Xing Hu,Zhipeng Gao,Xin Xia,David Lo,Xiaohu Yang

DOI: https://doi.org/10.1109/ase51524.2021.9678552

2021-01-01

Abstract:Smart contracts have obtained much attention and are crucial for automatic financial and business transactions. For end-users who have never seen the source code, they can read the user notice shown in end-user client to understand what a transaction does of a smart contract function. However, due to time constraints or lack of motivation, user notice is often missing during the development of smart contracts. For end-users who lack the information of the user notices, there is no easy way for them to check the code semantics of the smart contracts. Thus, in this paper, we propose a new approach SMARTDOC to generate user notice for smart contract functions automatically. Our tool can help end-users better understand the smart contract and aware of the financial risks, improving the users' confidence on the reliability of the smart contracts. SMARTDOC exploits the Transformer to learn the representation of source code and generates natural language descriptions from the learned representation. We also integrate the Pointer mechanism to copy words from the input source code instead of generating words during the prediction process. We extract 7,878 (function, notice) pairs from 54,739 smart contracts written in Solidity. Due to the limited amount of collected smart contract functions (i.e., 7,878 functions), we exploit a transfer learning technique to utilize the learned knowledge to improve the performance of SMARTDOC. The learned knowledge obtained by the pre-training on a corpus of Java code, that has similar characteristics as Solidity code. The experimental results show that our approach can effectively generate user notice given the source code and significantly outperform the state-of-the-art approaches. To investigate human perspectives on our generated user notice, we also conduct a human evaluation and ask participants to score user notice generated by different approaches. Results show that SMARTDOC outperforms baselines from three aspects, naturalness, informativeness, and similarity.

Zhiyuan Wei,Jing Sun,Zijian Zhang,Xianhao Zhang,Meng Li,Liehuang Zhu

2023-11-02

Abstract:Blockchain smart contracts have emerged as a transformative force in the digital realm, spawning a diverse range of compelling applications. Since solidity smart contracts across various domains manage trillions of dollars in virtual coins, they become a prime target for attacks. One of the primary challenges is keeping abreast of the latest techniques and tools for developing secure smart contracts and examining those already deployed. In this paper, we seek to address these challenges from four aspects: (1) We begin by examining ten automatic tools, specifically focusing on their methodologies and their ability to identify vulnerabilities in solidity smart contracts. (2) We propose a novel criterion for evaluating these tools, based on the ISO/IEC 25010 standard. (3) To facilitate the evaluation of the selected tools, we construct a benchmark that encompasses two distinct datasets: a collection of 389 labelled smart contracts and a scaled set of 20,000 unique cases from real-world contracts. (4) We provide a comparison of the selected tools, offering insights into their strengths and weaknesses and highlighting areas where further improvements are needed. Through this evaluation, we hope to provide developers and researchers with valuable guidance on selecting and using smart contract analysis tools and contribute to the ongoing efforts to improve the security and reliability of smart contracts.

Distributed, Parallel, and Cluster Computing

Ting Chen,Zihao Li,Hao Zhou,Jiachi Chen,Xiapu Luo,Xiaoqi Li,Xiaosong Zhang

DOI: https://doi.org/10.1145/3183399.3183420

2018-01-01

Abstract:Being a new kind of software leveraging blockchain to execute real contracts, smart contracts are in great demand due to many advantages. Ethereum is the largest blockchain platform that supports smart contracts by running them in its virtual machine. To ensure that a smart contract will terminate eventually and prevent abuse of resources, Ethereum charges the developers for deploying smart contracts and the users for executing smart contracts. Although our previous work shows that under-optimized smart contracts may cost more money than necessary, it just lists 7 anti-patterns and the detection method for 3 of them. In this paper, we conduct the first in-depth investigation on such under-optimized smart contracts. We first identify 24 anti-patterns from the execution traces of real smart contracts. Then, we design and develop GasReducer, the first tool to automatically detect all these anti-patterns from the bytecode of smart contracts and replace them with efficient code through bytecode-to-bytecode optimization. Using GasReducer to analyze all smart contracts and their execution traces, we detect 9,490,768 and 557,565,754 anti-pattern instances in deploying and invoking smart contracts, respectively

