Prof. Dr. Eric Bodden

The year is coming to an end, and in fact some believe so may the world, so I thought I would give everyone a recap of what we have worked on and accomplished in 2012. What an exciting year this was! Through funding by EC SPRIDE and my new Emmy Noether Group RUNSECURE, my group grew from a single PhD student to five! This was obviously quite an exciting but also challenging shift for me, coordinating such a large and new group is not an easy task – but at the end of the year I have to say that I think I am getting the hang of it.

In a collaboration with Andreas Thies from Fernuni Hagen, we were able to develop the first system that can guarantee to some decent extent the correctness of refactorings in the presence of reflective method invocations. Our Eclipse plugin RefaFlex is available for download. Our ISSTA publication on the topic received the SIGSOFT Distinguished Paper Award.

Around the beginning of the year we started quite fruitful collaborations with the groups of Jacques Klein and Patrick McDaniel to work on an analysis infrastructure for Android based on Soot. Alexandre Bartel has just released our current versions of a pair of Dex-to-Jimple and Jimple-to-Dex converters, which in combination allow for arbitrarily precise analyses and transformations on Dalvik bytecode. (The Jimple-to-Dex converter is a contribution by Thomas Pilot, developed as his MSc thesis.) We plan to publish interesting analyses based on this framework soon. If you are interested in playing around with it yourself, check out our development branch. Read the rest of this entry »

In the near future we are planning to conduct a survey with SE practitioners, to find out what are the future trends (within the next 5-10 years) with respect to software development – including both sociological and technological trends.

Currently we are looking into “seeding” this survey by brainstorming about such trends. So what do you think? What trends do you see that could be included for discussion in such a survey? Please comment here…

I am happy to announce the availability of Heros, our new inter-procedural data-flow solver. Heros is based on the well-known IFDS and IDE frameworks by Reps, Horwitz and Sagiv. It allows users to define data-flow problems in a very simple template-based manner (see here for example): simply define your flow functions and let the solver take care of the rest. Other implementations of IFDS and IDE exist, for instance WALA has had support for IFDS for quite some time. Heros has a number of unique features, though:

• Its implementation is independent of the programming language being analyzed and the analysis framework’s IR. We provide a connector to Soot but other people can easily integrate Heros with other tools. We ourselves are working on an integration with a C/C++ compiler.
• Heros is multi-threaded and hence highly scalable.
• Heros also provides a relatively simple programming interface.

By making Heros publicly available as Open Source we hope that the community will make use of it, build on it and extend it – for the benefit of all. We programmed Heros with providing clear and simple code in mind, and commented the API thoroughly. In case of any questions, do not hesitate to contacting me!

P.S. For a bit of a writeup, see here.

12th International Conference on Software Composition (SC 2013)
June 17–21 2013, Budapest, Hungary
http://sc2013.ec-spride.de/

The International Conference on Software Composition (SC) is the leading
venue that addresses challenges of how composition of software parts may
be used to build and maintain large software systems.
Software Composition 2013 will be the 12th edition in the series, and we invite researchers and practitioners to submit high-quality papers. Submissions that relate theory and practice of software composition are particularly welcome. Software Composition 2013 is co-located with the TOOLS 2013 Federated Conferences, taking place in Budapest between June 17th and 21st 2013.

Topics of Interest:

The SC 2013 program committee seeks original, high-quality papers related to software composition, including but not limited to the
following topics:

* Component-based software engineering
* Composition and adaptation techniques
* Composition algebras, calculi and type systems
* Feature-oriented software development
* Aspect-oriented software development
* Model-driven composition
* Models of computation
* Verification, validation and testing
* Dynamic composition and reconfiguration
* Large-scale component-based systems
* Cloud, service-oriented architectures
* Business process orchestration
* Visual composition environments
* Performance optimization of composite systems

We solicit high-quality submissions on research results and/or experience (up to 16 pages, LNCS format, including bibliography and
figures) describing a technical contribution in depth. Short and position papers are also welcome for the work in progress session (up to 8 pages, LNCS format, including bibliography and figures). Short submissions must concisely capture ongoing work, new ideas, and
experiences.

Submitted papers will be judged on the basis of significance, relevance, correctness, originality, and clarity. Submitted papers must be
unpublished and not submitted for publication elsewhere. As in previous years, the proceedings of the conference will be published as a volume in Springer’s Lecture Notes in Computer Science.

