About
215
Publications
96,305
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
43,370
Citations
Introduction
Currently working with Metaficient, a startup that is developing a end-user programming system for financial software.
Current institution
Additional affiliations
September 2003 - May 2012
September 1993 - September 2003
Position
- Coordinator of Design Activities
Description
- Organized and taught the first senior project course for the department. Also taught a course on object-oriented design and, at the end, some software engineering courses.
September 1985 - September 1993
Publications
Publications (215)
The Transactions on Pattern Languages of Programming subline aims to publish papers on patterns and pattern languages as applied to software design, development, and use, throughout all phases of the software life cycle, from requirements and design to implementation, maintenance and evolution. The primary focus of this LNCS Transactions subline is...
Software engineering involves a lot of change as code artifacts are not only created once but maintained over time. In the last 25 years, major paradigms of program development have arisen -- agile development with refactorings, software product lines, moving sequential code to multicore or cloud, etc. Each is centered on particular kinds of change...
Frameworks and libraries change their APIs. Migrating an application to the new API is tedious and disrupts the development process. Although some tools and ideas have been proposed to solve the evolution of APIs, most updates are done manually. Our goal is to reduce the burden of reuse on maintenance by reducing the cost of adapting to change. We...
Modern Integrated Development Environments (IDEs) support many refactorings. Yet, programmers greatly underuse automated refactorings. Recent studies have applied traditional usability testing methodologies such as surveys, lab studies, and interviews to find the usability problems of refactoring tools. However, these methodologies can identify onl...
Identifying repetitive code changes benefits developers, tool builders, and researchers. Tool builders can automate the popular code changes, thus improving the productivity of developers. Researchers can better understand the practice of code evolution, advancing existing code assistance tools and benefiting developers even further. Unfortunately,...
C preprocessor directives are heavily used in C programs because they provide useful and even necessary additions to the C language. However, they are usually executed and discarded before any analysis is applied on C programs. In refactoring, preprocessor directives must be preserved through the whole process of parsing, analysis and transformatio...
Actor programs are concurrent programs where concurrent entities communicate asynchronously by exchanging messages. Testing actor programs is challenging because the order of message receives depends on the non-deterministic scheduler and because exploring all schedules does not scale to large programs. This paper presents Bita, a scalable, automat...
Emerging applications in the domains of recognition, mining and synthesis (RMS); image and video processing; data warehousing; and automatic financial trading admit a particular style of parallelism termed flow-based parallelism. To help developers exploit flow-based parallelism, popular parallel libraries such as Groovy's GPars, Intel's TBB Flow G...
Recent studies suggest that programmers greatly underuse refactoring tools, especially for complex refactorings. Complex refactorings tend to be tedious and error-prone to perform by hand. To promote the use of refactoring tools for complex changes, we propose a new paradigm for automating refactorings called compositional refactoring. The key idea...
Despite the enormous success that manual and automated refactoring has enjoyed during the last decade, we know little about the practice of refactoring. Understanding the refactoring practice is important for developers, refactoring tool builders, and researchers. Many previous approaches to study refactorings are based on comparing code snapshots,...
Mixing the actor model with other concurrency models in a single program can break the actor abstraction. This increases the chance of creating deadlocks and data races--two mistakes that are hard to make with actors. Furthermore, it prevents the use of many advanced testing, modeling, and verification tools for actors, as these require pure actor...
Refactoring is a disciplined technique for restructuring code to improve its readability and maintainability. Almost all modern integrated development environments (IDEs) offer built-in support for automated refactoring tools. However, the user interface for refactoring tools has remained largely unchanged from the menu and dialog approach introduc...
The Transactions on Pattern Languages of Programming subline aims to publish papers on patterns and pattern languages as applied to software design, development, and use, throughout all phases of the software life cycle, from requirements and design to implementation, maintenance and evolution. The primary focus of this LNCS Transactions subline is...
