Josephine Micallef

Multiuser, Distributed Language-Based Environments

How do you keep teams of programmers informed of system changes without burying them in mail messages? Make the environment responsible for propagating changes.

Experience with a model-driven approach for enterprise-wide interface specification and XML schema generation

Market drivers to deliver software-based business solutions faster and cheaper have promoted the evolution of software system architectures toward assemblies of encapsulated components offering well-defined services - a service-oriented architecture. Software vendors are eager to adopt and exploit new technologies, such as XML and Web services, to meet the market demands, but face significant challenges due to their existing software asset base and entrenched development processes. This paper presents a case study of the use of a methodology and toolset, known as CAIDE (Computer Aided Interface Design Environment), developed to address these challenges for a complex family of telecommunications applications. Our main objective was to provide a simple but expressive high-level meta-model for specifying system interfaces, and to automatically generate XML schemas for the interfaces consistently across the application family, constraining the use of schema constructs according to enterprise-wide policies, and promoting reuse by composition.

Support algorithms for incremental attribute evaluation of asynchronous subtree replacements

A solution to the problem of incremental attribute evaluation for multiple asynchronous subtree replacements that is applicable to arbitrary noncircular attribute grammars is discussed. The algorithm supports multiple independent editing cursors. Concurrent evaluation processes proceed independently as long as they cover disjoint regions of the derivation tree. Evaluation processes are merged when they overlap, to prevent unnecessary attribute evaluations. The complexity of these three parts of the algorithm is discussed. The algorithm ensures that when evaluation terminates, the tree is consistently attributed. The results solve two open problems that arose in connection with the original algorithm for asynchronous subtree replacements reported by S.M. Kaplan and G.F. Kaiser (1986). >

Preventing insider malware threats using program analysis techniques

Current malware detection tools focus largely on malicious code that is injected into target programs by outsiders by exploiting inadvertent vulnerabilities such as failing to guard against a buffer overflow or failure to properly validate a user input in those programs. Hardly any attention is paid to threats arising from software developers, who, with their intimate knowledge of the inner workings of those programs, can easily sneak logic bombs, Trojan horses, and backdoors in those programs. Traditional software validation techniques such as testing based on user requirements are unlikely to detect such malware, because normal use cases will not trigger them and thus will fail to expose them. The state-of-the-art in preventing such malware involves manual inspection of the target program, which is a highly tedious, time consuming, and error prone process. We propose a dynamic, test driven approach that automatically steers program analysts towards examining and discovering such insider malware threats. It uses program analysis techniques to identify program parts whose execution automatically guarantees execution of a large number of previously unexplored parts of the program. It effectively leads analysts into creating test cases which may trigger, in a protected test environment, any malware code hidden in that application as early as possible, so it can be removed from the application before it is deployed in the field. We also present a tool that helps translate this approach into practice.

Extending the MERCURY system to support teams of Ada programmers

The MERCURY system generates multi-user language-based environments from attribute grammars. The AG specifies the interface checking among modular units, to be applied by the environment to inform programmers of errors introduced by interface changes. Since AGs assume a monolithic program, we extended the formalism to support separate compilation units. Our previous work was based on an ideal language where programs consist of an unordered set of monolithic compilation units. We now augment our extensions to support Ada, to allow multiple kinds of compilation units and nested compilation units. We describe how these extensions are used to detect naming errors, determine compilation unit context, and check compilation order as mandated by Ada.

