Amortised resource analysis for object-oriented programs

As software systems rise in size and complexity, the need for verifying some of their properties increases. One important property to be verified is the resource usage, i.e. how many resources the program will need for its execution, where resources include execution time, memory, power, etc. Resource usage analysis is important in many areas, in particular embedded systems and cloud computing. Thus, resource analysis has been widely researched and some different approaches to this have been proposed based in particular on recurrence solving, abstract interpretation and amortised analysis. In the amortised analysis technique, a nonnegative number, called potential, is assigned to a data structure. The amortised cost of operations is then defined by its actual cost plus the difference in potential of the data structure before and after performing the operation. Amortised analysis has been used for automatic resource analysis of functional and object-oriented programs. The potentials are defined using refined types and typing rules then ensure that potential and actual resource usage is accounted for correctly. The automatic inference of the potential functions can then be achieved by type inference. In the case of functional programs, the structure of the types is known. Thus, type inference can be reduced to solving linear arithmetic constraints. For object-oriented programs, however, the refined types are more complicated because of the general nature of objects: they can be used to define any data structure. Thus, the type inference must discover not only the potential functions for the data structure but also the data structures themselves. Other features of object-oriented programs that complicate the analysis are aliasing and imperative update. Hofmann and Jost presented in 2006 a type system for amortised heap-space analysis of object-oriented programs, called Resource Aware JAva (RAJA). However, they left the problem of type inference open. In this thesis we present a type inference algorithm for the RAJA system. We were able to reduce the type inference problem to the novel problem of satisfiability of arithmetic constraints over infinite trees and we developed a heuristic algorithm for satisfiability of these constraints. We proved the soundness of the type inference algorithm and developed an OCaml implementation and experimental evaluation that shows that we can compute linear upper-bounds to the heap-space requirements of many programs, including sorting algorithms for lists such as insertion sort and merge sort and also programs that contain different interacting objects that describe real-life scenarios like a bank account. Another contribution of this thesis is a type checking algorithm for the RAJA system that is useful for verifying the types discovered by the type inference by using the \emph{proof carrying code} technology

Secure Coding in Five Steps

Software vulnerabilities have become a severe cybersecurity issue. There are numerous resources of industry best practices available, but it is still challenging to effectively teach secure coding practices. The resources are not designed for classroom usage because the amount of information is overwhelming for students. There are efforts in academia to introduce secure coding components into computer science curriculum, but a big gap between industry best practices and workforce skills still exists. Unlike many existing efforts, we focus on both the big picture of secure coding and hands-on projects. To achieve these two goals, we present five learning steps that we have been revising over the last four years. Our evaluation shows that the approach reduces complexity and encourages students to use secure coding practice in their future projects

A semantically-enriched quality governance framework in the system of systems context applied to cancer care

Organisations are becoming more complex with diverse businesses, and therefore accomplishing their business objectives entails the need to develop System of Systems (SoS) with new capabilities based on existing monolithic systems of different domains. Regardless of the business objectives of these organisations, they can only be achieved if the right level of quality is ensured across the SoS arrangement. In order to deliver new SoS capabilities, interoperability between the SoS’s Constituent Systems (CSs) is required. Semantic inconsistencies at different levels of SoS’s constituent systems causes various challenges which can degrade the level of quality governance among the SoS arrangement. These inconsistencies mainly are due to the domain process’ heterogeneities, multiple standards followed, policies and varying levels of quality requirements of the CSs, and hence the level of interoperability affecting the anticipated quality.To respond to the above challenges, this research is aimed at investigating the effectiveness of semantically-enriched quality governance in relation to policies, processes, standards and quality requirements of the constituent systems in a SoS arrangement. For this purpose, a semantically enriched framework for the quality governance of SoS, i.e. OntoSoS.QM.Gov (Ontology-based System of Systems Quality Management Governance) has been developed and evaluated incrementally using an adaptation of the Design Science Research Methodology (DSRM). A sufficient and representative case study has been utilised in the DSRM process increments from the SoS cancer care domain, in particular, the Cell Therapy and Applied Genomics (CTAG) at the King Hussein Cancer Centre (KHCC), Jordan. The OntoSoS.QM.Gov framework consists of four ontological models: (i) the SoS standards ontology model (OntoSoS.Stand), (ii) the SoS quality requirements ontology model (OntoSoS.QR), (iii) the SoS process ontology model (OntoSoS.Process), and (iv) the SoS policies ontology model (OntoSoS.Policy). They are linked together using a fit-for-purpose governance process in managing the semantics of the relevant quality governance areas.The outcomes of demonstrating the OntoSoS.QM.Gov framework using the CTAG case study and evaluating it with the cancer care domain experts revealed the following. First, semantic heterogeneities between CSs and SoS in relation to their policies, processes, quality requirements and standards have been resolved. Second, the fit- for- purpose quality governance process was observed to mostly determining and resolving conflicts with minimum human intervention. Third, the adequacy of the four ontological governance models in capturing the semantics of governance in relation to policies, processes, quality requirements and standards not only for CSs but also as stand-alone models that may further be utilised in different contexts or domains.Finally, this research has to identify further research areas to explore in relation to the governance of change management of constituent systems’ processes, policies, standards where their business processes change

