|
There is also a list by date of publication, all kinds combined. |
|
Last updated on 8 June 2026. For online versions of publications (all recent ones, and many older ones), follow the right-margin links.
Almost every entry carries a note about the content and sometimes the circumstances of publication.
Other resources: publication lists at DBLP and Google Scholar Use the links below for direct access to the corresponding kind of publications.
| ||
| ||
Coming out of our teaching of concurrency at ETH and the work on SCOOP, a textbook showing that it is possible to make concurrent programming both simple and reliable. Likely release: 2026. | ||
[508] (Ongoing) Standard Eiffel (revised edition of [498]), in progress. | ||
[507] Online version of Object Success [501], released March 2023. | Full text of Object Success available for free download | |
This is not a new book but an online, fully hyperlinked version of [501] from 1995, with a few updates. | ||
[506] Handbook of Requirements and Business Analysis, Springer, 2022. | Book page with preface, sample chapters and extra material | |
My latest published book, a general survey and textbook of requirements analysis. Introduces a comprehensive view of requirements among 4 dimension or PEGS: Project, Environment, Goals and System. Covers how to write good requirements, how to conduct an effective requirements process, the place of requirements in the project lifecycle (whether traditional or agile), object-oriented requirements, the role and limitations of use cases, formal approaches... | ||
[505] Online version of Object-Oriented Software Construction, second edition [502], released September 2022. | Full text of Object-Oriented Software Construction, second edition available for free download | |
This is not a new book but an online, fully hyperlinked version of [502] from 1997, with a few updates reflecting changes in syntax. | ||
[504] Agile! The Good, the Hype and the Ugly, Springer, 2014. Translations: Japanese, Russian, Chinese. |
Book page with preface, some chapters, extra material
| |
An analysis of agile approaches and assessment of their positive and less positive contributions. This book is the result of immersing myself into agile methods for some four years. I found that they are a mixture of the best and the worst; brilliant ideas coexist with damaging advice. The book sorts out the gems from the gravel. It serves as a tutorial, explaining the key agile concepts, as well as a reasoned critique, discussing agile methods in the broader context of software engineering knowledge and identifying the key ideas that truly help software projects.
| ||
[503] Touch of Class: Learning to Program Well Using Object Technology and Design by Contract, 876 + lxiv pages, Springer, August 2009. Translations: Russian. |
Book's home page with preface, some chapters, supporting material.
| |
An introductory programming text using novel techniques for teaching programming: objects and contracts from the start (and inheritance, and genericity, and agents, and all the modern techniques that make life worth living); use of contracts throughout; emphasis on a “light” formal approach; reliance on reuse of existing components; attractive examples, based on the Traffic graphical simulation library (150,000 lines of code) developed specially for this purpose; “Inverted curriculum” approach [265] [263] [423] [395] [385];in-depth treatment of recursion and other advanced topics, including an introduction to lambda calculus. The book is based on seven years of teaching the Introductory Programming course at ETH. Springer did an outstanding job of printing the book in four colors; it has hundreds of illustrations, including numerous photographs of famous computer scientists from my photo gallery. | ||
[502] Object-Oriented Software Construction, second edition, Prentice Hall, 1296 pages, January 1997. Translations: Spanish (Prentice Hall Latin America), French (Eyrolles), Russian (Russkaia Redaktsia / Internet Universitet, Moscow, 2005), Serbian (CET, Belgrade, 2003), Japanese (IT Architects, 2007). | Full text of Object-Oriented Software Construction, second edition available for free download | |
September 2022: I have been able to reconstruct the book and put it entirely on line for free usage. See the link on the right.
| ||
[501] Object Success: A Manager's Guide to Object-Orientation, its Impact on the Corporation, and its Use for Reengineering the Software Process, Prentice Hall, 1995. Translation: German (Carl Hanser Verlag). | ||
March 2023: I have been able to reconstruct the book. It is now available for free use on the Web, fully hyperlinked. See the URL on the right.
| ||
[500] Reusable Software: The Base Object-Oriented Component Libraries, Prentice Hall, 1994. | ||
Presents a full-fledged method for constructing high-quality libraries of reusable components, building on the principles of [381], and its application to the design of the EiffelBase libraries as they existed at the time, and their entire specification. | ||
[499] An Object-Oriented Environment: Principles and Application, Prentice Hall, 1994. | ||
Based on the EiffelBench (now EiffelStudio) environment as it was back then, and as such obsolete, but introduces a number of concepts that should be applied to make an IDE truly object-oriented — that is to say, consistent with the O-O method and language it supports — and that are still relevant. | ||
[498] Eiffel: The Language, Prentice Hall, 1991. Second revised printing, 1992. Translations: French (InterEditions). Third edition in preparation (see [508]). | ||
Known as “ETL”, this book describes an older version of the language and still serves as a good survey of the concepts, although to know what Eiffel really is today you should consult the Ecma/ISO standard [466]. ETL tries to be three books in one: introduction; manual; reference. To achieve this goal, it intersperses discussions at various levels of discourse. The reference part systematically gives three descriptions for every construct: syntax, validity constraints (expressing the static semantics, e.g. type rules) and semantics. It uses a system of “road signs” to make sure the reader always knows the category of every description element. The description is more precise than the definitions of most other languages. In particular, the 90 or so validity constraints are of the “if and only if” form. For other languages you generally find “only if” rules, telling you what you may not write, which is important but not enough. Take an assignment x := y. You will be told that you must provide a type for y with that of x; somewhere else you read that x may not be a read-only entity (such as a formal argument); yet somewhere else there will be more conditions. But as a programmer I want to know what I may write: I want necessary and sufficient conditions. The Eiffel rules in ETL are of the form “An assignment x := y is valid if and only if it satisfies the following conditions: (1)... (2)... ”. This style is more difficult for the language designer, who must make sure not to forget any case, but they provide a contract to the programmer, who knows that if he satisfies all the given conditions he is entitled to proper processing by the compiler and a guaranteed semantics at execution time. The BNF variant for syntax is also original; called BNF-E, it requires a single production to define every construct and does not allow nesting (for example, no choice inside an aggregate or repetition). The result is a slightly bigger grammar, but I find it more readable, and more manageable as a language evolves. | ||
[497] Introduction to the Theory of Programming Languages, Prentice Hall, 1990. Translations: Japanese (ASCII Corp.), French (InterEditions). | Full text of Introduction to the Theory of Programming Languages available for free download | |
September 2022: I have been able to reconstruct the book and put it entirely on line for free usage. See the link on the right
| ||
[496] Object-Oriented Software Construction, Prentice Hall, 592 pages, 1988. Translations: German (Carl Hanser Verlag), French (InterEditions), Italian (Jackson publishing), Japanese (ASCII Corp.), Dutch (Prentice Hall), Chinese, Rumanian. (See [502] for second edition, now available online.) | ||
This first edition sold something like 150,000 copies and was widely translated. Many people told me over the years that they “understood O-O” through it. The second edition supersedes it, although it loses the concision of the original. | ||
[495] With Claude Baudoin: Méthodes de Programmation (Programming Methodology), Eyrolles, Paris, 1978; third revised edition, 661 pages, 1984. Translation: Russian (Mir Publishing). | ||
We wrote this book fresh out of school and managed to convince the publisher to include everything (other publishers wanted us to trim it down to 250 pages). It is a compendium of programming methodology, programming techniques, fundamental algorithms and data structures. It emphasizes program correctness, through assertion techniques, and software architecture. The chapter on programming methodology contains the first ever published description of the Z specification language anywhere (as far as I know), in a very early form. The book was extremely successful in France, both as a textbook and for engineers in industry; incredibly, it still seems to be in print. The Russian translation was also widely circulated and I still meet people from Russia who tell me this is where they learned programming. There never was an English translation: I accepted Prentice Hall's and Tony Hoare's suggestion that I do the translation myself — a huge mistake, as I started rewriting the book instead of translating it, and never finished, although that effort, titled Applied Programming Methodology, fed later work. In particular the object-oriented pseudocode that I used throughout, an extension of the notation in Méthodes de Programmation, led directly to Eiffel. | ||
| ||
[494] Editor: The French School of Programming, Springer, 2024. | ||
There is no “French School of Programming” in the strict sense but a group of brilliant researchers who share a passion for simplicity and elegance. This book collects a number of specially written chapters by some of the most prestigious members of that community; in the order of the chapters:
Gérard Berry, Marie-Clause Gaudel, Michel Raynal, Jean-Marc Jézéquel, Joëlle Coutaz, Jean-Pierre Briot, Pierre-Louis Curien Thierry Coquand, Patrick Cousot, Jean-Jacques Lévy, Jean-Pierre Jouannaud and Giuseppe Castagna. The last chapter is by me [225]; so is the Preface. Jim Woodcock wrote the Foreword, providing an enlightened outsider's perspective.
