Blog Archives

Science of Computer Programming – Projected Control Graph for Computing Relevant Program Behaviors

Abstract: Many software engineering tasks require analysis and verification of all behaviors relevant to the task. For example, all relevant behaviors must be analyzed to verify a safety or security property. An efficient algorithm must compute the relevant behaviors directly without computing all the behaviors. This is crucial in practice because it is computationally intractable […]

Categories: Papers

ICST 2017 – Transferring state-of-the-art immutability analyses: An experimentation toolbox and accuracy benchmark

Abstract: Immutability analysis is important to software testing, verification and validation (V&V) because it can be used to identify independently testable functions without side-effects. Existing tools for immutability analysis are largely academic prototypes that have not been rigorously tested for accuracy or have not been maintained and are unable to analyze programs written in later […]

Categories: Papers

ISSRE 2016 – Mission-Critical Software Assurance Engineering ­Beyond Testing, Bug Finders, Metrics, Reliability Analysis, and Formal Verification

Abstract:  Today, mission-critical software assurance engineering must encompass both safety and cyber-security. Critical missions, whether in defense, government, banking, or healthcare depend on ensuring that a system meets safety requirements, and it does not fail under cyber attack. Mobile, cloud and Internet of Things (IoT) have made software assurance integral to our everyday lives, whether […]

Categories: Tutorials

FVPE 2016 – Insights for Practicing Engineers from a Formal Verification Study of the Linux Kernel

Abstract: Formal verification of large software has been an illusive target, riddled with the problem of scalability. Even if the obstacle of scale may be cleared, major challenges remain to adopt formal verification in practice. This paper presents an empirical study using a top-rated formal verification tool for Linux, and draws insights from the study […]

Categories: Papers

ICPC 2016 – Human-Machine Resolution of Invisible Control Flow

Abstract: Invisible Control Flow (ICF) results from dynamic binding and asynchronous processing. For modern software replete with ICF, the ability to analyze and resolve ICF is crucial for verifying software. A fully automated analysis to resolve ICF suffers from imprecision and high computational complexity. As a practical alternative, we present a novel solution of interactive […]

Categories: Papers

ISSRE 2015 – Hard Problems at the Intersection of Cybersecurity and Software Reliability

Abstract: This tutorial is aimed at the audience interested in knowing how software reliability and cybersecurity converge in terms of intrinsic hard problems, and how that knowledge can be useful for advancing the research and practice in both fields. This tutorial is based on our research in three Defense Advanced Research Projects Agency (DARPA) projects […]

Categories: Tutorials

SMC 2014 – A “Human-in-the-loop” Approach for Resolving Complex Software Anomalies

Abstract: Automated static analysis tools are widely used in identifying software anomalies, such as memory leak, unsafe thread synchronization and malicious behaviors in smartphone applications. Such anomaly-prone scenarios can be bifurcated into: “ordinary” (analysis requires relatively simple automation) and “complex” (analysis poses extraordinary automation challenges). While automated static analysis tools can resolve ordinary scenarios with […]

Categories: Papers