Solving the TTC 2011 Reengineering Case with GReTL

This paper discusses the GReTL reference solution of the TTC 2011 Reengineering case. Given a Java syntax graph, a simple state machine model has to be extracted. The submitted solution covers both the core task and the two extension tasks.Comment: In Proceedings TTC 2011, arXiv:1111.440

Saying Hello World with GReTL - A Solution to the TTC 2011 Instructive Case

This paper discusses the GReTL solution of the TTC 2011 Hello World case. The submitted solution covers all tasks including the optional ones.Comment: In Proceedings TTC 2011, arXiv:1111.440

Exploring (Meta-)Model Snapshots by Combining Visual and Textual Techniques

One central task in software development by means of graph-based techniques is to inspect and to query the underlying graph. Important issues are, for example, to detect general graph properties like connectivity, to explore more special features like the applicability of left-hand side rules in graph transformations, or to validate snapshots of evolving systems by checking properties in an on-the-fly way. We propose a new approach combining visual and textual techniques for exploring graphs. We emphasize a particular aspect of the underlying graph by showing or hiding nodes and edges. We offer three different ways to explore (meta-)model snapshots which may be combined: (1) selection by object identity and class membership, (2) selection by OCL expression, and (3) selection by path length. One main motivation for our work is to access large or complicated graphs in a systematic way. We evaluate our approach by different middle-sized scenarios. Our evaluation shows that the approach works for large graphs with about 1000 nodes and 2000 edges and for graphs which instantiate metamodels representing software engineering artifacts

Solving the TTC 2011 Compiler Optimization Case with GReTL

This paper discusses the GReTL solution of the TTC 2011 Compiler Optimization case. The submitted solution covers both the constant folding task and the instruction selection task. The verifier for checking the validity of the graph is also implemented, and some additional test graphs are provided as requested by the extension.Comment: In Proceedings TTC 2011, arXiv:1111.440

Man-machine partial program analysis for malware detection

With the meteoric rise in popularity of the Android platform, there is an urgent need to combat the accompanying proliferation of malware. Existing work addresses the area of consumer malware detection, but cannot detect novel, sophisticated, domain-specific malware that is targeted specifically at one aspect of an organization (eg. ground operations of the US Military). Adversaries can exploit domain knowledge to camoflauge malice within the legitimate behaviors of an app and behind a domain-specific trigger, rendering traditional approaches such as signature-matching, machine learning, and dynamic monitoring ineffective. Manual code inspections are also inadequate, scaling poorly and introducing human error. Yet, there is a dire need to detect this kind of malware before it causes catastrophic loss of life and property. This dissertation presents the Security Toolbox, our novel solution for this challenging new problem posed by DARPA\u27s Automated Program Analysis for Cybersecurity (APAC) program. We employ a human-in-the-loop approach to amplify the natural intelligence of our analysts. Our automation detects interesting program behaviors and exposes them in an analysis Dashboard, allowing the analyst to brainstorm flaw hypotheses and ask new questions, which in turn can be answered by our automated analysis primitives. The Security Toolbox is built on top of Atlas, a novel program analysis platform made by EnSoft. Atlas uses a graph-based mathematical abstraction of software to produce a unified property multigraph, exposes a powerful API for writing analyzers using graph traversals, and provides both automated and interactive capabilities to facilitate program comprehension. The Security Toolbox is also powered by FlowMiner, a novel solution to mine fine-grained, compact data flow summaries of Java libraries. FlowMiner allows the Security Toolbox to complete a scalable and accurate partial program analysis of an application without including all of the libraries that it uses (eg. Android). This dissertation presents the Security Toolbox, Atlas, and FlowMiner. We provide empirical evidence of the effectiveness of the Security Toolbox for detecting novel, sophisticated, domain-specific Android malware, demonstrating that our approach outperforms other cutting-edge research tools and state-of-the-art commercial programs in both time and accuracy metrics. We also evaluate the effectiveness of Atlas as a program analysis platform and FlowMiner as a library summary tool