Shiji Wang,Xiangfu Zhao

DOI: https://doi.org/10.1007/s10515-024-00471-8

IF: 1.677

2024-10-25

Automated Software Engineering

Abstract:Frequent smart contract security incidents pose a threat to the credibility of the Ethereum platform, making smart contract vulnerability detection a focal point of concern. Previous research has proposed vulnerability detection methods in smart contracts. Generally, these tools rely on predefined rules to detect vulnerable smart contracts. However, using out-of-date rules for vulnerability detection may lead to a significant number of false negatives and false positives due to the growing variety of smart contract vulnerability types and the ongoing enhancement of vulnerability defense mechanisms. In this paper, we propose ContractSentry, a tool for static analysis of smart contracts. First, we preprocess Solidity code to build critical contract information and transform it into an intermediate representation. Then, based on the intermediate representations, we propose composite rules for vulnerability detection by analyzing the characteristics of different types of vulnerabilities in smart contracts. Finally, we evaluate ContractSentry with two datasets and compare it with state-of-the-art vulnerability detection tools. Experimental results demonstrate that ContractSentry achieves superior detection effectiveness.

computer science, software engineering

William Zhang,Sebastian Banescu,Leonardo Passos,Steven Stewart,Vijay Ganesh

DOI: https://doi.org/10.48550/arXiv.1911.00570

2019-11-01

Cryptography and Security

Abstract:Smart contracts are executable programs that enable the building of a programmable trust mechanism between multiple entities without the need of a trusted third-party. Researchers have developed several security scanners in the past couple of years. However, many of these analyzers either do not scale well, or if they do, produce many false positives. This issue is exacerbated when bugs are triggered only after a series of interactions with the functions of the contract-under-test. A depth-n vulnerability, refers to a vulnerability that requires invoking a specific sequence of n functions to trigger. Depth-n vulnerabilities are time-consuming to detect by existing automated analyzers, because of the combinatorial explosion of sequences of functions that could be executed on smart contracts. In this paper, we present a technique to analyze depth-n vulnerabilities in an efficient and scalable way by combining symbolic execution and data dependency analysis. A significant advantage of combining symbolic with static analysis is that it scales much better than symbolic alone and does not have the problem of false positive that static analysis tools typically have. We have implemented our technique in a tool called MPro, a scalable and automated smart contract analyzer based on the existing symbolic analysis tool Mythril-Classic and the static analysis tool Slither. We analyzed 100 randomly chosen smart contracts on MPro and our evaluation shows that MPro is about n-times faster than Mythril-Classic for detecting depth-n vulnerabilities, while preserving all the detection capabilities of Mythril-Classic.

Mengting He,Shihao Xia,Boqin Qin,Nobuko Yoshida,Tingting Yu,Linhai Song,Yiying Zhang

2024-03-05

Abstract:The execution of smart contracts on Ethereum, a public blockchain system, incurs a fee called gas fee for its computation and data-store consumption. When programmers develop smart contracts (e.g., in the Solidity programming language), they could unknowingly write code snippets that unnecessarily cause more gas fees. These issues, or what we call gas wastes, could lead to significant monetary waste for users. Yet, there have been no systematic examination of them or effective tools for detecting them. This paper takes the initiative in helping Ethereum users reduce their gas fees in two important steps: we conduct the first empirical study on gas wastes in popular smart contracts written in Solidity by understanding their root causes and fixing strategies; we then develop a static tool, PeCatch, to effectively detect gas wastes with simple fixes in Solidity programs based on our study findings. Overall, we make seven insights and four suggestions from our gas-waste study, which could foster future tool development, language improvement, and programmer awareness, and develop eight gas-waste checkers, which pinpoint 383 previously unknown gas wastes from famous Solidity libraries.

Software Engineering

Bo Gao,Siyuan Shen,Ling Shi,Jiaying Li,Jun Sun,Lei Bu

DOI: https://doi.org/10.1109/apsec53868.2021.00034

2021-01-01

Abstract:Smart contracts are computerized transaction protocols built on top of blockchain networks. Users are charged with fees, a.k.a. gas in Ethereum, when they create, deploy or execute smart contracts. Since smart contracts may contain vulnerabilities which may result in huge financial loss, developers and smart contract compilers often insert codes for security checks. The trouble is that those codes consume gas every time they are executed. Many of the inserted codes are however redundant. In this work, we present sOptimize, a tool that optimizes smart contract gas consumption automatically without compromising functionality or security. sOptimize works on smart contract bytecode, statically identifies 3 kinds of code patterns, and further removes them through verification-assisted techniques. The resulting code is guaranteed to be equivalent to the original one and can be directly deployed on blockchain. We evaluate sOptimize on a collection of 1,152 real-world smart contracts and show that it optimizes 43% of them, and the reduction on gas consumption is about 2.0% while in deployment and 1.2% in transactions, the amount can be as high as 954,201 gas units per contract.

