Engineering of Reliable and Secure Software via Customizable Integrated Compilation Systems

Lack of software quality can cause enormous unpredictable costs. Many strategies exist to prevent or detect defects as early in the development process as possible and can generally be separated into proactive and reactive measures. Proactive measures in this context are schemes where defects are avoided by planning a project in a way that reduces the probability of mistakes. They are expensive upfront without providing a directly visible benefit, have low acceptance by developers or don't scale with the project. On the other hand, purely reactive measures only fix bugs as they are found and thus do not yield any guarantees about the correctness of the project.
In this thesis, a new method is introduced, which allows focusing on the project specific issues and decreases the discrepancies between the abstract system model and the final software product. The first component of this method is a system that allows any developer in a project to implement new static analyses and integrate them into the project. The integration is done in a manner that automatically prevents any other project developer from accidentally violating the rule that the new static analysis checks. ... mehrThe second component is a way to directly integrate system models (e.g. from UML) into the project by treating the model as a direct input to the compiler, just like any other source code. These two components together allow developers to handle complex situations that are only relevant to the given project. The entire project gets analyzed for the correct usage of nontrivial APIs or other hazards which either are bugs or are likely to turn into bugs in future refactorings. Thus, the new method permits the incremental introduction of formal analysis without forcing a project's developers to change to unfamiliar habits or styles. At the same time, it allows preventing classes of defects automatically, yielding immediate gains from the first usage of the new method.