Reverse engineering techniques involve metrics, queries, and visualizations to analyze software systems. Metrics compress a system into measurable properties like lines of code and complexity. Queries detect patterns and flaws through metric-based rules. Visualizations compress a system into graphical representations like UML diagrams and polymetric views to show relationships and changes over time.
Understanding software systems is hampered by their sheer size and complexity. Software visualization encodes the data found in these systems into pictures and enables the human eye to interpret it. In this lecture we present the concepts of software visualization and we show several examples of how visualizations can help in understanding software systems.
Understanding software systems is hampered by their sheer size and complexity. Software visualization encodes the data found in these systems into pictures and enables the human eye to interpret it. In this lecture we present the concepts of software visualization and we show several examples of how visualizations can help in understanding software systems.
The heterogeneous and dynamic nature of components making up a Web Application, the lack of effective programming mechanisms for implementing basic software engineering principles in it, and undisciplined development processes induced by the high pressure of a very short time-to-market, make Web Application maintenance a challenging problem. A relevant issue consists of reusing the methodological and technological experience in the sector of traditional software maintenance, and exploring the opportunity of using Reverse Engineering to support effective Web Application maintenance.
The Ph.D. Thesis presents an approach for Reverse Engineering Web Applications. The approach include the definition of Reverse Engineering methods and supporting software tools, that help to understand existing undocumented Web Applications to be maintained or evolved, through the reconstruction of UML diagrams. Some validation experiments have been carried out and they showed the usefulness of the proposed approach and highlighted possible areas for improvement of its effectiveness.
WARE: a tool for the Reverse Engineering of Web Applications Porfirio Tramontana
The development of Web sites and applications is increasing dramatically to satisfy the market requests. The software industry is facing the new demand under the pressure of a very short time-to-market and an extremely high competition. As a result, Web sites and applications are usually developed without a disciplined process: Web applications are directly coded and no, or poor, documentation is produced to support the subsequent
maintenance and evolution activities, thus compromising the quality of the applications.
This paper presents a tool for reverse engineering Web applications. UML diagrams are used to model a set of views that depict several aspects of a Web application at different abstraction levels. The recovered diagrams ease the comprehension of the application and support its maintenance and evolution. A case study, carried out with the aim of assessing the effectiveness of the proposed tool, allowed relevant information about some real Web applications to be successfully recovered and modeled by UML diagrams.
Pragmatic Design Quality Assessment - (Tutorial at ICSE 2008)Tudor Girba
This set of slides was used for the tutorial given by Tudor Girba, Michele Lanza and Radu Marinescu at International Conference on Software Engineering (ICSE) 2008.
The heterogeneous and dynamic nature of components making up a Web Application, the lack of effective programming mechanisms for implementing basic software engineering principles in it, and undisciplined development processes induced by the high pressure of a very short time-to-market, make Web Application maintenance a challenging problem. A relevant issue consists of reusing the methodological and technological experience in the sector of traditional software maintenance, and exploring the opportunity of using Reverse Engineering to support effective Web Application maintenance.
The Ph.D. Thesis presents an approach for Reverse Engineering Web Applications. The approach include the definition of Reverse Engineering methods and supporting software tools, that help to understand existing undocumented Web Applications to be maintained or evolved, through the reconstruction of UML diagrams. Some validation experiments have been carried out and they showed the usefulness of the proposed approach and highlighted possible areas for improvement of its effectiveness.
WARE: a tool for the Reverse Engineering of Web Applications Porfirio Tramontana
The development of Web sites and applications is increasing dramatically to satisfy the market requests. The software industry is facing the new demand under the pressure of a very short time-to-market and an extremely high competition. As a result, Web sites and applications are usually developed without a disciplined process: Web applications are directly coded and no, or poor, documentation is produced to support the subsequent
maintenance and evolution activities, thus compromising the quality of the applications.
This paper presents a tool for reverse engineering Web applications. UML diagrams are used to model a set of views that depict several aspects of a Web application at different abstraction levels. The recovered diagrams ease the comprehension of the application and support its maintenance and evolution. A case study, carried out with the aim of assessing the effectiveness of the proposed tool, allowed relevant information about some real Web applications to be successfully recovered and modeled by UML diagrams.
Pragmatic Design Quality Assessment - (Tutorial at ICSE 2008)Tudor Girba
This set of slides was used for the tutorial given by Tudor Girba, Michele Lanza and Radu Marinescu at International Conference on Software Engineering (ICSE) 2008.
Modeling History to Understand Software Evolution with Hismo 2008-03-12Tudor Girba
Over the past three decades, more and more research has been spent on understanding software evolution. However, the approaches developed so far rely on ad-hoc models, or on too specific meta-models, and thus, it is difficult to reuse or compare their results. We argue for the need of an explicit and generic meta-model that recognizes evolution as an explicit phenomenon and models it as a first class entity. Our solution is to encapsulate the evolution in the explicit notion of history as a sequence of versions, and to build a meta-model around these notions called Hismo. To show the usefulness of our meta-model we exercise its different characteristics by building several reverse engineering applications.
Modeling History to Understand Software Evolution With Hismo 2008-02-25 Tudor Girba
Over the past three decades, more and more research has been spent on understanding software evolution. However, the approaches developed so far rely on ad-hoc models, or on too specific meta-models, and thus, it is difficult to reuse or compare their results. We argue for the need of an explicit and generic meta-model that recognizes evolution as an explicit phenomenon and models it as a first class entity. Our solution is to encapsulate the evolution in the explicit notion of history as a sequence of versions, and to build a meta-model around these notions called Hismo. To show the usefulness of our meta-model we exercise its different characteristics by building several reverse engineering applications.
GT Spotter is a user interface that unifies the search workflow in an IDE. This set of slides was used for a submission at the ESUG 2015 Innovation Awards.
