Translating C to safer Rust

Rust is a relatively new programming language that targets efficient and safe systems-level applications. It includes a sophisticated type system that allows for provable memory- and thread-safety, and is explicitly designed to take the place of unsafe languages such as C and C++ in the coding ecosystem. There is a large existing C and C++ codebase (many of which have been affected by bugs and security vulnerabilities due to unsafety) that would benefit from being rewritten in Rust to remove an entire class of potential bugs. However, porting these applications to Rust manually is a daunting task. In this paper we investigate the problem of automatically translating C programs into safer Rust programs--that is, Rust programs that improve on the safety guarantees of the original C programs. We conduct an in-depth study into the underlying causes of unsafety in translated programs and the relative impact of fixing each cause. We also describe a novel technique for automatically removing a particular cause of unsafety and evaluate its effectiveness and impact. This paper presents the first empirical study of unsafety in translated Rust programs (as opposed to programs originally written in Rust) and also the first technique for automatically removing causes of unsafety in translated Rust programs.

Download Full-text

An empirical study on combining diverse static analysis tools for web security vulnerabilities based on development scenarios

Computing ◽

10.1007/s00607-018-0664-z ◽

2018 ◽

Vol 101 (2) ◽

pp. 161-185 ◽

Cited By ~ 4

Author(s):

Paulo Nunes ◽

Ibéria Medeiros ◽

José Fonseca ◽

Nuno Neves ◽

Miguel Correia ◽

...

Keyword(s):

Empirical Study ◽

Static Analysis ◽

Web Security ◽

Security Vulnerabilities ◽

Development Scenarios ◽

Analysis Tools

Download Full-text

What is Crafts Entrepreneurship? The Development of its Definition Through Entrepreneurs` and Consumers` Perceptions

Rural Environment. Education. Personality. (REEP) Proceedings of the 14th International Scientific Conference ◽

10.22616/reep.2021.14.045 ◽

2021 ◽

Author(s):

Anzelika Smagina ◽

◽

Iveta Ludviga ◽

Keyword(s):

Empirical Study ◽

Empirical Data ◽

General Public ◽

Qualitative Methodology ◽

Creative Industries ◽

Theoretical Knowledge ◽

Structured Interviews ◽

Survey Questions ◽

Daunting Task ◽

Definition Of

Defining craft entrepreneurship has been a challenge for many scholars and researchers in different countries. Not only because of the multidimensional nature of entrepreneurship, but also because of the differences in national regulations setting boundaries for each sector of the economy. Thus, in some countries, craft is a part of the Creative Industries, but in others it is considered as an independent sector of the economy. Understanding what craft is and how craft products can be differentiated and defined has also been a daunting task. Thus, consolidating theoretical knowledge on entrepreneurship and craft entrepreneurship gained from the literature with the results of an empirical study carried out among craft entrepreneurs and consumers of craft products, this study aims to conceptualize craft entrepreneurship and to develop propositions for the definition of craft entrepreneurship by integrating the meaning attributed to craft entrepreneurship and its specifics by craft entrepreneurs with the perception and meaning assigned to craft products and services by consumers. This study applies qualitative methodology and data gathered using semi-structured interviews and open-ended survey questions. 20 craft entrepreneurs represent a perspective of entrepreneurs about entrepreneurship and its specifics in the craft sector, whereas 445 consumers reflect the opinion of the general public about craft and craft-related products. The results of the study indicate that craft entrepreneurship is undoubtedly connected to handmade products, national traditions, small ventures and craft markets and fairs, where craft entrepreneurs commercialize their produce. Although numerous scholars have already attempted to conceptualize craft entrepreneurship theoretically, the contribution of this study is in its integrated application of theoretical and empirical data reflecting the perspectives of entrepreneurs and consumers.

