Les race conditions, nos très chères amiesPierre Laporte
Dans tous les projets se cachent des race conditions. Et on les aime, ces bugs rares qui pimentent notre quotidien !
Durant cette session, on définira formellement ce qu'est une race condition. On verra ensuite deux manières de les détecter. La première sera au niveau d'un groupe de classes via la librairie jcstress. La seconde sera au niveau des applications elles-mêmes, via une méthodologie appellée "The Box" initialement prévue pour régler les problèmes de performance.
Les race conditions, nos très chères amiesPierre Laporte
Dans tous les projets se cachent des race conditions. Et on les aime, ces bugs rares qui pimentent notre quotidien !
Durant cette session, on définira formellement ce qu'est une race condition. On verra ensuite deux manières de les détecter. La première sera au niveau d'un groupe de classes via la librairie jcstress. La seconde sera au niveau des applications elles-mêmes, via une méthodologie appellée "The Box" initialement prévue pour régler les problèmes de performance.
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Ivan Piskunov
Презентация к моему воркшопу на PHDays 2017 на тему "Современные технологии и инструменты анализа вредоносного ПО"
Ссылка на анонс https://www.phdays.ru/program/197805/
Ссылка с моего блога https://www.phdays.ru/program/197805/
This talk will shed some light into the intermediate language that is used inside the Hex-Rays Decompiler. The microcode is simple yet powerful to represent real world programs. We publish it and give programmatic access to it from C++.
A high-level abstraction that provides a convenient and effective mechanism for process synchronization
Abstract data type, internal variables only accessible by code within the procedure
Only one process may be active within the monitor at a time
But not powerful enough to model some synchronization schemes
Millennium Surveillance™ – Achieving Excellence
Anton Kryukov,Exactpro
11 November 2015
Trading Technology Trends & Quality Assurance Conference in St. Petersburg
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Ivan Piskunov
Презентация к моему воркшопу на PHDays 2017 на тему "Современные технологии и инструменты анализа вредоносного ПО"
Ссылка на анонс https://www.phdays.ru/program/197805/
Ссылка с моего блога https://www.phdays.ru/program/197805/
This talk will shed some light into the intermediate language that is used inside the Hex-Rays Decompiler. The microcode is simple yet powerful to represent real world programs. We publish it and give programmatic access to it from C++.
A high-level abstraction that provides a convenient and effective mechanism for process synchronization
Abstract data type, internal variables only accessible by code within the procedure
Only one process may be active within the monitor at a time
But not powerful enough to model some synchronization schemes
Millennium Surveillance™ – Achieving Excellence
Anton Kryukov,Exactpro
11 November 2015
Trading Technology Trends & Quality Assurance Conference in St. Petersburg
Reconciliation Testing Aspects
Elena Moiseeva, QA, Exactpro
11 November 2015
Trading Technology Trends & Quality Assurance Conference in St. Petersburg
Tradecope - Low-Latency Solution for Algorithmic and High Frequency Trading
Milan Dvorak, Netcope Technologies
11 November 2015
Trading Technology Trends & Quality Assurance Conference in St. Petersburg
EXTENT-2015: A Test Harness for Algo Trading Systems Iosif Itkin
A Test Harness for Algo Trading Systems
Victoria Leonchik, Exactpro
11 November 2015
Trading Technology Trends & Quality Assurance Conference in St. Petersburg
EXTENT-2015: The Four Essential Elements of LSEG QA SolutionsIosif Itkin
The Four Essential Elements of LSEG QA Solutions
QA, Exactpro
11 November 2015
Trading Technology Trends & Quality Assurance Conference in St. Petersburg
EXTENT-2016: Key Challenges and Lessons Learned from Testing a New Trading Sy...Iosif Itkin
EXTENT-2016: Software Testing & Trading Technology Trends
22 June, 2016, 10 Paternoster Square, London
Key Challenges and Lessons Learned from Testing a New Trading System
Dr. Matthias Burghardt, Head of Business Development, Boerse Stuttgart
Would like to know more?