Q-Andrew: a consolidated QOS management framework

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2008As redes IP convergentes são compostas por uma diversidade de tecnologias que suportam múltiplos tipos de serviços com diferentes características. Cada fabricante de equipamento activo de rede usa sistemas de manutenção proprietários, incompatíveis com equipamentos de outros fabricantes. Para um operador de telecomunicações a gestão da Qualidade de Serviço, numa rede composta por vários fabricantes, é uma tarefa complexa e dispendiosa. Algumas tarefas requerem configuração manual para garantir a compatibilidade entre configurações de equipamentos de fabricantes diferentes. Melhorar a resposta operacional e reduzir os custos de operação nestas circunstâncias é apenas possível com a consolidação da gestão de rede. Para responder a este desafio, propomos: Um conjunto de mecanismos geradores de configurações de Qualidade de Serviço, consistentes entre equipamentos de diversos fabricantes; A definição de um modelo abstracto de representação destas configurações, reutilizável em futuras aproximações de gestão consolidada de rede; Por fim, descrevemos uma aplicação de demonstração onde algumas das propostas apresentadas são concretizadas, tendo como objectivo futuro a sua utilização numa rede real de um operador de telecomunicações nacional, onde são utilizados equipamentos de diversos fabricantes.Converged IP networks consist of diverse technologies and support both legacy and emerging services. Different vendors use separate management systems to achieve similar goals. Manual provisioning today represents a large portion of the total effort required to manage a complex IP network. A consolidated Quality-of-Service policy is difficult to implement in heterogeneous networks. Creating and maintaining such policies is very demanding in terms of operations. For this reason, reducing operational costs while improving Quality-of-Service Management is only possible through a consolidated approach to network management. To leverage operations in converged IP networks, we propose the following: A mechanism to automatically generate consistent configurations across a network with equipment from different vendors; A framework definition such that network element configurations can be specified using a common model; Applying some of the methods proposed to an application that can be used in a real network with diverse technologies and equipment vendors

Impact of Scratch on the achievements of first-year computer science students in programming in some Nigerian polytechnics

To support the advancement of modern civilisation, our institutions of higher learning must produce the right pool of professionals, who can develop innovative software. However, the teaching and learning of the first programming language (CS1) remains a great challenge for most educators and novice computer students. Indicators such as failure and attrition rates, and CS1 student engagement, continue to show that conventional pedagogy does not adequately meet the needs of some beginning CS students. For its ease in introducing novices to programming, Scratch—a visual programming environment following the constructionism philosophy of Seymour Papert—is now employed even in some higher education CS1 classes with mixed evidence of its impact. Scratch captures the constructionist agenda by its slogan: “Imagine, Program, Share.” Therefore, this study explored the impart of using a constructionist Scratch programming pedagogy on higher education CS1 students’ achievements. This study also sought to compare the impacts of the two CS1 modes: the conventional class - involving textual programming language, lectures and labs, and the constructionist Scratch inquiry-based programming class. It further aims to discover if gender, academic level, age, prior programming, and visual artistic abilities moderate the effects of programming pedagogy on students’ achievements. To realize the study’s aims, the study employed a quasi-experimental pretest-posttest nonequivalent groups design, involving four intact CS1 classes of polytechnic students (N = 418) in north-central Nigeria. The investigation was conducted in phases: a pilot (n = 236) and main (n=182) studies lasting two academic sessions, with each study comprising one experimental and one control group. In each session, learning in both modes lasted for six weeks. In both studies, purposive sampling was employed to select institutions, and selected institutions were randomly assigned to treatment groups. Instruments employed included CS1 Student Profile Questionnaire (CSPROQ) and Introductory Programming Achievement Test (IPAT). To strengthen the research design, I employed Coarsened Exact Matching (CEM) algorithm—after conducting a priori power analysis—to generate matched random samples of cases from both studies. Thus, research data employed in the analysis include: from the pilot, 41 cases in each treatment group; from the main study, 42 cases in each treatment group. Descriptive and inferential statistics were employed to find answers to research questions and test the research hypothesis. Data from both studies satisfied the requirements for statistical tests employed, i.e., t-test and ANCOVA. The alpha level used in testing hypotheses was p = 0.05. The dependent variable is the IPAT post-test score, while the independent variables are treatment, gender, age, academic achievement level, prior programming, and prior visual art. The covariate was the IPAT pretest score. Statistical analyses were conducted using SPSS version 23. The t-test results from both pilot and main studies indicated that, both programming pedagogies had significant effects on student IPAT scores, although the effect of the constructionist Scratch intervention was higher. Results from the one-way ANCOVA analysis of both pilot and main study data—while controlling for students’ IPAT pretest scores—yielded the same outcome: There was significant main effect of treatment on students’ IPAT posttest scores, although the impact was moderate. Controlling for pre test scores, analysis of the main studies data yielded no significant main effects of: gender, age, academic level, prior programming and prior visual artistic ability. The result from the main study also reveals no interaction effect of treatment, gender, academic level, age, prior programming, and prior artistic ability. While the quality of CS1 students’ performance in each session varies as their IPAT achievements show, yet the results of this research revealed a consistent pattern: Students in the constructionist Scratch class outperformed those in the conventional class, although the impart was moderate. This finding implies college students without prior programming experience can perform better in a class following a constructionist Scratch programming pedagogy. The study recommends the use of Scratch, following a constructionist pedagogy with first-year students in colleges, especially those without prior background in programmingSchool of ComputingPh. D. (Computing Education

