38 research outputs found
Development of a static analysis tool to find securty vulnerabilities in java applications
Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2010Includes bibliographical references (leaves: 57-60)Text in English Abstract: Turkish and Englishix, 77 leavesThe scope of this thesis is to enhance a static analysis tool in order to find security limitations in java applications. This will contribute to the removal of some of the existing limitations related with the lack of java source codes. The generally used tools for a static analysis are FindBugs, Jlint, PMD, ESC/Java2, Checkstyle. In this study, it is aimed to utilize PMD static analysis tool which already has been developed to find defects Possible bugs (empty try/catch/finally/switch statements), Dead code (unused local variables, parameters and private methods), Suboptimal code (wasteful String/StringBuffer usage), Overcomplicated expressions (unnecessary if statements for loops that could be while loops), Duplicate code (copied/pasted code means copied/pasted bugs). On the other hand, faults possible unexpected exception, length may be less than zero, division by zero, stream not closed on all paths and should be a static inner class cases were not implemented by PMD static analysis tool. PMD performs syntactic checks and dataflow analysis on program source code.In addition to some detection of clearly erroneous code, many of the .bugs. PMD looks for are stylistic conventions whose violation might be suspicious under some circumstances. For example, having a try statement with an empty catch block might indicate that the caught error is incorrectly discarded. Because PMD includes many detectors for bugs that depend on programming style, PMD includes support for selecting which detectors or groups of detectors should be run. While PMD.s main structure was conserved, boundary overflow vulnerability rules have been implemented to PMD
Model-Driven Development of Interactive Multimedia Applications
The development of highly interactive multimedia applications is still a challenging and complex task. In addition to the application logic, multimedia applications typically provide a sophisticated user interface with integrated media objects. As a consequence, the development process involves different experts for software design, user interface design, and media design. There is still a lack of concepts for a systematic development which integrates these aspects.
This thesis provides a model-driven development approach addressing this problem. Therefore it introduces the Multimedia Modeling Language (MML), a visual modeling language supporting a design phase in multimedia application development. The language is oriented on well-established software engineering concepts, like UML 2, and integrates concepts from the areas of multimedia development and model-based user interface development.
MML allows the generation of code skeletons from the models. Thereby, the core idea is to generate code skeletons which can be directly processed in multimedia authoring tools. In this way, the strengths of both are combined: Authoring tools are used to perform the creative development tasks while models are used to design the overall application structure and to enable a well-coordinated development process. This is demonstrated using the professional authoring tool Adobe Flash.
MML is supported by modeling and code generation tools which have been used to validate the approach over several years in various student projects and teaching courses. Additional prototypes have been developed to demonstrate, e.g., the ability to generate code for different target platforms. Finally, it is discussed how models can contribute in general to a better integration of well-structured software development and creative visual design
Building a cognitive gaming platform : User centric gaming experiences with organic movement
The increasing focus on efficiency and optimizing the way people think and work has led to a new area of serious gaming â cognitive games. The rise of modern web rendering technologies has enabled the creation of visually interesting cognitive games on browser based technologies. The goal of this study was to assess the applicability of using modern browser technologies to create a user centric cognitive gaming platform and the use of mathematical formulas in organic rendering.
The approach discusses the current market situation and the products and methods of cognitive gaming as well as the technologies involved. The user centric approach is studied through user experience design as well as graphic design and animation aspects. The reference implementation is project CCA; a user centric cognitive gaming platform built on top of Adobe Flash that uses seemingly organic movement rendering.
The technical implementation is discussed from the platform client-server aspect as well as an overview of the structure of the front end architecture. The rendering engine methods go through the 2D âbased rendering of mathematical formulas, the use of continuous Bezier curves in organic movement and the creative ways of using Perlin noise to generate textures as well as movement. Optimization of complex rendering and platform building is an essential part of the process.