Visit our website: extentconf.com
Follow us:
https://www.linkedin.com/company/exactpro-systems-llc?trk=biz-companies-cym
https://twitter.com/exactpro
#extent2016
#exactpro
EXTENT-2015: Quality Assurance in Russian NSDIosif Itkin
Quality Assurance in Russia's National Settlement Depository (NSD)
Pavel Andrianov, National Settlement Depository
11 November 2015
Trading Technology Trends & Quality Assurance Conference in St. Petersburg
EXTENT-2016: Realisation of a Collaborative Approach to Test AutomationIosif Itkin
EXTENT-2016: Software Testing & Trading Technology Trends
22 June, 2016, 10 Paternoster Square, London
Realisation of a Collaborative Approach to Test Automation
A case study in post-trade settlement and reconciliation at Clearstream
Duncan Brigginshaw, Co-Founder and Technical Director, Odin Technology Ltd
Would like to know more?
Visit our website: extentconf.com
Follow us:
https://www.linkedin.com/company/exactpro-systems-llc?trk=biz-companies-cym
https://twitter.com/exactpro
#extent2016
#exactpro
발표자: 허기홍 (발표 당시 서울대 박사과정)
발표일: 2017.6.
서울대학교 컴퓨터공학부 프로그래밍 연구실에서 프로그램 정적분석(static program analysis)을 연구하고 있다. 특히, 정적 분석기를 더욱 빠르고 정확하게 만들기 위한 다양한 기법을 연구, 개발했다.
최근에는 다양한 데이터를 학습하여 정적 분석기를 더욱 유연하게 만드는데 많은 관심을 두고 있다.
2017년 8월 서울대학교에서 박사학위를 받을 예정이다.
개요:
이 발표에서는 기계학습을 사용하여 정적 분석기의 안전성(soundness)을 조절하는 방법을 이야기한다.
실용적인 정적분석기는, 무결점 검증기를 제외하면, 대부분 필연적으로 불안전 (unsound) 하다. 즉, 실제 실행의 모든 경우를 항상 포섭하지는 않는다는 뜻이다. 정확도나 성능 등을 이유로 여러 부분에서 실제 의미의 일부만을 포섭하는 경우가 많다. 예를 들면, 순환문이 한 바퀴만 도는 경우만 고려한다거나, 내용을 모르는 라이브러리 호출은 아무일을 안한다고 가정해버리는 식이다. 그런데 이런 불안전한 기법을 무턱대고 사용할 시에는 분석기 사용자가 알고 싶어하는 정보 (예를 들면, 버그)를 지나치게 많이 놓치는 문제가 있다. 이를 해결하기 위해 이 연구에서는 안전성을 포기해도 버그를 놓치지 않는 지점, 그러면서도 동시에 정확도는 높일수 있는 지점을 잘 찾는 방법을 제시한다.
핵심은 이런 지점을 기계 학습을 이용해서 찾아내는 것이다. 버그가 있는 프로그램의 여러 지점을 안전성을 포기하면서 분석을 해보고, 그 분석 결과를 학습시키는 방식이다. 그렇게 학습된 분류기 (classifier) 는 새로운 프로그램을 분석할 때 안전성을 포기해도 될 만한 부분을 정확하게 짚어주어 분석기의 정확도를 높이는데 도움을 준다.
우리는 이 기술을 C 프로그램을 대상으로 하는 두 가지 정적 분석기 (버퍼오버런 오류 검출기, 포맷스트링 오류 검출기)에 적용하여 그 성능을 실험하였다. 그 결과, 맹목적으로 안전성을 포기하는 기존 분석기에 비해서 획기적으로 오류 검출능력을 높일 수 있었다. 이 연구는 올해 ICSE (International Conference on Software Engineering) 학회를 통해 소개되었다.
Protocol T50: Five months later... So what?Nelson Brito
T50 (an Experimental Mixed Packet Injector) new features added to version 5.3 (Chaos Maker).
Check the original demonstration videos:
- https://www.youtube.com/playlist?list=PLda9TmFadx_m2qdd-euUf4zhQ-5juTVEx
For further source codes, please, refer to:
- http://t50.sourceforge.net/
Here we are going to take a look how to use for loop, foreach loop and while loop. Also we are going to learn how to use and invoke methods and how to define classes in Java programming language.
