Anatomy of BioJS, an open source community for the life sciences

BioJS is an open source software project that develops visualization tools for different types of biological data. Here we report on the factors that influenced the growth of the BioJS user and developer community, and outline our strategy for building on this growth. The lessons we have learned on BioJS may also be relevant to other open source software projects

Engineering a static verification tool for GPU kernels

We report on practical experiences over the last 2.5 years related to the engineering of GPUVerify, a static verification tool for OpenCL and CUDA GPU kernels, plotting the progress of GPUVerify from a prototype to a fully functional and relatively efficient analysis tool. Our hope is that this experience report will serve the verification community by helping to inform future tooling efforts. © 2014 Springer International Publishing

Approaches, Techniques, and Tools for Identifying Important Code Changes to Help Code Reviewers

Software development is a collaborative process where many developers come together and work on a project. To make things easy and manageable, software is developed on a version control system. A version control system is a centralized system which stores code and adds code from all other developers as an increment to the code base in the repository. Since multiple people work on the same code repository together, it is important to make sure that their contributions do not conflict with each other. It is important to maintain the quality and integrity of the repository. This is where the code review process comes into the picture. All the changes made to the repository by developers are reviewed by other, preferably senior developers, before it is integrated into the repository. This is done to maintain a high standard of development. The problem is that this is a manual and highly time consuming process. This research proposes a tool that tries to optimize the code review process. This is done by ranking the changes that the developers need to review: this makes it easier for the developer to decide which change he/she needs to review first. Also since every reviewer has their own preference and style, the tool takes feedback from the code reviewer after every change and readjusts the ranked change list according to his/her feedback. Adding to that, the tool classifies each change and tags it so that the code reviewers have a better understanding of the change that he/she is about to review. It also provides additional refactoring information about each change. Refactoring changes are very easy to miss, since they are not usually erroneous changes, but they erode the quality of the software overtime. The tool points out these changes so that these changes are not missed by the code reviewer. The research was evaluated on 7 open source project and a usability study was conducted which prove that this tool does have a positive impact on the code review process

Automating property-based testing of evolving web services

Web services are the most widely used service technology that drives the Service-Oriented Computing~(SOC) paradigm. As a result, effective testing of web services is getting increasingly important. In this paper, we present a framework and toolset for testing web services and for evolving test code in sync with the evolution of web services. Our approach to testing web services is based on the Erlang programming language and QuviQ QuickCheck, a property-based testing tool written in Erlang, and our support for test code evolution is added to Wrangler, the Erlang refactoring tool. The key components of our system include the automatic generation of initial test code, the inference of web service interface changes between versions, the provision of a number of domain specific refactorings and the automatic generation of refactoring scripts for evolving the test code. Our framework provides users with a powerful and expressive web service testing framework, while minimising users' effort in creating, maintaining and evolving the test model. The framework presented in this paper can be used by both web service providers and consumers, and can be used to test web services written in whatever language; the approach advocated here could also be adopted in other property-based testing frameworks and refactoring tools

JAVA DESIGN PATTERN OBFUSCATION

Software Reverse Engineering (SRE) consists of analyzing the design and imple- mentation of software. Typically, we assume that the executable file is available, but not the source code. SRE has many legitimate uses, including analysis of software when no source code is available, porting old software to a modern programming language, and analyzing code for security vulnerabilities. Attackers also use SRE to probe for weaknesses in closed-source software, to hack software activation mecha- nisms (or otherwise change the intended function of software), to cheat at games, etc. There are many tools available to aid the aspiring reverse engineer. For example, there are several tools that recover design patterns from Java byte code or source code. In this project, we develop and analyze a technique to obfuscate design patterns. We show that our technique can defeat design pattern detection tools, thereby making reverse engineering attacks more difficult

Simple Open-Source Formal Verification of Industrial Programs

Industrial programs written on Programmable Logic Controllers (PLCs) have become an essential component of many modern industries, including automotive, aerospace, manufacturing, infrastructure, and even amusement parks. As these safety-critical systems become larger and more complex, ensuring their continuous error-free operation has become a significant and important challenge. Formal methods are a potential solution to this issue but have traditionally required substantial time and expertise to deploy. This usability issue is compounded by the fact that PLCs are highly proprietary and have substantial licensing costs, making it difficult to learn about or deploy formal methods on them. This thesis presents the OPPP (Open-source Proving of PLC Programs) system as a solution to this usability issue. The OPPP system allows the end-to-end creation and verification of PLC programs from within the development environment. The system is created with an emphasis on being easy to use, with formal constraints presented in English phrases that require no special knowledge to understand. The system uses entirely open-source components, including modified versions of both the OpenPLC development environment and the PLCverif verification platform. The OPPP system is then demonstrated to formalize the requirements of two college-level introductory PLC programming problems. It is further demonstrated to correctly find errors in and verify the correctness of a known good and known bad solution to each problem