Aldrich, J., Chambers, C., & Notkin, D. (2002). Architectural reasoning in ArchJava. 16th European Conference on Object-Oriented Programming (ECOOP), 334-367.

 

Aldrich, J., Chambers, C., & Notkin, D. (2002). ArchJava: connecting software architecture to implementation. 24th International Conference on Software Engineering (ICSE), 187-197.

 

Aldrich, J., Sazawal, V., Chambers, C., & Notkin, D. (2002). Architecture-centric programming for adaptive systems. Proceedings of the first workshop on Self-healing systems, 93-95.

 

Ubiquitous computing services are a fast-growing and challenging class of self-healing systems that must adapt to constant failures and environmental changes. Writing robust ubiquitous computing code is difficult in current programming systems. The architecture, interfaces, and logic of the program are often obscured by infrastructure details, making the development and evolution of these systems difficult and error-prone.We are exploring whether implementation language support for software architecture can aid in the development and evolution of ubiquitous computing systems. One such approach, embodied in the ArchJava language, allows programmers to express the software architecture of an application within Java source code. In this paper, we propose an extension to ArchJava allowing programmers to define custom connectors. Custom connectors are useful in many different contexts; we show how they can be used to implement part of the PlantCare ubiquitous computing application in ArchJava.

 

Aldrich, J., Sazawal, V., Chambers, C., & Notkin, D. (2003). Language support for connector abstractions. 17th European Conference on Object-Oriented Programming (ECOOP), 74-102.

 

Alverson, G. A., Griswold, W. G., Lin, C., Notkin, D., & Snyder, L. (1998). Abstractions for Portable, Scalable Parallel Programming. IEEE Transactions on Parallel and Distributed Systems, 9(1), 71-86.

 

In parallel programming, the need to manage communication, load imbalance, and irregularities in the computation puts substantial demands on the programmer. Key properties of the architecture, such as the number of processors and the cost of communication, must be exploited to achieve good performance, but coding these properties directly into a program compromises the portability and flexibility of the code because significant changes are then needed to port or enhance the program. We describe a parallel programming model that supports the concise, independent description of key aspects of a parallel program including data distribution, communication, and boundary conditions without reference to machine idiosyncrasies. The independence of such components improves portability by allowing the components of a program to be tuned independently, and encourages reuse by supporting the composition of existing components. The isolation of architecture-sensitive aspects of a computation simplifies the task of porting programs to new platforms. Moreover, the model is effective in exploiting both data parallelism and functional parallelism. This paper provides programming examples, compares this work to related languages, and presents performance results.

 

Alverson, G. A., Griswold, W. G., Notkin, D., & Snyder, L. (1990). A flexible communication abstraction for nonshared memory parallel computing. 1990 ACM/IEEE Conference on Supercomputing, 584-593.

 

Alverson, G. A., & Notkin, D. (1993). Program Structuring for Effective Parallel Portability. IEEE Transactions on Parallel and Distributed Systems, 4(9), 1041-1059.

 

The tension between software development costs and efficiency is especially high when considering parallel programs intended to run on a variety of architectures. In the domain of shared memory architectures and explicitly parallel programs, we have addressed this problem by defining a programming structure that eases the development of effectively portable programs. On each target multiprocessor, an effectively portable program runs almost as efficiently as a program fine-tuned for that machine. Additionally, its software development cost is close to that of a single program that is portable across the targets. Using our model, programs are defined in terms of data structure and partitioning-scheduling abstractions. These are activities identified as substantially affecting the performance of parallel programs; activities whose most efficient implementations can differ on the basis of the algorithm, multiprocessor, and even run-time data values and parameters. Low software development cost is attained by writing source programs in terms of abstract interfaces and thereby requiring minimal modification to port; high performance is attained by matching (often dynamically) the interfaces to implementations that are most appropriate to the execution environment. We include results of a prototype used to evaluate the benefits and costs of this approach.

 

Amador, F. G., Berman, D., Borning, A., Derose, T., Finkelstein, A., Neville, D., Notkin, D., Salesin, D., Salisbury, M., Sherman, J., Sun, Y., Weld, D. S., & Winkenbach, G. (1993). Electronic How Things Work Articles - 2 Early Prototypes. IEEE Transactions on Knowledge and Data Engineering, 5(4), 611-618.

 

The Electronic Encyclopedia/Exploratorium (E3) is a vision of a future computer system-a kind of electronic ''How Things Work'' book. Typical articles in E3 will describe such mechanisms as compression refrigerators, engines, telescopes, and mechanical linkages. Each article will provide simulations, three-dimensional animated graphics that the user can manipulate, laboratory areas that allow a user to modify the device or experiment with related artifacts, and a facility for asking questions and receiving customized, computer-generated English-language explanations. In this paper, we discuss some of the foundational technology-especially focusing on topics in artificial intelligence, graphics, and user interfaces-needed to achieve this long-term vision. We describe our initial prototype system and the technical lessons we have learned from it, as well as our second prototype currently under construction.

 

Ambriola, V., & Notkin, D. (1988). Reasoning About Interactive Systems. IEEE Transactions on Software Engineering, 14(2), 272-276.

 

Interactive systems have goals and characteristics that differ from those of batch systems. These differences lead to a need for new techniques, methods, and tools for manipulating and constructing interactive systems. The difference in structure between batch and interactive systems. The difference is considered, focusing on the distinction between command decomposition and component decomposition. The possible ways of solving a problem using an interactive system using action paths, which account for the relatively unconstrained actions of interactive users, are described. It is shown that interactivity is not an inherent characteristic of a system but rather a characteristic that depends on the error profile of its users. The requirements that interaction places on the underlying implementation, specifically the need for incrementality and integration, are considered. The results are applied to several existing classes of systems.

