Treffer: Combining Design by Contract and Programming Logic to enhance Secure Coding Assistant system

Code security or robustness has been an important topic in the recent decades for the research and software production communities. Defects in code can cause vulnerabilities in the program or system because it can be exploited by attackers. This project has enhanced Secure Coding Assistant system with Design by Contract and Programming Logic. The enhanced system can help programmers detect, locate, and eliminate code errors while coding. Java programmers using this enhanced system are suggested to provide their design contracts to three program structures (i.e., methods, if-then-else statements, and while-loop statements). Programmer-defined design contracts can be automatically generated and checked at the dynamic time of their program execution. Based on the inference rules of if-then-else statements and while-loop statements in the programming logic, the system can automatically generate sub-design contracts using programmer-defined design contracts. The system-generated sub-design contracts can also be automatically checked during run time to further help programmers detect and locate code errors.Furthermore, the weakest pre-conditions of certain sequences of assignments can be automatically generated from the post-conditions of the sequences based on the inference rule of the sequence statements and the assignment axiom in the programming logic. This helps programmers statically analyze the correctness of the relevant programmer-defined design contracts. With the enhancement presented, Secure Coding Assistant can help programmers for early detection of violations of secure coding rules and defects in Java code at the same time.