Stefan-Claudiu Susan

DOI: https://doi.org/10.4204/EPTCS.410.10

2024-10-31

Abstract:Even though much progress has been made in identifying and mitigating smart contract vulnerabilities, we often hear about coding or design issues leading to great financial losses. This paper presents our progress toward finding defects that are sometimes not detected or completely detected by state-of-the-art analysis tools. Although it is still in its incipient phase, we developed a working solution built on top of Slither that uses interval analysis to evaluate the contract state during the execution of each instruction. To improve the accuracy of our results, we extend interval analysis by also considering the constraints imposed by specific instructions. We present the current solution architecture in detail and show how it could be extended to other static analysis techniques, including how it can be integrated with other third-party tools. Our current benchmarks contain examples of smart contracts that highlight the potential of this approach to detect certain code defects.

Logic in Computer Science,Programming Languages,Software Engineering

ShuKun Liu,XiaoHua Yang,JiFeng Chen

DOI: https://doi.org/10.4028/www.scientific.net/amr.460.240

2012-01-01

Advanced Materials Research

Abstract:In this paper, the main function of program contract in the software quality assurance is showed combined with the technology of static analyzing and dynamical analyzing. And the meaning of contract is described as well. Daikon and Diduce which are the main tools for detecting the program contract are introduced carefully. Not only the work process of Daikon and Diduce is explicated but also the main characters of them are showed. Combined with the framework of software quality assurance, the main differences between Daikon and Diduce are listed and the theoretical model of detecting contract is expressed in detail.

Ziyi Zhao,Jiliang Li,Zhou Su,Yuyi Wang

DOI: https://doi.org/10.1109/tsusc.2022.3221444

2023-01-01

IEEE Transactions on Sustainable Computing

Abstract:Smart contracts are programs running on Ethereum, whose deployment and use require gas. Gas measures the cost of performing specific operations as an index designed to quantify the computing power consumption. Existing unoptimized smart contracts make contract developers and users spend extra gas. To save gas and optimize smart contracts, this paper proposes a new tool named GaSaver for automatically detecting gas-expensive patterns based on Solidity source code. Specifically, we first identify 12 gas-expensive patterns in smart contracts and classify them into three categories: storage-related, judgment-related, and loop-related. Then, we deploy gas-expensive patterns and group them into three levels according to gas waste degree. By conducting extensive experiments on real data sets, we find that 89.68 $\%$ of the 1172 smart contracts suffer from gas-expensive patterns, 94.27 $\%$ of 1100 new smart contracts are gas-expensive, and 80.56 $\%$ of 72 widely used smart contracts are affected. Finally, the experiment results show that the proposed GaSaver can effectively optimize smart contracts. Besides, the proportion of gas-expensive cases in widely used smart contracts is lower than that in the newly released smart contracts.

Josselin Feist,Gustavo Grieco,Alex Groce

DOI: https://doi.org/10.1109/WETSEB.2019.00008

2019-08-27

Abstract:This paper describes Slither, a static analysis framework designed to provide rich information about Ethereum smart contracts. It works by converting Solidity smart contracts into an intermediate representation called SlithIR. SlithIR uses Static Single Assignment (SSA) form and a reduced instruction set to ease implementation of analyses while preserving semantic information that would be lost in transforming Solidity to bytecode. Slither allows for the application of commonly used program analysis techniques like dataflow and taint tracking. Our framework has four main use cases: (1) automated detection of vulnerabilities, (2) automated detection of code optimization opportunities, (3) improvement of the user's understanding of the contracts, and (4) assistance with code review. In this paper, we present an overview of Slither, detail the design of its intermediate representation, and evaluate its capabilities on real-world contracts. We show that Slither's bug detection is fast, accurate, and outperforms other static analysis tools at finding issues in Ethereum smart contracts in terms of speed, robustness, and balance of detection and false positives. We compared tools using a large dataset of smart contracts and manually reviewed results for 1000 of the most used contracts.

