Modern software systems are increasingly long-lived. In order to gracefully evolve these systems as they address new requirements, developers need to navigate effectively between domain concepts and the code that addr...
详细信息
ISBN:
(纸本)9783662496657;9783662496640
Modern software systems are increasingly long-lived. In order to gracefully evolve these systems as they address new requirements, developers need to navigate effectively between domain concepts and the code that addresses those domains. One of the original promises of object-orientation was that the same object-oriented models would be used throughout requirements analysis, design and implementation. Software systems today however are commonly constructed from a heterogeneous "language soup" of mainstream code and dedicated DSLs addressing a variety of application and technical domains. Has object-orientedprogramming outlived its purpose? In this essay we argue that we need to rethink the original goals of object-orientation and their relevance for modern software development. We propose as a driving maxim, "programming is Modeling," and explore what this implies for programming languages, tools and environments. In particular, we argue that: (1) source code should serve not only to specify an implementation of a software system, but should encode a queryable and manipulable model of the application and technical domains concerned;(2) IDEs should exploit these domain models to enable inexpensive browsing, querying and analysis by developers;and (3) barriers between the code base, the running application, and the software ecosystem at large need to be broken down, and their connections exploited and monitored to support developers in comprehension and evolution tasks.
Code reuse attacks such as return-orientedprogramming (ROP) have become prevalent techniques to exploit memory corruption vulnerabilities in software programs. A variety of corresponding defenses has been proposed, o...
详细信息
ISBN:
(纸本)9781467369497
Code reuse attacks such as return-orientedprogramming (ROP) have become prevalent techniques to exploit memory corruption vulnerabilities in software programs. A variety of corresponding defenses has been proposed, of which some have already been successfully bypassed-and the arms race continues. In this paper, we perform a systematic assessment of recently proposed CFI solutions and other defenses against code reuse attacks in the context of C++. We demonstrate that many of these defenses that do not consider object-oriented C++ semantics precisely can be generically bypassed in practice. Our novel attack technique, denoted as counterfeit object-orientedprogramming (COOP), induces malicious program behavior by only invoking chains of existing C++ virtual functions in a program through corresponding existing call sites. COOP is Turing complete in realistic attack scenarios and we show its viability by developing sophisticated, real-world exploits for Internet Explorer 10 on Windows and Firefox 36 on Linux. Moreover, we show that even recently proposed defenses (CPS, T-VIP, vfGuard, and VTint) that specifically target C++ are vulnerable to COOP. We observe that constructing defenses resilient to COOP that do not require access to source code seems to be challenging. We believe that our investigation and results are helpful contributions to the design and implementation of future defenses against control-flow hijacking attacks.
The importance of teaching a solid design methodology is well-recognized and is the goal of many software development courses. There is an ongoing debate concerning how to approach the learning and teaching of this sk...
详细信息
ISBN:
(纸本)9781479931903
The importance of teaching a solid design methodology is well-recognized and is the goal of many software development courses. There is an ongoing debate concerning how to approach the learning and teaching of this skill, i.e., by focusing on "design first" by means of the UML formalism or by "OO programming first", deferring the development of UML specifications. This work presents a teaching experience and curriculum content where a "design-first" approach was used to teach objectoriented Design, incrementally interleaved with object oriented programming aimed at implementing the modeled software through laboratory activities. Working in groups allowed the students to improve communication and collaboration skills, and the use of web 2.0 technologies, such as a wiki, allowed for better course management and for the deployment of a project involving all the students. This approach was used in two year-long courses with students who had slightly different backgrounds and dispositions. Also presented are a preliminary analysis of the written examinations and laboratory exercises;an analysis of common errors and student misconceptions and a preliminary quantitative measure of the results.
In this paper, we describe an implementation-independent object-oriented interface for commercial and academic Constraint Solvers. This serves as a basis for evaluating different Constraint Solvers and for developing ...
详细信息
ISBN:
(数字)9783540366072
ISBN:
(纸本)3540009868
In this paper, we describe an implementation-independent object-oriented interface for commercial and academic Constraint Solvers. This serves as a basis for evaluating different Constraint Solvers and for developing solver-independent applications. We show, how applications can use the interface, which solvers are already integrated into the framework and how additional solvers can be added. Furtermore, we provide to the community the described system as real Java packages via Internet, that even includes a basic but powerful Constraint Solver.