| ||
[493] (Editor, with Martin Nordio) Software Engineering; International Summer Schools, LASER 2013-2014, Elba Island, Italy, Revised Tutorial Lectures; Lecture Notes in Computer Science 8987, Springer, 2015. | ||
[492] (Editor, with Martin Nordio) Tools for Practical Software Verification; International Summer School, LASER 2011, Elba Island, Italy, Revised Tutorial Lectures; Lecture Notes in Computer Science 7682, Springer, December 2012. | ||
[491] (Editor, with Martin Nordio) Empirical Software Engineering and Verification; International Summer School, LASER 2008-2010, Elba Island, Italy, Revised Tutorial Lectures; Lecture Notes in Computer Science 7007, Springer, February 2012. | ||
Since 2004 our chair has been organizing the yearly LASER summer school on the Elba Island in Italy. Starting with the 2006 school we have been able to publish proceedings in a special LNCS sub-series. This is the second volume (see [213], [492], [493]) for others so far) of proceedings of the annual LASER summer school, which takes place every September on Elba island in Italy. It covers lectures from the 2008, 2009 and 2010 schools on topics of empirical software engineering and software verification. The volume includes two of our own papers: one on testing, assessing the value of branch coverage [215], and the other on concurrency, providing an operational semantics for SCOOP [216]. | ||
[490] (Editor, with Jürg Kohlas and André Schiper) Dependable Systems: Software, Computing, Networks, Lecture Notes in Computer Science 4028, Springer, September 2006. | ||
The final product of the DICS project (Dependable Information and Communication Systems) funded by the Hasler foundation. A number of papers present various aspects of software dependability; one of them is a general survey of reliability techniques [211]. | ||
[489] (Editor, with Jean-Marc Nerson) Object-Oriented Applications, Prentice Hall, 1993. | ||
A collection of chapters by several authors, describing a number of interesting applications written in Eiffel, with many discussions of issues of object-oriented architecture. | ||
[488] (Editor, with Dino Mandrioli) Advances in Object-Oriented Software Engineering, Prentice Hall, 1991. | ||
Proceedings of a fascinating spring school on object technology organized in Capri in 1988 by Carlo Ghezzi and Dino Mandrioli. Speakers also included Mehdi Jazayeri and Peter Wegner. The first chapter [203] is a general introduction to Design by Contract. | ||
| ||
[487] With Li Huang and Manuel Oriol: System and method for repairing computer programs automatically without execution, filed as US Patent 18/648,802, 29 April 2024. | ||
For the general spirit of the work leading to this patent see [348]. | ||
[486] With Manuel Oriol, Li Huang and others: Seeding contradictions as a fast method for generating full-coverage test suites, filed as US Patent 17/818,348, 8 August 2022. | ||
For the general spirit of the work leading to this patent see [350]. | ||
[485] With Jean-Michel Bruel, Alfredo Capozucca, Manuel Mazzara, Alexandr Naumchev and Andrey Sadovykh: Frontiers in Software Engineering Education, Proceedings of First International Workshop, FISEE 2019, Villebrumier, France, November 11-13, 2019, Invited Papers, Springer Lecture Notes in Computer Science 12271, 2020. | FISEE 2019 (Springer page) | |
The first of a series of worskhops on software engineering education held in the outstanding venue provided by the Château de Villebrumier. The second in the series, postponed (thanks, Covid), will take place in January 2023. | ||
[484] With Jean-Michel Bruel and Manuel Mazzara: Software Engineering Aspects of Continuous Development and New Paradigms of Software Production and Deployment, Proceedings of Second International Workshop, DEVOPS 2019, Villebrumier, France, May 6-8, 2019, Revised Selected Papers. Springer Lecture Notes in Computer Science 12055, 2020. | DEVOPS 2019 (Springer page) | |
[483] Editor, with Manuel Mazzara, Jean-Michel Bruel and Alexander K. Petrenko: TOOLS 51: Software Technology: Methods and Tools, Proceedings of 51st International Conference, Kazan, October 15-17, 2019, Springer Lecture Notes in Computer Science 11771, 2019. | TOOLS 51 (book page from Springer) | |
After a temporary stop, TOOLS restarted in in 51st (!) iteration in Kazan, following the tradition of quality of previous conferences in the series. | ||
[482] With Jean-Michel Bruel and Manuel Mazzara: Software Engineering Aspects of Continuous Development and New Paradigms of Software Production and Deployment, Proceedings of First International Workshop, DEVOPS 2018, Villebrumier, France, March 5-6, 2018, Revised Selected Papers, Springer Lecture Notes in Computer Science 11350, 2019. | DEVOPS 2018 (Book page from Springer) | |
The proceedings of the first in a series of Villebrumier workshops; see [484] for the second one. | ||
[481] (Editor, with Manuel Mazzara) PAUSE: Present And Ulterior Software Engineering, Villebrumier, France, December 2015, Proceedings, Springer, 2017. | ||
The PAUSE symposium was held in the new conference and seminar center of Villebrumier near Toulouse to mark the closing of my group, the ETH Chair of Software Engineering, after 14 years. The participants were some of the top names from many areas of software engineering. This volume collects some of their contributions. | ||
[480] (Editor, with Martin Nordio, Mathai Joseph and Andrey Terekhov) Software Engineering Approaches For Outsourced and Offshore Development (SEAFOOD 2010), 4th International Conference, Saint Petersburg, Russia, Lecture Notes in Business Information Processing 54, Springer, July 2010. | ||
This fourth edition of the SEAFOOD conference series (see [473]) was for the first time held in Russia, whose outsourcing successes are less well-known than those of India but no less remarkable. | ||
[479] (Editor, with Olly Gotel and Mathai Joseph) Software Engineering Approaches For Outsourced and Offshore Development (SEAFOOD 2009), 3rd International Conference, ETH Zurich, July 2-3, 2009, Lecture Notes in Business Information Processing 35, Springer, July 2009 | ||
Proceedings of third SEAFOOD conference; see notes on the first one [473]. | ||
[478] (Editor, with Manuel Oriol) Objects, Components, Models and Patterns: 47th international TOOLS conference, Zurich, Switzerland, June/July 2009, Lecture Notes in Business Information Processing 33, Springer, June 2008. | ||
2009 TOOLS conference proceedings, in LNBIP. See [470] for a general note about the conference series. | ||
[477] (Editor, with Kay Berkling, Mathai Joseph and Martin Nordio) Software Engineering Approaches For Outsourced and Offshore Development (SEAFOOD), ETH Zurich, July 2-3, 2008, revised papers, Lecture Notes in Business Information Processing 16, Springer, May 2009. | ||