 

Anderson, R. J., Beame, P., Burns, S., Chan, W., Modugno, F., Notkin, D., & Reese, J. D. (1996). Model checking large software specifications. 4th ACM SIGSOFT Symposium on Foundations of Software Engineering (FSE), 156-166.

 

Anderson, R. J., Beame, P., Chan, W., & Notkin, D. (2000). Experiences with the application of symbolic model checking to the analysis of software specifications. Perspectives of System Informatics, 1755, 460-469.

 

Symbolic model checking is a powerful formal-verification technique which has been used to analyze many hardware systems. In this paper we present our experiences in applying symbolic model checking to software specifications of reactive systems. We have conducted two in depth case studies: one, using the specification of TCAS II (Traffic Alert and Collision Avoidance System II), and the other using a model of an aircraft electrical system. Based on these case studies, we have gained significant experience in how model checking can be used in to analyze software specifications, and have also overcome a number of performance bottlenecks to make the analysis tractable. The emphasis of this paper is the uses of model checking in the analysis of specifications. We will discuss the types of properties which we were able to evaluate in our case studies. These include specific errors we were able to identify, as well as general properties we were able to establish for the systems. We will also discuss, in more general terms, the potential uses of symbolic model checking in the development process of software specifications.

 

Badros, G. J., & Notkin, D. (2000). A framework for preprocessor-aware C source code analyses. Software—Practice & Experience, 30(8), 907-924.

 

Analyses of C source code usually ignore the C preprocessor because of its complexity. Instead, these analyses either define their own approximate parser or scanner, or else they require that their input already be preprocessed. Neither approach is entirely satisfactory: the first gives up accuracy (or incurs large implementation costs), while the second loses the preprocessor-based abstractions. We describe a framework that permits analyses to be expressed in terms of both preprocessing and parsing actions, allowing the implementer to focus on the analysis. We discuss an implementation of such a framework that embeds a C preprocessor, a parser, and a Perl interpreter for the action hooks. Many common software engineering analyses can be written surprisingly easily using our implementation, replacing numerous ad-hoc tools. The framework's integration of the preprocessor and the parser further enables some analyses that otherwise would be especially difficult to perform.

 

Chan, W., Anderson, R., Beame, P., & Notkin, D. (1997). Combining constraint solving and symbolic model checking for a class of systems with non-linear constraints. Computer Aided Verification (CAV), 1254, 316-327.

 

We extend the conventional BDD-based model checking algorithms to verify systems with non-linear arithmetic constraints. We represent each constraint as a BDD variable, using the information from a constraint solver to prune the BDDs by removing paths that correspond to infeasible constraints. We illustrate our technique with a simple example, which has been analyzed with our prototype implementation.

 

Chan, W., Anderson, R., Beame, P., Notkin, D., Jones, D. H., & Warner, W. E. (2001). Optimizing Symbolic Model Checking for Statecharts. IEEE Transactions on Software Engineering, 27(2), 170-190.

 

Symbolic model checking based on binary decision diagrams is a powerful formal verification technique for reactive systems. In this paper, we present various optimizations for improving the time and space efficiency of symbolic model checking for systems specified as statecharts. We used these techniques in our analyses of the models of a collision avoidance system and a fault-tolerant electrical power distribution (EPD) system, both used on commercial aircraft. The techniques together reduce the time and space requirements by orders of magnitude, making feasible some analysis that was previously intractable. We also elaborate on the results of verifying the EPD model. The analysis disclosed subtle modeling and logical flaws not found by simulation.

 

Chan, W., Anderson, R. J., Beame, P., Burns, S., Modugno, F., Notkin, D., & Reese, J. D. (1998). Model Checking Large Software Specifications. IEEE Transactions on Software Engineering, 24(7), 498-520.

 

In this paper, we present our experiences in using symbolic model checking to analyze a specification of a software system for aircraft collision avoidance. Symbolic model checking has been highly successful when applied to hardware systems. We are interested in whether model checking can be effectively applied to large software specifications. To investigate this, we translated a portion of the state-based system requirements specification of Traffic Alert and Collision Avoidance System II (TCAS II) into input to a symbolic model checker (SMV). We successfully used the symbolic model checker to analyze a number of properties of the system. We report on our experiences, describing our approach to translating the specification to the SMV language, explaining our methods for achieving acceptable performance, and giving a summary of the properties analyzed. Based on our experiences, we discuss the possibility of using model checking to aid specification development by iteratively applying the technique early in the development cycle. We consider the paper to be a data point for optimism about the potential for more widespread application of model checking to software systems.

 

Chan, W., Anderson, R. J., Beame, P., & Notkin, D. (1998). Improving efficiency of symbolic model checking for state-based system requirements. ACM SIGSOFT international Symposium on Software Testing and Analysis (ISSTA), 102-112.

 

We present various techniques for improving the time and space efficiency of symbolic model checking for system requirements specified as synchronous finite state machines. We used these techniques in our analysis of the system requirements specification of TCAS II, a complex aircraft collision avoidance system. They together reduce the time and space complexities by orders of magnitude, making feasible some analysis that was previously intractable. The TCAS II requirements were written in RSML, a dialect of state-charts.

