Auflistung nach Autor:in "Peldszus, Sven"
1 - 4 von 4
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragEditing Support for Software Languages: Implementation Practices in Language Server Protocols (Summary)(Software Engineering 2023, 2023) Barros, Djonathan; Peldszus, Sven; Assunção, Wesley K. G.; Berger, ThorstenWe present our paper published at the 25th International Conference on Model Driven Engineering Languages and Systems (MODELS) [Ba22a]. Effectively using software languages requires effective editing support. Modern IDEs, modeling tools, and code editors typically provide sophisticated support to create, comprehend, or modify instances of particular languages. Unfortunately, building such editing support is challenging. While the engineering of languages is well understood and supported by modern model-driven techniques, there is a lack of engineering principles and best practices for realizing their editing support. We study practices for implementing editing support in so-called language servers—implementations of the language server protocol (LSP). LSP is a recent de facto standard to realize editing support for languages, separated from the editing tools, enhancing the reusability and quality of the editing support. Witnessing the LSP’s popularity, we take this opportunity to analyze the implementations of 30 language servers. We identify concerns that developers need to take into account when developing editing support, and we synthesize implementation practices to address them, based on a systematic analysis of the servers’ source code. We hope that our results shed light on an important technology for software language engineering, that facilitates language-oriented programming and systems development, including model-driven engineering.
- KonferenzbeitragOn Continuous Detection of Design Flaws in Evolving Object-Oriented Programs using Incremental Multi-Pattern Matching(Software Engineering und Software Management 2018, 2018) Peldszus, Sven; Kulcsár, Géza; Lochau, Malte; Schulze, SandroThis work has been initially presented at the International Conference on Automated Software Engineering (ASE) 2016. Design flaws in object-oriented programs may seriously corrupt code quality thus increasing the risk for introducing subtle errors during software maintenance and evolution. Most recent approaches identify design flaws in an ad-hoc manner, either focusing on software metrics, locally restricted code smells, or on coarse-grained architectural anti-patterns. In this work, we utilize an abstract program model capturing high-level object-oriented code entities, further augmented with qualitative and quantitative design-related information such as coupling/cohesion. Based on this model, we propose a comprehensive methodology for specifying object-oriented design flaws by means of compound rules integrating code metrics, code smells and anti-patterns in a modular way. This approach allows for efficient, automated design-flaw detection through incremental multi-pattern matching, by facilitating systematic information reuse among multiple detection rules as well as between subsequent detection runs on continuously evolving programs. Our tool implementation comprises well-known anti-patterns for Java programs. The results of our experimental evaluation show high detection precision, scalability to real-size programs, as well as a remarkable gain in efficiency due to information reuse.
- KonferenzbeitragOn Controlling the Attack Surface of Object-Oriented Refactorings(Software Engineering 2020, 2020) Ruland, Sebastian; Kulcsár, Géza; Leblebici, Erhan; Peldszus, Sven; Lochau, MalteThe results of this work have originally been published in. Refactorings constitute an effective means to improve quality and maintainability of evolving object-oriented programs. Search-based techniques have shown promising results in finding near-optimal sequences of behavior-preserving program transformations that (1) maximize code-quality metrics and (2) minimize the number of code changes. However, the impact of refactorings on non-functional properties like security has received little attention so far. To this end, we propose, as a further objective, to minimize the attack surface of object-oriented programs (i.e., to maximize strictness of declared accessibility of class members). Minimizing the attack surface naturally competes with applicability of established refactorings like MoveMethod, frequently used for improving code quality in terms of coupling/cohesion measures. Our tool implementation is based on an EMF meta-model for Java-like programs and utilizes MOMoT, a search-based model-transformation and optimization framework. Our experimental results gained from applying different accessibility-control strategies to a collection of real-world Java programs show the impact of attack surface minimization on design-improving refactorings. We further compare the results to those of existing refactoring tools.
- KonferenzbeitragSecure Data-Flow Compliance Checks between Models and Code based on Automated Mappings (Summary)(Software Engineering 2020, 2020) Peldszus, Sven; Tuma, Katja; Strüber, Daniel; Jürjens, Jan; Scandariato, RiccardoWe present our paper published at the 2019 edition of the International Conference on Model Driven Engineering Languages and Systems (MODELS). During the development of security-critical software, the system implementation must capture the security properties postulated by the architectural design. To iteratively guide the developer in discovering such compliance violations we introduce automated mappings. These mappings are created by searching for correspondences between a design-level model (Security Data Flow Diagram) and an implementation-level model (Program Model). We limit the search space by considering name similarities between model elements and code elements as well as by the use of heuristic rules for matching data-flow structures. The automated mappings support the designer in an early discovery of implementation absence, convergence, and divergence with respect to the planned software design as well as the discovery of secure data-flow compliance violations. We provide a publicly available implementation of the approach and its evaluation on five open source Java projects.