The use of Java in the first courses of Computing, Computer Sciences and similar degrees is widely accepted. However, many programming professors realize that while is possible for students to use an object-oriented l...
详细信息
ISBN:
(纸本)9788360810484
The use of Java in the first courses of Computing, Computer Sciences and similar degrees is widely accepted. However, many programming professors realize that while is possible for students to use an object-oriented language, is also possible to program with them without applying an object-oriented mentality. This paper defends the use of Smalltalk programming language as the best option for students to learn object-orientedprogramming and acquiring an object-oriented mentality at the same time. This study is based on three years of experience in a course on Software Design.
To assist Java programming educations, we have developed a Web-based Java programming Learning Assistant System (JPLAS) along with the code writing problem which allows students to study writing source codes for assig...
详细信息
ISBN:
(纸本)9781538663097
To assist Java programming educations, we have developed a Web-based Java programming Learning Assistant System (JPLAS) along with the code writing problem which allows students to study writing source codes for assignments. As the object-orientedprogramming language, encapsulation, inheritance, and polymorphism are the three fundamental concepts that all the students are expected to master. In this paper, we propose the informative test code approach to the code writing problem, which helps students study them by describing the necessary information for the code. For evaluations, we generated informative test codes for 10 assignments, and then asked 10 students to write the source codes, where they completed the high-quality ones using the concepts.
A unified language architecture for an advanced reversible object-oriented language is described. The design and implementation choices made for a tree-walking interpreter and source-language inverter are discussed, a...
详细信息
ISBN:
(纸本)9783030798369;9783030798376
A unified language architecture for an advanced reversible object-oriented language is described. The design and implementation choices made for a tree-walking interpreter and source-language inverter are discussed, as well as the integration with an existing monadic parser, type checker and PISA compiler backend. A demonstration of the web interface and the interactions required to interpret, compile and invert reversible object-oriented programs is given. Our aim is that this platform will make reversible programming approachable to a wider community.
A constraint programming environment NeMo+, which is implemented opt a base of a so-called subdefinite models approach is presented. Subdefinite models are a variety of constraint programming techniques. NeMo+ include...
详细信息
ISBN:
(纸本)0818682043
A constraint programming environment NeMo+, which is implemented opt a base of a so-called subdefinite models approach is presented. Subdefinite models are a variety of constraint programming techniques. NeMo+ includes a high-level object-oriented declarative language for specification of data types and constraints. The method of subdefinite models is briefly reviewed in the first part of the paper. The NeMo+ architecture and the NeMo+ language are presented in second part. The NeMo+ main capabilities in solving some problems and benchmarks are considered in the rest of the paper.
We analyse how inheritance of synchronization constraints should be supported. The conclusion of our analysis is that inheritance of synchronization constraints should take the form of incrementally more restrictive c...
详细信息
The three problems of the title - the first two widely discussed in the literature, the third less well known but just as important for further development of object technology - are: center dot Eradicating the risk o...
详细信息
ISBN:
(纸本)354027992X
The three problems of the title - the first two widely discussed in the literature, the third less well known but just as important for further development of object technology - are: center dot Eradicating the risk of void calls: X. f with, at run time, the target X not denoting any object, leading to an exception and usually a crash. center dot Eradicating the risk of "catcalls": erroneous run-time situations, almost inevitably leading to crashes, resulting from the use of covariant argument typing. center dot Providing a simple way, in concurrent object-orientedprogramming, to lock an object handled by a remote processor or thread of control, or to access it without locking it, as needed by the context and in a safe way. A language mechanism provides a combined solution to all three issues. This mechanism also allows new solutions to two known problems: how to check that a certain object has a certain type, and then use it accordingly ("Run-Time Type Identification" or "downcasting"), for which it may provide a small improvement over previously proposed techniques;and how to provide a "once per object" facility, permitting just-in-time evaluation of certain object properties. The solution relies on a small extension to the type system involving a single symbol, the question mark. The idea is to declare certain types as "attached" (not permitting void values), enforce some new validity rules that rule out void calls, and validate a number of common programming schemes as "Certified Attachment Patterns" guaranteed to rule out void calls. (In addition, the design replaced an existing type-querying construct by a simpler one.) The mechanism is completely static: A checks can be performed by compilers as part of normal type system enforcement. It places no undue burden on these compilers - in particular, does not require dataflow analysis - and can be fairly quickly explained to programmers. Existing code, if reasonably well-written, will usually continue to work wit
暂无评论