 

Chan, W. C., Anderson, R. J., Beame, P., Jones, D. H., Notkin, D., & Warner, W. E. (1999). Decoupling synchronization from local control for efficient symbolic model checking of statecharts. 21st international Conference on Software Engineering (ICSE), 142-151.

 

Chan, W. C., Anderson, R. J., Beame, P., & Notkin, D. (1997). Combining Constraint Solving and Symbolic Model Checking for a Class of a Systems with Non-linear Constraints. 9th International Conference on Computer Aided Verification (CAV), 316-327.

 

Chow, K., & Notkin, D. (1996). Semi-automatic update of applications in response to library changes. 1996 International Conference on Software Maintenance (ICSM), 359.

 

Ernst, M. D., Badros, G. J., & Notkin, D. (2002). An empirical analysis of C preprocessor use. IEEE Transactions on Software Engineering, 28(12), 1146-1170.

 

This is the first empirical study of the use of the C macro preprocessor, Cpp. To determine how the preprocessor is used in practice, this paper analyzes 26 packages comprising 1.4 million lines of publicly available C code. We determine the incidence of C preprocessor usage-whether in macro definitions, macro uses, or dependences upon macros-that is complex, potentially problematic, or inexpressible in terms of other C or C++ language features. We taxonomize these various aspects of preprocessor use and particularly note data that are material to the development of tools for C or C++, including translating from C to C++ to reduce preprocessor usage. Our results show that, while most Cpp usage follows fairly simple patterns, an effective program analysis tool must address the preprocessor. The intimate connection between the C programming language and Cpp, and Cpp's unstructured transformations of token streams often hinder both programmer understanding of C programs and tools built to engineer C programs, such as compilers, debuggers, call graph extractors, and translators. Most tools make no attempt to analyze macro usage, but simply preprocess their input, which results in a number of negative consequences; an analysis that takes Cpp into account is preferable, but building such tools requires an understanding of actual usage. Differences between the semantics of Cpp and those of C can lead to subtle bugs stemming from the use of the preprocessor, but there are no previous reports of the prevalence of such errors. Use of C++ can reduce some preprocessor usage, but suck usage has not been previously measured. Our data and analyses shed light on these issues and others related to practical understanding or manipulation of real C programs. The results are of interest to language designers, tool writers, programmers, and software engineers.

 

Ernst, M. D., Cockrell, J., Griswold, W. G., & Notkin, D. (1999). Dynamically discovering likely program invariants to support program evolution. Proceedings of the 21st international conference on Software engineering, 213-224.

 

Ernst, M. D., Cockrell, J., Griswold, W. G., & Notkin, D. (2001). Dynamically Discovering Likely Program Invariants to Support Program Evolution. IEEE Transactions on Software Engineering, 27(2), 99-123.

 

Explicitly stated program invariants can help programmers by identifying program properties that must be preserved when modifying code. In practice, however, these invariants are usually implicit. An alternative to expecting programmers to fully annotate code with invariants is to automatically infer likely invariants from the program itself. This research focuses on dynamic techniques for discovering invariants from execution traces. This article reports three results. First, it describes techniques for dynamically discovering invariants, along with an implementation, named Daikon, that embodies these techniques. Second, it reports on the application of Daikon to two sets of target programs. In programs from Gries's work on program derivation, the system rediscovered predefined invariants. In a C program lacking explicit invariants, the system discovered invariants that assisted a software evolution task. These experiments demonstrate that, at least for small programs, invariant inference is both accurate and useful. Third, it analyzes scalability issues, such as invariant detection runtime and accuracy, as functions of test suites and program points instrumented.

 

Ernst, M. D., Czeisler, A., Griswold, W. G., & Notkin, D. (2000). Quickly detecting relevant program invariants. Proceedings of the 22nd international conference on Software engineering, 449-458.

 

Garlan, D., Jha, S., Notkin, D., & David, J. (1998). Reasoning about implicit invocation. Proceedings of the 6th ACM SIGSOFT international symposium on Foundations of software engineering, 209-221.

 

Garlan, D., Kaiser, G. E., & Notkin, D. (1992). Using Tool Abstraction to Compose Systems. Computer, 25(6), 30-38.

 

The tool abstraction paradigm, which supports the evolution of large-scale software systems by easing design changes in the system functions, is discussed. Systems that support tool abstraction are structured as a pool of abstract data structures shared by a collection of cooperating 'toolies', where each toolie provides a piece of the overall system function. When one toolie updates the shared data, other toolies must be notified: otherwise, cooperating-but-independent toolies may not execute, and the overall system function may be compromised. The KWIC (key word in context) index production system is used to illustrate the idea of tool abstraction. The relationship of tool abstraction to other concepts is examined.

 

Garlan, D., & Notkin, D. (1991). Formalizing Design Spaces: Implicit Invocation Mechanisms. Proceedings of the 4th International Symposium of VDM Europe on Formal Software Development-Volume I: Conference Contributions - Volume I, 31-44.

 

Griswold, W. G., & Notkin, D. (1992). Computer-aided vs. manual program restructuring. ACM SIGSOFT Software Engineering Notes, 33-41.

 

Griswold, W. G., & Notkin, D. (1995). Architectural Tradeoffs for a Meaning-Preserving Program Restructuring Tool. IEEE Transactions on Software Engineering, 21(4), 275-287.

