The HACMS program: using formal methods to eliminate exploitable bugs

Kathleen Fisher; John Launchbury; Raymond Richards

doi:10.1098/rsta.2015.0401

The HACMS program: using formal methods to eliminate exploitable bugs

Philosophical Transactions of The Royal Society A Mathematical Physical and Engineering Sciences ◽

10.1098/rsta.2015.0401 ◽

2017 ◽

Vol 375 (2104) ◽

pp. 20150401 ◽

Cited By ~ 10

Author(s):

Kathleen Fisher ◽

John Launchbury ◽

Raymond Richards

Keyword(s):

Formal Methods ◽

Assembly Language ◽

Software Systems ◽

Practical Applications ◽

C Programs ◽

Correctness Proofs ◽

Buffer Overflows ◽

Number Of Factors ◽

Wide Range ◽

High Assurance

For decades, formal methods have offered the promise of verified software that does not have exploitable bugs. Until recently, however, it has not been possible to verify software of sufficient complexity to be useful. Recently, that situation has changed. SeL4 is an open-source operating system microkernel efficient enough to be used in a wide range of practical applications. Its designers proved it to be fully functionally correct, ensuring the absence of buffer overflows, null pointer exceptions, use-after-free errors, etc., and guaranteeing integrity and confidentiality. The CompCert Verifying C Compiler maps source C programs to provably equivalent assembly language, ensuring the absence of exploitable bugs in the compiler. A number of factors have enabled this revolution, including faster processors, increased automation, more extensive infrastructure, specialized logics and the decision to co-develop code and correctness proofs rather than verify existing artefacts. In this paper, we explore the promise and limitations of current formal-methods techniques. We discuss these issues in the context of DARPA’s HACMS program, which had as its goal the creation of high-assurance software for vehicles, including quadcopters, helicopters and automobiles. This article is part of the themed issue ‘Verified trustworthy software systems’.

Download Full-text

A New Detector System For The HB5 Stem Instrument

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100117674 ◽

1985 ◽

Vol 43 ◽

pp. 134-135

Author(s):

J.M. Cowley

Keyword(s):

Dark Field ◽

Detector System ◽

Electron Holography ◽

Small Specimen ◽

Bright Field ◽

Multiple Images ◽

Practical Applications ◽

Wide Range ◽

Diffraction Patterns ◽

Operational Modes

The HB5 STEM instrument at ASU has been modified previously to include an efficient two-dimensional detector incorporating an optical analyser device and also a digital system for the recording of multiple images. The detector system was built to explore a wide range of possibilities including in-line electron holography, the observation and recording of diffraction patterns from very small specimen regions (having diameters as small as 3Å) and the formation of both bright field and dark field images by detection of various portions of the diffraction pattern. Experience in the use of this system has shown that sane of its capabilities are unique and valuable. For other purposes it appears that, while the principles of the operational modes may be verified, the practical applications are limited by the details of the initial design.

Download Full-text

Ring-Forming Polymerization toward Perfluorocyclobutyl and Ortho-Diynylarene-Derived Materials: From Synthesis to Practical Applications

Materials ◽

10.3390/ma14061486 ◽

2021 ◽

Vol 14 (6) ◽

pp. 1486

Author(s):

Eugene B. Caldona ◽

Ernesto I. Borrego ◽

Ketki E. Shelar ◽

Karl M. Mukeba ◽

Dennis W. Smith

Keyword(s):

Chemical Resistance ◽

Structural Features ◽

Review Article ◽

Aryl Ether ◽

Aromatic Rings ◽

Practical Applications ◽

Repeat Units ◽

Wide Range ◽

Synthetic Routes ◽

The Cost

Many desirable characteristics of polymers arise from the method of polymerization and structural features of their repeat units, which typically are responsible for the polymer’s performance at the cost of processability. While linear alternatives are popular, polymers composed of cyclic repeat units across their backbones have generally been shown to exhibit higher optical transparency, lower water absorption, and higher glass transition temperatures. These specifically include polymers built with either substituted alicyclic structures or aromatic rings, or both. In this review article, we highlight two useful ring-forming polymer groups, perfluorocyclobutyl (PFCB) aryl ether polymers and ortho-diynylarene- (ODA) based thermosets, both demonstrating outstanding thermal stability, chemical resistance, mechanical integrity, and improved processability. Different synthetic routes (with emphasis on ring-forming polymerization) and properties for these polymers are discussed, followed by their relevant applications in a wide range of aspects.