Proceedings of second SEAFOOD conference; see notes on the first one [473]. | ||
[476] (Editor, with Jerzy R. Nawrocki and Bartosz Walter) Balancing Agility and Formalism in Software Engineering, CEE-SET 2007, Second IFIP TC2 Central and East European Conference on Software Engineering Techniques, October 10-12, 2007, Poznán, Poland, revised selected papers, Lecture Notes in Computer Science 5082, Springer, 2008. | ||
CEE-SET evolved from a purely Polish event to a conference showcasing software engineering advances in the entire Central and Eastern European region. | ||
[475] (Editor, with Jim Woodcock) VSTTE: Verified Software: Theories, Tools, Experiments, ETH Zurich, 10-13 October 2005, revised papers and transcripts, Lecture Notes in Computer Science 4171, Springer, 2008. | ||
VSTTE 2005, the first in the VSTTE series, was the launching event of the Software Verification Grand Challenge initiatied by Tony Hoare. The proceedings provide a fascinating snapshot of the state of the art on software verification, and perspectives on new research. They include not only papers but also a transcript of the discussions at the conference. | ||
[474] (Editor, with Richard Paige) Objects, Components, Models and Patterns: 46th international TOOLS conference, Zurich, Switzerland, June/July 2008, Lecture Notes in Business Information Processing 11, Springer, June 2008. | ||
2008 TOOLS conference proceedings, in LNBIP. See [470] for a general note about the conference series. | ||
[473] (Editor, with Mathai Joseph) Software Engineering Approaches For Outsourced and Offshore Development (SEAFOOD), ETH Zurich, February 5-6, 2007, revised papers, Lecture Notes in Computer Science 4716, Springer, October 2007. | ||
The SEAFOOD conference series, started in 2007 with Mathai Joseph from Tata Consulting Services, addresses a fundamental aspect of today's software development scene: distributed development, in particular through outsourcing. The conferences have had the benefit of contributions by authors from many different countries and organizations, including some seldom heard in software engineering conferences. | ||
[472] (Editor, with Jean Bézivin) Objects, Components, Models and Patterns: 45th international TOOLS conference, Zurich, Switzerland, 24-28 June 2007, Special issue of theJOT (Journal of Object Technology), Vol. 6, no. 9, October 2007. | ||
2007 TOOLS conference proceedings, published in JOT. See [470] for a general note about the conference series. | ||
[471] (Editor, with Yuri Gurevich) TAP: Tests And Proofs, First International Conference, ETH Zurich, February 12-13, 2007, revised papers, Lecture Notes in Computer Science 4454, Springer, August 2007. | ||
The proceedings of the first TAP conference, now a yearly event held in conjunction with TOOLS. TAP was created to explore the convergence of two software verification approaches, tests and proofs, which are still often the provinces of different communities but have much to bring to each other. | ||
[470] (Co-editor, with others including: Jean Bézivin, Roger Duke, Raimund Ege, Timothy Korson, Christine Mingins, Jean-Marc Nerson, Jean-François Perrot, John Potter, Wolfgang Pree, Madhu Singh, Mario Tokoro) TOOLS EUROPE, USA, PACIFIC and ASIA conferences (Technology of Object-Oriented Languages and Systems) 1 to 38, Paris, Sydney, Melbourne, Dortmund, Santa Barbara, Versailles, Zurich, published by SOL (vol. 1), Angkor (volume 2), Prentice Hall (vols. 4 to 26) and IEEE Computer Society Press (vol. 27 on), 1989 to 2003. (Volumes since 2007, published by JOT then Springer Lecture Notes in Computer Science, are listed separately.) | ||
The TOOLS conference series is one of the longest-running conferences in software engineering and specifically in the area of object technology, component-based development, patterns and model-based development. Going back to 1988, it has had almost 50 sessions and provided a venue for many of the innovations in the field over the years. Now organized by ETH Zurich, typically in the week across June and July and not necessarily in Zurich, the conference continues to thrive. The proceedings provide a unique record of the progress of software technology over more than two decades. | ||
[469] (Editor, with Larry Druffel) ICSE '88: Proceedings of 10th International Conference on Software Engineering (Singapore), IEEE Computer Society Press, 1988. | ||
Proceedings of the 1987 ICSE, of which I was program chair. See [50] | ||
[468] (Editor) Logiciel et Matériel, Applications et Implications (Proceedings of the National AFCET-INFORMATIQUE 1980 Conference, Nancy), November 1980, AFCET, Paris. | ||
The first event in a series of national conferences on software engineering in France. | ||
| ||
[467] (Editor) Ecma standard: Eiffel Analysis, Design and Programming Language, revision of [466], in progress. | ||
Work on the standard had stopped for several years since we were pretty happy with the current version [466], but the language and its description have improved considerably and we are now working actively again to produce a revised version in 2026. | ||
[466] (Editor) ECMA standard: Eiffel Analysis, Design and Programming Language, approved as International Standard 367 by Ecma International, 21 June 2005; revised edition, December 2006, approved by the International Standards Organization as the ISO standard ISO/IEC 25436:2006. |
Eiffel standard on Ecma site (free access)
| |
This international standard is the official Eiffel reference. It describes the modern version of the language as implemented in EiffelStudio, with many advanced features such as agents [7] and void safety [214], while retaining and improving the simplicity and consistency of the original. A revision is in progress [467] but the present one is still the reference, and is also devised as a model of what a clear and precise modern language description should look like. | ||
[465] (Editor) Eiffel Library Kernel Standard (ELKS), Nonprofit International Consortium for Eiffel, 1995. | ||
Original version of the Kernel Library standard for Eiffel. The work continues under the auspices of the Ecma Eiffel standard committee (TC49-TG4, see [467]). | ||
| ||
[464] Combining Tests and Proofs for Software Verification, to appear in Communications of the ACM, vol. 69, no. 9, August 2026 (accepted 22 Jan. 2026).. | ||
A general overview and summary of the work done in the last four years to combine tests and proofs, embodied in Li Huang's PhD thesis. Previous papers addressing specific aspects of the work are: [190], [347], [348], [352], [350], [351], [355]. Here everything is brought together with a few new results.