Recent years have seen the emergence of several static analysis techniques for reasoning about programs. This talk presents several major classes of techniques and tools that implement these techniques. Part of the presentation will be a demonstration of the tools.
Dr. Subash Shankar is an Associate Professor in the Computer Science department at Hunter College, CUNY. Prior to joining CUNY, he received a PhD from the University of Minnesota and was a postdoctoral fellow in the model checking group at Carnegie Mellon University. Dr. Shankar also has over 10 years of industrial experience, mostly in the areas of formal methods and tools for analyzing hardware and software systems.
Paper presentation in the 6th International Conference on System Reliability and Safety (2022). Tittle: "A Methodology for Selective Protection of Matrix Multiplications: a Diagnostic Coverage and Performance Trade-off for CNNs Executed on GPUs"
Foundations of Software Testing Lecture 4Iosif Itkin
This lecture is a part of the online course on Software Testing for Complex Intelligent Systems and Autonomous Vehicles. The course lectures provide the theoretical basics of testing autonomous systems based on artificial intelligence.
The fourth lecture of the course entitled Foundations of Software Testing reviews the ‘absence-of-errors fallacy’ and other principles of software testing, as well as the types and levels of software testing. The lecture also provides a fuller picture of the understanding of test objectives and methodologies by different schools of thought within the software testing domain.
QA Financial Forum London 2021 - Automation in Software Testing. Humans and C...Iosif Itkin
Speaker: Iosif Itkin, co-CEO & co-founder, Exactpro Systems
9th November 2021
Hilton Canary Wharf
Exactpro is an independent software testing business focused on mission-critical financial market infrastructures, primarily exchanges and clearing houses. In his presentation, Iosif will give a brief overview of research on the concept of model-based testing and the principal challenges of its application while testing complex distributed systems. He will also outline the broader context of interaction between humans and complex computer models.
Exactpro FinTech Webinar - Global Exchanges Test OraclesIosif Itkin
Global Exchanges series webinar to discuss Test Oracles. A test oracle is a mechanism for determining whether a test has passed or failed. The use of oracles involves comparing the output(s) of the system under test for a given test-case input, to the output(s) that the oracle determines the product should have. We will review various types of test oracles using examples from Exactpro’s Global Exchanges division projects and protocol-based interactions in trading systems.
Exactpro FinTech Webinar - Global Exchanges FIX ProtocolIosif Itkin
Exactpro’s Global Exchanges Division training session on FIX Trading Protocol.
The essence of the FIX protocol and its place in the overall structure of network protocols, FIX message attributes and the internal data types of the protocol.
Operational Resilience in Financial Market InfrastructuresIosif Itkin
A4Q World Congress 13-16 April 2021
Iosif Itkin
Exactpro provides independent software testing services for mission critical technology that underpins global financial markets – exchanges and clearing houses. Half of the top 20 global exchange groups on all continents around the globe rely on processes, platforms and people from Exactpro to improve their quality and reliability. The company has spent the last 11 years studying operational resilience in this crucial sector. The presentation will outline the key principles for software testing of the systems that process hundreds of millions of orders per day with roundtrip latencies below one hundred microseconds.
20 Simple Questions from Exactpro for Your Enjoyment This Holiday SeasonIosif Itkin
Warmest wishes for a happy holiday season and a wonderful New Year!
We look forward to our continued collaboration in 2020. Thank you for your support.
QA-Financial Forum 2019 in New York
13 November
Iosif Itkin, CEO and co-founder
Elena Treshcheva, Business Development Manager and Researcher
An October 2019 survey by BoE and FCA found that ML in financial organizations has already passed an initial development phase, and the usage of live ML applications is about to dramatically increase over the next three years. Artificial Intelligence systems are used in market surveillance, they are providing intellectual analysis of news feeds, and they are an important part of the conversational agents facing users and helping them with their business needs from identity verification to trading and portfolio management. How to ensure that an AI-powered system is up to its task? And what would that mean from the software testing perspective?