Download Full-text

Formal methods: practical applications and foundations

Formal Methods in System Design ◽

10.1007/s10703-021-00380-6 ◽

2021 ◽

Author(s):

Maurice H. ter Beek ◽

Annabelle McIver

Keyword(s):

Formal Methods ◽

Practical Applications

Download Full-text

Sensing of Nickel(II) Ions by Immobilizing Ligands and Using Different SPEs

Engineering Proceedings ◽

10.3390/i3s2021dresden-10106 ◽

2021 ◽

Vol 6 (1) ◽

pp. 2

Author(s):

Liliana Anchidin-Norocel ◽

Sonia Amariei ◽

Gheorghe Gutt

Keyword(s):

Bismuth Oxide ◽

Human Population ◽

Raw Materials ◽

Sensor Technology ◽

Cyclic Voltammogram ◽

Accurate Analysis ◽

Nickel Allergy ◽

Nickel Ions ◽

Practical Applications ◽

Wide Range

The aim of this paper is the development of a sensor for the quantification of nickel ions in food raw materials and foods. It is believed that about 15% of the human population suffers from nickel allergy. In addition to digestive manifestations, food intolerance to nickel may also have systemic manifestations, such as diffuse dermatitis, diffuse itching, fever, rhinitis, headache, altered general condition. Therefore, it is necessary to control this content of nickel ions for the health of the human population by developing a new method that offers the advantages of a fast, not expensive, in situ, and accurate analysis. For this purpose, bismuth oxide-screen-printed electrodes (SPEs) and graphene-modified SPEs were used with a very small amount of dimethylglyoxime and amino acid L-histidine that were deposited. A potentiostat that displays the response in the form of a cyclic voltammogram was used to study the electrochemical properties of nickel standard solution with different concentrations. The results were compared and the most sensitive sensor proved to be bismuth oxide-SPEs with dimethylglyoxime (Bi2O3/C-dmgH2) with a linear response over a wide range (0.1–10 ppm) of nickel concentrations. Furthermore, the sensor shows excellent selectivity in the presence of common interfering species. The Bi2O3/C-dmgH2 sensor showed good viability for nickel analysis in food samples (cocoa, spinach, cabbage, and red wine) and demonstrated significant advancement in sensor technology for practical applications.

Download Full-text

Verification of C Buffer Overflows in C Programs

2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet) ◽

10.1109/roedunet.2018.8514126 ◽

2018 ◽

Cited By ~ 1

Author(s):

Andreea Bican ◽

Razvan Deaconescu ◽

Wei Ngan Chin ◽

Quang-Trung Ta

Keyword(s):

C Programs ◽

Buffer Overflows

Download Full-text

Shape Neutral Analysis of Graph-based Data-structures

Theory and Practice of Logic Programming ◽

10.1017/s147106841800025x ◽

2018 ◽

Vol 18 (3-4) ◽

pp. 470-483 ◽

Cited By ~ 1

Author(s):

GREGORY J. DUCK ◽

JOXAN JAFFAR ◽

ROLAND H. C. YAP

Keyword(s):

Data Structure ◽

Data Structures ◽

Program Analysis ◽

Constraint Handling ◽

C Programs ◽

Wide Range ◽

Target Program ◽

Target Data ◽

Structure Graph ◽

Structure Properties

AbstractMalformed data-structures can lead to runtime errors such as arbitrary memory access or corruption. Despite this, reasoning over data-structure properties for low-level heap manipulating programs remains challenging. In this paper we present a constraint-based program analysis that checks data-structure integrity, w.r.t. given target data-structure properties, as the heap is manipulated by the program. Our approach is to automatically generate a solver for properties using the type definitions from the target program. The generated solver is implemented using a Constraint Handling Rules (CHR) extension of built-in heap, integer and equality solvers. A key property of our program analysis is that the target data-structure properties are shape neutral, i.e., the analysis does not check for properties relating to a given data-structure graph shape, such as doubly-linked-lists versus trees. Nevertheless, the analysis can detect errors in a wide range of data-structure manipulating programs, including those that use lists, trees, DAGs, graphs, etc. We present an implementation that uses the Satisfiability Modulo Constraint Handling Rules (SMCHR) system. Experimental results show that our approach works well for real-world C programs.

Download Full-text

Assessment of Linearization Approaches for Multibody Dynamics Formulations

Journal of Computational and Nonlinear Dynamics ◽

10.1115/1.4035410 ◽

2017 ◽

Vol 12 (4) ◽

Cited By ~ 6

Author(s):

Francisco González ◽

Pierangelo Masarati ◽

Javier Cuadrado ◽

Miguel A. Naya

Keyword(s):

Mechanical System ◽

Multibody Dynamics ◽

Equations Of Motion ◽

Differential Algebraic Equations ◽

Algebraic Equations ◽

Practical Applications ◽

Linearization Methods ◽

Highly Nonlinear ◽

Wide Range ◽

The Way

Formulating the dynamics equations of a mechanical system following a multibody dynamics approach often leads to a set of highly nonlinear differential-algebraic equations (DAEs). While this form of the equations of motion is suitable for a wide range of practical applications, in some cases it is necessary to have access to the linearized system dynamics. This is the case when stability and modal analyses are to be carried out; the definition of plant and system models for certain control algorithms and state estimators also requires a linear expression of the dynamics. A number of methods for the linearization of multibody dynamics can be found in the literature. They differ in both the approach that they follow to handle the equations of motion and the way in which they deliver their results, which in turn are determined by the selection of the generalized coordinates used to describe the mechanical system. This selection is closely related to the way in which the kinematic constraints of the system are treated. Three major approaches can be distinguished and used to categorize most of the linearization methods published so far. In this work, we demonstrate the properties of each approach in the linearization of systems in static equilibrium, illustrating them with the study of two representative examples.