| ||
[463] Artificial Intelligence for Software Engineering: From Probable to Provable, in Communications of the ACM, vol… 69, no. 6, pages 46-49, June 2026. |
Probable to provable (ACM site)
| |
An opinion piece (“viewpoint article”) discussing the limitations of applying artificial intelligence to software development, and a view of how the combination can blossom (spoiler: use formal verification).
| ||
[462] Is AI Intelligent?, in Communications of the ACM, vol. 69, no. 5, May 2026 (published 23 April). |
Is AI intelligent? (Preprint)
| |
A critique of the easy and intellectually superficial dismissal of AI as supposedly “not intelligent”. Takes the scientific approach (in line with work of Turing, Weizenbaum and Searle): postulate a hypothesis -- Yes, AI is intelligent -- and tries to disprove it. Shortened version of a CACM blog article [69]. Is AI Intelligent?, in available at dl.acm.org/doi/10.1145/3797898. | ||
[461] Obituary for Niklaus Wirth, in Formal Aspects of Computing, vol. 37, no. 2, 3 March 2025, pages 1-11. | ||
(Slightly revised and extended journal version of a blog article [108].) An extended personal review of the life and works of Turing-Award winner and ETH professor (my predecessor) Niklaus Wirth. It is a eulogy, but not a hagiography; explains my areas of both agreement and disagreement with Wirth, and turns at times into a discussion of what language design should be. | ||
[460] With Alisa Arkadova and Alexander Kogtenkov, The Concept of Class Invariant in Object-Oriented Programming, in Formal Aspects of Computing, vol. 36, no. 1, published 20 March 2024. |
Class invariants (draft on arXiv)
| |
(Revised version of [185] — which is from 2016, so one can see it took over 6 years to complete. Note the addition of coauthors.
In fact [185] was itself based on [209] from 2005, and the roots of the work go back to the description of class invariant semantics in Object-Oriented Software Construction in 1997 [502] and 1988 [496]. See also the “flexible invariants” [328] work from 2014.)
| ||
[459] With Maria Naumcheva, Sophie Ebersold, Alexandr Naumchev, Jean-Michel Bruel, and Florian Galinier: Object-Oriented Requirements: a Unified Framework for Specifications, Scenarios and Tests, in JOT (Journal of Object Technology), vol. 22, no. 1, 2023, pages 1-19. | ||
An article explaining how object-oriented requirements subsume use cases and other scenario techniques. Partly based on ideas from my requirements book [506] (see also the shorter and more informal treatment of the topic in a blog article [64]) but including a significant case study developed by Maria Naumcheva: Roborace software for Formula-1 cars. | ||
[458] With Jean-Michel Bruel, Sophie Ebersold, Florian Galinier, Manuel Mazzara and Alexandr Naumchev: The Role of Formalism in System Requirements, in ACM Computing Surveys, vol. 54, no. 5, pages 1-36, June 2022. | ||
A general survey on formal (mathematical) approaches to specification, covering a wide variety of approaches. Techniques covered go from natural-language (Requirements Grammar, Relax, NL to OWL...) to the semi-formal (Reqtify, KAOS, SysML, URML...) to automata-based (Statecharts, Problem Frames, Petri Nets) to fully formal (Event-B, Alloy, VDM...) and seamless (multirequirements). A significant example, a Landing Gear System, is used throughout to illustrate and contrast the approaches.
| ||
[457] Les grands verriers de Nancy : De l’Art Nouveau à l’Art Déco et au-delà Derrière les chefs-d’oeuvre, une aventure humaine (an introduction to French art glass of the Belle Époque, particularly the School of Nancy), a lecture given for the Académie de Montauban, September 2021; published in the proceedings (Recueil) of the Académie de Montauban, volume (tome) XXII, for the years 2021 (second semester) and 2022, pages 25-34. | ||
A survey article on a movement that created some of the greatest masterpieces in art history. An English version (in the form of a small book) is in preparation (2026). | ||
[456] In Search of the Shortest Possible Schedule, in Communications of the ACM, vol. 63, no. 1, pages 8-9, January 2020. | ||
[455] With Alexandr Naumchev, Manuel Mazzara, Florian Galinier, Jean-Michel Bruel and Sophie Ebersold: AutoReq: Expressing and verifying requirements for control systems, in Journal of Computer Languages, vol. 51, pages 131-142, 2019. | ||
Software requirements can be seamless [496] [502] [219] [453], expressed in a suitable programming language; they can also be verified thanks to the appearance of such tools as AutoProof [218]. The approach can fruitfully be applied to embedded systems and, in the case study of this article, it uncovered an error in a previously published formal description. | ||
[454] Making sense of Agile Methods, in IEEE Software, vol. 35, no. 2, March 2018, pages 91-94. |
Agile methods paper (draft)
| |
An invited paper assessing agile methods, based on my Agile! book [504]. It discusses, beyond the hype, the benefits and dangers of agile principles and practices, focusing on concrete examples of what helps and what hurts. | ||
[453] With Alexander Naumchev: Seamless requirements, in Computer Languages, Systems and Structures, vol.49, September 2017, pages 119-132. | ||
Our work on requirements, in line with a general approach to object-oriented development emphasizing seamlessness (going back to Object-Oriented Software Construction[496] [502]), promotes the use of the same concepts and a single notation for requirements as well as design and code. The multirequirements paper [219] laid out a basis for the desirable requirements process. Alexander Naumchev is taking the approach further; in this paper we continue to refine the requirements process and mmake it applicable to large projects. See also [455]. | ||
[452] With Georgiana Caltais: On the Verification of SCOOP Programs, in Science of Computer Programming, 2016 (available online 22 August 2016). | ||
Part of ongoing work to define athe semantics of the SCOOP concurrent programming model and particularly to define no-deadlock conditions. Combines ideas from Rewriting Logic and Maude (as in Benjamin Morandi's work [320]) and alias analysis to define a new approach. | ||
[451] With Jiwon Shin and Andrey Rusakov: SmartWalker: An Intelligent Robotic Walker, in Journal of Ambient Intelligence and Smart Environments, vol.8, no.14, July 2016. | ||
In the SmartWalker project we developed a modern, computer-equipped version of the (hopelessly low-tech) walkers used by elderly people and others with limited mobility. The SmartWalker performs many tasks to help its users. Internally it rests on a sophisticated hardware and software architecture; the software relies on the SCOOP concurrency framework for Eiffel and specifically the Roboscoop robot programming system developed by Andrey Rusakov. We are actively looking for industrial collaboration to develop the prototype further. | ||
[450] With Alexander Kogtenkov and Sergey Velder: Alias Calculus, Change Calculus and Frame Inference, in Science of Computer Programming, 2015, pages 163-172, DOI 10.1016/j.scico.2013.11.006 (first published online 26 November 2013). |
Alias calculus and frame inference (draft) | |
A new development of the work on alias analysis (see [445] and [327]). It describes an improvement of the alias calculus, with a corrected version of the assignment axiom, and an important application to the issue of frame inference. The prospect now exists of using alias analysis to infer frame conditions entirely automatically; in experiments using Alexander Kogtenkov's implementation, all the frame conditions of an example library were inferred, including some that had been missed in manually written “modifies” clauses, and with very few spuriously inferences. (A more recent description of the application to framing appears in [220].) | ||
[449] With Carlo Furia and Sergey Velder: Loop invariants: Analysis, Classification and Examples, in ACM Computing Surveys, vol. 46, no. 3, February 2014. | ||
