Student Research Competition

ChairNadyne Mielke

After its remarkable success in previous years, OOPSLA is again hosting an ACM SIGPLAN Student Research Competition, sponsored by Microsoft Research. The first round of evaluation will be held jointly with the OOPSLA Poster Session. The ACM SIGPLAN Student Research Competition shares the Posters session's goal of facilitating interaction among researchers and attendees, to provide both sides with the opportunity to learn of ongoing, current research. Additionally, the Student Research Competition affords students with experience with both formal presentations and evaluations.

Monday night, the SRC posters and authors will be available in the Monday Welcome reception. The posters will be on display, but unattended, in the OOPSLA Courtyard from Tuesday through Thursday. During the second round of competition, the students will give a 10-minute presentation about their work, followed by a 5-minute Q&A period with questions posed by the SRC judges. The winners of the SRC will be announced on Thursday before the main keynote.

Student Research Competition

Automatic Code Generation and Solution Estimate for Object-Oriented Embedded Software

Ronaldo Rodrigues Ferreira
Instituto de Informática/Universidade Federal do Rio Grande do Sul


This work tailors an Alloy model translator to Java code and an estimate tool for physical resources optimization into a design flow. Experimental results show distinct implementation strategies only varying data structures used in generated Java code.

Static Extraction and Conformance Checking of the Runtime Architecture of Object-Oriented Systems

Marwan Abi-Antoun
Carnegie Mellon University


We propose a semi automated approach to statically extract a runtime architecture of an object oriented system using ownership domain annotations and check its structural conformance with an as designed architecture. In contrast, previous work used dynamic analyses that cover some but not all possible executions, or used radical language extensions or implementation restrictions. The approach also extracts an architecture that is hierarchical and sound, i.e., one that accounts for all objects and relations that could possibly exist at runtime.

Grey-Box Specifications for Object-Oriented Program Components

Yannick Welsch
Software Technology Group, University of Kaiserslautern


We present a formal specification technique for object oriented program components based on their boundary message behaviour. Component specifications describe restrictions on the set of message traces for a component without referring to actual implementations. Finally, we provide a framework to link specifications with abstract states to their implementations.

Checking API Protocol Compliance in Java

Kevin Bierhoff
Carnegie Mellon University


Reusable APIs often define usage protocols. The author previously developed a sound and modular type system that checks compliance to typestate based protocols while affording a great deal of aliasing flexibility. This paper focuses on making these ideas available in tools for mainstream object oriented languages and evaluating their practical effectiveness.

Failure-prone Components are also Attack-prone Components

Michael Gegick
Department of Computer Science, North Carolina State University


Limited resources preclude software engineers from finding and fixing all security vulnerabilities in a software system. A predictive model that identifies which components are attack prone can prioritize fortification efforts where they are needed most. We have analyzed two large commercial telecommunications systems that have been deployed to the field. We have found strong correlations (as high as 0.82) between non security failures and security failures and that the most failure prone components are likely to be attack prone. Additionally, non security failures were found to be a good metric for estimating the count of security failures for a given software

Raising the Level of Abstraction of Application-Level Checkpointing

Ritu Arora
University of Alabama at Birmingham


Checkpointing is one of the key ingredients required for writing fault tolerant applications for dynamic and distributed computing environments. Manual reengineering of large legacy applications to insert checkpointing mechanisms is a daunting task, mainly due to the time and cost overheads. This poster describes an approach for nonintrusive reengineering of existing applications to insert a Checkpointing and Restart (CaR) mechanism. The user describes the CaR specifications at a high level and the required code is semi automatically generated and inserted in the application.

Answering Control Flow Questions about Code

Thomas D. LaToza
Carnegie Mellon University


Empirical observations of developers editing code revealed that difficulties following control flow relationships led to poor changes, wasted time, and bugs. I am designing a static analysis to compute interprocedural path-sensitive control flow to help developers more quickly and accurately visually answer these common questions about code.

CZ: Multiple Inheritance Without Diamonds

Donna Malayeri
Carnegie Mellon University


Multiple inheritance has long been plagued with the ``diamond'' inheritance problem, spurring a variety of solutions, such as virtual inheritance, mixins and traits. We offer a different solution: a language that supports multiple inheritance but forbids diamond inheritance. We maintain expressiveness through a ``requires'' construct (inspired by Scala) that provides subtyping without inheritance diamonds. Our novel no diamond restriction offers the benefit of allowing multiple inheritance to co exist neatly with fields, without resorting to tactics such as virtual inheritance. We believe our solution is more expressive than previous attempts to solve the diamond inheritance problem.

Automatic Detection of Memory Anti-Patterns

Adriana E. Chis
Performance Engineering Laboratory, University College Dublin


In large distributed enterprise systems detection of memory problems can be a burdensome task. For understanding the memory related problems a catalog which documents memory anti-pattens is proposed. This paper also introduces our proposed prototype tool for the automatic detection of memory anti-patterns.

Security Oriented Program Transformations (Or How to Add Security on Demand)

Munawar Hafiz
University of Illinois at Urbana Champaign


Security requirements change. Many systems fail to cope with the changing requirements because it is hard to redesign. I show that security can be added by applying program transformations. This improves traditional security engineering approaches and keeps software secure in the face of new security threats.