Cross-language program analysis for dynamic web applications

Web applications have become one of the most important and prevalent types of software. In modern web applications, the display of any web page is usually an interplay of multiple languages and involves code execution at different locations (the server side, the database side, and the client side). These characteristics make it hard to write and maintain web applications. Much of the existing research and tool support often deals with one single language and therefore is still limited in addressing those challenges. To fill in this gap, this dissertation is aimed at developing an infrastructure for cross-language program analysis for dynamic web applications to support creating reliable and robust web applications with higher quality and lower costs. To reach that goal, we have developed the following research components. First, to understand the client-side code that is embedded in the server-side code, we develop an output-oriented symbolic execution engine that approximates all possible outputs of a server-side program. Second, we use variability-aware parsing, a technique recently developed for parsing conditional code in software product lines, to parse those outputs into a compact tree representation (called VarDOM) that represents all possible DOM variants of a web application. Third, we leverage the VarDOM to extract semantic information from the server-side code. Specifically, we develop novel concepts, techniques, and tools (1) to build call graphs for embedded client code in different languages, (2) to compute cross-language program slices, and (3) to compute a novel test coverage criterion called output coverage that aids testers in creating effective test suites for detecting output-related bugs. The results have been demonstrated in a wide range of applications for web programs such as IDE services, fault localization, bug detection, and testing

Automated analysis for auto-generated build systems

Software build systems are crucial for software development as they translate the source code and resources into a deliverable. Prior work has identified that build systems account for 9% of software systems. However, their maintenance imposes a 36% overhead on software development. This overhead stems from the unique and hard to comprehend the nature of build systems. When executed, the build system is evaluated into a dependency-graph that captures how the system’s artifacts relate to each other. The graph generated depends on the selected build configurations. This graph is then traversed to perform the build. Prior work has emphasized the need for analysis support to tackle the challenges of evolving and maintaining build systems. In this thesis, we tackle three challenges associated with the maintenance and evolution of build systems. As the build system evolves, it’s not trivial to understand the impact of build code changes on its semantics. To tackle this, we propose a build code differencing technique to identify the semantic changes between two versions of a given build system. This would provide visibility on how the build system is evolving along with the software system. The second challenge we tackle is localizing faults within build systems. Build-time failures occur after the build code has been evaluated, and during the traversal of the dependency graph, it’s challenging to trace back the failure from the graph back to its root cause in the build system code. To this end, we propose a novel approach to localize faults in build code. For a given build failure, it returns a ranked list of statements in the build code that are suspected of causing the failure. This would aid in reducing the overhead of debugging and root causing build failures. The third challenge is to extract knowledge from build systems for analysis purposes. We propose an approach to extract the presence conditions of source code files from within the build system. This aims to support configuration aware analysis of configurable source code influenced by the build system. We then proceed to propose a foundation for developers to create analysis techniques to help them understand, maintain, and migrate their generator-based build system. We illustrate the use of the platform with two approaches: one to help developers better understand their build systems and another to detect build smells to improve the build code quality. To evaluate our work, we implement our proposed approaches against the widely used GNU build suite. Then, we use open-source projects to evaluate each of the approaches

Upgrade Decision Support Model (UDSM) for enterprise systems: drivers and processes

Enterprise Systems (ES) have matured over the years, offering continuous improvement to the underlying technology and functionality, hence, it is reasonable to anticipate that organisations would upgrade their systems to realise the benefits of these improvements. However, the range of benefits and risks involved within upgrade projects, motivates only few organisations to upgrade; indicating that upgrade decision-making is not trivial, and requires a comprehensive consideration of the impacts, efforts, and benefits. To date, research on ES upgrade recommends practical guidance for managing and supporting upgrade projects, with few studies focusing on upgrade decision-making, yet the upgrade decision process remains one of the areas in post-implementation that is least explored. This research investigates the interrelated aspects of ES upgrade phenomena to explore the drivers and decision processes. A qualitative survey design was adopted to explore ES upgrade decision-making process and through web-based questionnaires and semistructured interviews, qualitative data from 41 respondents representing 23 organisations was collected, coded, and analysed. Drawing from the Technology-OrganisationEnvironment (T-O-E) framework and process view of decision-making to theorise the findings, this research proposes an Upgrade Decision Support Model (UDSM) to represent ES upgrade decision-making process. The model comprises of two phases namely exploration and evaluation. The evaluation phase consists of two processes, which are objective assessment and strategy selection. In addition, objective assessment includes three sub-processes these are technical analysis, functional gap-fit analysis, and impact assessment. The study findings indicate that the decision to upgrade is an outcome of understanding the upgrade need, possible impacts, and benefits. Thus, asserting the importance of assessing the level of change, effort required and modifications to be reapplied prior to the upgrade decision. Additionally, the findings advocate that there is a relationship between upgrade drivers and the selection of an upgrade strategy, which guides the processes undertaken during the decision-making. This research contributes key insights on ES upgrade decisionmaking offering a thorough understanding of the drivers and processes. In addition, it presents decision makers with a methodical strategy for approaching upgrade decisions; hence, enables the identification of possible challenges and measures to overcome these issues