci oathunes se pc oaronf bdthlaeilsm ( bO aucgto uwbalealrsy 2ien0xc0ao5cr)er,er bSctao.tneyd Bit.M[31G] produced a Van Zant The European Space Agency's CryoSat-1 satellite was lost in a launch failure in 2005 due to a missing mTh4ue sE iRcl euCcstDsri cat nhp aoSt wpeamecrpe t lrRoayneesdmea iarsc schioo Ipnnys tpitruottee'cs tPiohno sbcohse 1m (eP thhoabt ocso vperortglyra imns)t adleleadct iav raoteodtk iitts oantt iatundye W thirnudsotewrss aPnCd Medical [8] Videshou tdgoatcwhom5anut Alcwdiod nanmmsog mi unlosaiensdtdgr a etiotrni o pptnhrloaeyp f eliirtg.l yhT toh creioeirnn titrn oittels n ssyto swltaearm sa troraf h yiitsds oeR rt ohckeoo mcto mcpauyrnr piiecrroa rteo cwtkioiettnh.
Load more

Recommended publications
  • Reit) Hydrology \-Th,C),^:::Th
    Icru j Institute of 'reit) Hydrology \-Th,c),^:::Th Natural Environment Research Council Environment Research A CouncilNatural • • • • • • • • • SADC-HYCOS • HYDATAv4.0trainingcourse • PRCPretoria,SouthAfrica 28July-6August1998 • • • • • • • • • • Institute of Hydrology Maclean Building Crowmarsh Gifford Wallingford Oxon OXIO 81313 • Tel: 01491 838800 Fax: 01491 692424 • Telex: 849365 HYDROL, G September 1998 • • •••••••••••••••••••••••••••••••••• Summary 111 A key stage in the implementation of the SADC-HYCOS projcct involves establishing a regional database system. Thc database selected was the Institute of Hydrology's HYDATA system. HYDATA is uscd in more than 50 countries worldwide, and is the national database system for surface water data in more than 20 countries, including many of the SADC countries. A ncw Windows version of HYDATA (v4.0) is near release (scheduled January 1999), and provides several improvements over the original DOS-bascd system. It was agreed that HYDATA v4.0 would be provided to each National Hydrological Agency for the SADC- HYCOS project, and that a 2-week training course would be held in Pretoria, South Africa. The first HYDATA v4.0 training course was held at the DWAF training centre in Pretoria between 28 July and 6 August 1998. The course was attended by 16 delegates from 1 I different countries. This report provides a record of the course and the software and training provided. •••••••••••••••••••••••••••••••••• Contents • Page • 1. INTRODUCTION 1 • 1.1Background to SADC-HYCOS 1.2 Background to HYDATA 1.3Background to course 2 2 THE HYDATA TRAINING COURSE 3 • 2.1The HYDATA v4.0 training course 3 • 2.2Visit to DWAF offices 4 • 3. CONCLUSIONS AND FUTURE PLANS 5 • APPENDIX A:RECEIPTS FOR HYDATA v4.0 SOFTWARE 6 • APPENDIX B:PROGRAMME OF VISIT 7 • APPENDIX C:LIST OF TRAINING COURSE PARTICIPANTS 9 • APPENDIX D:LIST OF SOFTWARE BUGS 10 ••••••••••••0-••••••••••••••••••••• • • 1.
    [Show full text]
  • An In-Depth Study with All Rust Cves
    Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs HUI XU, School of Computer Science, Fudan University ZHUANGBIN CHEN, Dept. of CSE, The Chinese University of Hong Kong MINGSHEN SUN, Baidu Security YANGFAN ZHOU, School of Computer Science, Fudan University MICHAEL R. LYU, Dept. of CSE, The Chinese University of Hong Kong Rust is an emerging programing language that aims at preventing memory-safety bugs without sacrificing much efficiency. The claimed property is very attractive to developers, and many projects start usingthe language. However, can Rust achieve the memory-safety promise? This paper studies the question by surveying 186 real-world bug reports collected from several origins which contain all existing Rust CVEs (common vulnerability and exposures) of memory-safety issues by 2020-12-31. We manually analyze each bug and extract their culprit patterns. Our analysis result shows that Rust can keep its promise that all memory-safety bugs require unsafe code, and many memory-safety bugs in our dataset are mild soundness issues that only leave a possibility to write memory-safety bugs without unsafe code. Furthermore, we summarize three typical categories of memory-safety bugs, including automatic memory reclaim, unsound function, and unsound generic or trait. While automatic memory claim bugs are related to the side effect of Rust newly-adopted ownership-based resource management scheme, unsound function reveals the essential challenge of Rust development for avoiding unsound code, and unsound generic or trait intensifies the risk of introducing unsoundness. Based on these findings, we propose two promising directions towards improving the security of Rust development, including several best practices of using specific APIs and methods to detect particular bugs involving unsafe code.
