50,425 research outputs found
Towards Practical Graph-Based Verification for an Object-Oriented Concurrency Model
To harness the power of multi-core and distributed platforms, and to make the
development of concurrent software more accessible to software engineers,
different object-oriented concurrency models such as SCOOP have been proposed.
Despite the practical importance of analysing SCOOP programs, there are
currently no general verification approaches that operate directly on program
code without additional annotations. One reason for this is the multitude of
partially conflicting semantic formalisations for SCOOP (either in theory or
by-implementation). Here, we propose a simple graph transformation system (GTS)
based run-time semantics for SCOOP that grasps the most common features of all
known semantics of the language. This run-time model is implemented in the
state-of-the-art GTS tool GROOVE, which allows us to simulate, analyse, and
verify a subset of SCOOP programs with respect to deadlocks and other
behavioural properties. Besides proposing the first approach to verify SCOOP
programs by automatic translation to GTS, we also highlight our experiences of
applying GTS (and especially GROOVE) for specifying semantics in the form of a
run-time model, which should be transferable to GTS models for other concurrent
languages and libraries.Comment: In Proceedings GaM 2015, arXiv:1504.0244
Recommended from our members
Next generation software environments : principles, problems, and research directions
The past decade has seen a burgeoning of research and development in software environments. Conferences have been devoted to the topic of practical environments, journal papers produced, and commercial systems sold. Given all the activity, one might expect a great deal of consensus on issues, approaches, and techniques. This is not the case, however. Indeed, the term "environment" is still used in a variety of conflicting ways. Nevertheless substantial progress has been made and we are at least nearing consensus on many critical issues.The purpose of this paper is to characterize environments, describe several important principles that have emerged in the last decade or so, note current open problems, and describe some approaches to these problems, with particular emphasis on the activities of one large-scale research program, the Arcadia project. Consideration is also given to two related topics: empirical evaluation and technology transition. That is, how can environments and their constituents be evaluated, and how can new developments be moved effectively into the production sector
Recommended from our members
Prototyping a process-centered environment
This paper describes an experimental system developed and used as a vehicle for prototyping the Arcadia-1 software development environment. Prototyping is viewed as a knowledge acquisition process and is used to reduce risks in software development by gaining rapid feedback about the suitability of a production system before the system is completed. Prototyping a software development environment is particularly important due to the lack of experience with them. There is an acute need to acquire knowledge about user interaction requirements for software environments. These needs are especially important for the Arcadia project, as it is one of the first attempts to construct a process-centered environment. Our prototyping effort addresses questions about effective interaction with a process-centered environment by simulating how Arcadia-1 would interact with users in a representative range of usage scenarios. We built a prototyping system, called PRODUCER, and used it to generate a variety of prototypes simulating user interactions with Arcadia-1 process programs.Experience with PRODUCER indicates that our approach is effective at risk reduction. The prototypes greatly improved communication with our customer. They confirmed some of our design decisions but also redirected our research efforts as a result of unexpected insight. We also found that prototyping usage scenarios provides conceptual guides and design information for process programmers. Most of the benefits of our prototyping effort derive from developing and interacting with usage scenarios, so our approach is generalizable to other prototyping systems. This paper reports on our prototyping approach and our experience in prototyping a process-centered environment
Towards Vulnerability Discovery Using Staged Program Analysis
Eliminating vulnerabilities from low-level code is vital for securing
software. Static analysis is a promising approach for discovering
vulnerabilities since it can provide developers early feedback on the code they
write. But, it presents multiple challenges not the least of which is
understanding what makes a bug exploitable and conveying this information to
the developer. In this paper, we present the design and implementation of a
practical vulnerability assessment framework, called Melange. Melange performs
data and control flow analysis to diagnose potential security bugs, and outputs
well-formatted bug reports that help developers understand and fix security
bugs. Based on the intuition that real-world vulnerabilities manifest
themselves across multiple parts of a program, Melange performs both local and
global analyses. To scale up to large programs, global analysis is
demand-driven. Our prototype detects multiple vulnerability classes in C and
C++ code including type confusion, and garbage memory reads. We have evaluated
Melange extensively. Our case studies show that Melange scales up to large
codebases such as Chromium, is easy-to-use, and most importantly, capable of
discovering vulnerabilities in real-world code. Our findings indicate that
static analysis is a viable reinforcement to the software testing tool set.Comment: A revised version to appear in the proceedings of the 13th conference
on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA),
July 201
Monitoring-Oriented Programming: A Tool-Supported Methodology for Higher Quality Object-Oriented Software
This paper presents a tool-supported methodological paradigm for object-oriented software development, called monitoring-oriented programming and abbreviated MOP, in which runtime monitoring is a basic software design principle. The general idea underlying MOP is that software developers insert specifications in their code via annotations. Actual monitoring code is automatically synthesized from these annotations before compilation and integrated at appropriate places in the program, according to user-defined configuration attributes. This way, the specification is checked at runtime against the implementation. Moreover, violations and/or validations of specifications can trigger user-defined code at any points in the program, in particular recovery code, outputting or sending messages, or raising exceptions.