Researchers and practitioners have been successfully documenting software patterns for over two decades. But the next step--building pattern languages--has proven much more difficult. This paper describes an approach for building a large pattern language for security: an approach that can be used to create pattern languages for other software domai...
Refactoring has become a popular technique for the development and maintenance of object-oriented systems. We have been working on the refactoring of C programs, including the C preprocessor (Cpp), and we have built CRefactory, a refactoring tool for C programs. The independence of Cpp from the underlying programming language complicates the analys...
Researchers use file-based Version Control System (VCS) as the primary source of code evolution data. VCSs are widely used by developers, thus, researchers get easy access to historical data of many projects. Although it is convenient, research based on VCS data is incomplete and imprecise. Moreover, answering questions that correlate code changes...
Though refactoring tools have been available for more than a decade, research has shown that programmers underutilize such tools. However, little is known about why programmers do not take advantage of these tools. We have conducted a field study on programmers in their natural settings working on their code. As a result, we collected a set of inte...
Not since the advent of the integrated development environment has a development tool had the impact on programmer productivity that refactoring tools have had for object-oriented developers. However, at the present time, such tools do not exist for high-performance languages such as C and Fortran; moreover, refactorings specific to high-performanc...
One of the most difficult parts of building automated refactorings is ensuring that they preserve behavior. This paper proposes a new technique to check for behavior preservation; we call this technique differential precondition checking. It is simple yet expressive enough to implement the most common refactorings, and the core algorithm runs in li...
Even though modern Integrated Development Environments (IDEs) support many refactorings, studies suggest that automated refactorings are used infrequently, and few developers use anything beyond Rename and Extract refactorings. Little is known about why automated refactorings are seldom used. We present a list of challenging questions whose answers...
Task-based libraries such as Intel's Threading Building Blocks (TBB) provide higher levels of abstraction than threads for parallel programming. Work remains, however, to determine how straightforward it is to use these libraries to express various patterns of parallelism. This case study focuses on a particular pattern: pipeline parallelism. We at...
Developing concurrent software is error prone. Others have cataloged common bug patterns in concurrent Java programs. But, there are no tools for detecting complex concurrency bug patterns accurately, and concurrent programs are full of similar bugs. We have been developing a tool called Keshmesh for detecting complex concurrency bug patterns in Ja...
Maintaining the consistency of multiple notations used in large projects is daunting. Language of Languages(LoLs) is our experimental language workbench that fulfills a frequently overlooked but important role: unify the different notations so developers can better understand and evolve a project. Due to the impossibility of anticipating all the no...
A mutation testing tool takes as input a system under test and a test suite and produces as output the mutation score of the test suite. The tool systematically creates mutants by making small syntactic changes to the system under test and executes the test suite to determine which mutants give different results from the original system. Almost all...
There are two competing architectural styles employed for building Web services: RESTful services and services based on the WS-* standards (also known as SOAP). These two styles have separate follower bases, but many differences between them are ideological rather than factual. In order to promote the healthy growth of Web services research and pra...
Software patterns have been used to guide de- velopers and to disseminate expert knowledge. But patterns can also be thought of as program transformations. Security patterns are architectural. Therefore, program transformations derived from those patterns transform architecture. This paper describes how we used a catalog of security patterns to pro...
Current compilers are still largely ignorant of the scheduling of parallel tasks at runtime. Without this information, however, they have difficulties optimizing and verifying concurrent programs. In this paper, we present a programming model where the ...
Adaptive MPI, or AMPI, is an implementation of the Message Passing Interface (MPI) standard. AMPI benefits MPI applications
with features such as dynamic load balancing, virtualization, and checkpointing. Because AMPI uses multiple user-level threads
per physical core, global variables become an obstacle. It is thus necessary to convert MPI program...
Task-based libraries such as Intel's Threading Building Blocks (TBB) provide higher levels of abstraction than threads for parallel programming. Work remains, however, to determine how straightforward it is to use these libraries to express various patterns of parallelism. This case study focuses on a particular pattern: pipeline parallelism. We at...
