Summary This paper documents an application of model checking to formally verify interrupt‐driven Slats and Flaps Control Unit software programmed in C, one component a certain type Chinese aircraft. Our objective was identify errors rather than prove correctness. We focused on the correctness algorithms used buffer operations, which are very common important aircraft software. In verification, total four flawed code fragments identified, including minor efficiency issue. According...

C is a dominant programming language for implementing system and low-level embedded software. Unfortunately, the unsafe nature of its control memory often leads to errors. Dynamic analysis has been widely used detect errors at runtime. However, existing monitoring algorithms dynamic are not yet satisfactory, as they cannot deterministically completely some types errors, such segment confusion sub-object overflows, use-after-frees leaks. We propose new algorithm, namely Smatus , short smart...

An important problem in runtime verification is monitorability. If a property not monitorable, then it meaningless to check at runtime, as no satisfaction or violation will be reported finite steps. In this paper, we revisit the classic definition of monitorability, and show that too restrictive for practical verification. We propose weaker but more say weak how decide monitorability

The unsafe features of C often lead to memory errors that can result in vulnerabilities. Dynamic analysis tools are widely used detect such at runtime and enforce safety. It is believed safety exactly consists spatial temporal thus all existing aim detecting or errors. In this paper, we introduce another class safety, namely segment which has been neglected previous work. Indeed, state-of-the-art cannot Thus propose implement a new approach runtime.

Memory safety issues are the intrinsic diseases of C/C++ programs. Dynamic memory enforcement as dominant approach has an advantage in high effectiveness, yet suffers from prohibitively runtime overhead. Existing attempts to reduce overhead either labor-intensive, tightly dependent on specific hardware/compiler support, or poorly effective.

An ω-grammar is a formal grammar used to generate ω-words (i.e.infinite length words), while an ω-automaton automaton recognize ω-words.This paper gives clean and uniform definitions for ω-grammars ω-automata, provides systematic study of the generative power with respect presents complete set results various types acceptance modes.We use tuple (σ, ρ, π) denote modes, where σ denotes that some designated elements should appear at least once or infinitely often, ρ binary relation between two...

Low-level control makes C unsafe, resulting in memory errors that can lead to data corruption, security vulnerabilities or program crashes. Dynamic analysis tools, which have been widely used for detecting at runtime, usually perform instrumentation the IR binary level. However, these non-source-level frameworks and tools suffer from two inherent drawbacks: optimization sensitivity platform dependence. Due sensitivity, user of must trade either performance effectiveness by compiling...

The unsafe features of C often lead to memory errors that can result in vulnerabilities. Many runtime verification tools are widely used detect errors. However, existing lack DO-178C compliance, show limited performance, and demonstrate poor accessibility, e.g., lacking platform-independence. In this paper, we propose implement dynamic analysis using source-to-source transformation, which operates on the original source code insert fragments written ANSI C, generates files similar structure....

Runtime monitoring can be used to verify, enforce and control the dynamic execution of a target program at runtime detect property violations, desired properties actively correct execution, respectively. However, state-of-the-art study lacks an appropriate formal semantics monitoring. In this paper, we propose theory level formalization provide instrumented programs under controlling programs. Our provides complete for real implementations control, but still retains good balance between...

This paper presents a new automated directed fuzzing technique. First, the behavior information is extracted from original complex Control Flow Graph (CFG) by using dynamic symbolic execution. Then, case theory used to establish access control model for objects. Subsequently, describe some properties of objects while program running, we present flow based Extended Program Behavior with Finite-State Machine controlled parameters (EPBFSM) adding constraints model. Finally, fuzzed inputs are...

Aspect-Oriented Programming (AOP) is a programming paradigm that implements crosscutting concerns in modular way. People have witnessed the prosperity of AOP languages for Java and C++, such as AspectJ AspectC++, which has propelled to become an important with many interesting application scenarios, e.g., runtime verification. In contrast, C are still poor lack compiler support. this paper, we design new general-purpose expressive aspect-oriented language, namely Aclang, implement it, brings...

Abstract The unsafe features of C make it a big challenge to ensure memory safety programs, and often lead errors that can result in vulnerabilities. Various formal verification techniques for ensuring have been proposed. However, most them either high overhead, such as state explosion problem model checking, or false positives, abstract interpretation. In this article, by innovatively borrowing ownership system from Rust, we propose novel sound static analysis approach, named SafeOSL. Its...

In fault injection, we can use a logical constraint as an interface description and negate the to derive logically unreasonable faulty data in order test dependability of system. However, existing constraint-based approaches only solving generate brand new for testing. Because given constraints are often incomplete, such may not satisfy all hidden hence be nonrealistic. Besides, there many different strategies constraint-unsatisfied data. Which negation strategy is best choice high coverage...

Rust is an emergent systems programming language highlighting memory safety by its Ownership and Borrowing System (OBS). The existing formal semantics for only covers limited subsets of the major features Rust. Moreover, they formalize OBS as type at language-level, which can be used to conservatively analyze programs against invariants compile-time. That is, are not executable, thus cannot automated verification runtime behavior. In this paper, we propose RustSEM, a new executable...

On account of the complex application environment and large number uncertain conditions for palletizing robot, we do path-planning multiple joints robot by algorithm based on Hierarchical Markov Decision Process. First, according to actual working environment, set range robot’s motion select conventional movement combination as basic behaviors. We can get possible reward various situations. divide state space in accordance with location information obstacle into a small clusters, sub-level...