Download Full-text

FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

Fundamental Approaches to Software Engineering - Lecture Notes in Computer Science ◽

10.1007/978-3-030-71500-7_19 ◽

2021 ◽

pp. 363-367 ◽

Cited By ~ 1

Author(s):

Kaled M. Alshmrany ◽

Rafael S. Menezes ◽

Mikhail R. Gadelha ◽

Lucas C. Cordeiro

Keyword(s):

Model Checking ◽

Symbolic Execution ◽

Bounded Model Checking ◽

Test Cases ◽

Security Vulnerabilities ◽

C Programs ◽

Code Coverage

AbstractWe describe and evaluate a novel white-box fuzzer for C programs named , which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. explores and analyzes C programs (1) to find execution paths that lead to property violations and (2) to incrementally inject labels to guide the fuzzer and the BMC engine to produce test-cases for code coverage. successfully participates in Test-Comp’21 and achieves first place in the category and second place in the category.

Download Full-text

Automating Proof Steps of Progress Proofs: Comparing Vampire and Dafny

10.29007/5zjp ◽

2018 ◽

Cited By ~ 1

Author(s):

Sylvia Grewe ◽

Sebastian Erdweg ◽

Mira Mezini

Keyword(s):

Formal Methods ◽

Programming Language ◽

Type System ◽

Type Systems ◽

Domain Specific Languages ◽

Smt Solver ◽

Domain Specific ◽

Efficient Type

\noindent Developing provably sound type systems is a non-trivial task which, as of today, typically requires expert skills in formal methods and a considerable amount of time. Our Veritas~\cite{GreweErdwegWittmannMezini15} project aims at providing support for the development of soundness proofs of type systems and efficient type checker implementations from specifications of type systems. To this end, we investigate how to best automate typical steps within type soundness proofs.\noindent In this paper, we focus on progress proofs for type systems of domain-specific languages. As a running example for such a type system, we model a subset SQL and augment it with a type system. We compare two different approaches for automating proof steps of the progress proofs for this type system against each other: firstly, our own tool Veritas, which translates proof goals and specifications automatically to TPTP~\cite{Sutcliffe98} and calls Vampire~\cite{KovacsV13} on them, and secondly, the programming language Dafny~\cite{Leino2010}, which translates proof goals and specifications to the intermediate verification language Boogie 2~\cite{Leino2008} and calls the SMT solver Z3~\cite{DeMoura2008} on them. We find that Vampire and Dafny are equally well-suited for automatically proving simple steps within progress proofs.

Download Full-text

FIRST-CLASS CONTEXTS IN ML

International Journal of Foundations of Computer Science ◽

10.1142/s0129054100000053 ◽

2000 ◽

Vol 11 (01) ◽

pp. 65-87

Author(s):

MASATOMO HASHIMOTO

Keyword(s):

Programming Language ◽

Operational Semantics ◽

Type System ◽

Type Inference ◽

Inference Algorithm ◽

Hole Filling ◽

Dynamic Binding ◽

Polymorphic Type ◽

Open Program ◽

Program Modules

This paper develops an ML-style programming language with first-class contexts i.e. expressions with holes. The crucial operation for contexts is hole-filling. Filling a hole with an expression has the effect of dynamic binding or macro expansion which provides the advanced feature of manipulating open program fragments. Such mechanisms are useful in many systems including distributed/mobile programming and program modules. If we can treat a context as a first-class citizen in a programming language, then we can manipulate open program fragments in a flexible and seamless manner. A possibility of such a programming language was shown by the theory of simply typed context calculus developed by Hashimoto and Ohori. This paper extends the simply typed system of the context calculus to an ML-style polymorphic type system, and gives an operational semantics and a sound and complete type inference algorithm.

Download Full-text

CSAP

Examining the Impact of Deep Learning and IoT on Multi-Industry Applications - Advances in Web Technologies and Engineering ◽

10.4018/978-1-7998-7511-6.ch014 ◽

2021 ◽

pp. 249-269

Author(s):

Marius Iulian Mihailescu ◽

Stefania Loredana Nita

Keyword(s):

Embedded Systems ◽

Programming Language ◽

User Interfaces ◽

Current Work ◽

Embedded Devices ◽

Security Vulnerabilities ◽

Software Applications ◽

Comprehensive Survey ◽

Software And Hardware ◽

Research Analysis

The current proposal of C++20 features suggests that the coroutines will have dedicated support for the native language. This chapter will provide an analysis that is performed based on a comprehensive survey of coroutines that are used in the development process of the embedded systems and how they are used on dedicated platforms based on their constrained resources. Another important aspect of the work consists of analyzing the performance of designing and implementation of coroutines in software applications related to IoT and embedded devices focusing on the security vulnerabilities of the devices within an IoT ecosystem. The research analysis that forms the basis of the current work is based on metrics, such as software and hardware platform requirements, computation power, scenarios, advantages, and designing user interfaces based on the programming language used. The current work will be completed by adding a comparison with C# 8 programming language and C++20.