Loop invariants lie at the core of axiomatic techniques for program specification and verification. To design a loop or understand an existing loop is to design or understand its invariant. In this extensive survey article we review the concept, explain its role in program construction, propose a classification loop invariants, and review the loop invariants of many key algorithms across many areas of computer science. We also study techniques of invariant inference. All the examples have been mechanically verified using Boogie. We hope this article will contribute to the understanding of program construction and program correctness. | ||
[448] With Sebastian Nanz, Faraz Torshizi and Michela Pedroni: Design of an Empirical Study for Comparing the Usability of Concurrent Programming Languages, in Information and Software Technology Journal Elsevier, volume 55, 2013. | ||
(Revised and extended journal version of [304], best paper award of ESEM 2011.) An empirical study comparing the ease of learning of two concurrency models, SCOOP and Java threads. Since we are deeply involved in SCOOP, one of the most delicate aspects was to guard against experimenter bias. I discussed the background of this paper and methodological issues of empirical software engineering in a series of blog postings in June 2011. | ||
[447] With Marco Piccioni and Manuel Oriol: Class Schema Evolution for Persistent Object-Oriented Software: Model, Empirical Study, and Automated Support, in IEEE Transactions in Software Engineering, vol. 39, no. 2, February 2013. | ||
One of the great unsolved issues of object-oriented programming is what to do with objects previously stored (in a file or a database) when the corresponding class description has changed. A basic solution was presented in Object-Oriented Software Construction [502] but a more complete and sophisticated approach is necessary. This article, based on Marco Piccioni's doctoral work and Manuel Oriol's insights, presents tools and libraries for persistent evolution, backed by an extensive empirical study of how classes actually change in the long term evolution of software projects | ||
[446] With Benjamin Morandi and Sebastian Nanz: Performance Analysis of SCOOP Programs, in Journal of Systems and Software, vol. 85, no. 11, November 2012, pages 2519-2530. | ||
Part of Benjamin Morandi's doctoral work with the participation of Sebatian Nanz, the description of tools to analyze the performance of concurrent programs based on the SCOOP model. | ||
[445] Steps Towards a Theory and Calculus of Aliasing, in International Journal of Software and Informatics, special issue (Festschrift in honor of Manfred Broy), Chinese Academy of Sciences, 2011, pages 77-116. | ||
(Revised version of [443].) In verifying object-oriented programs, and any programs involving references or pointers, one is again and again confronted with the problem of aliasing: two expressions denoting the same object. Researchers have tried various approaches to address the issue, including shape analysis, separation logic and ownership types. The alias calculus developed in this article provides a simple, entirely automatic mechanism to compute all aliases induced by a program. The article contains a link to an implementation that the reader can download and try out. (2012 note: the implementation is now superseded by Alexander Kogtenkov's code integrated into EVE, the Eiffel Verification Environment.) | ||
[444] With Ilinca Ciupa, Alexander Pretschner, Manuel Oriol and Andreas Leitner: On the number and nature of faults found by random testing, in Software Testing, Verification and Reliability (Wiley), vol. 21, no. 1, March 2011, pages 3-28. | ||
(Extended journal version of [279].) From the abstract:
[...] [In comparing] faults found through random testing with those found through manual testing and with those found in field use of the software and recorded in user incident reports [we found that] none of the techniques subsumes any of the others; each brings distinct contributions. | ||
[443] Towards a Theory and Calculus of Aliasing, in JOT (Journal of Object Technology), vol. 9, no. 2, March-April 2010, pages 37-74. The Alias Calculus: | ||
See comments on revised version [445]. | ||
[442] With Ilinca Ciupa, Andreas Leitner, Arno Fiva, Yi Wei and Emmanuel Stapf: Programs that Test Themselves, IEEE Computer, vol. 42, no. 9, pages 46-55, September 2009 (feature). | ||
A journal paper (based on a 2007 conference presentation [268]) surveying the compendium of techniques and tools that we have developed at ETH and Eiffel Software (the coauthors come from both organizations) in recent years for automatic testing, now fully integrated under the general name “AutoTest” in the EiffelStudio environment. “Automatic” testing in AutoTest is truly automatic: you provide a set of classes and let AutoTest exercise them until it finds bugs. You do not have to provide test cases; the magic come from built-in contracts in the Eiffel code. In addition to this test generation feature of AutoTest, there is also a test extraction mechanism: after an execution failure AutoTest will, on option, automatically create a reproducible test case which becomes part of the regression test suite. These techniques, in my experience, radically improve the practice of testing. | ||
[441] With Piotr Nienaltowski and Jonathan Ostroff: Contracts for Concurrency, in Formal Aspects of Computing Journal, vol. 21, no. 4, pages 305-318, August 2009. |
Contracts for Concurrency (Springer page) | |
One of the most ambitious research projects in our Chair is the development of a general framework for concurrent computation, SCOOP. It is widely accepted that concurrent programming is hard and will remain hard, but we disagree. More precisely it is OK that our work of building the framework should be tough, but that is to make concurrent programming for programmers already practicing object-oriented programming. This premise is, in my opinion, required to tame the concurrency beast and is the hypothesis behind SCOOP: if you can write an object-oriented program, you can write a concurrent object-oriented program at little extra learning effort. Piotr Nienaltowski's ETH thesis, defended was a major constribution to SCOOP and took the model to a new level, improving many aspects of the previous version (described in a chapter of [502]) and establishing a far more solid basis for the model. The development of SCOOP also benefited from several years of collaboration with Jonathan Ostroff from York University (in Canada), especially on developing the proper theoretical models. This paper presents a detailed model for SCOOP, showing in particular how paying attention to contracts fundamentally determines how to handle concurrent computations. | ||
[440] With Christine Choppy, Jørgen Staunstrup and Jan van Leeuwen: Research Evaluation for Computer Science, in Communications of the ACM, vol. 52, no. 4, April 2009, pages 31-34. | ||
As part of a study performed for Informatics Europe, we defined criteria that should be applied when evaluating the quality of research and especially of researchers in the area of computer science (informatics, IT etc.). [181] is the full Informatics Europe report; this Communications of the ACM is a shorter version. We dispel an number of myths and show — from many other people's studies — how appallingly inadequate the ISI Web of Science is for computer science. The article has been widely quoted and we have had many statements of thanks from computer scientists in many countries, whom it has helped to convince their governing and evaluating bodies to use reasonable, scientifically sound criteria to evaluate computer science work. | ||
[439] Design and Code Reviews in the Age of the Internet, in Communications of the ACM, vol. 51, no. 9, September 2008, pages 66-71. (Journal version of SEAFOOD 2008 paper [282].) | ||
