Carlo Bellettini

A hierarchy-aware approach to faceted classification of objected-oriented components

This article presents a hierarchy-aware classification schema for obje ct-oriented code, where software components are classified according to their behavioral characteristics, such as provided services, employed algorithms, and needed data. In the case of reusable application frameworks, these characteristics are constructured from their model, i.e., from the description of the abstract classes specifying both the framework structure and purpose. In conventional object libraries, the characteristics are extracted semiautomatically from class interfaces. Characteristics are term pairs, weighted to represent “how well” they describe component behavior. The set of characteristics associated with a given component forms its software descriptor. A descriptor base is presented where descriptors are organized on the basis of structured relationships, such as similarity and composition. The classification is supported by a thesaurus acting as a language-independent unified lexicon. The descriptor base is conceived for developers who, besides conventionally browsing the descriptors hierarchy, can query the system, specifying a set of desired functionalities and getting a ranked set of adaptable candidates. User feedback is taken into account in order to progressively ameliorate the quality of the descriptors according to the views of the user community. Feedback is made dependent of the user typology through a user profile. Experimental results in terms of recall and precision of the retrieval mechanism against a sample code base are reported.

WebUml: reverse engineering of web applications

Web applications have become complex and crucial for many firms, especially when combined with areas such as CRM (Customer Relationship Management) and BPR (Business Process Reengineering). Since then the scientific community has focused attention to Web application design, development, analysis, testing, by studying and proposing methodologies and tools. This paper describes an automatic tool for the construction of UML models from existing Web applications. This tool, named WebUml, generates class and state diagrams by analysing source code and by interacting with the Web server. This reverse engineering tool is based on source code static analysis and also applies mutational techniques in order to exploit the server side execution engine to accomplish part of the dynamic analysis. This tool will be the core of a testing suite under construction at our laboratory. WebUml generated models (diagrams) will be used as a base for test case generation and coverage analysis.

TestUml: user-metrics driven web applications testing

Web applications have become very complex and crucial, especially when combined with areas such as CRM (Customer Relationship Management) and BPR (Business Process Reengineering), the scientific community has focused attention to Web application design, development, analysis, and testing, by studying and proposing methodologies and tools. This paper describes techniques for semi-automatic test case definition and for user1-driven testing (based on statistical testing or coverage analysis) from Web applications reverse engineered UML models. These techniques are implemented as tools in the WAAT project. WebUml is a reverse engineering tool that generates class and state diagrams through static and dynamic Web application analysis. TestUml is a testing suite that uses generated models to define test cases, coverage testing criteria and also reliability analysis.

Vulnerability Analysis of SCADA Protocol Binaries through Detection of Memory Access Taintedness

Pointer taintedness is a concept which has been successfully employed as basis for vulnerability analysis of C/C ++ source code, and as a run-time mitigation technique against memory corruption attacks. Nevertheless, pointer taintedness interferes with the specification of several industrial control protocols. As a consequence it is not directly usable in detecting memory corruption vulnerabilities in implementations of those industrial control protocols. Furthermore, source-code analysis may have no visibility on certain low-level vulnerabilities since there may be a considerable difference between what programmers intend with the source code they write and what the CPU really executes. A set of memory corruption vulnerabilities specific to implementations of industrial control protocols may escape source code analysis as they are related to a dynamic organization of data in memory. In this paper we define a new concept referred to as memory access taintedness. We discuss the logical motivations behind our definition of memory access taintedness and demonstrate that memory access taintedness is fully employable in vulnerability analysis of the machine code of implementations of industrial control protocols. We analyze the main low-level characteristics of both traditional attacks and attacks specific to process control systems, and demonstrate the ability of memory access taintedness to detect memory corruption vulnerabilities. We represent memory access taintedness as a decision tree and use it as the fundamental component of a finite state machine model we devised for the purpose of dynamically detecting memory corruption vulnerabilities in implementations of industrial control protocols.

Reachability Analysis of Time Basic Petri Nets: A Time Coverage Approach

We introduce a technique for reach ability analysis of Time-Basic (TB) Petri nets, a powerful formalism for real time systems where time constraints are expressed as intervals, representing possible transition firing times, whose bounds are functions of markings time description. The technique consists of building a symbolic reach ability graph relying on a sort of time coverage, and overcomes the limitations of the only available analyzer for TB nets, based in turn on a time-bounded inspection of a (possibly infinite) tree-tree. The graph construction algorithm has been automated by a tool-set, briefly described in the paper together with its main functionality and analysis capability. A running example is used throughout the paper to sketch the symbolic graph construction. A use case describing a small real system - that the running example is an excerpt from - has been employed to benchmark the technique and the tool-set. The main outcome of this test are also presented in the paper. Ongoing work, in the perspective of integrating with a model-checking engine, is shortly discussed.

MaRDiGraS: Simplified Building of Reachability Graphs on Large Clusters

Dealing with complex systems often needs the building of huge reachability graphs, thus revealing all the challenges associated with big data access and management. It also requires high performance data processing tools that would allow scientists to extract the knowledge from the unprecedented amount of data coming from these analyzed systems. In this paper we present MaRDiGraS, a generic framework aimed at simplifying the construction of very large state transition systems on large clusters and cloud computing platforms. Through a simple programming interface, it can be easily customized to different formalisms, for example Petri Nets, by either adapting legacy tools or implementing brand new distributed reachability graph builders. The outcome of several tests performed on benchmark specifications are presented.

Informatics Education in Italian Secondary Schools

This article describes the state of informatics education in the Italian secondary schools, highlighting how the learning objectives set up by the Ministry of Education are difficult to meet, due to the fact that the subject is often taught by teachers not holding an informatics degree, the lack of suitable teaching material and the expectations of pupils and families, who tend to identify informatics with the use of computer applications.

Symbolic State Space Exploration of RT Systems in the Cloud

The growing availability of distributed and cloud computing frameworks makes it possible to face complex computational problems in a more effective and convenient way. A notable example is state-space exploration of discrete-event systems specified in a formal way. The exponential complexity of this task is a major limitation to the usage of consolidated analysis techniques and tools. Several techniques for addressing the state space explosion problem within this context have been studied in the literature. One of these is to use distributed memory and computation to deal with the state space explosion problem. In this paper we study and compare two different approaches, relying on distributed and cloud frameworks, respectively. These approaches were designed and implemented following the same computational schema, a sort of map & fold. They are applied on symbolic state-space exploration of real-time systems specified by (a timed extension of) Petri Nets, by re-adapting a sequential algorithm implemented as a command-line Java tool. The outcome of several tests performed on a benchmarking specification are presented, thus showing the convenience of distributed approaches.

A metamodel for modeling and measuring Scrum development process

Many organizations using agile processes would like to adopt a process measurement framework, e.g. for assessing their process maturity. In this paper we propose a meta-model supporting derivation of specific data models for agile development processes. Then, we show how our meta-model can be used to derive a model of the Scrum process.

Exploring the processing of formatted texts by a kynesthetic approach

We describe a teaching activity about word-processors we proposed to a group of 25 pupils in 9th/10th grades of an Italian secondary school. While the pupils had some familiarity with word-processor operations, they had had no formal instruction about the automatic elaboration of formatted texts. The proposed kinesthetic/tactile activities turned out to be a good way for conveying non-trivial abstract computing concepts.