|
|
Web System for Crowdfunding Based on Selling Items with Custom Imprint
Škvařil, Jan ; Parízek, Pavel (advisor) ; Nečaský, Martin (referee)
The aim of this thesis was to design and implement a web system for organization of crowdfunding campaigns that are based on the sale of items with custom imprint. The implemented system automates and facilitates the whole campaign lifecycle from the design of the imprint in an integrated editor through campaign evaluation up to the distribution of final products to customers. Therefore, there is a minimum number of points where the administrator's action is required. Part of the implementation was also seamless integration with external services like on-line payments, printing house, and social networks. Powered by TCPDF (www.tcpdf.org)
|
|
|
Abstract interpretation of pandas
Hrubý, Jan ; Petříček, Tomáš (advisor) ; Parízek, Pavel (referee)
Pandas is a Python library widely used for data-manipulation. The code written with Pandas lacks any type-safety and everything is decided at runtime. This can potentially be a source of errors and crashes at runtime. One way to deal with that is to use another, type-safe, language and a library with better safety guarantees and compile-time checks. This approach is not widely used as it is not very user-friendly. An alternative approach could be to use program verification method Abstract Interpretation to perform some checks before the run of the program. The goal of this thesis is to design a framework for analyzing data-manipulation programs and implement an analyzer for the Pandas library. The framework will be based on the Abstract Interpretation. The capabilities of the resulting analyzer will be evaluated on a set of small but realistic case studies.
|
|
|
Loop Analysis for LLVM IR Translation Validation Framework
Kubík, Jakub ; Kofroň, Jan (advisor) ; Parízek, Pavel (referee)
Bugs in compilers can have severe consequences. Apart from traditional methods like testing, one of the ways of keeping compilers correct that gained traction only in recent years is translation validation, a technique ensuring the semantic correctness of optimizations in compilers. Alive2 is an open-source translation validation framework for LLVM that is currently widely used by LLVM developers. In order to make any static analysis tool usable, the frequency of false alarms must be kept to a minimum. Alive2 was designed to have zero false alarms and has been very successful in this endeavor except in the case of certain loops. Our aim in this thesis is to analyze Alive2's loop algorithms in an attempt to find the cause of these false alarms. This was motivated by personal communication with authors of Alive2 who presented the false alarm issue in loops as one of the more challenging and pressing issues in Alive2. We were successful in pinpointing the cause of false alarms and even providing a fix for the issue. Our solution is now a part of the Alive2 framework. Furthermore, we have identified other potential issues in Alive2 which we discuss in the thesis as well.
|
|
|
Improving Type Inference in the C# Language
Husák, Tomáš ; Ježek, Pavel (advisor) ; Parízek, Pavel (referee)
C# is a strongly typed language utilizing type inference to save type annotations writ- ten by a programmer. However, the type inference is not as strong as other programming languages like Rust or Haskell. This thesis goal was to propose the C# language improve- ment which would improve the current type inference and would be likely accepted by the C# language design team. For this achievement, we analyzed Rust's type inference and observed necessary language requirements and type inference restrictions based on Hindley-Millner's formalization of type inference. These observations were used to pro- pose a language improvement consisting of two parts. The first part is a C# specification change describing the improvement by adjusting formal C# specification. This part was presented to the C# language design team which resulted in a positive reaction where the team decided to keep moving forward with the proposal to make it available in the future C# language version. The second part is an implementation of the improvement in the official C# language compiler, Roslyn. The implementation is tested by using the original compiler tests and new tests testing the proposal functionality. 1
|
|
|
Extending Data Lineage Analysis for Python with Runtime Types
Luňák, Václav ; Parízek, Pavel (advisor) ; Petříček, Tomáš (referee)
There is an increasing demand in the domain of data science for auto- mated tools analyzing the data lineage of software systems. In situations where general-purpose programming languages are used, Python is among the most popular choices. It is also one of the most challenging to analyze. Manta Flow is an automated data lineage analysis platform that contains a scanner for Python. In this work, we developed an extension of this scanner. Its purpose is to statically determine the types of expressions in an analyzed application. We achieved this by expanding the concept of data flows to carry type information and we appropriately refactored the internals of the scanner. This information was then used to implement an improved method for finding the targets of function invocations during the analysis of data flows.