I watched 1800+ TED talks. I watched all those published on ted.com. Why? Because I am a TED addict. And because each of these talks reminds me that storytelling is essential in everything we do.
Facts are important, but facts alone have no value. They have to be consumed to worthwhile. Stories make this happen by getting us involved. This applies to researching novel ways, it applies to creating products, it applies to leading people, it applies to educating kids, and it applies to marriage proposals. Essentially, it applies to anything worth doing.
Storytelling is what makes stories happen. But, storytelling is a skill, and like any skill, it can be learnt.
For example, an easy way to learn is to listen to good examples. Like TED talks. But, there are many ways to learn. And, there are even more ways to apply.
It only takes us to invest in it. Why?
Because storytelling is essential.
Moose: how to solve real problems without reading codeTudor Girba
I use this set of slides for a talk I gave at ESUG 2014.
Abstract:
Moose is a platform for software and data analysis (http://moosetechnology.org). It runs on Pharo and it can help you figure out problems around software systems.
In this talk, I show several real-life examples of how custom tools built on top of Moose helped solve concrete problems. The examples vary both in scope and in the kind of problems. For example, we talk about how we fixed a caching problem in a Java system by analyzing logs, or how we fixed a Morphic problem by means of visualization and interaction. Even if these problems are so different, all of them were solvable with one uniform set of programmable tools.
That is the power of Moose, and it is now at the fingertips of any Pharo programmer.
We cannot continue to let systems loose in the wild without any concern for how we will deal with them at a later time. Two decades ago, Richard Gabriel coined the idea of software habitability. Indeed, given that engineers spend a significant part of their active life inside software systems, it is desirable for that system to be suitable for humans to live there.
We go further and introduce the concept of software environmentalism based on a simple principle: Engineers have the right to build upon assessable systems and have the responsibility of producing assessable systems.
The emergent nature of software systemsTudor Girba
This slideshow offers an argument for how the structure of a software system has an inherently emergent nature.
More information can be found at: http://humane-assessment.com
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
9. Software metrics are measurements which
relate to software systems, processes or
related documents
10. Examples of size metrics
NOM - number of methods
NOA - number of attributes
LOC - number of lines of code
NOS - number of statements
NOC - number of children
Lorentz, Kidd, 1994
Chidamber, 1994
17. Detection Strategies are metric-based queries to
detect design flaws
Class uses directly more than a
few attributes of other classes
ATFD > FEW
Functional complexity of the
class is very high
AND GodClass
WMC ! VERY HIGH
Class cohesion is low
TCC < ONE THIRD
18. Flaw: a God Class centralizes too much
intelligence in the system
Class uses directly more than a
few attributes of other classes
ATFD > FEW
Functional complexity of the
class is very high
AND GodClass
WMC ! VERY HIGH
Class cohesion is low
TCC < ONE THIRD
19. Flaw: a Data Class provides data to other classes,
but little or no functionality of its own
20. McCabe = 21
NOM 0
= 102
3 ,00
75
=
C
LO
Metrics Queries Visualizations ...
{ {
{ {
}
}
}
} { }
21. McCabe = 21
NOM 0
= 102
3 ,00
75
=
C
LO
Metrics Queries Visualizations ...
{ {
{ {
}
}
}
} { }
53. What happens with inheritance?
A A A A A
B C B C B C B B
D D D E
ver .1 ver. 2 ver. 3 ver. 4 ver. 5
54. History contains too much data
A A A A A A A A A A A A A A A A A A A A
B C B C B C B B B C B C B C B B B C B C B C B B B C B C B C B B
D D D E D D D E D D D E D D D E
ver .1 ver. 2 ver. 3 ver. 4 ver. 5 ver .1 ver. 2 ver. 3 ver. 4 ver. 5 ver .1 ver. 2 ver. 3 ver. 4 ver. 5 ver .1 ver. 2 ver. 3 ver. 4 ver. 5
A A A A A A A A A A A A A A A A A A A A
B C B C B C B B B C B C B C B B B C B C B C B B B C B C B C B B
D D D E D D D E D D D E D D D E
ver .1 ver. 2 ver. 3 ver. 4 ver. 5 ver .1 ver. 2 ver. 3 ver. 4 ver. 5 ver .1 ver. 2 ver. 3 ver. 4 ver. 5 ver .1 ver. 2 ver. 3 ver. 4 ver. 5
A A A A A A A A A A A A A A A A A A A A
B C B C B C B B B C B C B C B B B C B C B C B B B C B C B C B B
D D D E D D D E D D D E D D D E
ver .1 ver. 2 ver. 3 ver. 4 ver. 5 ver .1 ver. 2 ver. 3 ver. 4 ver. 5 ver .1 ver. 2 ver. 3 ver. 4 ver. 5 ver .1 ver. 2 ver. 3 ver. 4 ver. 5
A A A A A A A A A A A A A A A A A A A A
B C B C B C B B B C B C B C B B B C B C B C B B B C B C B C B B
D D D E D D D E D D D E D D D E
ver .1 ver. 2 ver. 3 ver. 4 ver. 5 ver .1 ver. 2 ver. 3 ver. 4 ver. 5 ver .1 ver. 2 ver. 3 ver. 4 ver. 5 ver .1 ver. 2 ver. 3 ver. 4 ver. 5
55. History contains too much data
A A A A A
B C B C B C B B
D D D E
ver .1 ver. 2 ver. 3 ver. 4 ver. 5
A is persistent, B is stable, C was removed, E is newborn ...
56. Hierarchy Evolution encapsulates time
Girba etal, 2005
A
changed
methods
changed
age
lines
C B
Removed
Removed
D E
A is persistent, B is stable, C was removed, E is newborn ...