Software Engineering,Cryptography and Security

Zexu Wang,Jiachi Chen,Yanlin Wang,Yu Zhang,Weizhe Zhang,Zibin Zheng

2024-03-18

Abstract:Reentrancy vulnerability as one of the most notorious vulnerabilities, has been a prominent topic in smart contract security research. Research shows that existing vulnerability detection presents a range of challenges, especially as smart contracts continue to increase in complexity. Existing tools perform poorly in terms of efficiency and successful detection rates for vulnerabilities in complex contracts. To effectively detect reentrancy vulnerabilities in contracts with complex logic, we propose a tool named SliSE. SliSE's detection process consists of two stages: Warning Search and Symbolic Execution Verification. In Stage I, SliSE utilizes program slicing to analyze the Inter-contract Program Dependency Graph (I-PDG) of the contract, and collects suspicious vulnerability information as warnings. In Stage II, symbolic execution is employed to verify the reachability of these warnings, thereby enhancing vulnerability detection accuracy. SliSE obtained the best performance compared with eight state-of-the-art detection tools. It achieved an F1 score of 78.65%, surpassing the highest score recorded by an existing tool of 9.26%. Additionally, it attained a recall rate exceeding 90% for detection of contracts on Ethereum. Overall, SliSE provides a robust and efficient method for detection of Reentrancy vulnerabilities for complex contracts.

Software Engineering

Zhaoxuan Li,Siqi Lu,Rui Zhang,Rui Xue,Wenqiu Ma,Rujin Liang,Ziming Zhao,Sheng Gao

DOI: https://doi.org/10.1007/s10664-022-10218-2

IF: 3.762

2022-10-14

Empirical Software Engineering

Abstract:Recently, although state-of-the-art (SOTA) tools were designed and developed to analyze the vulnerabilities of smart contracts on Ethereum, security incidents caused by these vulnerabilities are still widespread. This can be attributed to the fact that each tool has various standards for judging the severity of vulnerabilities. More importantly, tools fail to identify all the vulnerabilities accurately and comprehensively as the evolution of vulnerabilities. To this end, we first propose a vulnerability assessment model to unify the vulnerability measurement standards. Next, we design a static analysis tool called SmartFast , which expresses the contract source code as a novel intermediate representation named SmartIR. Using preset rules and taint tracking technology, SmartFast matches SmartIR to locate the vulnerability code. Furthermore, SmartFast can recommend the optimization of the contract code automatically. Finally, we implement a prototype of SmartFast with 25K lines of code and compare it with 7 SOTA tools on three datasets (a total of 13,687 public contracts). The results indicate that SmartFast is efficient (only took a few seconds per contract) and robust (0.4% failure rate and resistance to the general code confusion methods). Besides, compared with other tools, SmartFast can detect more kinds of vulnerabilities (119) with a higher precision rate (98.43%) and a recall rate (85.12%), which confirms the conclusion of the theoretical analysis in the paper.

computer science, software engineering

Qing Huang,Dianshu Liao,Zhenchang Xing,Zhengkang Zuo,Changjing Wang,Xin Xia

DOI: https://doi.org/10.1145/3597206

IF: 3.685

2023-05-22

ACM Transactions on Software Engineering and Methodology

Abstract:Programmers who work with smart contract development often encounter challenges in reusing code from repositories. This is due to the presence of two unknowns that can lead to non-functional and functional failures. These unknowns are implicit collaborations between functions and subtle differences among similar functions. Current code mining methods can extract syntax and semantic knowledge (known knowledge), but they cannot uncover these unknowns due to a significant gap between the known and the unknown. To address this issue, we formulate knowledge acquisition as a knowledge deduction task and propose an analytic flow that uses function-clone as a bridge to gradually deduce the known knowledge into the problem-solving knowledge that can reveal the unknowns. This flow comprises five methods: clone detection, co-occurrence probability calculation, function usage frequency accumulation, description propagation, and CFG annotation. This provides a systematic and coherent approach to knowledge deduction. We then structure all the knowledge into a semantic-enriched code Knowledge Graph (KG) and integrate this KG into two software engineering tasks: code recommendation and crowd-scaled coding practice checking. As a proof of concept, we apply our approach to 5,140 smart contract files available on Etherscan.io, and confirm high accuracy of our KG construction steps. In our experiments, our code KG effectively improved code recommendation accuracy by 6% to 45%, increased diversity by 61% to 102%, and enhanced NDCG by 1% to 21%. Furthermore, compared to traditional analysis tools and the debugging-with-the-crowd method, our KG improved time efficiency by 30-380 seconds, vulnerability determination accuracy by 20%-33%, and vulnerability fixing accuracy by 24%-40% for novice developers who identified and fixed vulnerable smart contract functions.

