Authors:
Nuha Aldausari
;
Cui Zhang
and
Jun Dai
Affiliation:
Department of Computer Science, California State University, Sacramento, CA 95819 and U.S.A.
Keyword(s):
Software Security, Software Reliability, Program Specifications, Error Detection, Design by Contract, Programming Logic.
Related
Ontology
Subjects/Areas/Topics:
Information and Systems Security
;
Secure Software Development Methodologies
;
Security in Information Systems
;
Software Security
Abstract:
Detecting errors in software products is very important to software reliability because many security vulnerabilities are caused by the defects in software. Design by contract (DBC) is an effective methodology that dynamically checks whether a program meets its specifications, which are also called design contracts, and whether there are errors in the program. The contracts for object-oriented programs are defined in terms of preconditions and postconditions for methods as well as invariants for classes. However, if there is an error in a large piece of code that has a design contract, it is still difficult to identify the exact location of that error. To address this issue, a tool named Subcontractor has been developed. Subcontractor is implemented in Eclipse environment using libraries such as Java Development Tools (JDT), Plugin Development Environment (PDE), and JFace. The tool Subcontractor is built upon an open source DBC tool, OpenJML Runtime Assertion Checking (RAC), which is
a tool that verifies specifications at runtime. Subcontractor combines this DBC tool with inference rules of program logic for if-statements and loop-statements to automatically generate subcontracts for programs. When the programs, with subcontracts automatically generated and inserted by Subcontractor, are verified using OpenJML Runtime Assertion Checking (RAC), identification of errors in the code can be facilitated.
(More)