 

Maintaining the consistency of multiple program representations, such as abstract syntax trees and program dependence graphs, in a program manipulation tool is difficult. This paper describes a hybrid software architecture for a meaning-preserving program restructuring tool. Layering is the primary architectural paradigm, which successively provides increasingly integrated and unified abstract machines to implement the tool. However, layering does not provide adequate control over extensibility or the independence of components. Consequently, we also adopted the paradigm of keeping the key program abstractions separate throughout the layering, providing independent columns of abstract data types. A pair of columns is integrated by a mapping column that translates elements in one column's data type into related elements in the other column's data type. Thus integration of function and separation of representation can be achieved simultaneously in this complex domain.This hybrid architecture was crucial in overcoming severe performance problems classic in traditional layered systems that became apparent once the basic tool was completed. By taking advantage of the independence of the columns and the special characteristics of meaning-preserving restructuring, it was possible to extend one representation column of the architecture to the uppermost layer to provide the required access for efficient update without compromising independence. The cost of the extended architecture is that the upper layers are no longer as simple because they expose operations that only guarantee consistency under careful usage. However, the structural constraints of the hybrid architecture and provided models for building the more complicated layers minimizes the negative impact of this tradeoff.

 

Gunter, C., Mitchell, J., & Notkin, D. (1996). Strategic directions in software engineering and programming languages. ACM Computing Surveys (CSUR), 28(4), 727-737.

 

 

 

Habermann, A. N., & Notkin, D. (1986). Gandalf: software development environments. IEEE Transactions on Software Engineering, 12(12), 1117-1127.

 

 

 

Habermann, A. N., Notkin, D. S., & Perry, D. E. (1979). Report on the use of Ada for design and implementation of part of Gandalf. Cmu-Cs ;. Pittsburgh, Pa.: Department of Computer Science, Carnegie-Mellon University, [2], 152 p.

 

Henderson, P. B., & Notkin, D. (1987). Guest Editors' Introduction: Integrated Design and Programming Environments. Computer. 12-16.

 

Henderson, P. B., & Notkin, D. (1987). Integrated Design and Programming Environments. Computer, 20(11), 12-16.

 

 

 

Kim, M., Bergman, L., Lau, T. A., & Notkin, D. (2004). An Ethnographic Study of Copy and Paste Programming Practices in OOPL. Proceedings of the 2004 International Symposium on Empirical Software Engineering, 83-92.

 

Kim, M., & Notkin, D. (2005). Using a clone genealogy extractor for understanding and supporting evolution of code clones. Proceedings of the 2005 international workshop on Mining software repositories, 1-5.

 

Kim, M., & Notkin, D. (2006). Program element matching for multi-version program analyses. Proceedings of the 2006 international workshop on Mining software repositories, 58-64.

 

Kim, M., Notkin, D., & Grossman, D. (2007). Automatic Inference of Structural Changes for Matching across Program Versions. Proceedings of the 29th international conference on Software Engineering, 333-343.

 

Kim, M., Sazawal, V., Murphy, G. C., & Notkin, D. (2005). An empirical study of code clone genealogies. Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering, 187-196.

 

Michail, A., & Notkin, D. (1998). Illustrating Object-Oriented Library Reuse by Example: A Tool-Based Approach. Proceedings of the 13th IEEE international conference on Automated software engineering, 200.

 

Michail, A., & Notkin, D. (1999). Assessing software libraries by browsing similar classes, functions and relationships. Proceedings of the 21st international conference on Software engineering 463-472.

 

Murphy, G. C., & Notkin, D. (1995). Lightweight source model extraction. Proceedings of the 3rd ACM SIGSOFT symposium on Foundations of software engineering, 116-127.

 

Murphy, G. C., & Notkin, D. (1996). Lightweight lexical source model extraction. ACM Transactions on Software Engineering and Methodology (TOSEM), 5(3), 262-292.

 

Software engineers maintaining an existing software system often depend on the mechanized extraction of information from system artifacts. Some useful kinds of information—source models—are well known: call graphs, file dependences, etc. Predicting every kind of source model that a software engineer may need is impossible. We have developed a lightweight approach for generating flexible and tolerant source model extractors from lexical specifications. The approach is lightweight in that the specifications are relatively small and easy to write. It is flexible in that there are few constraints on the kinds of artifacts from which source models are extracted (e.g., we can extract from source code, structured data files, documentation, etc.). It is tolerant in that there are few constraints on the condition of the artifacts. For example, we can extract from source that cannot necessarily be compiled. Our approach extended the kinds of source models that can be easily produced from lexical information while avoiding the constraints and brittleness of most parser-based approaches. We have developed tools to support this approach and applied the tools to the extraction of a number of different source models (file dependences, event interactions, call graphs) from a variety of system artifacts (C, C++, CLOS, Eiffel. TCL, structured data). We discuss our approach and describe its application to extract source models not available using existing systems; for example, we compute the implicitly-invokes relation over Field tools. We compare and contrast our approach to the conventional lexical and syntactic approaches of generating source models.

 

Murphy, G. C., & Notkin, D. (1996). On the use of static typing to support operations on frameworks. Object Oriented Systems, 3(4), 197-213.

 

Frameworks capture the commonalities in design and implementation between a family of related applications and are typically expressed in a general-purpose object-oriented language. Software engineers use frameworks to reduce the cost of building complex applications. Although the task of using a framework to build an application is error-prone, few techniques and tools exist to aid the engineer. This paper characterizes the operations of instantiation, extension and refinement used to build applications from frameworks and explores how these operations are supported by one common language-level tool, namely the static typing policies (and associated tools) of common object-oriented languages. It was found that both conservative contravariant and covariant static typing policies were effective in supporting the operations of framework instantiation and framework extension. However, both policies were ineffective at supporting the operation of framework refinement. Although it does not support the refinement operation itself, covariance is sufficiently expressive to support the instantiation of a properly refined framework. This result provides a basis for defining and building tools to support the effective use and evolution of frameworks in software engineering environments.