    [Show full text]
  • University of California Santa Cruz Learning from Games
    UNIVERSITY OF CALIFORNIA SANTA CRUZ LEARNING FROM GAMES FOR GENERATIVE PURPOSES A dissertation submitted in partial satisfaction of the requirements for the degree of DOCTOR OF PHILOSOPHY in COMPUTER SCIENCE by Adam J. Summerville June 2018 The Dissertation of Adam J. Summerville is approved: Professor Michael Mateas, Chair Professor Noah Wardrip-Fruin Professor Santiago Ontañón Dean Tyrus Miller Vice Provost and Dean of Graduate Studies Copyright © by Adam J. Summerville 2018 Table of Contents List of Figures vi List of Tables xiv Abstract xvi Dedication xvii Acknowledgments xviii 1 Introduction 1 1.1 Research Contributions ........................... 5 I Learning From Game 7 2 How Humans Understand Games 8 2.1 Human Annotation Tasks .......................... 17 2.2 Entity Persistence .............................. 17 2.3 Camera Motion ................................ 18 2.4 Room Detection ............................... 21 2.4.1 Teleportation ............................. 23 2.4.2 Traversal ............................... 25 2.5 Animation Cycles ............................... 32 2.6 Mode Dynamics ................................ 34 2.7 Conclusion .................................. 36 3 Mappy – A System for Map Extraction and Annotation via Observa- tion 37 3.1 NES Architecture and Emulation ...................... 41 3.2 Operationalizing Entity Persistence ..................... 43 3.3 Inferring Camera Motion .......................... 49 iii 3.4 Determining Room Transitions ....................... 59 3.4.1 Automatic Mapping ........................
    [Show full text]
  • Managing Software Development – the Hidden Risk * Dr
    Managing Software Development – The Hidden Risk * Dr. Steve Jolly Sensing & Exploration Systems Lockheed Martin Space Systems Company *Based largely on the work: “Is Software Broken?” by Steve Jolly, NASA ASK Magazine, Spring 2009; and the IEEE Fourth International Conference of System of Systems Engineering as “System of Systems in Space 1 Exploration: Is Software Broken?”, Steve Jolly, Albuquerque, New Mexico June 1, 2009 Brief history of spacecraft development • Example of the Mars Exploration Program – Danger – Real-time embedded systems challenge – Fault protection 2 Robotic Mars Exploration 2011 Mars Exploration Program Search: Search: Search: Determine: Characterize: Determine: Aqueous Subsurface Evidence for water Global Extent Subsurface Bio Potential Minerals Ice Found Found of Habitable Ice of Site 3 Found Environments Found In Work Image Credits: NASA/JPL Mars: Easy to Become Infamous … 1. [Unnamed], USSR, 10/10/60, Mars flyby, did not reach Earth orbit 2. [Unnamed], USSR, 10/14/60, Mars flyby, did not reach Earth orbit 3. [Unnamed], USSR, 10/24/62, Mars flyby, achieved Earth orbit only 4. Mars 1, USSR, 11/1/62, Mars flyby, radio failed 5. [Unnamed], USSR, 11/4/62, Mars flyby, achieved Earth orbit only 6. Mariner 3, U.S., 11/5/64, Mars flyby, shroud failed to jettison 7. Mariner 4, U.S. 11/28/64, first successful Mars flyby 7/14/65 8. Zond 2, USSR, 11/30/64, Mars flyby, passed Mars radio failed, no data 9. Mariner 6, U.S., 2/24/69, Mars flyby 7/31/69, returned 75 photos 10. Mariner 7, U.S., 3/27/69, Mars flyby 8/5/69, returned 126 photos 11.