In recent years I have extensively practiced distributed software engineering, that is to say, development by teams that are geographically scattered. This experience has influenced our teaching [285] [292], [300], but the initial impetus was in an industrial setting, at Eiffel Software. One of the techniques that we have found essential for successful distributed software development is a modern revision of the venerable software engineering technique of code reviews, profoundly transformed to take advantage of today's technology and to be useful to distributed teams. We now apply the principles and setup described in the article not only to industrial development but also to our courses and to the production of our research software, whether distributed or local. | ||
[438] Seven Principles of Software testing, in IEEE Computer, vol. 41, no. 10, pages 99-101, August 2008. | ||
A short note describing general principles of testing and dispelling some commonly held misconceptions. It triggered a discussion published in IEEE Software [12]. | ||
[437] With Till Bay and Michela Pedroni: By students, for students: a production-quality multimedia library and its application to game-based teaching, in JOT (Journal of Object Technology), vol. 7, no. 1, pages 147-159, January 2008. | ||
The EiffelMedia library started by Till Bay and Michela Pedroni gave rise, over the years, to a large number of student developments at ETH, over many years, covering many aspects of multimedia. This article draws the pedagogical lessons. | ||
[436] With Karine Arnout: Componentization: the Visitor Example, in Computer (IEEE), vol. 39, no. 7, July 2006, pages 23-30. | ||
Are design patterns fundamentally different from software components? This is indeed the view in the design pattern literature. In that view, a pattern cannot be reused off the shelf: it has to be programmed and adapted anew for every application that uses it. This approach is disappointing for anyone interested in reusability as promoted by object technology: a truly reusable solution should be reusable as it is, in black box style. With Karine Arnout we investigated whether we could actually go beyond this accepted view of design patterns, and turn the standard patterns (to start with, those in the “Gang of Four” book) into a library of reusable components. Her PhD thesis (2006) shows that a large part of these patterns can indeed be wrapped as ready-to-use components; the twist is that you need advanced language features, such as Eiffel's agents (O-O closures [413]), multiple inheritance, constrained genericity, and contracts to keep everything under control. This IEEE Computer article shows a successful componentization, applied to one of the most delicate patterns: Visitor. Companion articles [208] [435] presents the cases of the Observer and Factory patterns. | ||
[435] With Karine Arnout: Pattern Componentization: the Factory Example, in Innovations in Systems and Software Technology (a NASA Journal) (Springer), 2006 (Online First version 6 May 2006). | ||
[434] Testable, Reusable Units of Cognition, in Computer (IEEE), vol. 39, no. 4, April 2006, pages 20-24. | ||
A Truc, or Testable, Reusable Unit of Cognition, is a unit of teachable knowledge that can be given a precise description following a standard structure: definition, names, prerequisites, examples, applications, common misconceptions etc. This article presents the notion of Truc and explains the central role it can play in structuring, evaluating and comparing educational efforts and artifacts: courses, textbooks, curricula. The TrucStudio Pedagogical Development Environment [290] is based on this concept. | ||
[433] Offshore Development: The Unspoken Revolution in Software Engineering, in Computer (IEEE), January 2006, pages 124, 122-123. | ||
While there had been many discussions of the political and economic aspects of software outsourcing, this article was the first (to my knowledge) to discuss the technical consequences of this massive phenomenon. The article takes a software engineering perspective of outsourcing. I decided to write it when I saw that the list of topics in the Call for Papers of the 2006 International Conference on Software Engineering — held, of all places, in Shanghai — did not even include anything related to outsourcing or distributed development. Our group at ETH has been actively working on distributed and outsourced software engineering — DOSE, the current name of the course that we have been teaching since 2003 with Peter Kolb (originally Software Engineering for Outsourcing). Several publications have followed this IEEE Computer paper, on research and education aspects of distributed development; see in particular [300], [292], [285], [439]. The SEAFOOD conference series (Software Engineering Advances For Outsourced and Offshore Development) [473] [477] [479] [480] also followed from this article. | ||
[432] with Karine Arnout: Uncovering Hidden Contracts: The .NET example , in Computer (IEEE), vol. 36, no. 11, November 2003, pages 48-55. Short version of [207]. | ||
Even though this is the journal version, the conference version [207] is more detailed. See the comments on that entry. | ||
[431] With Piotr Nienaltowski and Volkan Arslan: Concurrent Object-Oriented Programming on .NET, in IEE Proceedings on Software, vol. 150, no. 5, October 2003, pages 308-314. | ||
A presentation of SCOOP with special emphasis on the .NET implementation. | ||
[430] Proving Pointer Program Properties, Part 2: The Overall Object Structure, in JOT (Journal of Object Technology), vol. 2, no. 2, May-June 2003, pp. 77-100. | ||
Continuation of [429]. | ||
[429] Proving Pointer Program Properties, Part 1: Context and overview, in JOT (Journal of Object Technology), vol. 2, no. 2, March-April 2003, pp. 87-108. | ||
One of the challenges in automated verification of object-oriented programs is to deal with pointers (references). This series of papers is a step along the way. The idea is to use simple, intuitive set-theoretical models. [430] is the continuation. | ||
[428] The Start of an Eiffel Standard in JOT (Journal of Object Technology), vol. 1, no. 2, July-August 2002, pp. 95-99 | ||
In 2002 we started an effort to produce an international standard, which culminated four years later with the Ecma standard and one year after that in the Ecma/ISO standard [466]. This article was written at the time of the launch of the effort and described its goals and scope. | ||
[427] With Raphael Simon and Emmanuel Stapf: Full Eiffel on .NET, MSDN (online article), July 2002. | ||
Describes the implementation of Eiffel on .NET, expanded from [417] so that it would cover the full language. Explains in particular how multiple inheritance was implemented on top of a framework that natively supports single inheritance only, and how Eiffel achieved full interoperability with other .NET .NET languages such as C# and Visual Basic .NET. | ||
[426]
Multi-language programming: how .NET does it, 3-part article in Software Development, May, June and July 2002. Part 1: Polyglot Programming; Part 2: Respecting other object models; Part 3: Interoperability: at what cost, and with whom? Multi-language: HTML, as published: (2 and 3 forthcoming). | ||
What attracted us to the .NET framework — initially as part of Microsoft's “Project 7”, prior to the official release — was its genuine support for multiple languages in a single framework. This three-part article explains in detail the .NET model for multi-language interoperability, and how to implement a language on .NET so that the resulting programs can interacte freely with components coming from other languages such as C# and Visual Basic .NET. The article contains in particular a full description of how we implemented Eiffel's multiple inheritance model on top of a framework that only supports single class inheritance. | ||
[425] Overloading vs Object Technology, in in JOOP (Journal of Object-Oriented Programming), vol. 14, no. 4, October-November 2001, pages 3-7. | ||
Having overloading in an object-oriented language destroys the simplicity and consitency of the type system. I know this is not a dominant view, but this article explains in detail why in-class (syntactic) overloading is not only useless but harfmul in an O-O context. Part of the Eiffel column in JOOP [138]. | ||