 

Murphy, G. C., & Notkin, D. (1997). Reengineering with Reflexion Models: A Case Study. Computer, 30(8), 29-36.

 

Reengineering large and complex software systems is often very costly. Reflexion models let software engineers begin with a structural high-level model that they can selectively refine to rapidly gain task-specific knowledge about the source code. In this article we give an overview of our technique and then relate how a Microsoft engineer used it to aid an experimental reengineering of Excel-a product that comprises about 1.2 million lines of C code. Our technique begins with a high-level model, which users define on the basis of a desired software engineering task. Thus, the next steps in our technique are to extract a model of the source, define a map, and, through a set of computation tools, compare the two models. This lets software engineers effectively validate their high-level reasoning with information from the source code. To satisfy the need for a quick and inexpensive method, we made the technique "lightweight" and iterative. The user can easily and rapidly access the structural information of interest and can balance the cost of refinement with the potential benefits of a more complete and accurate model. The engineer in our case study-a developer with 10-plus years at Microsoft-specified and computed an initial reflexion model of Excel in a day and then spent four weeks iteratively refining it. He estimated that gaining the same degree of familiarity with the Excel source code might have taken up to two years with other available approaches. The experimental reengineering case study shows that our technique has practical application. First, the engineer chose to use the technique even when facing extreme pressure. Second, he continued to use the technique beyond the original time (one month) to refine additional parts of the reflexion model for Excel and to compute reflexion models for successive Excel versions. Finally, the engineer stated that the slowdowns he did encounter while performing the experimental reengineering were often due to a lack of up-front understanding. Had the reflexion model technique been used more during planning, he felt that he might have understood the product better to begin with. We believe our technique was successful in large part because it uses approximation. This ensures a smooth feedback from the time invested in applying the technique to the results. The more time the Microsoft engineer spent refining the map, the more information he derived. Although this curve is not completely smooth, the engineer was able to gauge the accuracy of the results and use that information to manage the time and effort invested in using the technique.

 

Murphy, G. C., & Notkin, D. (1997). Reengineering with reflexion models: A case study. Computer, 30(8), 29-&.

 

Reengineering large and complex software systems is often very costly. Reflexion models let software engineers begin with a structural high level model that they can selectively refine to rapidly gain task specific knowledge about the source code. The authors describe how a Microsoft engineer used this technique in an experimental reengineering of Excel.

 

Murphy, G. C., Notkin, D., Griswold, W. G., & Lan, E. S.-C. (1998). An empirical study of static call graph extractors. ACM Transactions on Software Engineering and Methodology (TOSEM), 7(2), 158-191.

 

Informally, a call graph represents calls between entities in a given program. The call graphs that compilers compute to determine the applicability of an optimization must typically be conservative: a call may be omitted only if it can never occur in any execution of the program. Numerous software engineering tools also extract call graphs with the expectation that they will help software engineers increase their understanding of a program. The requirements placed on software engineering tools that compute call graphs are typically more relaxed than for compilers. For example, some false negatives—calls that can in fact take place in some execution of the program, but which are omitted from the call graph—may be acceptable, depending on the understanding task at hand. In this article, we empirically show a consequence of this spectrum of requirements by comparing the C call graphs extracted from three software systems (mapmaker, mosaic, and gcc) by nine tools (cflow, cawk, CIA, Field, GCT, Imagix, LSME, Mawk, and Rigiparse). A quantitative analysis of the call graphs extracted for each system shows considerable variation, a result that is counterintuitive to many experienced software engineers. A qualitative analysis of these results reveals a number of reasons for this variation: differing treatments of macros, function pointers, input formats, etc. The fundamental problem is not that variances among the graphs extracted by different tools exist, but that software engineers have little sense of the dimensions of approximation in any particular call graph. In this article, we describe and discuss the study, sketch a design space for static call graph extractors, and discuss the impact of our study on practitioners, tool developers, and researchers. Although this article considers only one kind of information, call graphs, many of the observations also apply to static extractors of other kinds of information, such as inheritance structures, file dependences, and references to global variables.

 

Murphy, G. C., Notkin, D., & Lan, E. S.-C. (1996). An empirical study of static call graph extractors. Proceedings of the 18th international conference on Software engineering, 90-99.

 

Murphy, G. C., Notkin, D., & Sullivan, K. (1995). Software reflexion models: bridging the gap between source and high-level models. Proceedings of the 3rd ACM SIGSOFT symposium on Foundations of software engineering, 18-28.

 

Murphy, G. C., Notkin, D., & Sullivan, K. (1997). Extending and Managing Software Reflexion Models. Technical Report: TR-97-15

 

Murphy, G. C., Notkin, D., & Sullivan, K. (2001). Software Reflexion Models: Bridging the Gap between Design and Implementation. IEEE Transactions on Software Engineering, 27(4), 364-380.

 

The artifacts constituting a software system often drift apart over time. We have developed the software reflexion model technique to help engineers perform various software engineering tasks by exploiting, rather than removing, the drift between design and implementation. More specifically, the technique helps an engineer compare artifacts by summarizing where one artifact (such as a design) is consistent with and inconsistent with another artifact (such as source). The technique can be applied to help a software engineer evolve a structural mental model of a system to the point that it is good-enough to be used for reasoning about a task at hand. The software reflexion model technique has been applied to support a variety of tasks, including design conformance, change assessment, and an experimental reengineering of the million-lines-of-code Microsoft Excel product. In this paper, we provide a formal characterization of the reflexion model technique, discuss practical aspects of the approach, relate experiences of applying the approach and tools, and place the technique into the context of related work.

