Finding Errors in Programs for Processing Graphic Images using the Fuzzing Method

Increasing number of software for automated graphics processing requires effective testing methods. One of these methods is fuzzing, for which it is necessary to determine the most effective algorithms for creating test data in order to increase the number of errors found and minimize hardware resources. The comparison of algorithms for creating test data for finding errors in the executable code of programs designed for processing graphic images is the result of the performed research. Using Bayesian networks to describe fuzzing allows determining the relationships between structural components during testing. Based on the results of the comparison of fuzzing algorithms for creating test data, the most effective algorithms for finding errors in the executable code of programs for processing graphic images have been identified. The performance of the proposed algorithms was tested on a number of existing vulnerabilities classified as CVE (Common Vulnerabilities and Exposures). The processing of the results of experiments on the creation of test data was carried out using the simulation environment, allowing analyzing the testing process step by step. The obtained research results, algorithms for creating test data for finding errors can be used at various stages of software testing

THE PROCESS OF DETECTING BLOCKS WITH REPETITIONS AND EXCESS BUILDING USING A LANGUAGE-INDEPENDENT INCREASE DETECTOR

To avoid malfunctions of the developed software caused by errors, even when developed by professionals, a number of automated tools are used, which allow to evaluate the software code. A variety of detectors are commonly used to detect errors that occur due to duplicate blocks of executable code. The importance of developing such detectors is that the product is not dependent on the programming language and has a simple algorithm for finding cloned blocks of code. The approach of the language-independent repetition detector is based on a method based on the use of the clone index. It is a global data structure that resembles a typical inverted index. This approach is based on the text, ie the method becomes the basis for research independent of language. In recent years, additional methods have become increasingly popular, which analyze the source and executable code at a smaller level, and there are attempts to avoid unnecessary recalculations, by transferring information between versions. Reviewing the research presented in the works of scientists dealing with this problem, it was decided to propose an approach to improve methods for detecting repetitions and redundancy of program code based on language-independent incremental repetition detector (MNIDP). Most additional research is based on tree-like and graphical methods, ie they are strictly dependent on the programming language. The solution in the MNIDP campaign is to take the text as a basis, ie the method becomes the basis for research independent of language. This technique is not strictly language-independent, but due to the fact that the tokenization stage will be included, with the help of minor adjustments the desired result has been achieved. This provides a detailed analysis of the internal composition (namely, elements) of the detector and explanations of the work at different stages of the detection process.

Towards a Verification-Driven Iterative Development of Software for Safety-Critical Cyber-Physical Systems

Software systems are complicated, and the scientific and engineering methodologies for software development are relatively young. Cyber-physical systems are now in every corner of our lives, and we need robust methods for handling the ever-increasing complexity of their software systems. Model-Driven Development is a promising approach to tackle the complexity of systems through the concept of abstraction, enabling analysis at earlier phases of development. In this paper, we propose a model-driven approach with a focus on guaranteeing safety using formal verification. Cyber-physical systems are distributed, concurrent, asynchronous and event-based reactive systems with timing constraints. The actor-based textual modeling language, Rebeca, with model checking support is used for formal verification. Starting from structured requirements and system architecture design the behavioral models, including Rebeca models, are built. Properties of interest are also derived from the structured requirements, and then model checking is used to formally verify the properties. This process can be performed in iterations until satisfaction of desired properties are ensured, and possible ambiguities and inconsistencies in requirements are resolved. The formally verified models can then be used to develop the executable code. The Rebeca models include the details of the signals and messages that are passed at the network level including the timing, and this facilitates the generation of executable code. The natural mappings among the models for requirements, the formal models, and the executable code improve the effectiveness and efficiency of the approach.

Identification of Processor’s Architecture of Executable Code Based on Machine Learning. Part 1. Frequency Byte Model

This article shows us the study results of a method for identifying the processor architecture of an executable code based on machine learning. In the first part of the article we see an overview of existing solutions for machine code identifying and we see how the author makes a new method assumption. The author considers features of the machine code instructions and build its frequency-byte model. There is a processor architecture identification scheme, which is based on this model. Apart from that we see the frequency signatures which are provided for the following Top 10 processor architectures: amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x.

Identification of Processor’s Architecture of Executable Code Based on Machine Learning. Part 3. Assessment Quality and Applicability Border.

The article presents the author's method testing results for identifying the processor architecture of the executable code based on machine learning. In the third final part of the cycle, its qualitative indicators are determined: accuracy, completeness and F-measure for the executable files of the Debian build. There are investigated the applicability limits of the architecture identification method for four conditions: the file header absence, different sizes of machine code, partial code destruction, and the presence of instructions from several architectures. We can observe the identified disadvantages of the proposed method and ways to eliminate them, as well as the further direction of its development.

Identification of Processor’s Architecture of Executable Code Based on Machine Learning. Part 2. Identification method

This article shows us the study results of a method for identifying the processor architecture of an executable code based on machine learning. In the second part of the series of articles, a three-stage scheme of the method and the corresponding software are synthesized. The functional and information layer of the architecture of the tool, as well as its operation modes, are described. Basic testing of the tool is carried out and the results of its work are given. By the example of identification of files with machine code of various architectures, the efficiency of the proposed method and means is substantiated.