Chair of Software and Security at Schaffhausen Institute of Technology

Prof. Bertrand Meyer

Prof. Bertrand Meyer

Head of the Chair of Software and Security
at Schaffhausen Institute of Technology

Professor of Software Engineering (emeritus) at ETH Zurich: Chair of Software Engineering. Chief Technology Officer, Eiffel Software.

CV: Électricité de France 1974-1983; Univ. of California Santa Barbara 1983-1985; Eiffel Software, Santa Barbara since 1985 (president until 2001, then CTO); ETH Zurich since Oct. 2001 (department chair 2004-2006).

Modern software systems are extremely complex constructions. Some of them are more complex than any engineering system (jet plane, space station, airport...) ever built by humankind.

In fact their level of complexity is more comparable to that of human systems such as a large city, but with a major difference: in a human system, many things can go wrong without shutting down the system; for example, in any city at any given time, there are traffic jams, accidents, closed streets, burglaries and so on, which cause disruption but not shutdown. In a software system, everything has to be right (changing a single bit in the object code of Windows, out of billions, may render the OS inoperative). Conversely, it is possible to make major changes which are not immediately detected; intruders take advantage of this property.

Fortunately, techniques of software analysis, which treat a software system as an artifact worthy of large- scale extensive study (with both logical techniques and big-data/machine learning techniques) have made tremendous progress in recent years.

The Software Analysis Factory is a general platform combining many different techniques to dissect software systems, small, large or very large, and explore their properties.

A SAF user feeds a software system (source form and object form) into the SAF and also presents a number of questions ("is a buffer overflow possible?"); the SAF produces responses in the form of an analysis. The key is the extremely high quality of such analyses, which must be sound (give correct answers) and precise (give the best answers), as well as fast. This quality, relying on advanced techniques (abstract interpretation, model checking, static analysis) is the first unique feature of the SAF.

The term "query" will denote a type of analysis (a type of questions, such as buffer overflow).

The second key distinctive characteristic of the SAF is its parameterizability. The above simplified API is the user API. The second API, giving the SAF its "universal" nature, is the technology API.

Since software analysis is fundamentally dependent on the input format (e.g. programming language), this API provides a way to make the SAF able to handle such a format. The term "handle" will denote such an adaptation (the Python handle, the .NET handle etc.).