<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>FYI<br>
</p>
<div class="moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>EIT Digital and static source code analysis</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
<td>Tue, 7 Mar 2017 12:04:42 +0000</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
<td>STARYNKEVITCH Basile <a class="moz-txt-link-rfc2396E" href="mailto:Basile.STARYNKEVITCH@cea.fr"><Basile.STARYNKEVITCH@cea.fr></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:lakis@elte.hu">lakis@elte.hu</a> <a class="moz-txt-link-rfc2396E" href="mailto:lakis@elte.hu"><lakis@elte.hu></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">Dear Sándor Laki,<br>
<br>
Your <i>Deeply Programmable High-speed Data Planes </i>slides
have interested me. We could bring you our static source code
analysis expertise complementary to your P4C compiler.<br>
<hr>
<br>
<p>The <a moz-do-not-send="true"
href="https://www.eitdigital.eu/">EIT Digital</a>
organization is announcing its 2018 call for collaborative
project proposal on march 17<sup>th</sup>, 2017.</p>
<p>Your organization is considering joing a consortium to work
on a proposal, in one of the
<em>Digital Wellbeing</em>, <em>Digital Finance</em>, <em>Digital
Industry</em>, <em>
Digital Infrastructure</em>, <em>Digital Cities</em> topics
of that call.</p>
<p>I (<a moz-do-not-send="true"
href="mailto:basile.starynkevitch@cea.fr">Basile
Starynkevitch</a>) am a research engineer in the software
safety lab (Laboratoire de Sûreté des Logiciels) of
<a moz-do-not-send="true" href="http://www-list.cea.fr/">CEA,
LIST</a> (the Information Technology focused institute, 800
persons, of
<a moz-do-not-send="true" href="http://www.cea.fr">CEA</a>, a
public applied research organization of 16000 persons in
France).</p>
<p>The <i>LSL</i> lab (software safety laboratory) of <i>CEA,
LIST</i> has expertise in static source code analysis, both
in a formal methods approach through its flagship product
<a moz-do-not-send="true" href="http://frama-c.com/">Frama-C</a>
and in more heuristic approaches by leveraging on existing
compilers like with
<a moz-do-not-send="true" href="http://gcc-melt.org/">GCC MELT</a>,
which is a domain specific language to work on
<a moz-do-not-send="true" href="http://gcc.gnu.org/">GCC</a>
internal representations, or <a moz-do-not-send="true"
href="http://clang.llvm.org/">
Clang/LLVM</a>.</p>
<p>We are looking to join a consortium working on a proposal for
<a moz-do-not-send="true" href="https://www.eitdigital.eu/">
EIT Digital</a>. As soon as you have software <em>source
code</em> for one of the topics
<small>(<i>Digital Wellbeing</i>, <i>Digital Finance</i>, <i>Digital
Industry</i>,
<i>Digital Infrastructure</i>, <i>Digital Cities</i>)</small>
relevant to that call, we propose to to develop a specialized
tool (preferably open source, above existing technologies),
for developers & engineers writing source code (in C, C++,
and Ada if needed...) targeting that topic. We are considering
contributing to a project by working in
<em>some</em> (one or several) of these aspects:</p>
<ul>
<li>If your domain <small>(one of <i>Digital Wellbeing</i>,
<i>Digital Finance</i>,
<i>Digital Industry</i>, <i>Digital Infrastructure</i>, <i>Digital
Cities</i>)</small> has some common or (de-facto)
standard
<a moz-do-not-send="true"
href="https://en.wikipedia.org/wiki/Application_programming_interface">application
programming interface</a> (or API, cf. note
<a moz-do-not-send="true" id="#callnote1">1</a>), we could
develop a specialized tool (preferably open source, above
existing technologies), for developers & engineers
writing source code (in C, C++, and Ada or Go if needed...)
