Gregory Kulczycki

Reasoning about Software-Component Behavior

The correctness of a component-based software system depends on the component client’s ability to reason about the behavior of the components that comprise the system, both in isolation and as composed. The soundness of such reasoning is dubious given the current state of the practice. Soundness is especially troublesome for component technologies where source code for some components is inherently unavailable to the client. Fortunately, there is a simple, understandable, teachable, practical, and provably sound and relatively complete reasoning system for component-based software systems that addresses the reasoning problem.

A Reusable Model for Data-Centric Web Services

Service-oriented computing (SoC) promotes a paradigm where enterprise applications can be transformed into reusable, network-accessible software modules or services (i.e. Web services). In many cases, existing concrete applications can be wrapped to perform within the SoC environment by (1) converting their required input data and output provisions into XML-based messages (e.g. SOAP) and (2) specifying the newly-created services using other XML-based software specifications (e.g. WSDL). In addition, enterprise organizations also devise natural language specifications to describe the service capability. Unfortunately, consumers of these capabilities often misinterpret the data requirements for using the underlying services. In this paper, we propose a generic model for data-centric Web Services that aids formal specification of service-data interactions and provides practical and verifiable solutions to eliminate data ambiguity and promote service reusability.

The location linking concept: a basis for verification of code using pointers

While the use of pointers can be minimized by language mechanisms for data abstraction, alias avoidance and control, and disciplined software development techniques, ultimately, any verifying compiler effort must be able to verify code that makes use of them. Additionally, in order to scale, the verification machinery of such a compiler must use specifications to reason about components. This paper follows a natural question that arises from combining these ideas: can the general machinery of specification-based component verification also be used to verify code that uses instances of types that are more traditionally built-in, such as arrays and pointers? This paper answers the question in the affirmative by presenting a Location_Linking_Template, a concept that captures pointer behavior, and uses it to verify the code of a simple data abstraction realized using pointers. In this deployment, pointers have a specification like any other component. We also note that the concept can be extended and realized so that different systems can plug in alternative implementations to give programmers the flexibility to choose, e.g., manual memory management or automatic garbage collection depending on their performance concerns.

Formal Specification and Verification of Data-Centric Service Composition

Service-oriented architecture (SOA) promotes a paradigm where ad-hoc applications are built by dynamically linking service-based software capabilities. Service providers follow specification standards to advertise their services’ capabilities and to enable loosely coupled integration between their services and other businesses over the Web. A major challenge in this domain is interpreting the data that must be marshaled between consumer and producer systems. We propose a framework to support formal modeling and contracts for data-centric Web services. We demonstrate how this framework can be used to verify correctness properties for composition of services.

The Social Service Network - Web 2.0 Can Make Semantic Web Services Happen

Despite the evident benefits of semantic Web services, their widespread adoption by the industry is hindered by practicality issues. We see great promise in using proven Web 2.0 techniques to enable semantic Web services technologies to rise to their potential. We propose the social service network (SSN) - a framework integrating Web 2.0 social aspects to automatically enrich Web services with semantic meanings based on community consensus. Additionally, we propose an innovative Web service recommendation system within the SSN that makes use of generated ontologies to discover similar and complementary Web services. We demonstrate the usefulness of our approach with a practical use case scenario.

Static Detection of Implementation Errors Using Formal Code Specification

The software engineering community suggests that formal specification of source code facilitates the verification that can help to identify hidden functional errors. In this work, we investigate the impact of various levels of formal specification on the ability to statically detect errors in code. Our goal is to quantify the return on investment with regards to the effectiveness of identifying errors versus the overhead of specifying software at various levels of detail. We looked at common algorithms and data structures implemented using C# and specified using Spec#. We selectively omitted various parts of the specification to come up with five different levels of specification, from unspecified to highly-specified. For each level of specification, we injected errors into the classes using a fault injection tool. Experimentation using a verifier showed that over 80% of the errors were detected from the highest specification levels while the levels in between generated mixed results. To the best of our knowledge, our study is the first to quantitatively measure the effect of formal methods on code quality. We believe that our work can help convince skeptics that formal methods can be practically integrated into programming activities to produce code with higher quality even with partial specification.

An Empirical Comparison of Methods for Reengineering Procedural Software Systems to Object-Oriented Systems

This study empirically compared two methods for reengineering a procedural system to an object-oriented system. Our hypothesis was that it is possible to support this process with a repeatable method. The first method was manual and was used as a baseline for evaluating the second method, which was repeatable and based on analysis of procedure coupling. The repeatable method was found to be effective for identifying objects. It produced code that was much smaller, more efficient, and passed more regression tests than the manual method. Analysis of object-oriented metrics indicated both simpler code and less variability among classes. Particularly striking was the order of magnitude difference between the average cohesion metric (LCOM) for the manual and repeatable methods.

Abstracting Pointers for a Verifying Compiler

The ultimate objective of a verifying compiler is to prove that proposed code implements a full behavioral specification. Experience reveals this to be especially difficult for programs that involve pointers or references and linked data structures. In some situations, pointers are unavoidable; in some others, verification can be simplified through suitable abstractions. Regardless, a verifying compiler should be able to handle both cases, preferably using the same set of rules. To illustrate how this can be done, we examine two approaches to full verification. One replaces language- supplied indirection with software components whose specifications abstract pointers and pointer- manipulation operations. Another approach uses abstract specifications to encapsulate data structures that pointers and references are often used to implement, limiting verification complications to inside the implementations of these components. Using a modular, specification-based tool we have developed for verification condition generation, we show that full verification of programs with and without the direct use of pointers can be handled similarly. There is neither a need to focus on selected pointer properties, such as the absence of null references or cycles, nor a need for special rules to handle pointers.

Simplifying reasoning about objects with Tako

A fundamental complexity in understanding and reasoning about object-oriented languages is the need for programmers to view variables as references to objects rather than directly as objects. The need arises because a simplified view of variables as (mutable) objects is not sound in the presence of aliasing. Tako is an object-oriented language that is syntactically similar to Java but incorporates alias-avoidance techniques. This paper describes the features of the Tako language and shows how it allows programmers to view all variables directly as objects without compromising sound reasoning. It discusses the benefits of such a language, including its use as an instructional tool to help teach students how to reason formally about their code.

A Language for Building Verified Software Components

Safe and secure reuse is only achievable by deploying formally verified software components. This paper presents essential design objectives for languages for building such components and highlights key features in RESOLVE—a prototype for such languages. It explains why the language must include specifications as an integral constituent and must have clean and rich semantics, which preclude unconstrained aliasing and other unwanted side-effects. In order that arbitrarily complex components can be given concise and verification amenable specifications, an adequate language must also include an open-ended mechanism for incorporating additional mathematical theories. Given these essential characteristics, safe and secure reuse cannot be attained within popular languages, such as C++ or Java, either by constraining them or by extending them. Better languages are necessary.