To Heck With Ethics: Thinking About Public Issues With a Framework for CS Students

This paper proposes that the ethics class in the CS curriculum incorporate the Lawrence Lessig model of regulation as an analytical tool for social issues. Lessig’s use of the notion of architecture, the rules and boundaries of the sometimes artificial world within which social issues play out, is particularly resonant with computing professionals. The CS curriculum guidelines include only ethical frameworks as the tool for our students to engage with societal issues. The regulation framework shows how the market, law, social norms, and architecture can all be applied toward understanding social issues

Categorization of Security Design Patterns

Strategies for software development often slight security-related considerations, due to the difficulty of developing realizable requirements, identifying and applying appropriate techniques, and teaching secure design. This work describes a three-part strategy for addressing these concerns. Part 1 provides detailed questions, derived from a two-level characterization of system security based on work by Chung et. al., to elicit precise requirements. Part 2 uses a novel framework for relating this characterization to previously published strategies, or patterns, for secure software development. Included case studies suggest the framework\u27s effectiveness, involving the application of three patterns for secure design (Limited View, Role-Based Access Control, Secure State Machine) to a production system for document management. Part 3 presents teaching modules to introduce patterns into lower-division computer science courses. Five modules, integer over ow, input validation, HTTPS, les access, and SQL injection, are proposed for conveying an aware of security patterns and their value in software development