The results show the viability of using modern browser based technologies in the creation of a cognitive gaming platform. Through the use of optimization and creative mathematical solutions, as well as tending to user experience needs a successful product is built. The project platform is used in medical trials, as well as the Science Changing the World Exhibition shown in science centers around Europe. This study stands as a testament to the possibilities of cognitive end user training and a guide on the aspects of building a suc-cessful gaming platform.Tehokkuuden optimointi on johtanut muutoksiin ihmisten ajattelu- ja työtavoissa. Kognitiiviset pelit kehittyivÀt vakavan pelaamisen alalajiksi vastaamaan tehokkuuden asettamiin tarpeisiin. Samaan aikaan nykyaikaiset selainteknologiat ja renderöintitekniikat ovat kehittyneet sille tasolle, ettÀ niillÀ voidaan luoda visuaalisesti nÀyttÀviÀ kognitiivisia pelejÀ. OpinnÀytetyön kohteena oli arvioida nykyaikaisten selainteknologioiden sopivuutta kÀyttÀjÀkeskeisen kognitiopelialustan luomiseen ja matemaattisten kaavojen kÀyttöÀ luonnollisen liikkeen ja muodon renderöinnissÀ.
Tutkimuksen lÀhtökohtana oli nykyinen markkinatilanne kognitiopelaamisen alueella sekÀ siihen liittyvÀt tuotteet ja teknologiat. KÀyttÀjÀkeskeistÀ lÀhestymistapaa tutkittiin kÀyttökokemussuunnittelun sekÀ graafisen suunnittelun ja animaatioiden kautta. Referenssitoteutuksena kehitettiin projekti CCA, kÀyttÀjÀkeskeinen kognitiivisen pelaamisen alusta, joka pohjautuu Adobe Flash-teknologiaan. CCA:n renderöintiteknologia perustuu luonnollisen liikkeen optimointiin.
Pelialustan tekninen toteutus on modulaarinen palvelinintegroitu ratkaisu, jonka tarkoituksena on olla mahdollisimman muokattava taustajÀrjestelmÀn kautta. Renderöinti perustuu matemaattisten kaavojen 2-ulotteiseen ilmaisuun, jatkuvien Bezier-kÀyrien sekÀ erilaisten Perlin-kohinoiden luoviin kÀyttötapauksiin. Optimointi on elintÀrkeÀ osa monimutkaisen renderöintialustan rakentamisessa.
OpinnÀytetyön tulosten mukaan nykyaikaisilla selainteknologioilla voidaan rakentaa onnistunut kognitiivinen pelialusta. Optimoinnin ja luovien matemaattisten ratkaisujen sekÀ kÀyttÀjÀlÀhtöisen suunnittelun ja toteutuksen avulla luodaan onnistunut tuote. Projektin tuote on kÀytössÀ kliinisissÀ kokeissa Suomessa ja Virossa, ja siitÀ eriytetty moninpeliversio kiertÀÀ tiedekeskuksissa ympÀri Eurooppaa. OpinnÀytetyön lopputulos on esimerkki kÀyttÀjÀkeskeisten kognitiopelien mahdollisuuksista ja toimii ohjeena selainpohjaisen pelialustan kehittÀmiselle
On the Fault-Proneness of Javascript Code Smells
RĂSUMĂ
JavaScript est un langage de script qui a gagnĂ© beaucoup en popularitĂ© cette derniĂšre dĂ©cennie. Initialement utilisĂ© exclusivement pour le dĂ©veloppementWeb cĂŽtĂ© client, il a Ă©voluĂ© pour devenir lâun des langages de programmation les plus populaires. Les dĂ©veloppeurs lâutilisent aujourdâhui aussi bien pour le dĂ©veloppement Web cĂŽtĂ© client que cĂŽtĂ© serveur. Comme pour les applications Ă©crites dans dâautres langages de programmation, le code JavaScript peut
contenir des mauvaises odeurs, qui sont des mauvais choix de conception ou dâimplĂ©mentation pouvant affecter nĂ©gativement la maintenabilitĂ© et la qualitĂ© des applications.
