SMR Research Projects

Current Projects

Analyzing Variability Implementation Mechanisms for C++

Analyzing Variability Implementation Mechanisms for C++

The goal of this project is to help C++ developers with their variability implementation decisions. Specifically, in collaboration with IBM, we explore the IBM OMR project, which uses static polymorphism as its main variability implementation strategy.

Helping developers select and use software libraries

Helping developers select and use software libraries

In this work, we want to help developers select the best library and code snippet to use based on their current taks and needs. We explore how we can mine software repositories to extract information that can be used to compare libraries and their corresponding APIs, to eventually help the developer accomplish their current task.

Software Merging

Software Merging

Multiple versions of a software system can exist for various reasons, such as developing an SPL or simply forking or branching a repo to work on a given feature. At one point, these versions need to be integrated. Such integration is not an easy task, both from a software merging perspective and from the perspective of creating configurations from diverging behavior. In this work, we look at how we can facilitate such integrations and how we can help developers merge their code more easily with less conflicts.

API Misuse Detection

API Misuse Detection

When developers use Application Programming Interfaces (APIs), they often make mistakes that can lead to bugs, system crashes, or security vulnerabilities. We refer to such mistakes as misuses. One example of a misuse is forgetting to call close() after opening a FileInputStream and writing to it. There are various categories of API-misuses, and most of the current misuse detectors only find some of these categories.

Cryptography APIs

Cryptography APIs

Previous research has shown that many security vulnerabilities exist due to developer's misuse of cryptography APIs. In other words, developers make mistakes while using the APIs and these mistakes can lead to serious security threats. In this project, we wanted to investigate the reasons for such mistakes and suggest reasons on how to improve the situation.

Completed Projects

CPP Usage In Practice

CPP Usage In Practice

The C preprocessor has received strong criticism in academia, among others regarding separation of concerns, error proneness, and code obfuscation, but is widely used in practice. Many (mostly academic) alternatives to the preprocessor exist, but have not been adopted in practice. Since developers continue to use the preprocessor despite all criticism and research, we ask how practitioners perceive the C preprocessor.

Reverse-engineering Configuration Constraints

Reverse-engineering Configuration Constraints

One of the challenges of developing and maintaining highly configurable software is reasoning about configuration constraints (aka feature dependencies). For example, some features do not work well together or some features require other features to be present. These constraints are essential for reasoning about valid configurations of the software, but unfortunately are not always documented. In this project, we develop a framework that analyzes the implementation of existing highly configurable software to identify configuration constraints.

Identifying Causes and Fixes of Linux Variability Anomalies

Identifying Causes and Fixes of Linux Variability Anomalies

In order to prevent variability anomalies from occurring in the first place, we need to understand what causes them. In order to provide automated solutions for such anomalies, we need to understand how developers usually fix them. This project mines commit information from Linux's git repository in order to identify causes and fixes of variability anomalies.

Analyzing Linux Kbuild to Detect Variability Anomalies

Analyzing Linux Kbuild to Detect Variability Anomalies

Although build systems control what code gets compiled into the final built product, they are often overlooked when studying software variability. The Linux kernel is one of the biggest open source software systems supporting variability and contains over 10,000 configurable features described in its KCONFIG files. To understand the role of the build system in variability implementation, we use Linux as a case study. We study its build system, KBUILD, and extract the variability constraints in its Makefiles.

Root Cause Analysis & Change Impact Analysis using CMDBs

Root Cause Analysis & Change Impact Analysis using CMDBs

Many IT systems use Configuration Management Databases (CMDBs) to keep track of which hardware and software is installed as well as any problems that occur over time. Thus, over time, CMDBs collect large amounts of valuable data that can be used for decision support. This project proposes mining historic data from a CMDB to detect common co-changes that can be used to support change impact analysis.