Retention in Introductory Programming

The introductory programming course is one of the very first courses that computer science students encounter. The course is challenging not only because of the content, but also due to the challenges related to finding a place in a new community. Many have little knowledge of what to expect from university studies, some struggle to adjust their study behavior to match the expected pace, and a few simply cannot attend instruction due to e.g. family or work constraints. As a consequence, a considerable number of students end up failing the course, or pass the course with substandard knowledge. This leads to students failing to proceed in their studies at a desirable pace, to students who struggle with the subsequent courses, and to students who completely drop out from their studies. This thesis explores the issue of retention in introductory programming courses through multiple viewpoints. We first analyze how the teaching approaches reported in literature affect introductory programming course pass rates. Then, changes on the retention at the University of Helsinki are studied using two separate approaches. The first approach is the use of a contemporary variant of Cognitive Apprenticeship called the Extreme Apprenticeship method, and the second approach is the use of a massive open online course (MOOC) in programming for recruiting students before they enter their university studies. Furthermore, data from an automatic assessment system implemented for the purposes of this thesis is studied to determine how novices write their first lines of code, and what factors contribute to the feeling of difficulty in learning programming. On average, the teaching approaches described in the literature improve the course pass rates by one third. However, the literature tends to neglect the effect of intervention on the subsequent courses. In both studies at the University of Helsinki, retention improved considerably, and the students on average also fare better in subsequent courses. Finally, the data that has been gathered with the automatic assessment system provides an excellent starting point for future research.Ohjelmointi on nykyajan käsityöläistaito, jolle on akuutti tarve työelämässä. Tämän taidon opettelua harkitseva tietää harvoin, kuinka riippuvainen yhteiskuntamme on ohjelmoinnin tuotoksista eli ohjelmistoista. Ilman ohjelmointia esimerkiksi yhteydenpito, kaupankäynti, matkustaminen ja terveydenhuolto olisivat heikommalla tasolla. Puhelimet eivät toimisi, internettiä ei olisi, eikä lääketeollisuus pystyisi käsittelemään yhtä suuria datamassoja uusia parannuskeinoja etsiessä. Kukaan ei olisi kirjoittanut ohjelmaa, joka auttoi avaruuteen pääsemisessä. Väitöskirjassa tarkastellaan ohjelmoinnin opetusmenetelmiä ja niiden toimivuutta korkeakouluissa sekä esitellään kognitiiviseen oppipoikamalliin (Cognitive Apprenticeship) perustuva “ajatuskäsityöläisten” opetusmenetelmä tehostettu kisällioppiminen (Extreme Apprenticeship). Tehostetussa kisällioppimisessa oppimista edesauttava yksilöllinen ohjaus on mahdollista skaalata satoja opiskelijoita sisältäville kursseille. Väitöskirjatyössä ehdotetaan lisäksi kaikille avoimen verkkokurssin (MOOC) käyttöä yliopisto-opiskelijoiden valintaan sekä tarkastellaan tällaisen valintaväylän toimivuutta tietojenkäsittelytieteen alalla. Väitöskirja käsittelee myös ohjelmointitehtävien automaattista arviointia ja esittelee tähän tarkoitetun Test My Code -järjestelmän, jota voidaan käyttää askeleittaisten ohjeiden ja palautteen antamiseen aloitteleville ohjelmoijille sekä tiedon keräämiseen ohjelmointiprosessissa esiintyvistä ongelmista. Tällaista tietoa voidaan tutkia oppimisanalytiikan menetelmin. Väitöskirjassa tarkastellaan myös aloittelevien ohjelmoijien ensimmäisten ohjelmien kirjoittamisessa esiintyviä ongelmia sekä esitellään ohjelmointitehtävien vaikeuden ennustamiseen sopivia menetelmiä

Understanding conceptual transfer in students learning a new programming language

There is a large literature from at least as early as 1985 on the difficulties encountered in learning programming languages, and in particular additional programming languages. This thesis concentrates on how students transfer their knowledge from their first programming language to their second. The central idea is to adapt and use theories from linguistics of how people learn second natural languages to illuminate the problems of learning second programming languages. The major claim of this thesis is that: Semantic transfer based on syntax similarities plays a role in relative novices’ conceptual transfer between programming languages; the implementation of deliberate semantic transfer interventions during relative novices’ second language learning can lead to improved conceptual transfer and understanding in learning a second programming language. This thesis uses mixed methods to investigate how students transition from procedural Python to object-oriented (OO) Java. It includes a sequence of nine research studies building on each other. First, an exploratory qualitative study is carried out on how semantic transfer in natural language applies to programming language transfer; secondly, a Model of Programming Language Transfer (MPLT) is developed based on the first study’s findings; thirdly, four quantitative studies are carried out to validate the model; fourthly, a study that collects school teachers’ views and experiences on second language learning is carried out; fifthly, a study is conducted to explore transfer interventions with students; and the last study builds and investigates a pedagogy for transfer deriving from the MPLT. The findings support the thesis claim that semantic transfer based on syntax similarities plays a role in relative novices’ conceptual transfer between programming languages. The transfer can be positive when the first programming language (PL1) and the second programming language (PL2) share similar syntax and semantics, negative when PL1 and PL2 share similar syntax but have different semantics, and there is little or no transfer when PL1 and PL2 have different syntax but share similar semantics. The results also reveal that transfer teaching interventions based on the MPLT could improve conceptual transfer and understanding in students learning a second PL. The contribution of this thesis is two-fold: First, a validated model of programming language transfer that has three categories that reflect the types of potential transfer students encounter when learning a second programming language. The model provides a unified way to measure transfer in second language learning. Second, a validated unified pedagogical guideline for promoting transfer in programming languages derived from the MPLT. Researchers, educators and curriculum designers can use these instruments to advance research, teach, and design teaching materials. First, the researchers can use the instruments to further programming language transfer research by adopting them in other programming language contexts. Second, educators can use the instruments as a guideline for improving second and subsequent programming language teaching. Lastly, Computer Science (CS) curricular designers can draw on these instruments as guidance to design teaching material that promotes transfer as students transition to new programming languages. They can also use them for teacher professional development