Fortifying the seams of software systems
A seam in software is a place where two components within a software system meet. There are more seams in software now than ever before as modern software systems rely extensively on third-party software components, e.g., libraries. Due to the increasing complexity of software systems, understanding...
Saved in:
| Main Author: | |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2023
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/etd_coll/454 https://ink.library.smu.edu.sg/context/etd_coll/article/1452/viewcontent/GPIS_AY2018_Kang_Hong_Jin.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| Summary: | A seam in software is a place where two components within a software system meet. There are more seams in software now than ever before as modern software systems rely extensively on third-party software components, e.g., libraries. Due to the increasing complexity of software systems, understanding and improving the reliability of these components and their use is crucial. While the use of software components eases the development process, it also introduces challenges due to the interaction between the components.
This dissertation tackles problems associated with software reliability when using third-party software components. Developers write programs that interact with libraries through their Application Programming Interfaces (API). Both static and dynamic analysis of API-using code require knowledge of the API and its usage constraints. Hence, we develop techniques to learn and model the usage constraints of APIs. Next, we apply the insights gleaned from our studies to support bug-finding techniques using static and dynamic analysis. Then, we look into larger software systems comprising multiple components. We propose techniques for mining rules to monitor the joint behaviors of apps, and for exploiting known library vulnerabilities from a project importing a library. These techniques aim to assist developers to better understand third-party components, and to detect weaknesses in software systems. |
|---|