targeting that domain and using that API. This tool could
assist your domain's application software developer by
analysing and checking the
<em>validity of the source code against coding rules,
invariants, and good practices</em> specific to these
software frameworks and domains. Such a tool would work both
on small and large software pieces.</li>
<li>If your domain contains safety critical cyber-physical
software where <a moz-do-not-send="true"
href="https://en.wikipedia.org/wiki/Computer_security">
cybersecurity</a> threats are important (risking lives or
large assets), we could develop a software proving tool
using
<a moz-do-not-send="true"
href="https://en.wikipedia.org/wiki/Formal_methods">formal
methods</a> targeting your domain. This approach (related
to
<a moz-do-not-send="true"
href="https://en.wikipedia.org/wiki/Proof_assistant">proof
assistants</a>) is particularily suitable for critical
small pieces of software (less than a few hundred thousands
of source code lines; cf. note
<a moz-do-not-send="true" id="#callnote2">2</a>).</li>
<li>If your domain has an eco-system of legacy code with
hundred of millions of lines (cf. note
<a moz-do-not-send="true" id="#callnote3">3</a>), we propose
to adopt a <i>big data</i> or <i>machine learning</i>
approach to develop a tool to help in several software
engineering tasks:
<i>code retrieval</i>, i.e. finding some piece of code
related to some subject in a large set of software packages;
<i>code comprehension</i>, i.e. helping the newbie software
developer to use a big software library, cf. note
<a moz-do-not-send="true" id="#callnote4">4</a>; <i>code
verification</i>, i.e. using machine learning techniques
to help debugging and testing some piece of software.</li>
</ul>
<p>We are also more broadly interested in <em>bringing static
source code analysis techniques</em> to software developers
on
<a moz-do-not-send="true" href="https://www.eitdigital.eu/">EIT
Digital</a> topics.</p>
<p>Feel free to contact me (<a moz-do-not-send="true"
href="mailto:basile.starynkevitch@cea.fr"><code>basile.starynkevitch@cea.fr</code></a>)
and to forward this message
<small>(downloadable on <a moz-do-not-send="true"
href="http://gcc-melt.org/EIT_Digital2017-interest-Starynkevitch.html">
<code>http://gcc-melt.org/EIT_Digital2017-interest-Starynkevitch.html</code></a>)</small>
to your colleagues and partners.</p>
<p>I look forward to discussing with you.</p>
<pre><b>Basile Starynkevitch</b>,
mobile: +33 6 8501 2359; office: +33 1 6908 6595
CEA LIST Nano-Innov b862 PC 174 - <i>91191 GIF/YVETTE CEDEX</i>, France
<a moz-do-not-send="true" href="mailto:basile.starynkevitch@cea.fr"><code>basile.starynkevitch@cea.fr</code></a></pre>
<br>
<hr>
<h2 class="notes">Notes</h2>
<p class="note" id="note1"><b>note <a moz-do-not-send="true">1</a></b>:
So an <a moz-do-not-send="true"
href="https://en.wikipedia.org/wiki/Application_programming_interface">
API</a> is defined as a set of functions or abstract
classes' declarations, e.g. in some C or C++
<a moz-do-not-send="true"
href="https://en.wikipedia.org/wiki/Include_directive"><code>#include</code>-ed
header files</a> or their equivalent in another programming
language, etc...</p>
<p class="note" id="note2"><b>note <a moz-do-not-send="true">2</a></b>:
We are of course well aware that formal methods (notably sound
static analyzers) do not scale well to huge multi-million
lines software, and may require expertise to be used. They are
particularily suitable for development of small but costly
critical software.</p>
<p class="note" id="note3"><b>note <a moz-do-not-send="true">3</a></b>:
an example of eco-system of legacy code is the
<a moz-do-not-send="true" href="http://www.genivi.org/">GENIVI</a>
alliance in the automotive sector. Other industrial domains
have also such alliances, or are building them.</p>
<p class="note" id="note4"><b>note <a moz-do-not-send="true">4</a></b>:
Quite often, a software developer has to use large
infrastructure code (such as
<a moz-do-not-send="true" href="http://qt.io/">Qt</a> GUI
framework, the <a moz-do-not-send="true"
href="http://pubs.opengroup.org/onlinepubs/9699919799/">
POSIX</a> API, RDBMS libraries like <a
moz-do-not-send="true"
href="https://dev.mysql.com/doc/refman/5.7/en/c-api-implementations.html">libmysqlclient</a>,
etc...) and mastering such libraries require years of work. We
suggest to develop tools helping that effort.</p>
<hr>
<br>
Please forward this message to your partners. Thanks.<br>
<br>
Regards.<br>
<br>
Dr Basile Starynkevitch - research engineer at CEA, LIST, DILS<br>
CEA LIST Nano-Innov b862 PC 174 - 91191 GIF/YVETTE CEDEX, France<br>
mobile: +33 [0]6 8501 2359; office: +33 [0]1 6908 6595<br>
<a class="moz-txt-link-freetext" href="http://gcc-melt.org/">http://gcc-melt.org/</a><br>
</div>
</div>
<br /><br />
<hr style='border:none; color:#909090; background-color:#B0B0B0; height: 1px; width: 99%;' />
<table style='border-collapse:collapse;border:none;'>
<tr>
<td style='border:none;padding:0px 15px 0px 8px'>
<a href="https://www.avast.com/antivirus">
<img border=0 src="http://static.avast.com/emails/avast-mail-stamp.png" alt="Avast logo" />
</a>
</td>
<td>
<p style='color:#3d4d5a; font-family:"Calibri","Verdana","Arial","Helvetica"; font-size:12pt;'>
Ezt az e-mailt az Avast víruskereső szoftver átvizsgálta.
<br><a href="https://www.avast.com/antivirus">www.avast.com</a>
</p>
</td>
</tr>
</table>
<br />
</body>
</html>