Producing Scheduling that Causes Concurrent Programs to Fail

A noise maker is a tool that seeds a concurrent program with conditional synchronization primitives (such as yield()) for the purpose of increasing the likelihood that a bug manifest itself. This work explores the theory and practice of choosing where in the program to induce such thread switches at runtime. We introduce a novel fault model that classifies locations as .good., .neutral., or .bad,. based on the effect of a thread switch at the location. Using the model we explore the terms in which efficient search for real-life concurrent bugs can be carried out. We accordingly justify the use of probabilistic algorithms for this search and gain a deeper insight of the work done so far on noise-making. We validate our approach by experimenting with a set of programs taken from publicly available multi-threaded benchmark. Our empirical evidence demonstrates that real-life behavior is similar to what our model predicts

Detection of Java EE EJB Antipattern Instances using Framework-Specific Models

Adding flexibility to a process or technology often comes with a price. This holds true in the case of the amendments made to Java EE platform to upgrade to version 5. Java EE 5 allows Enterprise Java Bean (EJB) developers the ability to configure EJBs via Java 5 annotations, through XML deployment descriptors, or through a combination of both. While this adds flexibility to the EJB configuration process, it also comes with the price of an EJB project's stakeholder not being able to ascertain the current configuration of an EJB project until runtime, due to the multiple sources of configuration and the complex overriding rules. Furthermore, to detect errors in configuration or perform antipattern instance detection it is clearly beneficial to have a representation of an EJB project that accurately represents the current configuration of the system. This thesis first presents an EJB Framework Specific Modeling Language (FSML) that formalizes the EJB domain's specific components in the form of a cardinality-based feature model. By having such a model and using and extending the existing FSML infrastructure, one retrieves a Framework Specific Model (FSM) through reverse engineering that represents all the information from the various sources of EJB configuration. By analyzing this FSM, we can create another model that represents the resolved configuration of an EJB project. We employ model filtration to highlight specific sources of configuration. We then use open-source and custom EJB projects to evaluate the EJB FSML and the resolved model. Models admit antipattern instance detection. This thesis presents two methods for running antipattern instance detection on an EJB project using existing EJB antipatterns in literature: 1) queries in Java that execute against the resolved configuration model; and 2) queries written in .QL, an object-oriented query language, against the EJB project's source code. We compare these two techniques qualitatively and propose a new approach based on this comparison that entails modeling the antipatterns and their symptoms within an FSML model declaratively

Performance Problem Diagnostics by Systematic Experimentation

Diagnostics of performance problems requires deep expertise in performance engineering and entails a high manual effort. As a consequence, performance evaluations are postponed to the last minute of the development process. In this thesis, we introduce an automatic, experiment-based approach for performance problem diagnostics in enterprise software systems. With this approach, performance engineers can concentrate on their core competences instead of conducting repeating tasks

Security-Pattern Recognition and Validation

The increasing and diverse number of technologies that are connected to the Internet, such as distributed enterprise systems or small electronic devices like smartphones, brings the topic IT security to the foreground. We interact daily with these technologies and spend much trust on a well-established software development process. However, security vulnerabilities appear in software on all kinds of PC(-like) platforms, and more and more vulnerabilities are published, which compromise systems and their users. Thus, software has also to be modified due to changing requirements, bugs, and security flaws and software engineers must more and more face security issues during the software design; especially maintenance programmers must deal with such use cases after a software has been released. In the domain of software development, design patterns have been proposed as the best-known solutions for recurring problems in software design. Analogously, security patterns are best practices aiming at ensuring security. This thesis develops a deeper understanding of the nature of security patterns. It focuses on their validation and detection regarding the support of reviews and maintenance activities. The landscape of security patterns is diverse. Thus, published security patterns are collected and organized to identify software-related security patterns. The description of the selected software-security patterns is assessed, and they are compared against the common design patterns described by Gamma et al. to identify differences and issues that may influence the detection of security patterns. Based on these insights and a manual detection approach, we illustrate an automatic detection method for security patterns. The approach is implemented in a tool and evaluated in a case study with 25 real-world Android applications from Google Play