Dans ce mĂ©moire, nous Ă©tudions les mauvaises odeurs de code dans les applications serveurs JavaScript dans le but de comprendre lâimpact des mauvaises odeurs de code sur la fiabilitĂ© des applications JavaScript. GrĂące Ă des modĂšles dâanalyse de survie, nous examinons le risque dâoccurrence de fautes dans les fichiers contenant des mauvaises odeurs de code et les fichiers ne contenant pas de mauvaise odeur de code. Au total, nous avons analysĂ© 12 mauvaises odeurs de code contenues dans 537 versions de cinq bibliothĂšques JavaScript parmi les plus populaires : express, grunt, bower, less.js et request. Les rĂ©sultats obtenus montrent
quâen moyenne, le risque dâoccurrence de fautes dans les fichiers sans mauvaise odeur de code est 65% infĂ©rieur Ă celui des fichiers contenants des mauvaises odeurs de code. Parmi les mauvaises odeurs Ă©tudiĂ©es âVariable Reassignâ et âAssignment in conditional statementsâ sont celles qui prĂ©sentent le plus grand risque dâoccurrence de fautes.
Afin de comprendre la perception des dĂ©veloppeurs vis-Ă -vis des 12 mauvaises odeurs de code Ă©tudiĂ©s, nous avons effectuĂ© un sondage auprĂšs de 1484 dĂ©veloppeurs JavaScript. Les rĂ©sultats montrent que les dĂ©veloppeurs considĂšrent les mauvaises odeurs de code âNested Callbacks,â âVariable Re-assignâ et âLong Parameter Listâ comme Ă©tant de sĂ©rieux problĂšmes de conception qui entravent la maintenabilitĂ© et la fiabilitĂ© des applications JavaScript. Une Ă©valuation qui corrobore les rĂ©sultats de notre analyse quantitative.
Globalement, les mauvaises odeurs de code augmentent le risque dâoccurrence de fautes dans les applications JavaScript. Nous recommandons aux dĂ©veloppeurs de les corriger tĂŽt avant la mise en marchĂ© de leurs applications.
----------ABSTRACT
JavaScript is a scripting programming language that has gained a lot of popularity this past decade. Initially used exclusively for client-side web development, it has evolved to become one of the most popular programming languages, with developers now using it for both client-side and server-side application development. Similar to pplications written in other programming languages, JavaScript applications contain code smells, which are poor design
choices and implementation that can negatively impact maintainability and quality.
In this thesis, we investigate code smells in JavaScript applications with the aim to understand how they affect the fault-proneness of software. We detect 12 types of code smells in 537 releases of five popular JavaScript libraries (i.e., express, grunt, bower, less.js, and request) and perform a survival analysis, comparing the time until the occurrence a fault, in files containing code smells and files without code smells.
Results show that (1) on average, files without code smells have hazard rates 65% lower than files with code smells, and (2) Among the studied smells, âVariable Re-assignâ and âAssignment In Conditional statementsâ code smells have the highest hazard rates. Additionally, we conduct a survey with 1,484 JavaScript developers to understand the perception of developers towards our studied code smells. We found that developers consider âNested Callbacks,â
âVariable Re-assign,â and âLong Parameter Listâ code smells to be serious design problems that hinder the intainability and reliability of applications ; assessment in line with the findings of our quantitative analysis.
Overall, code smells affect negatively the fault-proneness of JavaScript applications. Therefore, developers should consider tracking and removing them early on before the release of software to the public
Python Programmers Have GPUs Too: Automatic Python Loop Parallelization with Staged Dependence Analysis
Python is a popular language for end-user software development in many application domains. End-users want to harness parallel compute resources effectively, by exploiting commodity manycore technology including GPUs. However, existing approaches to parallelism in Python are esoteric, and generally seem too complex for the typical end-user developer. We argue that implicit, or automatic, parallelization is the best way to deliver the benefits of manycore to end-users, since it avoids domain-specific languages, specialist libraries, complex annotations or restrictive language subsets. Auto-parallelization fits the Python philosophy, provides effective performance, and is convenient for non-expert developers.