The MOP paradigm does not promote or enforce any specific formalism to specify requirements: it allows the users to plug-in their favorite or domain-specific specification formalisms via logic plug-in modules. There are two major technical challenges that MOP supporting tools unavoidably face: monitor synthesis and monitor integration. The former is heavily dependent on the specification formalism and comes as part of the corresponding logic plug-in, while the latter is uniform for all specification formalisms and depends only on the target programming language. An experimental prototype tool, called Java-MOP, is also discussed, which currently supports most but not all of the desired MOP features. MOP aims at reducing the gap between formal specification and implementation, by integrating the two and allowing them together to form a system
A heuristic-based approach to code-smell detection
Encapsulation and data hiding are central tenets of the object oriented paradigm. Deciding what data and behaviour to form into a class and where to draw the line between its public and private details can make the difference between a class that is an understandable, flexible and reusable abstraction and one which is not. This decision is a difficult one and may easily result in poor encapsulation which can then have serious implications for a number of system qualities. It is often hard to identify such encapsulation problems within large software systems until they cause a maintenance problem (which is usually too late) and attempting to perform such analysis manually can also be tedious and error prone. Two of the common encapsulation problems that can arise as a consequence of this decomposition process are data classes and god classes. Typically, these two problems occur together – data classes are lacking in functionality that has typically been sucked into an over-complicated and domineering god class. This paper describes the architecture of a tool which automatically detects data and god classes that has been developed as a plug-in for the Eclipse IDE. The technique has been evaluated in a controlled study on two large open source systems which compare the tool results to similar work by Marinescu, who employs a metrics-based approach to detecting such features. The study provides some valuable insights into the strengths and weaknesses of the two approache
Preventing Atomicity Violations with Contracts
Software developers are expected to protect concurrent accesses to shared
regions of memory with some mutual exclusion primitive that ensures atomicity
properties to a sequence of program statements. This approach prevents data
races but may fail to provide all necessary correctness properties.The
composition of correlated atomic operations without further synchronization may
cause atomicity violations. Atomic violations may be avoided by grouping the
correlated atomic regions in a single larger atomic scope. Concurrent programs
are particularly prone to atomicity violations when they use services provided
by third party packages or modules, since the programmer may fail to identify
which services are correlated. In this paper we propose to use contracts for
concurrency, where the developer of a module writes a set of contract terms
that specify which methods are correlated and must be executed in the same
atomic scope. These contracts are then used to verify the correctness of the
main program with respect to the usage of the module(s). If a contract is well
defined and complete, and the main program respects it, then the program is
safe from atomicity violations with respect to that module. We also propose a
static analysis based methodology to verify contracts for concurrency that we
applied to some real-world software packages. The bug we found in Tomcat 6.0
was immediately acknowledged and corrected by its development team
A document-like software visualization method for effective cognition of c-based software systems
It is clear that maintenance is a crucial and very costly process in a software life cycle. Nowadays there are a lot of software systems particularly legacy systems that are always maintained from time to time as new requirements arise. One important source to understand a software system before it is being maintained is through the documentation, particularly system documentation. Unfortunately, not all software systems developed or maintained are accompanied with their reliable and updated documents. In this case, source codes will be the only reliable source for programmers. A number of studies have been carried out in order to assist cognition based on source codes. One way is through tool automation via reverse engineering technique in which source codes will be parsed and the information extracted will be visualized using certain visualization methods. Most software visualization methods use graph as the main element to represent extracted software artifacts. Nevertheless, current methods tend to produce more complicated graphs and do not grant an explicit, document-like re-documentation environment. Hence, this thesis proposes a document-like software visualization method called DocLike Modularized Graph (DMG). The method is realized in a prototype tool named DocLike Viewer that targets on C-based software systems. The main contribution of the DMG method is to provide an explicit structural re-document mechanism in the software visualization tool. Besides, the DMG method provides more level of information abstractions via less complex graph that include inter-module dependencies, inter-program dependencies, procedural abstraction and also parameter passing. The DMG method was empirically evaluated based on the Goal/Question/Metric (GQM) paradigm and the findings depict that the method can improve productivity and quality in the aspect of cognition or program comprehension. A usability study was also conducted and DocLike Viewer had the most positive responses from the software practitioners
- …