Reactive Systems logo

Automated Testing and Validation with Reactis®

August 22, 2017
Newsletters
Communicator
 
Spacer
Back to Communicator Archive
To : Reactis Users
From : Reactive Systems, Inc.
    http://www.reactive-systems.com/
Date : March 21, 2011

IN THIS INSTALLMENT:

  1. Reactive Systems Announces New Product: Reactis for C
  2. Reactis for C Finds Runtime Error in Open-Source Encryption Program
  3. Reactis Goes Social
  4. Japan Employees Safe

Reactive Systems Announces New Product: Reactis for C

We are pleased to announce the first release of our new product, Reactis for C. Reactis for C is a testing and validation tool targeted at embedded software developers using the C programming language. The goal of this exciting new product is to improve the quality of embedded systems written in C while simultaneously reducing development costs.

Reactis for C brings the proven capabilities of Reactis to programmers developing embedded software using the C programming language. Like its sibling product, Reactis for Simulink, Reactis for C supports the software development process via a Test, Simulate, and Validate paradigm. In Reactis for C, this support is provided by C-specific versions of Reactis Tester, Simulator and Validator.

Reactis Tester automatically generates comprehensive yet compact test suites from a C program. The tests aim to exercise all statements, decisions, conditions, and even MC/DC targets within C code. By thoroughly exercising a program while immediately detecting anomalous program behavior, Reactis for C often uncovers runtime errors that are difficult to detect using traditional testing and debugging methods. Errors detected include the following:

  • Memory errors:
    • Exceeding the bounds of an array or heap-allocated data
    • Accessing heap memory after the memory has been recycled
    • Accessing (via pointer) a local variable of a function after the function has returned
    • Reading from uninitialized heap or stack memory
  • Overflow errors
  • Divide-by-zero errors
  • Invalid shift operations

Reactis Simulator executes C code in an advanced debugging environment that offers data tracking (scopes and watched variables), coverage tracking (Statement, Decision, Condition, and MC/DC), breakpoints and single-stepping. A vital feature of Reactis Simulator is that any error which causes data corruption is immediately caught instead of producing latent erroneous behavior.

When an error is detected by Tester, Reactis Simulator can be used to replay a concrete execution sequence leading to the problem in order to understand, diagnose and fix the bug which caused the error.

Reactis Validator lets you instrument your code with assertions and perform an automated search for violations of the assertions. As is the case for runtime errors, when an assertion violation is found, a test is recorded to easily replay in Simulator the scenario that leads to the error.

Reactis for C can also be used in combination with Reactis for Simulink. Synergy between the two tool-suites provides even stronger support for model-based software development. Behavioral conformance between software models and C source code can be checked by generating tests from a model using Reactis for Simulink and then running the tests on the implementation using Reactis for C. Models which have been reverse-engineered from legacy code can be validated by generating tests from the legacy code using Reactis for C and then running the same tests on the model using Reactis for Simulink.

More information is available in a video and a white paper Finding Bugs in C Code with Reactis for C.

Reactis for C is now available from the Reactis User Pages. We invite you to give it a try with a free 30-day trial.

Reactis for C Finds Runtime Error in Open-Source Encryption Program

A beta version of Reactis for C was used to find a previously unknown runtime error in an open-source version of the AES encryption standard. AES is a symmetric-key encryption algorithm adopted by the US government in 2000, and declared secure enough to protect classified information up to the TOP SECRET level in 2003. The AES program was published on the Planet Source Code open-source code repository in 2004. The bug discovered by Reactis for C was reported to the program's developer, who subsequently published it along with instructions on how to fix the coding error, so others could benefit from the finding.

The application of Reactis for C on the Planet Source Code AES program was carried out by Stony Brook University Computer Science undergraduate Chris Wischerth. Chris was enrolled in the Fall 2010 version of CSE 487, Research in Computer Science, under the supervision of Professor Scott Smolka, a Stony Brook Computer Science faculty member and co-founder of Reactive Systems.

The bug in question was an out-of-bounds array index, a runtime error that goes by the name of "Buffer Overflow" in the Computer Security community. It had gone undiscovered since the AES program's initial release, a period of seven years. Buffer overflow is a well known security breach responsible for a number of highly publicized attacks, including the Code Red worm, which exploited a buffer overflow in Microsoft's Internet Information Services (IIS) 5.0, and the SQL Slammer worm, which compromised machines running Microsoft SQL Server 2000.

Reactis for C's ability to unearth this runtime error in the Planet Source Code AES program nicely illustrates the tool's capabilities. Reactis for C should be part of every C-code developer's tool-box.

Reactis Goes Social

We have recently initiated a presence at social networking sites LinkedIn, Facebook, and Twitter. The effort aims to engage model-based design engineers and embedded C programming professionals by providing current information and updates on a range of issues. The sites will also provide a venue for the community to comment on, discuss, and offer feedback on Reactis-related issues. Social networking has impacted the way many people consume information and communicate with one another, so we hope our participation will give you a connection to Reactis through whatever channel you find most convenient. Our presence is intended to complement our website (http://www.reactive-systems.com) as a means of communicating and connecting. You can now connect with us at:

Japan Employees Safe

We are deeply grateful that all Reactive Systems employees in Japan and their families are safe. Our hearts go out to all of the victims of the earthquake and tsunami.

Best Regards,
The Reactis Team


Back to Communicator Archive
Spacer