Evolving Software Systems for Self-Adaptation

There is a strong synergy between the concepts of evolution and adaptation in software engineering: software adaptation refers to both the current software being adapted and to the evolution process that leads to the new adapted software. Evolution changes for the purpose of adaptation are usually made at development or compile time, and are meant to handle predictable situations in the form of software change requests. On the other hand, software may also change and adapt itself based on the changes in its environment. Such adaptive changes are usually dynamic, and are suitable for dealing with unpredictable or temporary changes in the software's operating environment. A promising solution for software adaptation is to develop self-adaptive software systems that can manage changes dynamically at runtime in a rapid and reliable way. One of the main advantages of self-adaptive software is its ability to manage the complexity that stems from highly dynamic and nondeterministic operating environments. If a self-adaptive software system has been engineered and used properly, it can greatly improve the cost-effectiveness of software change through its lifespan. However, in practice, many of the existing approaches towards self-adaptive software are rather expensive and may increase the overall system complexity, as well as subsequent future maintenance costs. This means that in many cases, self-adaptive software is not a good solution, because its development and maintenance costs are not paid off. The situation is even worse in the case of making current (legacy) systems adaptive. There are several factors that have an impact on the cost-effectiveness and usability of self-adaptive software; however the main objective of this thesis is to make a software system adaptive in a cost-effective way, while keeping the target adaptive software generic, usable, and evolvable, so as to support future changes. In order to effectively engineer and use self-adaptive software systems, in this thesis we propose a new conceptual model for identifying and specifying problem spaces in the context of self-adaptive software systems. Based on the foundations of this conceptual model, we propose a model-centric approach for engineering self-adaptive software by designing a generic adaptation framework and a supporting evolution process. This approach is particularly tailored to facilitate and simplify the process of evolving and adapting current (legacy) software towards runtime adaptivity. The conducted case studies reveal the applicability and effectiveness of this approach in bringing self-adaptive behaviour into non-adaptive applications that essentially demand adaptive behaviour to sustain

eine graphbasierte Sprache zur Spezifikation komplexer Suchmuster für die statische Quelltextanalyse

Das Ziel dieser Arbeit ist die Darstellung einer graphbasierten Sprache für die Beschreibung komplexer Suchmuster zur Quelltextanalyse. Der Fokus liegt auf der Möglichkeit einer modularisierten Musterspezifikation, so dass der Nutzer komplexe Muster über die Kombination einzelner Module erstellen kann. Die Sprachsyntax basiert sowohl auf dem Abstrakten Syntaxbaum, als auch auf Elementen der Graphtypen Kontrollabhängigkeitsgraph und Datenabhängigkeitsgraph. Somit kann in einer Musterspezifikation die Graphrepräsentation von Java Syntaxelementen mit abstrakteren Abhängigkeitsbeziehungen kombiniert werden

Explicitly Integrated Architecture - An Approach for Integrating Software Architecture Model Information with Program Code

Software-Architekturspezifikationen und -Implementierungen sind zwei Sichtweisen auf Softwarearchitektur. Sie beschreiben gemeinsame Aspekte, wie z.B. die Existenz und Verbindung von Komponenten. Die Spezifikation fügt Informationen zum Design, zur Kommunikation und zur Analyse hinzu. Die Implementierung beschreibt stattdessen zusätzlich Details für ein ausführbares System. Die Konsistenz zwischen diesen Darstellungen manuell zu verwalten, ist schwierig und fehleranfällig. Diese Arbeit stellt einen Ansatz vor, der Informationen der Architekturspezifikation vollständig in die Implementierung integriert, sodass die Spezifikation als eigenständiges Artefakt nicht mehr notwendig ist. Das Tool Codeling extrahiert die integrierte Architekturspezifikation in unterschiedlichen Sprachen aus dem Code und propagiert Änderungen in dieser Spezifikation automatisch an den Code zurück.Specifications and implementations are both viewpoints upon software architecture. Besides common aspects, the specification adds information for design, communication, or analysis, while the implementation adds details for an executable system instead. Managing the consistency between these representations manually is difficult and error-prone. This thesis presents an approach, that completely integrates architecture specifications with the implementation, so that separate specification artifacts are not necessary anymore. The tool Codeling extracts integrated architecture specifications in multiple languages from code, and automatically propagates changes in these specifications back to the code