 

Notkin, D. (1985). Annotated-Bibliography of Gandalf Literature. Journal of Systems and Software, 5(2), 173-176.

 

 

 

Notkin, D. (1985). The Gandalf Project. Journal of Systems and Software, 5(2), 91-105.

 

 

 

Notkin, D. (1988). Applying software process models to the full lifecycle is premature. Proceedings of the 4th international software process workshop on Representing and enacting the software process, 116-117.

 

Notkin, D. (1989). The relationship between software development environments and the software process. Proceedings of the third ACM SIGSOFT/SIGPLAN software engineering symposium on Practical software development environments, 107-109.

 

Notkin, D. (1990). Proxies - a Software Structure for Accommodating Heterogeneity. Software-Practice & Experience, 20(4), 357-364.

 

 

 

Notkin, D. (1998). The lifeblood of our field. Computer, 31(10), 123-123.

 

 

 

Notkin, D. (2003). Longitudinal program analysis. Proceedings of the 2002 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, 1.

 

Notkin, D. (2006). Unconventional Views on Conventional Wisdom about Software Engineering Research. Proceedings of the 22nd IEEE International Conference on Software Maintenance, 201.

 

Notkin, D. (2007). Dessert Island. Automated Software Engineering, 14(1), 123-125.

 

Notkin, D., Black, A. P., Lazowska, E. D., Levy, H. M., Sanislo, J., & Zahorjan, J. (1988). Interconnecting Heterogeneous Computer-Systems. Communications of the ACM, 31(3), 258-273.

 

A software structure created by the Heterogeneous Computer Systems (HCS) Project at the University of Washington was designed to address the problems of heterogeneity that typically arise in research computing environments.

 

Notkin, D., Donner, M., Ernst, M. D., Gorlick, M., & Whitehead, E. J. J. (2001). Panel: perspectives on software engineering. Proceedings of the 23rd International Conference on Software Engineering, 699-704.

 

Notkin, D., & Griswold, W. G. (1987). Enhancement through extension: the extension interpreter. Proceedings of the ACM SIGPLAN/SIGSOFT Symposium on Interpreters and interpretive techniques, 45-55.

 

Notkin, D., & Griswold, W. G. (1988). Extension and software development. Proceedings of the 10th international conference on Software engineering, 274-283.

 

Notkin, D., Hutchinson, N., Sanislo, J., & Schwartz, M. (1987). Heterogeneous Computing Environments - Report on the Acm Sigops Workshop on Accommodating Heterogeneity. Communications of the ACM, 30(2), 132-140.

 

The ACM SIGOPS Workshop on Accommodating Heterogeneity was conducted in December 1985 in Eastbound, Wash., as a forum for an international group of fifty researchers to discuss the technical issues surrounding heterogeneous computing environments.

 

Notkin, D., & Jeffery, D. R. (1996). Best papers of the 17th international conference on software engineering (ICSE-17). IEEE Transactions on Software Engineering, 22(6), 361-362.

 

Notkin, D., Kirsch, G., & Skulikaris, Y. (1999). Intellectual property issues in software (panel). Proceedings of the 21st international conference on Software engineering, 594-595.

 

Notkin, D., & Pezze, M. (2008). Introduction to the special section from the ACM International Symposium on Software Testing and Analysis (ISSTA 2006). Acm Transactions on Software Engineering and Methodology, 17(2), -.

 

Notkin, D., & Schlichting, R. D. (1993). Computer Science in Japanese Universities. Computer, 26(5), 62-70.

 

Despite associating Japan with high technology, most Western scientists know little about computer science in Japan. Many factors contribute to this phenomenon, including language and cultural differences, a shortage of readily available information, and a degree of technical chauvinism. On the basis of observations made during sabbaticals in Japan, the authors provide an informal portrait of computer science in Japanese universities in the hope that enhanced awareness and increased interaction will result. They look specifically at departmental structure, faculty career paths, the student population, and research activity. Probably the most important lesson drawn from their experiences is that it is difficult to overestimate the influence of culture in distinguishing the structure of American and Japanese approaches to teaching and research in computer science. The more notice able differences observed include (1) the tendency of Japanese faculty to stay in a department from undergraduate days through retirement, unlike more mobile approach in the US; (2) the narrow focus of most Japanese computer science research programs compared with generally broader research programs in the US; (3) the structural leveling of resources in general compared with the wide variation across departments in the US; (4) the marked absence of women and foreigners in the faculty and graduate student ranks compared with the more heterogeneous nature of departments in the US; and (5) the small number of faculty and PhD students in top-tier Japanese programs as opposed to the much larger programs found in comparable US universities. The influence of Japan on computer science, and in political, social, and other scientific realms, is growing. Scientists and researchers in other parts of the world must educate themselves about Japanese computer science in order to benefit from the work that goes on in that country and understand how to improve their own efforts.

 

Notkin, D., Snyder, L., Socha, D., Bailey, M. L., Forstall, B., Gates, K., Greenlaw, R., Griswold, W. G., Holman, T. J., Korry, R., Lasswell, G., Mitchell, R., & Nelson, P. A. (1988). Experiences with poker. Proceedings of the ACM/SIGPLAN conference on Parallel programming: experience with applications, languages and systems, 10-20.