There are many different styles of parallel programming for shared-memory hardware. Each style has strengths, but can conflict with other styles. How can we use a variety of these styles in one program and minimize their conflict and max-imize performance, readability, and flexibility? This paper surveys the relative advantages and disadvantages of...
Writing parallel programs that run optimally on multi-processor machines is hard. Programmers not only have to reason about existing cache issues that affect single-threaded pro-grams but also new cache issues that impact multi-threaded programs. Such cache issues are surprisingly common; ne-glecting them leads to poorly performing programs that do...
Many computer science research efforts fail. Some of this is inevitable, since research is risky. But sometimes the agenda of a group of researchers fails because there is a part of the problem that everyone agrees is crucial, but that nobody works on. Often this is because there are not enough rewards for working on it; it is hard to publish and/o...
Since most programmers are working on software that they did not start, their view of programming is that it is the process of converting one version of software to the next. In other words, software development is program transformation. This paper describes some of the implications of this point of view.
Adaptive MPI is an implementation of the Message Pass-ing Interface (MPI) standard. AMPI benefits MPI programs with features such as dynamic load balancing, virtualiza-tion, and checkpointing. AMPI runs each MPI process in a user-level thread, therefore causing problems when an MPI program has global variables. Manually removing the global variable...
Loop constructs play an important role in obtaining speed-up in parallel programming. In this paper, we explain the solutions applied for optimizing loops in parallel programs in terms of three patterns for parallel programming. These patterns can be used for parallel programming by users who have medium background on parallel programming and compi...
This paper presents a catalog of code refactorings that are intended to improve the different quality attributes of Fortran programs. We classify the refactorings according to their purpose, that is, the internal or external quality attribute(s) that each refactoring targets to improve. We sketch the implementation of one refactoring in Photran, a...
Effect systems are important for reasoning about the side effects of a program. Although effect systems have been around for decades, they have not been widely adopted in practice because of the large number of annotations that they require. A tool that infers effects automatically can make effect systems practical. We present an effect inference a...
In the multicore era, sequential programs need to be refactored for parallelism. The next version of Java provides ParallelArray, an array datastructure that supports parallel operations over the array elements. For example, one canapply a procedure to each element, or reduce all elements to a new element in parallel. Refactoring an array to a Para...
Successful programming languages change as they age. They tend to become more complex, and eventually some features become outdated or are rarely used. Programming tools for these languages become more complex as well, since they have to support archaic features. Old programs are hard to maintain, since these archaic features are unfamiliar to mode...
Successful programming languages change as they age. They tend to become more complex, and eventually some features become outdated or are rarely used. Programming tools for these languages become more complex as well, since they have to support archaic features. Old programs are hard to maintain, since these archaic features are unfamiliar to mode...
Successful programming languages change as they age. They tend to become more complex, and eventually some features become outdated or are rarely used. Programming tools for these languages become more complex as well, since they have to support archaic features. Old programs are hard to maintain, since these archaic features are unfamiliar to mode...
Successful languages like Fortran keep changing and tend to become more complex, often containing older fea-tures that are rarely used. Complexity makes languages harder to use and makes it harder to build tools for them. A refactoring tool can eliminate use of these features from programs; this makes programs easier to understand and maintain, and...
A security-oriented program transformation maps programs to security-augmented programs, i.e. it introduces a protection mechanism to make programs more secure. Our previous work defined security-oriented program transformations [6], introduced a catalog of transformations [8], and showed how program transformations could be applied to systematical...
1 Problem How does one synchronize concurrent UEs which are mutually dependent on each other across phases of a computation? 2 Context Parallel algorithms divide the work into multiple, concurrent tasks. These tasks or UEs may execute in parallel depending on the physical resources available. It is common for UEs to proceed in phases where the next...
There is a huge amount of Fortran code that is too valuable to throw away, but very expensive to maintain. Refactoring tools have had a great impact on the productivity of object-oriented developers and the quality of code. However, high-performance languages such as C and Fortran do not have these tools. Moreover, refactorings specific to high-per...
