boddenApril2013

Speaker: Eric Bodden

Title: RefaFlex: Safer Refactorings for Reflective Java Programs

Abstract: If programs access types and members through reflection,
refactoring tools cannot guarantee that refactorings on those programs
are behavior preserving. Refactoring approaches for highly reflective
languages like Smalltalk therefore check behavior preservation using
regression testing. In this presentation I will talk about RefaFlex, a
novel and more defensive approach towards the refactoring of
reflective (Java) programs. RefaFlex uses a dynamic program analysis
to log reflective calls during test runs and then uses this
information to proactively prevent the programmer from executing
refactorings that could otherwise alter the program’s behavior. This
makes re-running test cases obsolete: when a refactoring is permitted,
tests passing originally are guaranteed to pass for the refactored
program as well. In some cases, we further re-write reflective calls,
permitting refactorings that would otherwise have to be rejected. We
have implemented RefaFlex as an open source Eclipse plugin and offer
extensions for six Eclipse refactoring tools addressing naming,
typing, and accessibility issues. Our evaluation with 21,524
refactoring runs on three open source programs shows that our tool
successfully prevents 1,358 non-behaviour-preserving refactorings
which the plain Eclipse refactorings would have incorrectly permitted.

Short bio:
Eric Bodden is heading the Secure Software Engineering Group at the
European Center for Security and Privacy by design (EC SPRIDE), a
federally funded competence center for IT Security at Technische
Universität Darmstadt. Eric's group develops languages, mechanisms,
processes and tools that allow software developers to clearly state
security requirements and, if possible, synthesize partial
implementations that achieve or help achieve these requirements. Eric
is well known for his work on static and dynamic program analysis, as
well as domain specific languages for runtime and security monitoring.
Prior to his appointment at EC SPRIDE, Eric was a PostDoc with Mira
Mezini, and prior to that he conducted his PhD on the static
optimization of AspectJ-based runtime monitors, under the supervision
of Laurie Hendren at McGill University.