Speaker: José D'Abruzzo Pereira

Date: 24th of April, 2024

Time: 4:00pm

Place: Room G4.1

Presentation title: "A Model-Driven Approach for the Management and Enforcement of Coding Conventions"

Short bio:

José D'Abruzzo Pereira holds a Ph.D. in Informatics Engineering from the University of Coimbra (UC), is currently an Invited Assistant Professor at the University of Coimbra, and a member of the Software and System Engineering (SSE) group at CISUC. His research interests include security and vulnerability detection, static code analysis, software project management, databases, software quality, and self-adaptive systems. He received a MSc in Information Technology and Software Engineering from the University of Coimbra and Carnegie Mellon University and a BSc. in Computer Science from the State University of Campinas - Brazil (Unicamp). He is also acting as a professor in the Specialization in Software Engineering at the State University of Campinas - Brazil (Unicamp).

Abstract:

Coding conventions are a means to improve the reliability of software systems, and they are especially useful to avoid the introduction of known bugs or security flaws. However, coding rules typically come in the form of text written in natural language, which makes them hard to manage and to enforce. Furthermore, relevant rules may depend from the context in which a certain software is deployed, and they may also evolve over time following the discovery of new vulnerabilities or the introduction of new language features. In this talk, we present an approach for the management and enforcement of coding conventions using structured models. We define the Coding Conventions Specification Language (CCSL), a language to define coding rules as structured specifications, from which checkers are derived automatically by code generation. To evaluate our approach, we run a thorough experiment on 8 real open-source projects and 77 coding rules for the Java language, comparing the violations identified by our checkers with those reported by the PMD static analysis tool. The obtained results are promising and confirm the feasibility of the approach. The experiment also revealed that textual coding rules rarely document all the necessary information to write a reliable checker.