computer science, software engineering

Yuexing Wang,Min Zhou,Yu Jiang,Xiaoyu Song,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/ase.2017.8115706

2017-01-01

Abstract:To reduce the false positives of static analysis, many tools collect path constraints and integrate SMT solvers to filter unreachable execution paths. However, the accumulated calling and computing of SMT solvers are time and resource consuming. This paper presents TsmartLW, an alternate static analysis tool in which we implement a path constraint solving engine to speed up reachability determination. Within the engine, typical types of constraint-patterns are firstly defined based on an empirical study of a large number of code repositories. For each pattern, a constraint solving algorithm is designed and implemented. For each program, the engine predicts the most suitable strategy and then applies the strategy to solve path constraints. The experimental results on some well-known benchmarks and real-world applications show that TsmartLW is faster than some state-of-the-art static analysis tools. For example, it is 1.32× faster than CPAchecker and our engine is 369× faster than SMT solvers in solving path constraints. The demo video is available at https://www.youtube.com/watch?v=5c3ARhFclHA&t=2s.

Ting Chen,Youzheng Feng,Zihao Li,Hao Zhou,Xiaopu Luo,Xiaoqi Li,Xiuzhuo Xiao,Jiachi Chen,Xiaosong Zhang

DOI: https://doi.org/10.1109/tetc.2020.2979019

2021-01-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Ethereum, the largest blockchain for running smart contracts, charges the people who send transactions to deploy or invoke smart contracts for thwarting resource abuse. The amount of transaction fee depends on the size of that contract and the operations executed by that contract. Consequently, smart contracts with inefficient code will waste money. In this article, we propose and develop the first tool, named GasChecker, for automatically identifying gas-inefficient code in smart contracts, and conduct the first empirical study on the prevalence of gas-inefficient code in the deployed smart contracts. More precisely, we first summarize ten gas-inefficient programming patterns and propose a new approach based on symbolic execution (SE) to detect them in the bytecode of smart contracts. To make our approach scalable to analyze millions of smart contracts, we parallelize SE by tailoring it to the MapReduce programming model, and propose a new feedback-based load balancing strategy to effectively utilize cloud resources. Extensive experiments show that GasChecker scales well with the increase of workers. The empirical study demonstrates that lots of real smart contracts contain various inefficient code. Manual investigation demonstrates that only 2.5 percent of discovered gas-inefficient instances are false positives.

João F. Ferreira,Pedro Cruz,Thomas Durieux,Rui Abreu

DOI: https://doi.org/10.48550/arXiv.2007.04771

2020-07-10

Abstract:Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not trivial to compare and reproduce that research. To address this, we present SmartBugs, an extensible and easy-to-use execution framework that simplifies the execution of analysis tools on smart contracts written in Solidity, the primary language used in Ethereum. SmartBugs is currently distributed with support for 10 tools and two datasets of Solidity contracts. The first dataset can be used to evaluate the precision of analysis tools, as it contains 143 annotated vulnerable contracts with 208 tagged vulnerabilities. The second dataset contains 47,518 unique contracts collected through Etherscan. We discuss how SmartBugs supported the largest experimental setup to date both in the number of tools and in execution time. Moreover, we show how it enables easy integration and comparison of analysis tools by presenting a new extension to the tool SmartCheck that improves substantially the detection of vulnerabilities related to the DASP10 categories Bad Randomness, Time Manipulation, and Access Control (identified vulnerabilities increased from 11% to 24%).

