Improving Quality of Software with Foreign Function Interfaces using Static Analysis

A Foreign Function Interface (FFI) is a mechanism that allows software written in one host programming language to directly use another foreign programming language by invoking function calls across language boundaries. Today\u27s software development often utilizes FFIs to reuse software components. Examples of such systems are the Java Development Kit (JDK), Android mobile OS, and Python packages in the Fedora LINUX operating systems. The use of FFIs, however, requires extreme care and can introduce undesired side effects that degrade software quality. In this thesis, we aim to improve several quality aspects of software composed of FFIs by applying static analysis. The thesis investigates several particular characteristics of FFIs and studies software bugs caused by the misuse of FFIs. We choose two FFIs, the Java Native Interface (JNI) and the Python/C interface, as the main subjects of this dissertation. To reduce software security vulnerabilities introduced by the JNI, we first propose definitions of new patterns of bugs caused by the improper exception handlings between Java and C. We then present the design and implement a bug finding system to uncover these bugs. To ensure software safety and reliability in multithreaded environment, we present a novel and efficient system that ensures atomicity in the JNI. Finally, to improve software performance and reliability, we design and develop a framework for finding errors in memory management in programs written with the Python/C interface. The framework is built by applying affine abstraction and affine analysis of reference-counts of Python objects. This dissertation offers a comprehensive study of FFIs and software composed of FFIs. The research findings make several contributions to the studies of static analysis and to the improvement of software quality

Feature Set Selection for Improved Classification of Static Analysis Alerts

With the extreme growth in third party cloud applications, increased exposure of applications to the internet, and the impact of successful breaches, improving the security of software being produced is imperative. Static analysis tools can alert to quality and security vulnerabilities of an application; however, they present developers and analysts with a high rate of false positives and unactionable alerts. This problem may lead to the loss of confidence in the scanning tools, possibly resulting in the tools not being used. The discontinued use of these tools may increase the likelihood of insecure software being released into production. Insecure software can be successfully attacked resulting in the compromise of one or several information security principles such as confidentiality, availability, and integrity. Feature selection methods have the potential to improve the classification of static analysis alerts and thereby reduce the false positive rates. Thus, the goal of this research effort was to improve the classification of static analysis alerts by proposing and testing a novel method leveraging feature selection. The proposed model was developed and subsequently tested on three open source PHP applications spanning several years. The results were compared to a classification model utilizing all features to gauge the classification improvement of the feature selection model. The model presented did result in the improved classification accuracy and reduction of the false positive rate on a reduced feature set. This work contributes a real-world static analysis dataset based upon three open source PHP applications. It also enhanced an existing data set generation framework to include additional predictive software features. However, the main contribution is a feature selection methodology that may be used to discover optimal feature sets that increase the classification accuracy of static analysis alerts

Improvement of object-oriented software systems by applying software quality standards.

Предмет истраживања докторске дисертације је могућност побољшања објектно-оријентисаних софтверских система коришћењем стандарда квалитета софтвера. У истраживању је дат преглед различитих стандарда квалитета софтвера из области софтверског инжењерства, софтверских метрика и алата за статичку анализу квалитета софтвера који се оперативно користе у процесу евалуације квалитета софтвера. У докторској дисертацији су идентификовани механизми побољшања објектно-оријентисаних софтверских система (општи принципи пројектовања софтвера, принципи објектно-оријентисаног пројектовања софтвера, стратегије пројектовања софтвера, патерни пројектовања софтвера и методе развоја софтвера) и успостављена је њихова веза са стандардима квалитета софтвера. У раду је развијена оригинална SilabQOSS (енг. Silab Quality Method for Object-oriented Software Systems) метода за побољшање објектно-оријентисаних софтверских система коришћењем стандарда квалитета софтвера. Предложена метода користи стандарде квалитета софтвера, софтверске метрике и алате за статичку анализу квалитета софтвера. Такође, метода користи претходно поменуте механизме за побољшање објектно-оријентисаних софтверских система. Посматрана метода је подржана софтверским алатом SilabMetrics који се може користити самостално или се интегрисати са NetBeans окружењем за развој софтвера. На основу извршене евалуације закључено је да се применом SilabQOSS методе и SilabMetrics алата за статичку анализу квалитета софтвера омогућава развој софтверских система који су стабилнији, једноставнији за развој, одржавање и даљу надоградњу.The research subject of the doctoral dissertation is the possibility of improvement of object-oriented software systems by applying software quality standards. The research provides an overview of different software engineering quality standards, software metrics, and tools for static analysis of software quality which are operatively used in the software quality evaluation process. The doctoral dissertation identifies different mechanisms for improving object-oriented software systems (i.e. general principles of software design, principles of object-oriented software design, software design strategies, design patterns, and software development methods) as well as their relation with the software quality standards. The doctoral dissertation introduces original SilabQOSS (Silab Quality Method for Object-oriented Software Systems) method for improving object-oriented software systems using software quality standards. The proposed method incorporates software quality standards, software metrics, and tools for static analysis of software quality. In addition, the method uses mechanisms for improving object-oriented software systems, as already mentioned. The method is supported by the SilabMetrics software tool that can be used independently or integrated with the NetBeans software development environment. The evaluation results confirm that the SilabQOSS method and the SilabMetrics software quality tool enable the development of software systems which are more stable, easier to develop, maintain, and upgrade