|
|
|
Performance and Usability Improvements for Data Lineage Analysis of C# Programs
Kleprlík, Jan ; Parízek, Pavel (advisor) ; Bednárek, David (referee)
The Manta Flow is a highly automated static analysis platform producing data lineage over its input and representing it in a graph. The platform performs analysis on various technologies and programming languages via specialised scanners. One of the scanners performs analysis of C# code, or rather its compiled alternative Common Intermediate Language. While the scanner was already capable of analysing non-trivial scenarios, it lacked in some aspects that held it up from its broader adoption by customers. The main issues are low support for analysis of real-life scenarios such as web applications or embedded code in other technologies, sub-optimal performance and imprecise lineage output. As a part of this thesis, we improved the precision, scalability and performance of the scanner on multiple levels of abstractions, from analysis of the CIL to modifications of core high-level analysis algorithms. We added support for analysis of the ASP.NET web endpoints and enabled the C# scanner to be used as a service for analysis of embedded code in other technologies. We improved the precision of the resulting lineage for existing scenarios by modifying the core algorithms used throughout the analysis and optimized the analysis process to lift its performance. 1
|
|
|
Fuzz testing of network subsystem in PikeOS
Piroutek, Jan ; Parízek, Pavel (advisor) ; Yaghob, Jakub (referee)
Stability under every possible circumstance is a goal for a lot of applications. This problem applies to the network stack ANIS of the real-time operating system PikeOS developed by SYSGO. PikeOS requires security and stability because it is used in areas, e.g., airborne systems, where unstable software could cause severe damage. A proven way to ensure the stability and security of software is testing. Fuzzing is an automated testing technique that generates randomized inputs for the application to find bugs, vulnerabilities, or crashes within the application. Another testing technique is long- run testing, which exposes an application to some input for longer periods. Because ANIS is a product usually shipped with PikeOS, it must follow the same security standards. We have developed a testing tool for the ANIS network stack, using the two mentioned techniques and emphasizing the option to configure such a test. This testing tool exposes the ANIS to various scenarios that could stress the stack and uses fuzzing to create a combination of these scenarios automatically, which could crash the network stack. The developed test is implemented with a small set of scenarios that expose ANIS to various network traffic. The test can be extended to work with more scenarios. All scenarios have a predefined set of...
|
|
|
Data Lineage Analysis for Databricks platform
Potočeková, Natália ; Parízek, Pavel (advisor) ; Škoda, Petr (referee)
Notebook-based technologies, like Databricks and Jupyter notebooks, have gained popularity in recent years due to their adaptability and convenience. A notebook is an interactive computational environment that allows users to create documents that contain code, visualizations, and explanatory text in one place. Notebooks provide a space for data exploration, analysis, and documentation, enabling users to easily develop and present their work. The ability to combine code execution with explanations and visualizations within a single document promotes reproducibility, enhances collaboration among team members, and motivates data scientists to efficiently work with data. In this work, we analyzed the Databricks technology in order to extend the Manta Flow platform, a highly automated data lineage analysis tool, to support this technology. We designed and implemented a new scanner that provides basic support for analyzing Databricks notebooks written in Python and Databricks SQL languages. We also provide an implementation of a so-called shared context that can be used for passing information between different scanners in the Manta Flow platform. To visualize the interactions between languages and scanners we extended the Manta graph with a new node type that represents the shared context. Alongside this, we...
|
|
|
Vulnerabilities of web applications
Žák, Vojtěch ; Mareš, Martin (advisor) ; Parízek, Pavel (referee)
Se stále dostupnějším připojením k internetu roste i počet webových aplikací a jejich uživatelů. S tímto nárůstem - jak už to bývá se vším - se zvětšuje i počet lidí, kteří se snaží nedostatky v těchto aplikacích zneužít. V této práci si ukážeme, jak nejčastější zranitelnosti webových aplikací fungují, a jak se jich jako vývojáři můžeme vyvarovat. Zaměříme se i na to, jak odhalit zranitelnosti aplikací jako uživatelé, a jak provést útoky zneužívající tyto zranitelnosti. Součástí této bakalářské práce je také projekt Vulnerability Presentation Server (Vul- pes), který vznikal ve spolupráci se společností CZ.NIC. Jedná se o soubor webových aplikací, ve kterých jsou za účelem jejich demonstrace záměrně ponechány zranitelnosti zmíněné v tomto textu. 1
|
|
|
Data Lineage Analysis Service for Embedded Code
Jurčo, Michal ; Parízek, Pavel (advisor) ; Bednárek, David (referee)
Data integration tools often use embedded code for data manipulation tasks. Popular examples of such tools include AWS Glue data integration service, Databricks platform, Snowflake data cloud or SQL Server Integration Services (SSIS). Embedded code is typi- cally written in programming languages such as Python, Java, C# or JavaScript. Manta Flow is an automated platform that can analyze data lineage in database models, data pipelines of data integration tools, and in application source code, but it lacks the ability to analyze embedded code. In this work, we discussed potential ways to extend the capabilities of Manta Flow with the ability to analyze data lineage in embedded code. We created a general design of a reusable Embedded Code Service that leverages the existing potential of data flow analysis of source code, and uses it to analyze embedded code. We implemented a specialization of this service for the Python programming language, and to demonstrate its usefulness, we designed and implemented a prototype of data lineage scanner for AWS Glue data integration service. This scanner extensively uses the service to analyze data lineage in embedded Python scripts, which we demonstrated on a realistic example. 1
|
guest ::