 

Notkin, D. S. (1980). An experience with parallelism in Ada. Proceedings of the ACM-SIGPLAN symposium on Ada programming language, 9-15.

 

Notkin, D. S. (1984). Interactive structure-oriented computing. Thesis (Ph D ), Carnegie-Mellon University, Dept. of Computer Science,

Carnegie-Mellon University, 1984., Pittsburgh, Pa.

 

Oberg, B., & Notkin, D. (1992). Error Reporting with Graduated Color. IEEE Software, 9(6), 33-38.

 

A technique for nonintrusive error notification during programming that uses graduated color and elision, the temporary hiding of information, is described. Users can see errors and their age by the color and can look at the associated error explanation when they are not busy. Interruption is kept to a minimum during notification, and the explanation is close at hand and complete when it is wanted. The application of this technique to the Cornell synthesizer Generator is discussed, and sample generated displays are presented.

 

Sazawal, V., Kim, M., & Notkin, D. (2004). A Study of Evolution in the Presence of Source-Derived Partial Design Representations. Proceedings of the Principles of Software Evolution, 7th International Workshop, 21-30.

 

Sazawal, V., & Notkin, D. (2004). Design snippets: partial design representations extracted from source code. Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications, 13-14.

 

Schwartz, M., Zahorjan, J., & Notkin, D. (1987). A name service for evolving heterogeneous systems. Proceedings of the eleventh ACM Symposium on Operating systems principles, 52-62.

 

Shaw, M., Jones, A., Knueven, P., McDermott, J., Miller, P., & Notkin, D. (1980). Cheating Policy in a Computer Science Department. ACM SIGCSE Bulletin, 72-76.

 

Socha, D., Bailey, M. L., & Notkin, D. (1989). Voyeur: graphical views of parallel programs. Proceedings of the 1988 ACM SIGPLAN and SIGOPS workshop on Parallel and distributed debugging, 206-215.

 

Soffa, M. L., & Notkin, D. (1998). SIGPLAN and SIGSOFT joint efforts. Acm Sigplan Notices, 1-1.

 

Squillante, M. S., & Notkin, D. (1989). Integrating Heterogeneous Local Mail Systems. IEEE Software, 6(6), 59-67.

 

A description is given of the Heterogeneous Mail System. This environment is inexpensive to implement. It is also inexpensive to integrate a new mail system into the environment and to use its services effectively. Diverse classes of mail systems can be integrated into the environment. The system model is examined, with particular attention to the mail semantic managers, the system server, mail submission and delivery, accommodating new systems, security and authentication, and scalability. Experiences with an experimental prototype are reported.

 

Sullivan, K., & Notkin, D. (1992). Reconciling environment integration and software evolution. ACM Transactions on Software Engineering and Methodology (TOSEM), 1(3), 229-268.

 

Common software design approaches complicate both tool integration and software evolution when applied in the development of integrated environments. We illustrate this by tracing the evolution of three different designs for a simple integrated environment as representative changes are made to the requirements. We present an approach that eases integration and evolution by preserving tool independence in the face of integration. We design tool integration relationships as separate components called mediators, and we design tools to implicitly invoke mediators that integrate them. Mediators separate tools from each other, while implicit invocation allows tools to remain independent of mediators. To enable the use of our approach on a range of platforms, we provide a formalized model and requirements for implicit invocation mechanisms. We apply this model both to analyze existing mechanisms and in the design of a mechanism for C++.

 

Sullivan, K. J., Kalet, I. J., & Notkin, D. (1995). Mediators in a Radiation Treatment Planning Environment. Technical Report: CS-95-29

 

Sullivan, K. J., Kalet, I. J., & Notkin, D. (1996). Evaluating The Mediator Method: Prism as a Case Study. IEEE Transactions on Software Engineering, 22(8), 563-579.

 

A software engineer's confidence in the profitability of a novel design technique depends to a significant degree on previous demonstrations of its profitability in practice. Trials of proposed techniques are thus of considerable value in providing factual bases for evaluation. In this paper we present our experience with a previously presented design approach as a basis for evaluating its promise and problems. Specifically, we report on our use of the mediator method to reconcile tight behavioral integration with ease of development and evolution of Prism, a system for planning radiation treatments for cancer patients. Prism is now in routine clinical use in several major research hospitals. Our work supports two claims. In comparison to more common design techniques, the mediator approach eases the development and evolution of integrated systems; and the method can be learned and used profitably by practicing software engineers.

 

Sullivan, K. J., & Notkin, D. (1990). Reconciling environment integration and component independence. Proceedings of the fourth ACM SIGSOFT symposium on Software development environments, 22-33.

 

Sullivan, K. J., Notkin, D., Fuggetta, A., & Favaro, J. (1999). First workshop on economics-driven software engineering research (EDSER-1). Proceedings of the 21st international conference on Software engineering. 699-700.

 

Sullivan, K. J., Shaw, M., Boehm, B. W., Notkin, D., & Harrison, W. (2001). Third international workshop on economics-driven software engineering research. Proceedings of the 23rd International Conference on Software Engineering. 770.

 

van Dam, A., Dill, J., Dixon, D. F., & Notkin, D. (1976). Structured programming in assembly language. ACM SIGCSE Bulletin, 53-67.

 

VanHilst, M., & Notkin, D. (1996). Decoupling change from design. Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering, 58-69.

 

VanHilst, M., & Notkin, D. (1996). Using C++ Templates to Implement Role-Based Designs. Proceedings of the Second JSSST International Symposium on Object Technologies for Advanced Software, 22-37.

