This thesis defines a set of program restructuring operations (refactorings) that support the design, evolution and reuse of object-oriented application frameworks. The focus of the thesis is on automating the refactorings in a way that preserves the behavior of a program. The refactorings are defined to be behavior preserving, provided that their preconditions are met. Most of the refactorings are simple to implement and it is almost trivial to show that they are behavior preserving. However, for a few refactorings, one or more of their preconditions are in general undecidable. Fortunately, for some cases it can be determined whether these refactorings can be applied safely. Three of the most complex refactorings are defined in detail: generalizing the inheritance hierarchy, specializing the inheritance hierarchy and using aggregations to model the relationships among classes. These operations are decomposed into more primitive parts, and the power of these operations is discussed from the perspectives of automatability and usefulness in supporting design. Two design constraints needed in refactoring are class invariants and exclusive components. These constraints are needed to ensure that behavior is preserved across some refactorings. This thesis gives some conservative algorithms for determining whether a program satisfies these constraints, and describes how to use this design information to refactor a program.

Program slicing is a decomposition technique that elides program components not relevant to a chosen computation, referred to as a slicing criterion. The remaining components form an executable program called a slice that computes a projection of the original program’s semantics. Using examples coupled with fundamental principles, a tutorial introduction to program slicing is presented. Then applications of program slicing are surveyed, ranging from its first use as a debugging technique to current applications in property verification using finite state models. Finally, a summary of research challenges for the slicing community is discussed.

This paper contributes an integrated survey of the work in the area of software inspection. It consists of two main sections. The first introduces a detailed description of the core concepts and relationships that together define the field of software inspection. The second elaborates a taxonomy that uses a generic development life-cycle to contextualize software inspection in detail. After Fagan's seminal work presented in 1976, the body of work in software inspection has greatly increased and reached measured maturity. Yet, there is still no encompassing and systematic view of this research body driven from a life-cycle perspective. This perspective is important since inspection methods and refinements are most often aligned to particular life-cycle artifacts. It also provides practitioners with a road-map available in their terms. To provide a systematic and encompassing view of the research and practice body in software inspection, the contribution of this survey is, in a first s...

Techniques for detecting defects in source code are fundamental to the success of any software development approach. A software development organization therefore needs to understand the utility of techniques such as reading or testing in its own environment. Controlled experiments have proven to be an effective means for evaluating software engineering techniques and gaining the necessary understanding about their utility. This paper presents a characterization scheme for controlled experiments that evaluate defect-detection techniques. The characterization scheme permits the comparison of results from similar experiments and establishes a context for crossexperiment analysis of those results. The characterization scheme is used to structure a detailed survey of four experiments that compared reading and testing techniques for detecting defects in source code. We encourage educators, researchers, and practition- Also with the Department of Computer Science, University of Kaiserslaut...

Procedure extraction is an important program transformation that can be used to make programs easier to understand and maintain, to facilitate code reuse, and to convert \monolithic " code to modular or object-oriented code. Procedure extraction involves the following steps: 1. The statements to be extracted are identied (by the programmer or by a programming tool). 2. If the statements are not contiguous, they are moved together so that they form a sequence that can be extracted into a procedure, and so that the semantics of the original code is preserved. 3. The statements are extracted into a new procedure, and are replaced with an appropriate call. This paper addresses step 2: in particular, the conditions under which it is possible to move a set of selected statements together so that they become \extractable", while preserving semantics. Since semantic equivalence is, in general, undecidable, we identify sucient conditions based on control and data dependences, and dene an ...

this paper is to refine this definition somewhat, adapting it to the purposes of the research community in computer science. Accordingly, we shall attempt to provide a reasonable definition of or, rather, criteria for folk theorems, followed by a detailed example illustrating the ideas. The latter endeavor might take one of two possible forms. We could take a piece of folklore and show that it is a theorem, or take a theorem and show that it is folklore. As an example of the first form we could have shown that the statement P NP, which is folklore, is also a theorem. However, since we have resolved to introduce no new technical material in this paper, and moreover, since researchers in our community seem to be less familiar with folklore than with theorems, Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission

The basic premise of software inspections is that they detect and remove defects before they propagate to subsequent development phases where their detection and correction cost escalates. To exploit their full potential, software inspections must call for a close and strict examination of the inspected artefact.

The basic motivation for software inspections is to detect and remove defects before they propagate to subsequent development phases where their detection and removal becomes more expensive. To attain this potential, the examination of the artefact under inspection must be as thorough and detailed as possible. This implies the need for systematic reading techniques that tell inspection participants what to look for and, more importantly, how to scrutinise a software document. Recent research efforts investigated the benefits of scenario-based reading techniques for defect detection in functional requirements and functional code documents. A major finding has been that these techniques help inspection teams find more defects than existing state-of-the-practice approaches, such as, ad-hoc or checklist-based reading (CBR). In this paper we describe and experimentally compare one scenariobased reading technique, namely perspective-based reading (PBR), for defect detection in objec...

Malicious attacks on systems are a threat to business, government, and defense. Many attacks exploit system behavior unknown to the developers who created it. In today’s state of art, software engineers have no practical means to determine how a sizable program will behave in all circumstances of use. This sobering reality lies at the heart of many problems in security and survivability. If full behavior is unknown, so too are embedded errors, vulnerabilities, and malicious code. This paper describes function-theoretic foundations for automated calculation of full program behavior. These foundations treat program control structures as mathematical functions or relations. The function, or behavior, of control structures can be abstracted in a stepwise process into procedurefree expressions that specify their net functional effects. Problems of computability and complexities of language semantics appear to have engineering solutions. Automated behavior calculation will add rigor to security and survivability engineering. 1. Understanding Program Behavior Traditional engineering disciplines depend on rigorous methods to evaluate the expressions (equations, for example) that represent and manipulate their subject matter. Yet the discipline of software engineering has no practical means to fully evaluate the expressions it produces. In this case, the expressions are computer programs, and evaluation means understanding their full behavior, right or wrong, intended or malicious. Short of substantial time and effort, no software engineer can say for sure what a sizable program does in all circumstances of use. Yet modern society is dependent on the correct functioning of countless large-scale systems composed of programs whose full behavior and security properties are

Modern enterprises are irreversibly dependent on large-scale, adaptive, component-based information systems whose complexity frequently exceeds current engineering capabilities for intellectual control, resulting in persistent difficulties in system development, management, and evolution. We propose an innovative framework of engineering representation and reasoning methods for developing these complex systems: the Flow-Service-Quality (FSQ) Framework. In dynamic network information systems with constantly varying function and usage, work flows and their corresponding traces of system services act as stable foundations for functional and non-functional (quality attribute) specification, design, and operational control. Our objective is to provide theoretical foundations, language representations, and rigorous yet practical unified engineering methods to represent and reason about system flows as essential artifacts of system specification, design, and operation. 1. Intellectual Control in Large-Scale System Development Modern enterprises are irreversibly dependent on large-scale information systems whose complexity frequently exceeds current engineering capabilities for intellectual control, resulting in persistent difficulties in system development, management, and evolution. Critical enterprise missions depend on system services composed of complex combinations of distributed computation, communication, and human components whose interactions are often not fully understood. These