Software Validation "Confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled" - ISO/IEC 23643:2020Security std::vector vec = get_vec(); size_t index = get_index(); vec.at(index) = 42; }Runtime Performance Validation void must_be_fast() { using namespace std::chrono; auto start = high_resolution_clock::now(); validate_performance(start, end); } Detecting performance issues at runtimeStatic Performance Validation void must_be_fast() { /*...*/ can_slowly_read_huge_file(); } Static detection of performance

and UB results ● Validate inputs if run-time cost is acceptable ● Provide optional validation tools if the validation is expensiveUndefined Behavior 36 Using UB wisely ● Every program must document and UB results ● Validate inputs if run-time cost is acceptable ● Provide optional validation tools if the validation is expensive – Provide a separate program or option to verify that graph input is Detect invalid inputs unless it’s too difficult ● Provide optional input validation tools to your users ● Use optional input validation tools if you are a userUnrestricted | © Siemens 20XX | Author | Department

2024 1036.4 Validation • Schema Validation • It involves performing proper data validation before ingesting an XOffsetDatastructure buffer. • Typically, this is done using schema validation techniques access any memory outside the original buffer. • Other Data Validation Features Fanchen Su, XOffsetDatastructure, CppCon 2024 104 Data Validation7. Summary and Takeaways The summary and takeaways are presented

a portable low-level bytecode called WebAssembly. It offers compact representation, efficient validation and compilation, and safe low to no-overhead execution. Rather than committing to a specific programming a portable low-level bytecode called WebAssembly. It offers compact representation, efficient validation and compilation, and safe low to no-overhead execution. Rather than committing to a specific programming a portable low-level bytecode called WebAssembly. It offers compact representation, efficient validation and compilation, and safe low to no-overhead execution. Rather than committing to a specific programming

Security Beyond Memory Safety CppCon 2024 51 1. Raw value always accessible → possible to forget validation 2. How do I even know that I have to validate here?Max Hoffmann Security Beyond Memory Safety never accessible 2. Impossible to forget validation 3. It is clear whether some validation is still needed “Hm okay, but we already performed this validation, so… why the effort?”Max Hoffmann Security

sendData(rec, a_client); if(req.senderId_ != rec.id) std::cout << "Error ..." << std::endl; // Further validation of rec values ... }class MockClient : public CommWrapper { public: MOCK_METHOD1(send, Response(const in more rec values .... sendData(rec, a_client); ASSERT_EQ(req.senderId_, rec.id); // Further validation of rec values ... }// in processor.cpp Response sendData(const Data& data, comms_func comms) { Return(resp))); sendData(rec, std::ref(a_client)); ASSERT_EQ(req.senderId_, rec.id); // Further validation of rec values ... } Bloomberg 24// in processor.cpp Response sendData(const Data& data, comms_func

UI App [Medium IL] Service [High IL] Serialized Data Cloud AI OCR Processing File Input Validation Maliciously crafted file Loaded Resource Integrity Checking Privilege Escalation Safe Parsing dominant ● Remote Code Execution (RCE) ● Elevation of Privilege (EoP) ● Numeric Errors ● Input Validation ● Race Conditions ● Security Feature Bypasses36 35 43 45 64 30 36 35 31 60 78 110 81 133 150 Uninitialized Use Use After Free OtherTrends 2023-2024 Memory Safety Issues Numeric Errors Input Validation Misc Race Conditions Heap Corruption Heap Read Use After Free Arbitrary Memory Access Race

GPIO_InitStruct;⚫ Runtime bitmask calculations ⚫ Runtime branching ⚫ Function calls ⚫ Runtime input validation Inefficiencies in HAL 62Setup STM32 ANALOG ANALOG GPIO PWM 63Modules Timer Clock & Oscillator Eliminates: ⚫ Unused code ⚫ Comparisons ⚫ Jump instructionsResult ⚫ Compile time parameter validation ⚫ Compile time bitmask calculations ⚫ Compile time branching ⚫ Complex functions -> couple of

holistic approaches: 1. Rostislav Khlebnikov and John Lakos’ P2053: Defensive Checking Versus Input Validation. 2. Staffan Tjernstromand Derek Haines are considering adding flexibility to “who determines the open-std.org/jtc1/sc22/wg21/docs/papers/2019/p0323r9.html • P2053: Defensive Checking Versus Input Validation / RostislavKhlebnikov, John Lakos: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2020/p2053r1

semantic requirements (so why were they stated at all?), and so the concept is not reliable for input validation at construction. There will need to be some kind of workaround to use syntactic requirements as