Incremental attribute evaluation for multi-user semantics-based editors

This thesis addresses two fundamental problems associated with performing incremental attribute evaluation in multi-user editors based on the attribute grammar formalism: (1) multiple asynchronous modifications of the attributed derivation tree, and (2) segmentation of the tree into separate modular units. Solutions to these problems make it possible to construct semantics-based editors for use by teams of programmers developing or maintaining large software systems. Multi-user semantics-based editors improve software productivity by reducing communication costs and snafus. The objectives of an incremental attribute evaluation algorithm for multiple asynchronous changes are that (a) all attributes of the derivation tree have correct values when evaluation terminates, and (b) the cost of evaluating attributes necessary to reestablish a correctly attributed derivation tree is minimized. We present a family of algorithms that differ in how they balance the tradeoff between algorithm efficiency and expressiveness of the attribute grammar. This is important because multi-user editors seem a practical basis for many areas of computer-supported cooperative work, not just programming. Different application areas may have distinct definitions of efficiency, and may impose different requirements on the expressiveness of the attribute grammar. The characteristics of the application domain can then be used to select the most efficient strategy for each particular editor. To address the second problem, we define an extension of classical attribute grammars that allows the specification of interface consistency checking for programs composed of many modules. Classical attribute grammars can specify the static semantics of monolithic programs or modules, but not inter-module semantics; the latter was done in the past using ad hoc techniques. Extended attribute grammars support programming-in-the-large constructs found in real programming languages, including textual inclusion, multiple kinds of modular units and nested modular units. We discuss attribute evaluation in the context of programming-in-the-large, particularly the separation of concerns between the local evaluator for each modular unit and the global evaluator that propagates attribute flows across module boundaries. The result is a uniform approach to formal specification of both intra-module and inter-module static semantic properties, with the ability to use attribute evaluation algorithms to carry out a complete static semantic analysis of a multi-module program.

A practical method and tool for systems engineering of service-oriented applications

As software organizations develop systems based on service-oriented architectures (SOAs), the role of systems engineers (SEs) is crucial. They drive the process, in a top-down fashion, from the vantage point of the business domain. The SE, utilizing tools that allow work at a suitably high level of abstraction, creates service description artifacts that document service contracts, the obligations that govern the integration of services into useful applications. This paper describes a practical systems engineering methodology and supporting toolset for SOA that has been successfully used within the telecommunications domain. The methodology and toolset, named the STructured Requirements and Interface Design Environment (STRIDE), are based upon a high-level service description meta-model, and as such, encourage top-down service design. STRIDE promotes reuse of service models, as well as of the artifacts generated from those models, across the enterprise. STRIDE also embodies an effective service evolution and versioning strategy.

Extending attribute grammars to support programming-in-the-large

Attribute grammars add specification of static semantic properties to context-free grammars, which, in turn, describe the syntactic structure of program units. However, context-free grammars cannot express programming-in-the-large features common in modern programming languages, including unordered collections of units, included units, and sharing of included units. We present extensions to context-free grammars, and corresponding extensions to attribute grammars, suitable for defining such features. We explain how batch and incremental attribute-evaluation algorithms can be adapted to support these extensions, resulting in a uniform approach to intraunit and interunit static semantic analysis and translation of multiunit programs.

SETA1 working group on Ada libraries, configuration management, and version control

There are two kinds of versions. The first kind, called revisions (or vertical versions or sequential versions) record changes made to the components of a system over time to fix bugs or to enhance the system. The changes made to a component over time forms a tree structure of revisions, where branches are formed when multiple programmers need to make changes to the same component simultaneously, in order to control the impact of changes. Branches of a revision tree are intended to ultimately be merged together (e.g., using a diff tool or Horwitz’s and Reps’s merging algorithms).

Reliable Network Communications

CUCS-278-87 This technical report consists of three papers from the INTERCOMS project. A Network Architecture for Reliable Distributed Computing introduces the view section model, a network layer for exception handling in response to disruptions in communication channels due to failures of network links or nodes. Remote Exception Handling discusses for a network layer for exception handling among cooperating application processes. Demand-Driven Parameter Passing in Remote Procedure Call describes how remote exception handling solves the problem of passing referential data types (pointers) as parameters to remote procedures. This research is supported in pan by grants from AT&T Foundation, Siemens Research and Technology Laboratories, and the New York State Center of Advanced Technology Computer & Information Systems, and in pan by a Digital Equipment Corporation Faculty Award. Ms. Cycowicz is an AT&T Fellow. Mr. Hseush is supponed in pan by the New York State Center of Advanced Technology Computer & Information Systems. Ms. Micallef is a past IBM Fellow. Reliable Network Communications Gail E. Kaiser Yael J. Cycowicz Wenwey Hseush Josephine Micallef Columbia University Department of Computer Science New York, NY 10027