    [Show full text]
  • Ame Development from Nintendo 8-Bit to Wii
    Bachelor report in Computer Science Blekinge institute of technology, 2009 EXAMINATION CANDIDATE COMPUTER SCIENSE Game Development from Nintendo 8-bit to Wii An analysis of Super Mario Bros. 1985 to 2009 Sophie Forsell 2009-08-14 This is a report of the game development of Super Mario Bros. from 1985 to 2009. It describes the differences in the games; Story, game flow, hardware, software development and graphics Game Development from Nintendo 8-bit to Wii A report of Super Mario Bros. 1985 to 2009 Contact information: Author: Sophie Forsell E-mail: [email protected] Supervisor: Jeanette Eriksson E-mail: [email protected] Program: Game Programing Blekinge Tekniska Högskola Phone: +46 457 38 50 00 SE - 372 25 RONNEBY Fax: +46 457 279 14 2 Game Development from Nintendo 8-bit to Wii A report of Super Mario Bros. 1985 to 2009 ABSTRACT “The game begins the moment a person touches a console -- everything builds from that.” (Quote by Shiguru Miyamoto; founder of Super Mario) This report contains a well-structured analysis of the main four Super Mario games that clearly states a difference in story, hardware, software development and design. The report is structured in sections for each game to better understand the concept of the Super Mario games. The report ends with comparisons of the games for a better view of the paradigm between them. The pictures and quotations in this report are referenced to the company that has copy write and Shiguru Miyamoto that is the founder of the character Super Mario. 3 Game Development from Nintendo 8-bit to Wii A report of Super Mario Bros.
    [Show full text]
  • Pristup Agregaciji Mrežnih Veza U Operativnom Sistemu Sa Mikrojezgrom
    UNIVERZITET U NOVOM SADU FAKULTET TEHNIČKIH NAUKA NOVI SAD Kandidat: Lazar Stričević Pristup agregaciji mrežnih veza u operativnom sistemu sa mikrojezgrom doktorska disertacija Mentor: dr Miroslav Hajduković Novi Sad 2016 УНИВЕРЗИТЕТ У НОВОМ САДУ ФАКУЛТЕТ ТЕХНИЧКИХ НАУКА 21000 НОВИ САД, Трг Доситеја Обрадовића 6 КЉУЧНА ДОКУМЕНТАЦИЈСКА ИНФОРМАЦИЈА Редни број, РБР: Идентификациони број, ИБР: Тип документације, ТД: Монографска публикација Тип записа, ТЗ: Текстуални штампани документ/ЦД Врста рада, ВР: Докторска дисертација Аутор, АУ: Лазар Стричевић Ментор, МН: др Мирослав Хајдуковић, редовни професор Наслов рада, НР: Приступ агрегацији мрежних веза у оперативном систему са микројезгром Језик публикације, ЈП: српски (латиница) Језик извода, ЈИ: српски/енглески Земља публиковања, ЗП: Србија Уже географско подручје, УГП: Војводина Година, ГО: 2016. Издавач, ИЗ: Ауторски репринт Место и адреса, МА: Факултет техничких наука (ФТН), Д. Обрадовића 6, 21000 Нови Сад Физички опис рада, ФО: 7/90/107/0/27/0/2 (поглавља/страна/ цитата/табела/слика/графика/прилога) Научна област, НО: Електротехничко и рачунарско инжењерство Научна дисциплина, НД: Примењене рачунарске науке и информатика Предметна одредница/Кључне речи, ПО: агрегација мрежних веза, микројезгро, толеранција поремећаја, ослоњивост, поузданост, доступност, рачунарске мреже УДК Чува се, ЧУ: Библиотека ФТН, Д. Обрадовића 6, 21000 Нови Сад Важна напомена, ВН: Извод, ИЗ: Теза се бави повећањем укупне ослонљивости модуларног микрокернел оперативног систем MINIX 3 кроз повећање поузданости његовог
    [Show full text]
  • Formal Methods: from Academia to Industrial Practice a Travel Guide
    Formal Methods: From Academia to Industrial Practice A Travel Guide Marieke Huisman Department of Computer Science (FMT), UT, P.O. Box 217, 7500 AE Enschede, The Netherlands Dilian Gurov KTH Royal Institute of Technology, Lindstedtsvägen 3, SE-100 44 Stockholm, Sweden Alexander Malkis Department of Informatics (I4), TUM, Boltzmannstr. 3, 85748 Garching, Germany 17 February 2020 Abstract For many decades, formal methods are considered to be the way for- ward to help the software industry to make more reliable and trustworthy software. However, despite this strong belief and many individual success stories, no real change in industrial software development seems to be oc- curring. In fact, the software industry itself is moving forward rapidly, and the gap between what formal methods can achieve and the daily software- development practice does not appear to be getting smaller (and might even be growing). In the past, many recommendations have already been made on how to develop formal-methods research in order to close this gap. This paper investigates why the gap nevertheless still exists and provides its own re- commendations on what can be done by the formal-methods–research com- munity to bridge it. Our recommendations do not focus on open research questions. In fact, formal-methods tools and techniques are already of high quality and can address many non-trivial problems; we do give some tech- nical recommendations on how tools and techniques can be made more ac- cessible. To a greater extent, we focus on the human aspect: how to achieve impact, how to change the way of thinking of the various stakeholders about this issue, and in particular, as a research community, how to alter our be- haviour, and instead of competing, collaborate to address this issue.