[424] .NET is coming, in Computer (IEEE), vol. 34, no. 8, August 2001, pages 92-97. Translation: Russian in Otkrytye Systemy (Open Systems Publications), #11-2001, November 2001. .NET overview as published (PDF); |
computer/dotnet.pdf
| |
One of the first introductions to the .NET framework, written from a programmer's perspective. Published in the IEEE Computer “Object and Component Technology” column [137]. | ||
[423] Software Engineering in the Academy, in Computer (IEEE), vol. 34, no. 5, May 2001, pages 28-35. Translations: Russian in Otkrytye Systemy (Open Systems Publications), #07-08-2001, October 2001; Chinese (Jian Hu). as published (PDF) ; ; | ||
Before I joined, ETH asked me to write a “vision statement” on teaching, presumably because my background was not as a full-time academic. I thought I might just as well reach for a publication of general interest rather than just an internal paper, hence this paper, a broad discussion of the issues and principles of teaching software engineering in a university environment. | ||
[422] Conversions in an Object-Oriented Language with Inheritance, in JOOP (Journal of Object-Oriented Programming), vol. 13, no. 9, January 2001, pages 28-31. | ||
All programming languages offer some sort of conversion mechanism between values and variables; for example you can usually use an integer as a real (floating-point) number. Most such conversion mechanisms are, however, ad hoc; they break the consistency of the type system, especially in an object-oriented context; and they are often limited to predefined types, excluding the possibility of conversions for new programmer-defined types. As part of the work that led to the Eiffel standard [466] we devised a general conversion mechanism that does not suffer from these deficiencies. It is compatible with the object-oriented paradigm, enjoying a carefully devised relationship with inheritance; it is safe and promotes reliability; it avoids any confusion on the program reader's part as to whether, for example, a given assignment will involve inheritance, conversion, or neither of these mechanisms (the assignment cannot involve both); it is applicable both to predefined types, defined in Eiffel by library classes, and to any programmer-defined class. The mechanism has been part of Eiffel for many years and is widely used. It is fundamental for example for the fully compatible use of Eiffel on .NET: Eiffel strings and .NET strings are safely and silently converted back and forth. This paper describes conversion principles and their application to the Eiffel mechanism. It was published as part of the Eiffel column in JOOP [138]. | ||
[421] The Significance of .NET, in Software Development, November 2000. Also: (SD site) | ||
[420] Towards More Expressive Contracts, in JOOP (Journal of Object-Oriented Programming), July 2000. | ||
[419] Contracts for Components, in Software Development, vol. 8, no. 7, July 2000, pages 51-53 | ||
How do contracts apply to components other than object-oriented classes? Part of the Software Development column [139]. | ||
[418] With Christine Mingins, Raphael Simon and Emmanuel Stapf: Eiffel for E-Commerce under .NET, JOOP (Journal of Object-Oriented Programming), July 2000. | ||
[417] With Christine Mingins, Raphael Simon and Emmanuel Stapf: Eiffel on the Web: Integrating Eiffel Systems into the Microsoft .NET Framework, MSDN (online article), July 2000. Also in Chinese and Japanese translations. Describes an initial implementation, now obsolete; replaced by [427]. (obsolete). Also: and | ||
Describes the initial implementation of Eiffel on .NET, one of the first (with COBOL) ports of a non-Microsoft compiler to the framework. The solutions retained were temporary: as described in the article Eiffel for .NET (temporarily dubbed “Eiffel#”) supported single inheritance only, but this was soon corrected, thanks to sophisticated techniques sketched in [427] and [426]; the language supported on .NET is all of Eiffel, with full interoperability with other .NET languages such as C# and Visual Basic .NET. | ||
[416] What to Compose, in Software Development, March 2000, vol. 8, no. 3, pages 59, 71, 74-75. | ||
A discussion of the requirements that software components must satisfy to be composable. Part of the Software Development column [139]. | ||
[415] A Really Good Idea (final installment of Components and Object Technology column), in Computer (IEEE), vol. 32, no. 12, December 1999, pages 144-147. | ||
Even the best things have an end; this was the last article of the Computer (IEEE) “Object and Component Technology” column [137]. I was given a bit more space than usual and used the opportunity to reflect on the progress object and component technology, its successes, and the remaining challenges. | ||
[414] Every Little Bit Counts: Towards More Reliable Software, in Computer (IEEE), vol. 32, no. 11, November 1999, pages 131-133. | ||
Software reliability is a difficult goal. Dogmatism does not pay: success requires using many different techniques, developed by different communities and addressing different issues. This article reviews some of the available techniques. Published in the IEEE Computer “Object and Component Technology” column [137]. | ||
[413] With Paul Dubois, Mark Howard, Michael Schweitzer and Emmanuel Stapf: From Calls to Agents, in Journal of Object-Oriented Programming, vol. 12, no. 6, September 1999. | ||
The major extension of Eiffel after the Eiffel 3 step [498] was the addition of a carefully designed agent mechanism adding the power of function objects, also called closures in other contexts, and providing the full power of lambda expressions. Agents enrich object-oriented programming with many of the attractions of functional languages (see [212] for a comparison of the functional and O-O approaches from the viewpoint of modular architecture). Agents are essential for applications such as event-driven design and publish-subscribe, as well as for mathematical computations and many others. Dismissing our initial concerns, they turned out to be entirely compatible with and complementary to the other fundamental object-oriented mechanisms. This paper, written in collaboration with the people who were most influential in the design of the mechanism, introduced agents. It was published in the Eiffel column in JOOP [138]. For a more complete description of agents and many examples of their use, see [7]. | ||
[412] With Christine Mingins: Component-Based Development: From Buzz to Spark (introduction to special issue), in Computer (IEEE), vol. 29, no. 7, July 1999, pages 35-37. | ||
Editorial for a special issue on component-based development, which helped convince a large audience of the fundamental role of components in modern software engineering. | ||
[411] Extension season, in JOOP (Journal of Object-Oriented Programming), June 1999. | ||
From the time of Eiffel 3 (1990, as documented in [498]) to 1997 the language remained unchanged; then it was time for an important update which included fundamental new concepts such as agents [7], accompanied by cleanup and simplification of existing parts. The paper describes this important step in the evolution of the language. See [206] for the principles guiding that evolution. | ||
[410] On to Components, in Computer (IEEE), vol. 32, no. 1, January 1999, pages 139-140. | ||
Initially “object-oriented colum”, my IEEE Computer column [137] was extended to “Object and Component Technology” in 1999 to acknowledge the growing importance of component-based development and its complementarity with O-O ideas. This particular installment explained the reasons for the change. | ||
[409] Design by Contract, Components and Debugging, in JOOP (Journal of Object-Oriented Programming), vol. 11, no. 8, January 1999, pages 75-79. | ||
[408] The Role of Object-Oriented Metrics, in Computer (IEEE), vol. 31, no. 11, November 1998, pages 123-125. | ||