A Quality Model for Actionable Analytics in Rapid Software Development

Background: Accessing relevant data on the product, process, and usage perspectives of software as well as integrating and analyzing such data is crucial for getting reliable and timely actionable insights aimed at continuously managing software quality in Rapid Software Development (RSD). In this context, several software analytics tools have been developed in recent years. However, there is a lack of explainable software analytics that software practitioners trust. Aims: We aimed at creating a quality model (called Q-Rapids quality model) for actionable analytics in RSD, implementing it, and evaluating its understandability and relevance. Method: We performed workshops at four companies in order to determine relevant metrics as well as product and process factors. We also elicited how these metrics and factors are used and interpreted by practitioners when making decisions in RSD. We specified the Q-Rapids quality model by comparing and integrating the results of the four workshops. Then we implemented the Q-Rapids tool to support the usage of the Q-Rapids quality model as well as the gathering, integration, and analysis of the required data. Afterwards we installed the Q-Rapids tool in the four companies and performed semi-structured interviews with eight product owners to evaluate the understandability and relevance of the Q-Rapids quality model. Results: The participants of the evaluation perceived the metrics as well as the product and process factors of the Q-Rapids quality model as understandable. Also, they considered the Q-Rapids quality model relevant for identifying product and process deficiencies (e.g., blocking code situations). Conclusions: By means of heterogeneous data sources, the Q-Rapids quality model enables detecting problems that take more time to find manually and adds transparency among the perspectives of system, process, and usage.Comment: This is an Author's Accepted Manuscript of a paper to be published by IEEE in the 44th Euromicro Conference on Software Engineering and Advanced Applications (SEAA) 2018. The final authenticated version will be available onlin

Effects of physical exercise in older adults with reduced physical capacity: meta-analysis of resistance exercise and multimodal exercise

Older adults with reduced physical capacity are at greater risk of progression to care dependency. Progressive resistance strength exercise and multimodal exercise have been studied to restore reduced physical capacity. To summarize the best evidence of the two exercise regimes, this meta-analysis study appraised randomized-controlled trials from published systematic reviews. Medline, Embase, and the Cochrane Database of Systematic Review and Cochrane Central Register of Controlled Clinical Trials were searched for relevant systematic reviews. Two reviewers independently screened the relevant systematic reviews to identify eligible trials, assessed trial methodological quality, and extracted data. RevMan 5.3 software was used to analyze data on muscle strength, physical functioning, activities of daily living, and falls. Twenty-three eligible trials were identified from 22 systematic reviews. The mean age of the trial participants was 75 years or older. Almost all multimodal exercise trials included muscle strengthening exercise and balance exercise. Progressive resistance exercise is effective in improving muscle strength of the lower extremity and static standing balance. Multimodal exercise is effective in improving muscle strength of the lower extremity, dynamic standing balance, gait speed, and chair stand. In addition, multimodal exercise is effective in reducing falls. Neither type of exercise was effective in improving activities of daily living. For older adults with reduced physical capacity, multimodal exercise appears to have a broad effect on improving muscle strength, balance, and physical functioning of the lower extremity, and reducing falls relative to progressive resistance exercise alone