    [Show full text]
  • A Technical View of Theopenssl 'Heartbleed' Vulnerability
    A technical view of theOpenSSL ‘Heartbleed’ vulnerability A look at the memory leak in the OpenSSL Heartbeat implementation Bipin Chandra [email protected] Version 1.2.1, May 13, 2014 Abstract: This article describes ‘OpenSSL Heartbleed Vulnerability’ in detail. It describes the ‘HeartBleed’ problem, its causes and its impact. The purpose of this article is to increase awareness about Heartbleed vulnerability in OpenSSL library, using which attackers can get access to passwords, private keys or any encrypted data. It also explains how Heartbleed works, what code causes data leakage and explains the resolution with code fix. • Table of Contents 1Introduction to Heartbleed Vulnerability.................................................................................................3 2Heartbleed Explanation............................................................................................................................3 2.1The OpenSSL Project......................................................................................................................3 2.2SSL, TLS and DTLS Protocols........................................................................................................3 2.3TLS/DTLS Heartbeat Extension......................................................................................................4 2.3.1How the heartbeat works..........................................................................................................4 2.3.2Heartbeat Implementation in OpenSSL....................................................................................5
    [Show full text]
  • Mars Science Laboratory Landing
    PRESS KIT/JULY 2012 Mars Science Laboratory Landing Media Contacts Dwayne Brown NASA’s Mars 202-358-1726 Steve Cole Program 202-358-0918 Headquarters [email protected] Washington [email protected] Guy Webster Mars Science Laboratory 818-354-5011 D.C. Agle Mission 818-393-9011 Jet Propulsion Laboratory [email protected] Pasadena, Calif. [email protected] Science Payload Investigations Alpha Particle X-ray Spectrometer: Ruth Ann Chicoine, Canadian Space Agency, Saint-Hubert, Québec, Canada; 450-926-4451; [email protected] Chemistry and Camera: James Rickman, Los Alamos National Laboratory, Los Alamos, N.M.; 505-665-9203; [email protected] Chemistry and Mineralogy: Rachel Hoover, NASA Ames Research Center, Moffett Field, Calif.; 650-604-0643; [email protected] Dynamic Albedo of Neutrons: Igor Mitrofanov, Space Research Institute, Moscow, Russia; 011-7-495-333-3489; [email protected] Mars Descent Imager, Mars Hand Lens Imager, Mast Camera: Michael Ravine, Malin Space Science Systems, San Diego; 858-552-2650 extension 591; [email protected] Radiation Assessment Detector: Donald Hassler, Southwest Research Institute; Boulder, Colo.; 303-546-0683; [email protected] Rover Environmental Monitoring Station: Luis Cuesta, Centro de Astrobiología, Madrid, Spain; 011-34-620-265557; [email protected] Sample Analysis at Mars: Nancy Neal Jones, NASA Goddard Space Flight Center, Greenbelt, Md.; 301-286-0039; [email protected] Engineering Investigation MSL Entry, Descent and Landing Instrument Suite: Kathy Barnstorff, NASA Langley Research Center, Hampton, Va.; 757-864-9886; [email protected] Contents Media Services Information.