EXTENT 2019: Exactpro Quality Assurance for Financial Market InfrastructuresIosif Itkin
On Complex Software Systems Testing — Alexey Zverev, co-CEO & co-founder, Exactpro
Software Testing and Machine Learning
Mind the Gap. Applying Process Mining
Learning from Failure is not just for Humans
Dancing with Whales. Adaptive Log Classification System
On Traceability and the Illusion of Control
Building Partnerships
Demystifying DLT Testing One Network at a Time
Get the MOST from FIX
Georgia on My Mind
Build Software to Test Software — Iosif Itkin, co-CEO & co-founder, Exactpro
ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...Iosif Itkin
Synchronize Europe
18th June 2019
Iosif Itkin, co-CEO and co-founder, Exactpro
Using the ISDA CDM Swaps application, simultaneously execute multiple end-to-end scenarios for DAML applications in capital markets - validate with actual contract data on ledger.
EXTENT Talks 2019 Tbilisi: Failover and Recovery Test Automation - Ivan ShamraiIosif Itkin
Ivan Shamray, Senior NFT Analyst, Exactpro
20 April 2019 EXTENT Talks, Tbilisi, Georgia
Tbilisi QA Community
EXTENT Talks is a meeting place for IT specialists working in various industries and seeking professional growth, practitioners from IT firms, as well as Quality Assurance enthusiasts of all backgrounds interested in actively participating in local IT events.
EXTENT Talks QA Community Tbilisi 20 April 2019 - Conference OpenIosif Itkin
EXTENT Talks is a meeting place for IT specialists working in various industries and seeking professional growth, practitioners from IT firms, as well as Quality Assurance enthusiasts of all backgrounds interested in actively participating in local IT events. The first EXTENT Talks were held in Tbilisi on 22 February 2019, initiating the creation a QA Community in Tbilisi and laying a foundation for an international platform for exchanging experience and knowledge in the field of software testing, development and IT. The program of the inaugural event included presentations on ISTQB, Software Testing, and Agile methodology from senior specialists. The next EXTENT Talks in Tbilisi will take place on 20 April 2019.
User-Assisted Log Analysis for Quality Control of Distributed Fintech Applica...Iosif Itkin
The First IEEE International Conference On Artificial Intelligence Testing (2019 IEEE AITest)
Iosif Itkin, Anna Gromova, Anton Sitnikov, Elena Treshcheva, Rostislav Yavorskiy, Evgenii Tsymbalov, Andrey Novikov and Kirill Rudakov
1 Exactpro, UK, Georgia, USA, Russia
2 Skolkovo Institute of Science and Technology, Russia
3 Higher School of Economics, Russia
Speakers: Iosif Itkin, CEO and Co-Founder and Elena Treshcheva, Business Development Manager and Researcher - Exactpro
Exactpro provides software testing services for mission-critical technology that underpins global financial markets. Exactpro clients are regulated by FCA, Bank of England and their counterparts from other countries. During this session, Elena and Iosif will talk about end-to-end software testing for post-trade systems in financial market infrastructures. What are the key challenges in quality assurance at this scale? What kind of cognitive biases affect SDLC? How precise is the knowledge about the systems under test? What constitutes good test evidence? How to deal with complexity in regulated environments?
Behaviour Driven Development: Oltre i limiti del possibileIosif Itkin
The QA Financial Forum: Milan 2019
23 January at the Excelsior Hotel Gallia.
Anna-Maria Lukina, Exactpro Business Development Director
The QA Financial Forum: Milan is one of the leading fintech conferences in Italy. The event focuses on the latest achievements in software risk management and automation of software testing. The predominant theme of the Milan event will be Quality Assurance for the entire Software Development Life Cycle (SDLC).
The topics under discussion will feature:
- Technologies for Automation & AI
- DevOps & CI/CD
- Value Stream Management
- Test Data Management
- Regulatory Compliance
- App Security & DevSecOps
- Testing and quality assurance of Blockchain platforms
The official language of the event is Italian.
On 17th January 2018 Exactpro successfully completed a management buyout from London Stock Exchange Group (LSEG), signed a new multi-year master services agreement with LSEG, and opened its head office in London.
What else has happened in 2018?
I wanted to take the opportunity to reflect on what has been an unusual year for Exactpro.
Integration front to back - Mr. Custodian tear down that wall
The scope of the application level has been continuous extended over the years, albeit with a focus on the area of pre-trade and trade.