Despite being a dynamic language, we show that Python is a suitable target for auto-parallelization. In an empirical study of 3000+ open-source Python notebooks, we demonstrate that typical loop behaviour âin the wildâ is amenable to auto-parallelization. We show that staging the dependence analysis is an effective way to maximize performance. We apply classical dependence analysis techniques, then leverage the Python runtimeâs rich introspection capabilities to resolve additional loop bounds and variable types in a just-in-time manner. The parallel loop nest code is then converted to CUDA kernels for GPU execution. We achieve orders of magnitude speedup over baseline interpreted execution and some speedup (up to 50x, although not consistently) over CPU JIT-compiled execution, across 12 loop-intensive standard benchmarks
Python Programmers Have GPUs Too: Automatic Python Loop Parallelization with Staged Dependence Analysis
Python is a popular language for end-user software development in many application domains. End-users want to harness parallel compute resources effectively, by exploiting commodity manycore technology including GPUs. However, existing approaches to parallelism in Python are esoteric, and generally seem too complex for the typical end-user developer. We argue that implicit, or automatic, parallelization is the best way to deliver the benefits of manycore to end-users, since it avoids domain-specific languages, specialist libraries, complex annotations or restrictive language subsets. Auto-parallelization fits the Python philosophy, provides effective performance, and is convenient for non-expert developers.
Despite being a dynamic language, we show that Python is a suitable target for auto-parallelization. In an empirical study of 3000+ open-source Python notebooks, we demonstrate that typical loop behaviour âin the wildâ is amenable to auto-parallelization. We show that staging the dependence analysis is an effective way to maximize performance. We apply classical dependence analysis techniques, then leverage the Python runtimeâs rich introspection capabilities to resolve additional loop bounds and variable types in a just-in-time manner. The parallel loop nest code is then converted to CUDA kernels for GPU execution. We achieve orders of magnitude speedup over baseline interpreted execution and some speedup (up to 50x, although not consistently) over CPU JIT-compiled execution, across 12 loop-intensive standard benchmarks
Collaborative coding in the cloud : providing a paradigm shift to the way software development is achieved in environments of the future
University of Technology, Sydney. Faculty of Engineering and Information Technology.This research aims to address a number of challenges surrounding traditional software
development practices, including the need for team transparency, synergy between
project components and developers who are weighed down by desktop based
environments. A cloud computing model is discussed, including a hypothesis on the
required platform to solve many of these challenges. A number of previous research
agendas are raised; including extensions to the JEdit and Eclipse IDEs, purpose built
collaborative platforms, and an IDE that operates on a mobile device. Two cases studies
around Google Wave and Mozilla Bespin are raised, and how industry leaders are
addressing these challenges.
Through a qualitative survey, the needs of a developer and perceptions behind cloud
computing are raised with a discrete range of industry professionals. A proposed model is
provided, which aims at borrowing concepts traditionally found in social networking yet
applies them toward a software development context, and highlights a number of
recommendations for success. A research subset is then chosen to provide a technical
implementation of a Google Wave agent, aimed at assisting distributed teams with cross
communication and autonomous up-skill.
Finally, the research outcome answers the question of whether an IDE can be deployed
within cloud based architectures and be adopted by the software development
community. Given the infancy of the platform, the research outcome finds that immediate
deployment of the proposed platform cannot be realized, and that researchers are
dependent on platform maturity before successful deployment and adoption can be
achieved. The overall research provides a number of future research directions, including
reassessment of the philosophy proposed throughout this research, implementation of the
proposed framework, or improvements focused on the communication and collaboration
agent developed. The research fulfills a number of research areas required in the arenas
of communication and collaboration among the software engineering community
FROM A RESEARCH PROTOTYPE TO A DEPLOYED SYSTEM: THE CASE OF THE HECHT MUSEUM VISITOR\u27S GUIDE
Cultural heritage, Deployment, Mobile guides, Research prototype