Obtaining the best performance from a parallel program involves four important steps: 1. Choice of the appropriate grainsize; 2. Balancing computational and com-munication load across processors; 3. Optimizing communication by minimizing inter-processor communication and overlap of communication with computation; and 4. Minimizing communication tra...
Security experts generally believe that, "security cannot be added on, it must be designed from the beginning" [1]. This is because the typical way of improving system security by patches is ad hoc and has not produced good results. My work shows that retrofitting security does not need to be a massive reengineering effort, nor does it need to be a...
As the Internet matured, security became more important and formerly adequate designs became inadequate. One of the victims of the increased need for security was sendmail. This paper shows how its competitors improved on its design in response to the increased need for security. The designers of qmail and Postfix used well-known patterns to achiev...
Building a production-quality refactoring engine or similar source code transformation tool traditionally requires a large
amount of hand-written, language-specific support code. We describe a system which reduces this overhead by allowing both
a parser and a fully rewritable AST to be generated automatically from an annotated grammar, requiring li...
Current text based Software Configuration Management (SCM) systems have trouble with refactorings. Refactorings result in global changes which lead to merge conflicts. A refactoring-aware SCM system reduces merge conflicts. This paper describes MolhadoRef, a refactoring-aware SCM system and the merge algorithm at its core. MolhadoRef records change...
Although in theory the APIs of software libraries and frameworks should be stable, they change in practice. This forces clients of the library API to change as well, making software maintenance expensive. Changing a client might not even be an option if its source code is missing or certain policies forbid its change. By giving a library both the o...
Refactoring is the process of applying behavior-preserving transformations to a program with the objective of improving the program's design. A specific refactoring is identified by a name (e.g., Extract Method), a set of preconditions, and a set of specific transformations that need to be performed. Tool support for refactoring is highly desirable...
Although in theory the APIs of software libraries and frameworks should be stable, they change in practice. This forces clients of the library API to change as well, making software maintenance expensive. Changing a client might not even be an option if its source code is missing or certain policies forbid its change. By giving a library both the o...
Topping the list of the most prominent attacks on applications [6] are various types of injection attacks. Malicious inputs that cause injection attacks are numerous; programmers fail to write checks for all attack patterns. We define a program transformation that allows a programmer to think in terms of rectification policies and automatically add...
Many automated refactoring tools only work with one programming language. However, most complex programs rely on polyglot programming --- entailing the use of different programming languages, libraries and frameworks. While finding a general solution for extending refactoring across multiple languages is hard, it is simple and possible to support a...
We studied the most popular websites in the US and around the world and discovered that few of them implement the HTTP standard completely. However, the servers are capable of implementing HTTP correctly; it is the configurations that are non-compliant. It is not hard to configure servers correctly, so these websites are non-compliant out of choice...
WRT’07 was the first instance of the Workshop on Refactoring Tools. It was held in Berlin, Germany, on July 31st, in conjunction
with ECOOP’07. The workshop brought together over 50 participants from both academia and industry. Participants include the
lead developers of two widely used refactoring engines (Eclipse and NetBeans), researchers that w...
WRT'07 was the first instance of the Workshop on Refactoring Tools. It was held in Berlin, Germany, on July 31st, in conjunction with ECOOP'07. The workshop brought together over 50 participants from both academia and industry. Participants include the lead developers of two widely used refactoring engines (Eclipse and NetBeans), researchers that w...
Every empire, after a period of rapid expansion, needs some time for consolidation or it risks disintegration. The expansion of software patterns has produced a large body of work that now needs organization. This article documents early efforts to consolidate and organize a subset of software patterns in the security domain. Lessons learned throug...
Current text based Software Configuration Management (SCM) systems have trouble with refactorings. Refactorings result in global changes and lead to merge conflicts. A refactoring-aware SCM system reduces merge conflicts, preserves program history better and makes it easier to understand program evolution. This paper describes MolhadoRef, a refacto...