Recently, there has been an increased interest to move further into the area of post-trade which is predominantly driven by the ISO 20022 standard. Is there really a need for new FIX messages in areas such as payments and
what are the integration problems needing a resolution?
Panellists
- Iosif Itkin, CEO, Exactpro
- Jim Northey, Co-Chair Global Technical Committee, Americas Region, FIX Trading Community, Chair Elect, ISO TC68 Financial
Services Technical Committee, and Consultant and Industry Standards Liaison, Itiviti
- Barry Young, Director, Aladdin Product Manager, BlackRock
BDD. The Outer Limits. Iosif Itkin at Youcon (in Russian)Iosif Itkin
Exactpro is supporting the 3rd annual IT-conference YouCon to take place on 14th October in Saratov, Russia. Over 900 programmers, systems engineers and architects, software QA engineers, and marketing specialists will gather to discuss the latest trends in programming technology. It is the largest IT industry event in Saratov.
Iosif Itkin, CEO of Exactpro, part of London Stock Exchange Group, will deliver a "BDD. The Outer Limits" presentation named after Iosif's favorite Sci-Fi series.
The topics to be covered are:
Behavior Driven Development concepts
Applying BDD in trading and clearing systems
Specification by Example and using production data
Combining Model-based testing and BDD
The Outer Limits
There will be an opportunity to ask questions, share thoughts and expertise in BDD, or just chat with a representative at the Exactpro stand at any time during the event.
Don't miss out, stop by and ask how you can get your Exactpro souvenir :)
We look forward to meeting you there!
#Exactpro #Youconsaratov
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
EXTENT-2016: Industry Practices of Advanced Program Analysis
1. Institute for System Programming of the Russian Academy of Sciences
Industry practices of
advanced program
analysis
Alexey Khoroshilov
khoroshilov@ispras.ru
ExTENT-2016
London, 22 June 2016
2. The Goal of Verification
to make sure there is no any bugs in any
possible execution of the target software
●
with minimal cost
Verification
Fresh Software Verified Software
3. The Goal of Verification
to achieve maximal assurance that there is no
any bugs in any possible execution of the
target software
●
within reasonable cost
Verification
Fresh Software Verified Software
5. Inductive Reasoning
●
Conclusions are supported by its premises
●
If premises are true, it would be unlikely
impossible for the conclusions to be false
●
Example:
●
Every time I’ve walked by that dog,
he hasn’t tried to bite me.
●
So, the next time I walk by that dog he won’t
try to bite me.
6. Inductive Reasoning
●
Conclusions are supported by its premises
●
If premises are true, it would be unlikely
impossible for the conclusions to be false
●
Example:
●
The component behaves correctly
on all test data.
●
So, the component always
behaves correctly.
7. Inductive Reasoning on Program
Correctness
●
The component behaves correctly on all
test data
●
Tests are quite representative
=>
●
The component always behaves correctly
8. Deductive Reasoning
●
Conclusions certainly follow
from its premises
●
If premises are true, it is impossible for the
conclusions to be false
●
Example:
●
All men are mortal.
●
Socrates is a man.
●
Therefore, Socrates is mortal.