    [Show full text]
  • Integrating Testing Into Software Engineering Courses Supported by a Collaborative Learning Environment
    Integrating Testing into Software Engineering Courses Supported by a Collaborative Learning Environment PETER J. CLARKE and DEBRA DAVIS, Florida International University TARIQ M. KING , North Dakota State University JAIRO PAVA, Florida International University EDWARD L. JONES, Florida A&M University As software becomes more ubiquitous and complex, the cost of software bugs continues to grow at a staggering 18 rate. To remedy this situation, there needs to be major improvement in the knowledge and application of software validation techniques. Although there are several software validation techniques, software testing continues to be one of the most widely used in industry. The high demand for software engineers in the next decade has resulted in more software engineering (SE) courses being offered in academic institutions. However, due to the number of topics to be covered in SE courses, little or no attention is given to software testing, resulting in students entering industry with little or no testing experience. We propose a minimally disruptive approach of integrating software testing into SE courses by providing students access to a collaborative learning environment containing learning materials on testing techniques and testing tools. In this article, we describe the learning environment and the studies conducted to measure the benefits accrued by students using the learning environment in the SE courses. Categories and Subject Descriptors: D.2.5 [Software Engineering]: Testing and Debugging—Testing tools; K.3.1 [Computers and Education]: Computer Uses in Education—Collaborative learning General Terms: Experimentation Additional Key Words and Phrases: Course management, code coverage, software testing, unit testing, testing tutorials ACM Reference Format: Peter J.
    [Show full text]
  • Legal Liability for Bad Software
    SUPPLY CHAIN RISKS IN CRITICAL INFRASTRUCTURE But software has fallen short of its ability to meet expectations. And some of its failures have resulted in catastrophes of a mag- Legal Liability for nitude that for other sectors and industries—from meat packing to automobiles—have raised outrage so great that the government was compelled to establish national regulations (and in a few Bad Software cases, international) with whole agencies to enforce them. [3] Inexplicably, despite these costly and fatal software-related Karen Mercedes Goertzel disasters, and despite the recent spate of software malfuction- and defect-related automobile recalls at Toyota, Jeep-Chrysler, Abstract. This article focuses on lawsuits as a recourse for purchasers of defective Honda and Volvo, and despite the software-related fraud com- COTS software — particularly safety-critical COTS software and software-controlled mitted by Volkswagen, nothing has inspired a general or sus- systems, such as software used in commercial aircraft, motor vehicles, unmanned tained outcry or driven the government to undertake regulation aerial vehicles, medical devices, physical security systems, automated teller ma- of the software industry, as it has when other industries have chines, commercial robots and industrial control systems, a wide variety of COTS been involved in safety or security catastrophes. diagnostic and sensor systems, a nd the whole growing panoply of cyber-physical Despite decades of improvement of software safety and qual- devices and systems that collectively comprise the “Internet of Things.” [1] ity, most commercial software is still shipped with serious flaws and defects, some of which are exploitable as vulnerabilities. Background: Why Sue Software Companies? This has, in fact, been going on so long, it has simply become Most commercial software contains serious flaws and defects, expected and accepted by most software customers.
    [Show full text]
  • 2014-07 EFF Gaming Exempiton Comment
    Before the U.S. COPYRIGHT OFFICE, LIBRARY OF CONGRESS In the Matter of Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies Docket No. 2014-07 Comments of the Electronic Frontier Foundation 1. Commenter Information Electronic Frontier Foundation Kendra Albert Mitch Stoltz (203) 424-0382 Corynne McSherry [email protected] Kit Walsh 815 Eddy St San Francisco, CA 94109 (415) 436-9333 [email protected] The Electronic Frontier Foundation (EFF) is a member-supported, nonprofit public interest organization devoted to maintaining the traditional balance that copyright law strikes between the interests of copyright owners and the interests of the public. Founded in 1990, EFF represents over 25,000 dues-paying members, including consumers, hobbyists, artists, writers, computer programmers, entrepreneurs, students, teachers, and researchers, who are united in their reliance on a balanced copyright system that ensures adequate incentives for creative work while facilitating innovation and broad access to information in the digital age. In filing these comments, EFF represents the interests of gaming communities, archivists, and researchers who seek to preserve the functionality of video games abandoned by their manufacturer. 2. Proposed Class Addressed Proposed Class 23: Abandoned Software—video games requiring server communication Literary works in the form of computer programs, where circumvention is undertaken for the purpose of restoring access to single-player or multiplayer video gaming on consoles, personal computers or personal handheld gaming devices when the developer and its agents have ceased to support such gaming. We ask the Librarian to grant an exemption to the ban on circumventing access controls applied to copyrighted works, 17 U.S.C.
    [Show full text]