An Adaptive Object-Model is a system that represents classes, attributes, relationships, and behavior as metadata. Consequently, the object model is adaptable; when the descriptive information is modified, the system immediately reflects those changes. This architectural style makes a heavy use of patterns and all the attempts to document it have b...
Refactoring tools allow programmers to change their source code quicker than before. However, the complexity of these changes cause versioning tools that operate at a file level to lose the history of entities and be unable to merge refactored entities. This problem can be solved by semantic, operation-based SCM with persistent IDs. MolhadoRef, our...
Race conditions are hard to detect in framework-based applications. Frameworks often improve performance by providing threading, but this threading is usually hidden from application programmers. Therefore, it is easy for application programmers to accidentally create data races. Data races can be detected tracing the flow of execution, but tracing...
One of the costs of reusing software components is migrating applications to use the new version of the components. Migrating an application can be error-prone, tedious, and disruptive of the development process. Our previous work shows that more than 80% of the disruptive changes in four different components were caused by refactorings. If the ref...
Design patterns capture software solutions to specific problems that have evolved over time and reflect many iterations of work. Documenting such patterns promotes proven design and software reuse. There has been a growing amount of work documenting design patterns for security, however, little work specific to VoIP security. In 2005 NIST released...
Frameworks and libraries change their APIs. Migrating an application to the new API is tedious and disrupts the development process. Although some tools and ideas have been proposed to solve the evolution of APIs, most updates are done manually. To better understand the requirements for migration tools, we studied the API changes of four frameworks...
Refactoring tools allow programmers to change source code much quicker than before. However, the complexity of these changes cause versioning tools that operate at a flle level to lose the history of components. This problem can be solved by semantic, operation-based SCM with persistent IDs. We propose that versioning tools be aware of the program...
This panel will bring together the surviving authors (Erich Gamma, Richard Helm, and Ralph Johnson) of the book Design Patterns: Elements of Reusable Object-Oriented Software (Addison-Wesley) and it is dedicated to the memory of the fourth author John Vlissides. The discussion will focus on the beginnings of their collaboration that led to the book...
Refactoring tools allow programmers to change their source code quicker than before. However, the complexity of these changes cause versioning tools that operate at a file level to lose the history of entities and be unable to merge refactored entities. This problem can be solved by semantic, operation-based SCM with persistent IDs. We propose that...
Software design is usually discussed as if the system is being created “de novo”, but most programmers are working on systems that have already been released. This is a sign of success, since software is now good enough to keep and is worth improving. But the way we talk about design and the way we teach it is stuck in the twentieth century. The so...
Frameworks and libraries change their APIs. Migrating an application to the new API is tedious and disrupts the development process. Although some tools and ideas have been proposed to solve the evolution of APIs, most updates are done manually. To better understand the requirements for migration tools, we studied the API changes of four frameworks...
Finding the appropriate pattern to solve a particular security prob- lem is dicult because of the absence of a scientific classification scheme for security patterns. A suitable classification scheme helps ecient storage and retrieval of information, beneficial for both soft- ware pattern miners and pattern navigators. In this paper, we provide a s...
Frameworks and libraries change their APIs. Migrating an application to the new API is tedious and disrupts the development process. Although some tools and ideas have been proposed to solve the evolution of APIs, most updates are done manually. To better understand the requirements for migration tools we studied the API changes of three frameworks...
Transactions are an important part of most enterprise computing systems. Sometimes they are supported by DBMS and sometimes by transaction monitors. In either case, they are part of the platform used by application developers. A platform independent model of enterprise computing must abstract away transactions and provide platform independent ways...
Adaptive object models (AOM) are a sophisticated way of building object-oriented systems that let non-programmers customize the behavior of the system and that are most useful for businesses that are rapidly changing. Although systems based on an AOM are often much smaller than competitors, they can be difficult to build and to learn. We believe th...
Summary form only given. Refactoring is usually described as a way to keep software as simple as possible, or as a way to reuse parts of a software system that were not designed to be reusable. But it has other uses. One of the problems with using software components is that new versions of the components require changes in the systems that use the...