Download Full-text

The Implementation of Polymorphic Many-Dorted Type System for Logic Programming Language Gödel

2010 Second WRI Global Congress on Intelligent Systems ◽

10.1109/gcis.2010.131 ◽

2010 ◽

Author(s):

Hui-qi Li ◽

Zhi-zhuo Zhao

Keyword(s):

Logic Programming ◽

Programming Language ◽

Type System ◽

Logic Programming Language

Download Full-text

Abstractive Thai Opinion Summarization

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.971-973.2273 ◽

2014 ◽

Vol 971-973 ◽

pp. 2273-2280

Author(s):

Orawan Chaowalit ◽

Ohm Sornil

Keyword(s):

Word Identification ◽

Internet Technology ◽

The Internet ◽

Global Models ◽

Customer Reviews ◽

Thai Language ◽

Novel Technique ◽

Opinion Summarization ◽

Linguistic Annotation ◽

Daunting Task

With the advancement in the Internet technology, customers can easily share opinions on services and products in forms of reviews. There can be large amounts of reviews for popular products. Manually summarizing those reviews for important issues is a daunting task. Automatic opinion summarization is a solution to the problem. The task is more complicated for reviews written in Thai language. Thai words are written continuously without space, there is no symbol to signify the end of a sentence, and many reviews are written informally, thus accurate word identification and linguistic annotation cannot be relied upon. This research proposes a novel technique to generate abstractive summaries of customer reviews written in Thai language. The proposed technique, which consists of the local and the global models, is evaluated using actual reviews of fifty randomly selected products from a popular cosmetic website. The results show that the local model outperforms the other model and the two baseline methods both quantitatively and qualitatively.

Download Full-text

A Type Theory of Leelus Type System in C++ Programming Language.

10.14293/s2199-1006.1.sor-.ppzqlti.v1 ◽

2021 ◽

Author(s):

Frank Appiah

Keyword(s):

Programming Language ◽

Type Theory ◽

Type System ◽

Type Systems ◽

C Programming Language ◽

C Programming

This research is on type theory, which describes type, term and value in a type system programmed in C++. Type theory is closely related to, and in some cases overlaps with computational type systems, which are a programming language feature used to reduce bugs.

Download Full-text

Shareholder types, their concentration and its effects on demutualized exchanges’ operating and financial results - An empirical study

Corporate Ownership and Control ◽

10.22495/cocv11i4p8 ◽

2014 ◽

Vol 11 (4) ◽

pp. 114-130 ◽

Cited By ~ 2

Author(s):

Samer Iskandar

Keyword(s):

Empirical Study ◽

Financial Performance ◽

Conflicts Of Interest ◽

Stock Exchanges ◽

Measurable Effect ◽

Share Ownership ◽

Lower Performance ◽

True Value ◽

Different Types ◽

Depth Study

Scholars are divided over whether listing the shares of stock exchanges improves their financial performance. Applying simple OLS regressions, I test the hypothesis that exchanges’ post-IPO owners are value maximizers. However, recently demutualized exchanges have a high proportion of shareholders with conflicts of interest. Therefore, I also test whether different types of shareholders have different effects on performance. I find that investment managers behave like true value maximizers. The results also show that a higher fragmentation of share ownership is associated with lower performance. The proportion of brokers, who are the most conflicted shareholders in exchanges (since they are large customers as well as owners), is too small to have a measurable effect on performance. Most interestingly I find, by way of an inductive approach to shareholding structure, that strategic shareholders, a wide array of investors with various agendas, are on balance detrimental to shareholder value. This chapter is the first in a trilogy of articles that make up my Ph.D. dissertation. It is followed by an in-depth study of the shareholding structure of individual stock exchanges, notably in order to understand more clearly who these strategic investors are and what effects they have on exchanges.

Download Full-text