Wyvern

Nistor, Ligia; Kurilova, Darya; Balzer, Stephanie; Chung, Benjamin; Potanin, Alex; Aldrich, Jonathan

doi:10.1145/2489828.2489830

Cited by 16 publications

(5 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, VST's partial-correctness interpretation of triples limits the end-to-end usefulness of coinductive reasoning. A recent proposal for integrating statically typed Smalltalk-inspired objects into a functional calculus is Wyvern [52].…”

Section: Discussionmentioning

confidence: 99%

Verified Software Units

Beringer

2021

Programming Languages and Systems

View full text Add to dashboard Cite

Modularity - the partitioning of software into units of functionality that interact with each other via interfaces - has been the mainstay of software development for half a century. In case of the C language, the main mechanism for modularity is the compilation unit / header file abstraction. This paper complements programmatic modularity for C with modularity idioms for specification and verification in the context of Verifiable C, an expressive separation logic for CompCert . Technical innovations include (i) abstract predicate declarations – existential packages that combine Parkinson & Bierman’s abstract predicates with their client-visible reasoning principles; (ii) residual predicates, which help enforcing data abstraction in callback-rich code; and (iii) an application to pure (Smalltalk-style) objects that connects code verification to model-level reasoning about features such as subtyping, self, inheritance, and late binding. We introduce our techniques using concrete example modules that have all been verified using the Coq proof assistant and combine to fully linked verified programs using a novel, abstraction-respecting component composition rule for Verifiable C.

show abstract

Section: Discussionmentioning

confidence: 99%

Verified Software Units

Beringer

2021

Programming Languages and Systems

View full text Add to dashboard Cite

show abstract

“…Some software producers consider security as a first-class citizen while others do not. As mentioned in previous work, security is critical and should be considered as a default feature (Nistor et al 2013;Kurilova et al 2014;McGraw 2004). However, the lack of experts and awareness of developers for security while producing/patching software leads companies to ship low-quality software.…”

Section: Prioritize High and Medium Severitymentioning

confidence: 99%

“…In addition, programming languages should provide new design patterns to easily patch security weaknesses without endangering maintainability. Ultimately, new programming languages, both secure and maintainable by design, such as Wyvern (Nistor et al 2013;Kurilova et al 2014), should be designed to help developers be less vulnerability prone when writing and maintaining secure applications. One example is the need for designing new authorization mechanisms since these are one of the most complex security features to implement.…”

Section: Secure Programming Languages By Designmentioning

confidence: 99%

“…Thus, it is of utmost importance to find means to assist mitigation and reduce its risks. With this study, we intend to highlight the need for tools to assess the impact of patches on software maintainability (Maruyama and Tokoda 2008); the importance of integrating maintainable security in computer science curricula; and, the demand for better programming languages, designed by leveraging security principles (Kurilova et al 2014;Nistor et al 2013).…”

mentioning

confidence: 99%

See 1 more Smart Citation

Fixing vulnerabilities potentially hinders maintainability

2021

View full text Add to dashboard Cite

Security is a requirement of utmost importance to produce high-quality software. However, there is still a considerable amount of vulnerabilities being discovered and fixed almost weekly. We hypothesize that developers affect the maintainability of their codebases when patching vulnerabilities. This paper evaluates the impact of patches to improve security on the maintainability of open-source software. Maintainability is measured based on the Better Code Hub's model of 10 guidelines on a dataset, including 1300 security-related commits. Results show evidence of a trade-off between security and maintainability for 41.90% of the cases, i.e., developers may hinder software maintainability. Our analysis shows that 38.29% of patches increased software complexity and 37.87% of patches increased the percentage of LOCs per unit. The implications of our study are that changes to codebases while patching vulnerabilities need to be performed with extra care; tools for patch risk assessment should be integrate into the CI/CD pipeline; computer science curricula needs to be updated; and, more secure programming languages are necessary.Keywords Software security • Software maintenance • Open-source software IntroductionSoftware quality is important because it is ultimately related to the overall cost of developing and maintaining software applications, security and safety (Slaughter et al. 1998).

show abstract

“…SugarJ [11] provides a method for extending Java syntax. ProteaJ [19], Wyvern [24], and Honu [26] are programming languages that natively support syntax extension. Using these syntax extension mechanisms, domain-specific notation can be embedded as is.…”

Section: Domain-specific Languagementioning

confidence: 99%

Generating a Generic Fluent API in Java

Nakamaru

Chiba

2020

Programming

View full text Add to dashboard Cite

Context: Algorithms for generating a safe fluent API have been actively studied in recent years. A safe fluent API is a fluent API that reports incorrect chaining of the API methods as a type error to the API users. Although such a safety property improves the productivity of users, the construction of a safe fluent API is excessively complicated for developers. Therefore, generation algorithms are studied to reduce the development costs of a safe fluent API. Such studies may benefit many programmers, as a fluent API is a popular design in the real world. Inquiry: The generation of a generic fluent API remains unaddressed. A generic fluent API refers to a fluent API that provides generic methods (those that contain type parameters in their definitions). The Stream API in Java is an example of a generic fluent API. Previous studies on safe fluent API generation have focused on the grammar classes that the algorithms can deal with for syntax checking. The key concept of such studies is using nested generics to represent a stack structure for the parser built on top of the type system. Within this context, the role of a type parameter has been limited to the internal representation of a stack element of that parser on the type system. Library developers cannot use type parameters to include a generic method in their API so that the semantic constraints for their API will be statically checked; for example, the type constraint on the items passed through a stream. Approach: We propose an algorithm for generating a generic fluent API. Our translation algorithm is modeled as the construction of deterministic finite automaton (DFA) with type parameter information. Each state of the DFA holds information regarding which type parameters are already bound in that state. This information is used to identify whether a method invocation in a chain newly binds a type to a type parameter or refers to a previously bound type. This identification is necessary because a type parameter in a chain is bound at a particular method invocation, and the bound type is referenced in the following method invocations. Our algorithm constructs the DFA by analyzing the binding times of the type parameters and their propagation among the states in a DFA that is naively constructed using the given grammar. Knowledge: With our algorithm, the generation of a safe fluent API can be introduced into practical use. Grounding: We implemented a generator named Protocool to demonstrate our algorithm. Moreover, we generated several libraries using Protocool to demonstrate the ability and limitations of our algorithm. Importance: Our algorithm can aid library developers to develop a generic fluent API, which is essential for bringing safe fluent API generation to the real world, as the use of type parameters is a common technique in library API design. ACM CCS 2012Software and its engineering → Domain-specific languages; Source code generation;

show abstract

Wyvern

Cited by 16 publications

References 11 publications

Verified Software Units

Verified Software Units

Fixing vulnerabilities potentially hinders maintainability

Generating a Generic Fluent API in Java

Contact Info

Product

Resources

About