Smalltalk-80 is a pure object-oriented language in which messages are dispatched according to the class of the receiver, or first argument, of a message. Object-oriented languages that support multimethods dispatch messages using all their arguments. While Smalltalk does not support multimethods, Smalltalk's reflective facilities allow programmers...
Preprocessor conditionals are heavily used in C programs since they allow the source code to be configured for different platforms or capabilities. However, preprocessor conditionals, as well as other preprocessor directives, are not part of the C language. They need to be evaluated and removed, and so a single configuration selected, before parsin...
We've have been proposing formal mathematical methods of software development for nearly as long as we've been developing software. CASE tools were a bust, and Gödel long ago nullified any hope of building a system that is both complete and consistent. Model-driven development gets trotted out in a new outfit once every decade as the next "silver b...
The unrelenting pace of change that confronts contem- porary software developers compels them to make their applications more configurable, flexible, and adaptive. In order to achieve this, software designers must pro- vide flexible architectures that can more quickly adapt to changing requirements. Adaptive-Object Model (AOM) is an architectural s...
The architecture of qmail was carefully designed to overcome the security problems of sendmail. However, qmail is not only more secure than sendmail, it is also more efficient and easier to understand. Thus, the architecture is able to accomplish several goals at once. The security of qmail is based on a few patterns, and understanding its architec...
[9] Mary-Claire van Leunen and Richard Lipton. How to have your abstract rejected. http://www.acm.org/sigplan/conferences/author-info/vanLeunenLipton.html. [10] Mark N. Wegman. What it’s like to be a POPL referee: How to write an extended
Refactoring, an important technique for increasing flexibility of the source code, can be applied with much ease and efficiency by using automated tools. There is currently a lack of refactoring tools for C with full support for preprocessor directives because directives complicate refactorings in many ways. This paper describes refactoring of C pr...
Beneath the buzz around methodologies, languages and technologies, the last seventeen years at OOPSLA have seen countless object-oriented success and failure stories, large and small. Last year at OOPSLA there was great enthusiasm over the telling of object-oriented success stories. However, we believe that one often learns more from failures than...
Beneath the buzz around methodologies, languages and technologies, the last seventeen years at OOPSLA have seen countless object-oriented success and failure stories, large and small. Last year at OOPSLA there was great enthusiasm over the telling of object-oriented success stories. However, we believe that one often learns more from failures than...
Wrappers are mechanisms for introducing new behavior that is executed before and/or after, and perhaps even in lieu of, an existing method. This paper examines several ways to implement wrappers in Smalltalk, and compares their performance. Smalltalk programmers often use Smalltalk's lookup failure mechanism to customize method lookup. Our focus is...
We have noticed ac ommon architecture in many systems that emphasize flexibility and run-time configuration. In these systems, business rules are stored externally to the program such as in a database or XML files. The object model that the user cares about is part of the database, and the object model of the code is just an interpreter of the user...
Refactoring has become a well-known technique for transforming code in a way that preserves behavior. Refactorings may be applied manually, although manual code manipulation is error prone and cumbersome, so maintainers need tools to make automatic refactorings. There is currently extensive literature on refactoring object-oriented programs and som...
Many object-oriented information systems share an architectural style that emphasizes flexibility and run-time adaptability. Business rules are stored externally to the program such as in a database or XML files instead of in code. The object model that the user cares about is part of the database, and the object model of the code is just an interp...
This dissertation proposes micro-workflow, a new workflow architecture that bridges the gap between the type of functionality provided by current workflow systems and the type of workflow functionality required in object-oriented applications. Micro-workflow provides a better solution when the focus is on customizing the workflow features and integ...
The OMG has issued a Request for Proposal for a workflow management facility for the Object Management Architecture Reference Model. The two responses are complex object-oriented designs. Unfortunately, they both ignore recent work in object-oriented design patterns. Using these patterns will correct some of the deficiencies in the proposals. 1 Int...
