Extended Transaction Models for Software Development Environments

This technical report consists of two papers discussing concurrency control facilities for multiuser software development environments. A Marvelous Extended Transaction Processing Model briefly sketches the previously developed commit-serializability model and then applies it to the MARVEL kernel for software development environments. A Participant Semantics for Serializable Transactions describes our first pass at a different extended transaction model that moves users inside the system, so certain users may participate in transactions and the interactions among transactions while all other users observe only a serial order for the transactions

AI Techniques in Software Engineering

The idea of using artificial intelligence techniques to support programming has been around for a long time. The earliest notion was to avoid programming entirely. The human user would just tell the computer what to do, without saying how to do it, and the computer would do the right thing. Even if this were feasible, however, it would be much too tedious, since each time the user would have to repeat the details of what he wanted done. So the goal of programming was to explain things to the computer only once, and then later on be able to tell the computer to do the same thing again in some short form, such as the name of the "program." Thus the idea evolved that a user would somehow tell the computer what program was desired, and the computer would write down the program in some internal form so that it could be remembered and repeated later. The assumption was that the resulting program would be correct, complete, efficient, easy to use, and so forth. It would also be exactly what the human user wanted

Experience with Process Modeling in the Marvel Software Development Environment Kernel

We have been working for several years on rule-based process modeling and the implementation of such models as part of the foundation for software development environments. We have defined a kernel, called MARVEL, for such an architecture and implemented several successive versions of the kernel and several small environments using the kernel. We have evaluated our results to date, and discovered several significant flaws and delineated several important open problems. Although the details are specific to rule-based process modeling, we believe that our insights will be valuable to other researchers and developers contemplating process modeling mechanisms

Incremental Dynamic Semantics for Language-Based Programming Environments

Attribute grammars are a formal notation for expressing the static semantics of programming languages — those properties that can be derived from inspection of the program text. Attribute grammars have become popular as a mechanism for generating language-based programming environments that incrementally perform symbol resolution, type checking, code generation and derivation of other static semantic properties as the program is modified. However, attribute grammars are not suitable for expressing dynamic semantics — those properties that reflect the history of program execution and/or user interactions with the programming environment. This article presents action equations, an extension of attribute grammars suitable for specifying the static and the dynamic semantics of programming languages. It describes how action equations can be used to generate language-based programming environments that incrementally derive static and dynamic properties as the user modifies and debugs the program

Experience with Process Modeling in the Marvel Software Development Environment Kernel

We have been working for several years on rule-based process modeling and the implementation of such models as part of the foundation for software development environments. We have defined a kernel, called MARVEL, for such an architecture and implemented several successive versions of the kernel and several small environments using the kernel. We have evaluated our results to date, and discovered several significant flaws and delineated several important open problems. Although the details are specific to rule-based process modeling, we believe that our insights will be valuable to other researchers and developers contemplating process modeling mechanisms

Object-Oriented Programming Language Facilities for Concurrency Control

Concurrent object-oriented programming systems require support for concurrency control, to enforce consistent commitment of changes and to support program-initiated rollback after application-specific failures. We have explored three different concurrency control models -- atomic blocks, serializable transactions, and commit-serializable transactions -- as part of the MELD programming language. We present our designs, discuss certain programming problems and implementation issues, and compare our work on MELD to other concurrent object-based systems

Vignat: Vulnerability identification by learning code semantics via graph attention networks

Vulnerability identification is crucial to protect software systems from attacks for cyber-security. However, huge projects have more than millions of lines of code, and the complex dependencies make it hard to carry out traditional static and dynamic methods. Furthermore, the semantic structure of various types of vulnerabilities differs greatly and may occur simultaneously, making general rule-based methods difficult to extend. In this paper, we propose \textit{Vignat}, a novel attention-based framework for identifying vulnerabilities by learning graph-level semantic representations of code. We represent codes with code property graphs (CPGs) in fine grain and use graph attention networks (GATs) for vulnerability detection. The results show that Vignat is able to achieve $57.38\%$ accuracy on reliable datasets derived from popular C libraries. Furthermore, the interpretability of our GATs provides valuable insights into vulnerability patterns

Extending Attribute Grammars to Support Programming-in-the-Large

Attribute grammars add specification of static semantic properties to context-free grammars, which in turn describe the syntactic structure of program units. However, context-free grammars cannot express programming-in-the-large features common in modern programming languages, including unordered collections of units, included units and sharing of included units. We present extensions to context-free grammars, and corresponding extensions to attribute grammars, suitable for defining such features. We explain how batch and incremental attribute evaluation algorithms can be adapted to support these extensions, resulting in a uniform approach to intra-unit and inter-unit static semantic analysis and translation of multi-unit programs

Using Process Technology to Control and Coordinate Software Adaptation

We have developed an infrastructure for end-to-end run-time monitoring, behavior/performance analysis, and dynamic adaptation of distributed software. This infrastructure is primarily targeted to pre-existing systems and thus operates outside the target application, without making assumptions about the target's implementation, internal communication/computation mechanisms, source code availability, etc. This paper assumes the existence of the monitoring and analysis components, presented elsewhere, and focuses on the mechanisms used to control and coordinate possibly complex repairs/reconfigurations to the target system. These mechanisms require lower level effectors somehow attached to the target system, so we briefly sketch one such facility (elaborated elsewhere). Our main contribution is the model, architecture, and implementation of Workflakes, the decentralized process engine we use to tailor, control, coordinate, etc. a cohort of such effectors. We have validated the Workflakes approach with case studies in several application domains. Due to space restrictions we concentrate primarily on one case study, briefly discuss a second, and only sketch others