11. Deductive Reasoning on
Program Correctness
●
If assumptions are held
●
regarding compiler&linker
●
regarding environment behaviour
●
regarding input data
●
The component always behaves correctly
12. Deductive Reasoning on
Program Correctness
●
If assumptions are held
●
regarding compiler&linker
●
regarding environment behaviour
●
regarding input data
●
The component always behaves correctly
(i.e. terminates and its output satisfies to
postcondition)
14. START:
( y1
, y2
) ( 0, x1
)
y2
x2
FT
( y1
, y2
) ( y1
+1, y2
- x2
) HALT:
( z1
, z2
) ( y1
, y2
)
A: Precondition
(x1
0) (x2
0)
С: Postcondition
(x1
= z1
x2
+ z2
) (0 z2
< x2
)
B: Invariant
(x1
= y1
x2
+ y2
) ∧ (y2
0)
Deductive Verification
Prove program correctness by induction:
Let precondition to be held in A we pass A->B => Invariant is held in B
Let invariant to be held in B we pass B-T->B => Invariant is held in B
Let invariant to be held in B we pass B-F->C => Postcondition is held in С
Let precondition to be held in A we pass A->C => Postcondition is held in С
=>
18. Deductive Verification
Historical Perspective
1947
1970
2000
2010
●
Lecture of Alan Turing to London Mathematical Society
●
Methods of Floyd/Hoare
●
Deductive verifcation tools for Ada, C, Java, С#
●
SunRise, ESC/Java, Frama-C, LOOP, Boogie/VCC
●
Application in real-life projects for small-size components
●
Nuclear power (UK, France)
●
Avionics (Airbus, NASA, UK Air Traffic Control)
●
Components of operating systems
(seL4, Verisoft, Verisoft-XT)
19. Industry Applications
●
UK Air Traffic Management System
●
250 KLOC of logical lines of code (in Ada)
●
proof type safety, few functional correctness
code
●
153K VCs, of which 98.76% are proven
automatically
(*) Angela Wallenburg “Safe and Secure Programming Using Spark”
20. Years Tools Target code Scope Size
Verisoft 2004-2008 Isabelle
designed for
verification
hw/kernel/
compiler/
libraries/apps
10 kLOC
(kernel)
L4.verified
seL4
2004-2009 Isabelle
designed for
verification,
performance
oriented
microkernel
security model
(no MMU)
7.5 kLOC
(without
asm and
boot)
Verisoft-XT
small-hv
2007-2013 VCC
designed for
verification
separation
property only
2.5 kLOC
Verisoft-XT
Hyper-V
2007-2013 VCC industrial
separation
property only
100 kLOC
Verisoft-XT
PikeOS
2007-2013 VCC
industrial,
simplicity for
performance
some system
calls
10 KLOC
OS Deductive Verification
21. Linux Verification Center
founded in 2005
●
OLVER Program
●
Linux Standard Base Infrastructure Program
●
Linux Driver Verification Program
●
Linux File System Verification Program
●
Linux Deductive Verification Program
22. Toolset for Event-B models verification
Model of security
requirements
Formalized security
model
Formalized
low-level security
model
Manual
Automated
verification
Security
requirements
Security model
AstraVer Toolchain (*)
for deductive verification of C programs
(based on Frama-C – Jessie – Why3)
Pre-/post-conditions
of LSM operations
Security
arcitecture
LSM
source code
Model of security
requirements
Mathematical
notation
LSM
Implementation
implements
Specificatiion of
library functions
Linux
kernel
AstraVer Project
AstraLinux(*) The research on deductive verification tools development was carried out with funding from
the Ministry of Education and Science of Russia (the project unique identifier is RFMEFI60414X0051
23. Deductive Verification Status
●
Reasonable Tool Support
●
Ada, C, C#, Java
●
Functional specification as comments,
even natively supported in Ada-2012
●
Dedicated languages: Boogie, Why3
●
Manual efforts still significant
●
up to 10x of development efforts
●
highly skilled team required
24. Testing and Deductive Verification
1 kind
bugs
all kinds
of bugs
in all executions
Deductive
1. Proof of complete correctness
under some assumptions
2. Very labour intensive and
time consuming
in 1 execution
Test
Test Suite
25. Testing
Deductive
Verification
Kind of bugs almost all almost all
Executions
under analysis
small almost all
Development
cost
linear huge
Execution
cost
hw small
(target hw)
hw small
Result analysis
cost
small big
Maintenance
cost
small to big huge
Testing and Deductive Verification
28. SVACE by ISPRAS
●
Static analysis of C/C++/Java code,
Linux/Windows
●
150+ kinds of defects
●
Buffer overflows, NULL-pointer dereferences
●
Memory management, tainted input
●
Concurrency issues
●
Lightweight analysis of semantic patterns
●
Eclipse plugin or WebUI
29. Testing
Static
Analysis
Deductive
Verification
Kind of bugs almost all
safety
only
almost all
Executions
under analysis
small almost all almost all
Development
cost
linear 0 to small huge
Execution
cost
hw small
(target hw)
hw small hw small
Result analysis
cost
small
medium
(false alarms)
big
Maintenance
cost
small to big small huge
Testing and Program Analysis
30. Testing
Static
Analysis
Deductive
Verification
Kind of bugs almost all
safety
only
almost all
Executions
under analysis
small
big
almost all
almost all
Development
cost
linear 0 to small huge
Execution
cost
hw small
(target hw)
hw small hw small
Result analysis
cost
small
medium
(false alarms)