Conference Web Site:

http://sc2013.ec-spride.de/

Important Dates:

Abstract submission: January 20, 2013 (optional)
Paper submission: January 25, 2013 (23:59 anywhere on earth)
Acceptance notification: March 10, 2013
Camera-ready copy: March 22, 2013

General Chair:

Welf Löwe, Linnaeus University, Sweden

Program Chairs:

Walter Binder, University of Lugano, Switzerland
Eric Bodden, Technische Universität Darmstadt, Germany

Publicity Chair:

Stephen Kell, University of Lugano, Switzerland

Program Committee:

Danilo Ansaloni, University of Lugano, Switzerland
Sven Apel, University of Passau, Germany
Olivier Barais, University of Rennes 1, France
Alexandre Bergel, University of Chile, Chile
Domenico Bianculli, University of Luxembourg, Luxembourg
Daniele Bonetta, University of Lugano, Switzerland
Lubomír Bulej, Charles University, Czech Republic
Shigeru Chiba, University of Tokyo, Japan
Ion Constantinescu, Google, USA
Schahram Dustdar, Vienna University of Technology, Austria
Erik Ernst, University of Aarhus, Denmark
Bernd Freisleben, University of Marburg, Germany
Thomas Gschwind, IBM Zurich Research Lab, Switzerland
Michael Haupt, Oracle Labs, Germany
Christian Kästner, Carnegie Mellon University, USA
Doug Lea, State University of New York at Oswego, USA
Karl Lieberherr, Northeastern University, USA
David Lorenz, The Open University, Israel
Hidehiko Masuhara, University of Tokyo, Japan
Oscar Nierstrasz, University of Bern, Switzerland
Jacques Noyé, Ecole des Mines de Nantes, France
Ina Schaefer, Technische Universität Braunschweig, Germany
Andreas Sewe, Technische Universität Darmstadt, Germany
Mario Südholt, Ecole des Mines de Nantes, France
Clemens Szyperski, Microsoft Research, USA
Immanuel Trummer, EPFL, Switzerland
Alex Villazón, Universidad Privada Boliviana, Bolivia
Eric Wohlstadter, University of British Columbia, Canada
Thomas Würthinger, Oracle Labs, Austria
Cheng Zhang, Shanghai Jiao Tong University, China

I am happy to announce the availability of a new Tech Report on Transparent and Efficient Reuse of IFDS-based Static Program Analyses for Software Product Lines. This is joint work with Társis Tolêdo, Márcio Ribeiro, Claus Brabrand, Paulo Borba and Mira Mezini. In the paper, we show how an important class of program analyses designed for traditional programs can be transparently reused for software product lines.

From the abstract:

A software product line (SPL) encodes a potentially large variety of software products as variants of some common code base. Up until now, re-using traditional static analyses for SPLs was virtually intractable, as it required programmers to generate and analyze all products individually.

In this work, however, we show how an important class of existing inter-procedural static analyses can be transparently lifted to SPLs. Without requiring programmers to change a single line of code, our approach SPLLIFT automatically converts any analysis formulated for traditional programs within the popular IFDS framework for interprocedural, finite, distributive, subset problems to an SPL-aware analysis formulated in the IDE framework, a well-known extension to IFDS.

Using a full implementation based on Soot, CIDE and JavaBDD, we show that with SPLLIFT one can reuse IFDS-based analyses without changing a single line of code. Through experiments using three static analyses applied to four Java-based product lines, we were able to show that our approach produces correct results and outperforms the traditional approach by several orders of magnitude.

Much gratitude goes to to Ondrej Lhotak, who provided useful hints on optimizing BDDs. We also wish to thank the developers of CIDE, JavaBDD and Soot for making their tools available to us and for their continuing support. Thanks to Phil Pratt-Szeliga and Marc-Andre Laverdiere-Papineau, who provided help with analyzing J2ME MIDlets. Thanks also to Sven Apel who provided helpful feedback on an earlier version of this paper.

Our implementation is available for download in source, along with everything required to reproduce our experimental results. If you build on this implementation, we would appreciate if you’d let us know.

Today we conducted a little case study on OpenSSL to see how frequently people use #ifdef directives. This word cloud shows the relative distribution. There are currently 391 different flags being used in altogether 1874 #ifdef directives (not counting #ifndef etc.). The most prominent one is __cplusplus, occurring 214 times. I wonder how many people actually understand all their different side effects and combinations and how many combinations are actually being used in actual compiled products…

Frequency of occurrence of different #ifdef directives in OpenSSL as of Oct. 25th, 2012

P.S. Thanks to Kevin Falzon for helping out with this graphic!

Our work Challenges in defining a programming language for provably correct dynamic analyses, to be presented at ISOLA next week, describes the challenges involved in designing a new programming language that we plan to develop. This new language is at the core of my new project RUNSECURE. The language is meant to target security experts, who can use it to implement enforcement monitors that when applied to a potentially insecure program will automatically secure the program against certain classes of attacks. Read the rest of this entry »

Quite a while ago, when I was still a student, Malte Clasen, Joachim Kneis and I developed an Arithmetic Coder, written in C++. Brent Scriver has now developed a C# Version on top of it, with some improvements.

Bret Victor has a great essay on Programming Languages and Environments. For anyone interested in software engineering I think it should be a very useful read. And I would love to see some of those concepts pop up in real-world programming environments! (Although some of them would be hard to efficiently implement, it seems.)