Download Full-text

Periodic wavelet descriptor of plant leaf and its application in botany

International Journal of Wavelets Multiresolution and Information Processing ◽

10.1142/s0219691315500435 ◽

2015 ◽

Vol 13 (06) ◽

pp. 1550043 ◽

Cited By ~ 3

Author(s):

Qing-Mao Zeng ◽

Tong-Lin Zhu ◽

Xue-Ying Zhuang ◽

Ming-Xuan Zheng

Keyword(s):

Species Identification ◽

Plant Species ◽

Shape Descriptor ◽

Plant Leaf ◽

Practical Applications ◽

Wide Range ◽

Periodic Wavelet ◽

Plant Species Identification ◽

Botanical Research ◽

Wavelet Descriptor

Leaf is one of the most important organs of plant. Leaf contour or outline, usually a closed curve, is a fundamental morphological feature of leaf in botanical research. In this paper, a novel shape descriptor based on periodic wavelet series and leaf contour is presented, which we name as Periodic Wavelet Descriptor (PWD). The PWD of a leaf actually expresses the leaf contour in a vector form. Consequently, the PWD of a leaf has a wide range in practical applications, such as leaf modeling, plant species identification and classification, etc. In this work, the plant species identification and the leaf contour reconstruction, as two practical applications, are discussed to elaborate how to employ the PWD of a plant leaf in botanical research.

Download Full-text

A reliable rainfall–runoff model for flood forecasting: review and application to a semi-urbanized watershed at high flood risk in Italy

Hydrology Research ◽

10.2166/nh.2016.037 ◽

2016 ◽

Vol 48 (3) ◽

pp. 726-740 ◽

Cited By ~ 16

Author(s):

Daniele Masseroni ◽

Alessio Cislaghi ◽

Stefania Camici ◽

Christian Massari ◽

Luca Brocca

Keyword(s):

Flood Risk ◽

Climatic Conditions ◽

Rainfall Runoff ◽

Number Of Factors ◽

Wide Range ◽

Median Volume ◽

Flood Estimation ◽

High Flood ◽

Rainfall Runoff Model ◽

Flooding Events

Many rainfall–runoff (RR) models are available in the scientific literature. Selecting the best structure and parameterization for a model is not straightforward and depends on a broad number of factors, including climatic conditions, catchment characteristics, temporal/spatial resolution and model objectives. In this study, the RR model ‘Modello Idrologico Semi-Distribuito in continuo’ (MISDc), mainly developed for flood simulation in Mediterranean basins, was tested on the Seveso basin, which is stressed several times a year by flooding events mainly caused by excessive urbanization. The work summarizes a compendium of the MISDc applications over a wide range of catchments in European countries and then it analyses the performances over the Seveso basin. The results show a good fit behaviour during both the calibration and the validation periods with a Nash–Sutcliffe coefficient index larger than 0.9. Moreover, the median volume and peak discharge errors calculated on several flood events were less than 25%. In conclusion, we can be assured that the reliability and computational speed could make the MISDc model suitable for flood estimation in many catchments of different geographical contexts and land use characteristics. Moreover, MISDc will also be useful for future support of real-time decision-making for flood risk management in the Seveso basin.

Download Full-text

Long-offset moveout for VTI using Padé approximation

Geophysics ◽

10.1190/geo2015-0094.1 ◽

2016 ◽

Vol 81 (5) ◽

pp. C219-C227 ◽

Cited By ~ 4

Author(s):

Hanjie Song ◽

Yingjie Gao ◽

Jinhai Zhang ◽

Zhenxing Yao

Keyword(s):

Padé Approximation ◽

Pade Approximation ◽

Practical Applications ◽

Long Offset ◽

Wide Range ◽

Isotropic Media ◽

Transversally Isotropic ◽

Error Accumulation ◽

Anisotropy Parameters ◽

Vti Media

The approximation of normal moveout is essential for estimating the anisotropy parameters of the transversally isotropic media with vertical symmetry axis (VTI). We have approximated the long-offset moveout using the Padé approximation based on the higher order Taylor series coefficients for VTI media. For a given anellipticity parameter, we have the best accuracy when the numerator is one order higher than the denominator (i.e., [[Formula: see text]]); thus, we suggest using [4/3] and [7/6] orders for practical applications. A [7/6] Padé approximation can handle a much larger offset and stronger anellipticity parameter. We have further compared the relative traveltime errors between the Padé approximation and several approximations. Our method shows great superiority to most existing methods over a wide range of offset (normalized offset up to 2 or offset-to-depth ratio up to 4) and anellipticity parameter (0–0.5). The Padé approximation provides us with an attractive high-accuracy scheme with an error that is negligible within its convergence domain. This is important for reducing the error accumulation especially for deeper substructures.

Download Full-text