big
Maintenance
cost
small to big small huge
Testing and Program Analysis
31. Testing and Program Analysis
1 kind
bugs
all kinds
of bugs
in all executions
Deductive
in 1 execution
Test
Test Suite
SVACE
1. Static analysis
2. Quickly finds potential bugs
3. No any guarantee
34. Error Location?
int f(int y)
{
struct urb *x;
x = usb_alloc_urb(0,GFP_KERNEL);
...
usb_free_urb(x);
return y;
}
35. Error Location?
int f(int y)
{
struct urb *x;
x = usb_alloc_urb(0,GFP_KERNEL); // allocate new URB
...
usb_free_urb(x); // deallocate URB: assert(x is NULL or previously allocated URB)
return y;
}
…
// after module exit: assert( all allocated URBs are deallocated)
36. Instrumentation
int f(int y)
{
struct urb *x;
x = usb_alloc_urb(0,GFP_KERNEL);
...
usb_free_urb(x);
return y;
}
set URBS = empty;
int f(int y)
{
struct urb *x;
x = usb_alloc_urb();
add(URBS, urb);
...
assert(contains(URBS, x));
usb_free_urb(x);
remove(URBS, urb);
return y;
}
…
// after module exit
assert(is_empty(URBS));
39. Counter-Example Guided
Abstraction Refinement
●
Detailed model of a program is huge
●
Detailed model of a program is not needed to
check a particular property
●
Detailed model of a concrete path in a program
is suitable for analysis
=>
●
Build a model that is just enough to check the
particular property
44. Linux Verification Center
founded in 2005
●
OLVER Program
●
Linux Standard Base Infrastructure Program
●
Linux Driver Verification Program
●
Linux File System Verification Program
●
Linux Deductive Verification Program
47. SVACE vs. LDV
SVACE LDV-CPAchecker
Time of analysis 2 hrs
111 hrs
(4.5 days)
Warnings 35 328
True bugs 8 103
True positive rate 23% 31%
●
Target code:
●
Linux kernel 3.17-rc1, allmodconfig, x86-64
●
3 223 modules, 33 373 source files
●
Target bugs:
●
double free, memory leaks
There is no a single common bugs!
48. Testing and Program Analysis
1 kind
bugs
all kinds
of bugs
in all executions
Deductive
in 1 execution
Test
Test Suite
SVACE LDV
1. Investigates all possible paths
2. Is able to prove absence of bugs
of particular kind
3. Domain-specific (framework) adaptation
(environment model, library model)
4. Applicability limited to medium-sized
components (up to 50 KLoC)
5. Requires nonzero hardware resources
- time: 15 minutes per rule per module
- memory: 15 Gb
49. Testing
Static
Analysis
Software Model
Checking
Deductive
Verification
Kind of bugs almost all
safety
only
safety
only
almost all
Executions
under analysis
small big almost all almost all
Development
cost
linear 0 to small medium huge
Execution
cost
hw small
(target hw)
hw small hw big hw small
Result analysis
cost
small
medium
(false alarms)
medium
(false alarms)
big
Maintenance
cost
small to big small small huge
Testing and Program Analysis
50. Conclusions
●
There is no silver bullet
●
The key is in a competent combination of
available techniques
51. Conclusions (2)
●
Two advanced program analysis techniques:
●
Deductive verification
●
+ proof of complete correctness under some
assumptions
●
– significant manual efforts
●
– highly skilled team required
●
=> only for really important code
●
Software model checking
●
+ investigates almost all possible paths
●
+ complimentary to static analysis
●
– per framework/domian adaptation required
●
– limited to medium-sized components (up to 50 KLoC)
52. Institute for System Programming of the Russian Academy of Sciences
Thank you!
Alexey Khoroshilov
khoroshilov@ispras.ru
http://linuxtesting.org/
Morris Kline. “Mathematics: The Loss of Certainty” Oxford Press, 1980