 

VanHilst, M., & Notkin, D. (1996). Using role components to implement collaboration-based designs. Proceedings of the 11th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, 359-369.

 

Walker, R. J., Briand, L. C., Notkin, D., Seaman, C. B., & Tichy, W. F. (2003). Panel: empirical validation: what, why, when, and how. Proceedings of the 25th International Conference on Software Engineering, 721-722.

 

Xie, T., Marinov, D., & Notkin, D. (2004). Rostra: A Framework for Detecting Redundant Object-Oriented Unit Tests. Proceedings of the 19th IEEE international conference on Automated software engineering, 196-205.

 

Xie, T., Marinov, D., Schulte, W., & Notkin, D. (2005). Symstra: A framework for generating object-oriented unit tests using symbolic execution. Tools and Algorithms for the Construction and Analysis of Systems, 365-381.

 

Xie, T., & Notkin, D. (2004). Automatic extraction of object-oriented observer abstractions from unit-test executions. Formal Methods and Software Engineering, 290-305.

 

Xie, T., & Notkin, D. (2004). Automatic extraction of object-oriented observer abstractions from unit-test executions. Formal Methods and Software Engineering, 290-305.

 

Xie, T., & Notkin, D. (2004). Checking Inside the Black Box: Regression Testing Based on Value Spectra Differences. Proceedings of the 20th IEEE International Conference on Software Maintenance, 28-37.

 

Xie, T., & Notkin, D. (2004). Mutually enhancing test generation and specification inference. Formal Approaches to Software Testing, 2931, 60-69.

 

Generating effective tests and inferring likely program specifications are both difficult and costly problems. We propose an approach in which we can mutually enhance the tests and specifications that are generated by iteratively applying each in a feedback loop. In particular, we infer likely specifications from the executions of existing tests and use these specifications to guide automatic test generation. Then the existing tests, as well as the new tests, are used to infer new specifications in the subsequent iteration. The iterative process continues until there is no new test that violates specifications inferred in the previous iteration. Inferred specifications can guide test generation to focus on particular program behavior, reducing the scope of analysis; and newly generated tests can improve the inferred specifications. During each iteration, the generated tests that violate inferred specifications are collected to be inspected. These violating tests are likely to have a high probability of exposing faults or exercising new program behavior. Our hypothesis is that such a feedback loop can mutually enhance test generation and specification inference.

 

Xie, T., & Notkin, D. (2005). Automatically Identifying Special and Common Unit Tests for Object-Oriented Programs. Proceedings of the 16th IEEE International Symposium on Software Reliability Engineering, 277-287.

 

Xie, T., & Notkin, D. (2005). Checking inside the black box: Regression testing by comparing value spectra. IEEE Transactions on Software Engineering, 31(10), 869-883.

 

Comparing behaviors of program versions has become an important task in software maintenance and regression testing. Black-box program outputs have been used to characterize program behaviors and they are compared over program versions in traditional regression testing. Program spectra have recently been proposed to characterize a program's behavior inside the black box. Comparing program spectra of program versions offers insights into the internal behavioral differences between versions. In this paper, we present a new class of program spectra, value spectra, that enriches the existing program spectra family. We compare the value spectra of a program's old version and new version to detect internal behavioral deviations in the new version. We use a deviation-propagation call tree to present the deviation details. Based on the deviation-propagation call tree, we propose two heuristics to locate deviation roots, which are program locations that trigger the behavioral deviations. We also use path spectra ( previously proposed program spectra) to approximate the program states in value spectra. We then similarly compare path spectra to detect behavioral deviations and locate deviation roots in the new version. We have conducted an experiment on eight C programs to evaluate our spectra-comparison approach. The results show that both value-spectra-comparison and path-spectra-comparison approaches can effectively expose program behavioral differences between program versions even when their program outputs are the same, and our value-spectra-comparison approach reports deviation roots with high accuracy for most programs.

 

Xie, T., & Notkin, D. (2006). Tool-assisted unit-test generation and selection based on operational abstractions. Automated Software Engineering, 13(3), 345-371.

 

Unit testing, a common step in software development, presents a challenge. When produced manually, unit test suites are often insufficient to identify defects. The main alternative is to use one of a variety of automatic unit-test generation tools: these are able to produce and execute a large number of test inputs that extensively exercise the unit under test. However, without a priori specifications, programmers need to manually verify the outputs of these test executions, which is generally impractical. To reduce this cost, unit-test selection techniques may be used to help select a subset of automatically generated test inputs. Then programmers can verify their outputs, equip them with test oracles, and put them into the existing test suite. In this paper, we present the operational violation approach for unit-test generation and selection, a black-box approach without requiring a priori specifications. The approach dynamically generates operational abstractions from executions of the existing unit test suite. These operational abstractions guide test generation tools to generate tests to violate them. The approach selects those generated tests violating operational abstractions for inspection. These selected tests exercise some new behavior that has not been exercised by the existing tests. We implemented this approach by integrating the use of Daikon (a dynamic invariant detection tool) and Parasoft Jtest (a commercial Java unit testing tool), and conducted several experiments to assess the approach.

 

Xie, T., Zhao, J., Marinov, D., & Notkin, D. (2006). Detecting Redundant Unit Tests for AspectJ Programs. Proceedings of the 17th International Symposium on Software Reliability Engineering, 179-190.

 

Zahorjan, J., Lazowska, E. D., Levy, H. M., Notkin, D., & Sanislo, J. (1987). Accommodating Heterogeneity. Proceedings of the International Workshop on Experiences with Distributed Systems, 89-103.