Software Engineering,Cryptography and Security

Satpal Singh Kushwaha,Heung-No Lee,Dilbag Singh,Manjit Kaur,Sandeep Joshi

DOI: https://doi.org/10.1109/ACCESS.2022.3169902

IF: 3.9

IEEE Access

Abstract:Blockchain technology and its applications are gaining popularity day by day. It is a ground-breaking technology that allows users to communicate without the need of a trusted middleman. A smart contract (self-executable code) is deployed on the blockchain and auto executes due to a triggering condition. In a no-trust contracting environment, smart contracts can establish trust among parties. Terms and conditions embedded in smart contracts will be imposed immediately when specified criteria have been fulfilled. Due to this, the malicious assailants have a special interest in smart contracts. Blockchains are immutable means if some transaction is deployed or recorded on the blockchain, it becomes unalterable. Thus, smart contracts must be analyzed to ensure zero security vulnerabilities or flaws before deploying the same on the blockchain because a single vulnerability can lead to the loss of millions. For analyzing the security vulnerabilities of smart contracts, various analysis tools have been developed to create safe and secure smart contracts. This paper presents a systematic review on Ethereum smart contracts analysis tools. Initially, these tools are categorized into static and dynamic analysis tools. Thereafter, different sources code analysis techniques are studied such as taint analysis, symbolic execution, and fuzzing techniques. In total, 86 security analysis tools developed for Ethereum blockchain smart contract are analyzed regardless of tool type and analysis approach. Finally, the paper highlights some challenges and future recommendations in the field of Ethereum smart contracts.

Computer Science

Zibin Zheng,Neng Zhang,Jianzhong Su,Zhijie Zhong,Mingxi Ye,Jiachi Chen

2023-03-24

Abstract:Smart contracts are programs deployed on a blockchain and are immutable once deployed. Reentrancy, one of the most important vulnerabilities in smart contracts, has caused millions of dollars in financial loss. Many reentrancy detection approaches have been proposed. It is necessary to investigate the performance of these approaches to provide useful guidelines for their application. In this work, we conduct a large-scale empirical study on the capability of five well-known or recent reentrancy detection tools such as Mythril and Sailfish. We collect 230,548 verified smart contracts from Etherscan and use detection tools to analyze 139,424 contracts after deduplication, which results in 21,212 contracts with reentrancy issues. Then, we manually examine the defective functions located by the tools in the contracts. From the examination results, we obtain 34 true positive contracts with reentrancy and 21,178 false positive contracts without reentrancy. We also analyze the causes of the true and false positives. Finally, we evaluate the tools based on the two kinds of contracts. The results show that more than 99.8% of the reentrant contracts detected by the tools are false positives with eight types of causes, and the tools can only detect the reentrancy issues caused by call.value(), 58.8% of which can be revealed by the Ethereum's official IDE, Remix. Furthermore, we collect real-world reentrancy attacks reported in the past two years and find that the tools fail to find any issues in the corresponding contracts. Based on the findings, existing works on reentrancy detection appear to have very limited capability, and researchers should turn the rudder to discover and detect new reentrancy patterns except those related to call.value().

Software Engineering

Meihua Xiao,Yangping Xu,Zehuan Li,Hongbin Wan

DOI: https://doi.org/10.3390/electronics13204093

IF: 2.9

2024-10-18

Electronics

Abstract:The development of smart contracts remains in its early stages, with significant differences in underlying programming languages and application platforms resulting in a lack of standardization. This lack of standardization increases the susceptibility to vulnerabilities and associated financial losses. To address security vulnerabilities in smart contracts on the Ethereum blockchain platform, this paper proposes a security audit method based on formal verification. The method integrates an input module, static analysis module, formal verification module, analog execution module, and report and recommendation module, which can accurately discover the security vulnerabilities and logical flaws of smart contracts through formal verification and other analysis techniques, thus realizing correctness detection. During the experiment, the method detects 8 types of common vulnerabilities in 148 smart contracts and marks 21 smart contracts with vulnerabilities. After manual review and analysis, it is found that 17 of these 21 marked smart contracts do have security vulnerabilities. The experimental results show that the proposed method can accurately detect security vulnerabilities and logic flaws in smart contracts through formal verification and other analysis techniques before smart contracts are deployed, thus significantly improving the security of smart contracts and reducing the economic losses that may be caused by code defects.

engineering, electrical & electronic,computer science, information systems,physics, applied