What kind of metrics are appropriate for object-oriented programming? Published in the IEEE Computer “Object and Component Technology” column [137]. | ||
[407] Prelude to a Theory of Void, in JOOP (Journal of Object-Oriented Programming), vol. 11, no. 7, November 1998, pages 36-48. | ||
[406] EiffelBase Goes Public, in JOOP (Journal of Object-Oriented Programming), November 1998. | ||
Announces the open-sourcing of the EiffelBase library of fundamental data structures and algorithms, a showcase for careful object-oriented design. Since then the rest of the EiffelStudio environment has also been released under an open-source license. Part of the Eiffel column in JOOP [138]. | ||
[405] Approaches to Portability, in JOOP (Journal of Object-Oriented Programming), July-August 1998. | ||
Discusses how best to achieve the portability of programs across platforms. Part of the Eiffel column in JOOP [138]. | ||
[404] Tell Less, Say More: The Power of Implicitness, in Computer (IEEE), vol. 31, no. 7, July 1998, pages 97-98. | ||
A fundamental difference exists between two kinds of descriptions: explicit, which describe things by what they are, and implicit, which describe them by what they have. This distinction is not always well understood; in particular it is not because a specification is formal (expressed through mathematics rather than in programming terms) that it is implicit; it can still be constructive, a kind of abstract implementation. Implicit specifications are fundamentally more abstract and general (a point already made in [234] and [357]). Much of the power of object technology is due to the implicitness of its description style, a legacy of its underlying theory, abstract data types. This short column explains the benefits. Published in the IEEE Computer “Object and Component Technology” column [137]. | ||
[403] With Christine Mingins and Heinz Schmidt: Providing Trusted Components to the Industry, in Computer (IEEE), vol. 31, no. 5, May 1998, pages 104-105. | ||
Introduced the concept of trusted component. See also [260]. | ||
[402] The Component Combinator for Enterprise Applications, in JOOP (Journal of Object-Oriented Programming), vol. 10, no. 8, January 1998, pages 5-9. | ||
Explains one of the principal roles of object technology and Eiffel in particular: to serve as a wrapping technology for code written in older (legacy) approaches. The object-oriented approach is particularly good at building the higher-level structure of systems; the internals of the modules making up such structures do not all have to be written in an O-O way, especially if the implementations already exist and can be reused. O-O structuring mechanisms such as classes, information hiding, genericity, single and multiple inheritance, deferred classes, all under the protection and documentation of contracts, can play a major role in reengineering legacy code. Eiffel is particularly suited for that purpose, with its ambitious object-oriented model and its sophisticated interface for incorporating external software written in such languages as C and C++. Part of the Eiffel column in JOOP [138]. | ||
[401] The Future of Object Technology, in Computer (IEEE), vol. 31, no. 1, January 1998, pages 140-141. | ||
An installment of the IEEE Computer “Object and Component Technology” column [137]. | ||
[400] With Christopher Creel: Is object technology ready for the embedded world?, in JOOP (Journal of Object-Oriented Programming), vol. 11, no. 1, January 1998, pages 69-71, 76. | ||
Can object-oriented techniques be applied to real-time and embedded developments? Th is is still a controversial topic, but the experience reported in this paper (development of an Eiffel-based laser printer system at HP) shows that the technology is ready. One of a regular series of papers in JOOP, before it officially became the Eiffel column [138]. | ||
[399] With Christopher Creel and Philippe Stephan: Year 2000: The Opportunity of a Millenium, in Computer (IEEE), vol. 30, no. 11, November 1997, pages 137-138. — also available in | ||
[398] The Next Software Breakthrough, in Computer (IEEE), vol. 30, no. 7, July 1997, pages 113-114. | ||
[397] Practice to Perfect: The Quality First Model, in Computer (IEEE), vol. 30, no. 5, May 1997, pages 102-106. | ||
This short paper is not well known, but I think the ideas it introduced are important. It describes a quality-focused software process, incorporating some of what is now known as techniques of agile development, in particular an emphasis on constant iteration and continuous testing. Published in the IEEE Computer “Object and Component Technology” column [137]. | ||
[396] With Jean-Marc Jézéquel: Design by Contract: The Lessons of Ariane, in Computer (IEEE), vol. 30, no. 1, January 1997, pages 129-130. | ||
Jean-Marc Jézéquel pointed out to me the relevance of the Ariane-5 software-induced crash was to discussions of programming methodology, and the deficiencies of the recommendations in the official accident report. We wrote this paper as a result. It shows how fundamental techniques of Design by Contract are to successful reuse, and how their systematic application avoids such software catastrophes. Published in the IEEE Computer “Object and Component Technology” column [137]. | ||
[395] Teaching object technology, in Computer (IEEE), vol. 29, no. 12, December 1996, page 117. | ||
How best to teach object technology. Published in the IEEE Computer “Object and Component Technology” column [137]. | ||
[394] Schema Evolution: Concepts, Terminology and Solutions, in Computer (IEEE), vol. 29, no. 10, October 1996, pages 119-121. | ||
This was my first paper on the problem of schema evolution: what to do with objects that have been stored in a file or database when the text of the corresponding classes has changed? It defines the basic concepts, including the fundamental consistency requirement, based on class invariants (see [460]), and the steps involved involved in handling evolution: detection, notification, correction. The problem and solution were described in more detail in Object-Oriented Software Construction, second edition [502]; they were implemented thereafter and are included in the EiffelStudio environment. Recent work at ETH [274] [288] explores more advanced techniques. Published in the IEEE Computer “Object and Component Technology” column [137]. | ||
[393] Reality: A cousin twice removed, in Computer (IEEE), vol. 29, no. 7, July 1996, pages 96-97. | ||
Object technology is rightly praised for its ability to “model reality”. This phrase is an oversimplification, however; our O-O programs are models not reality but of other models of some part of the world, “real” or not. The article discusses the complex relationship between the reality and our models of it. Published in the IEEE Computer “Object and Component Technology” column [137]. Some of the material was reused in the second edition of Object-Oriented Software Construction [502]. | ||
[392] Why Your Next Project Should Use Eiffel, in Journal of Object-Oriented Programming, vol. 9, no. 2, May 1996, pages 59-63, 82. | ||
This invited contribution summarizes some of the key arguments for using Eiffel. One of a regular series of papers in JOOP, before it officially became the Eiffel column [138]. | ||
[391] The Many Faces of Inheritance: A Taxonomy of Taxonomy, in Computer (IEEE), vol. 29, no. 5, May 1996, pages 105-108. | ||
Inheritanc3 is one of the most brilliant contributions of object technology to quality software development. While some authors take a restricted view of inheritance, reserving it for a specific kind of subtyping, this article shows that inheritance is best understood as a rich notion with many different styles of application. Specifically, it proposes a taxonomy of uses of inheritance, with in the end twelve different kinds. Many of them accept multiple inheritance, a technique that has received a bad rap because of some poor language designs, but turns out to be indispensable for successful software architecture. This paper was part of the IEEE Computer “Object and Component Technology” column [137]. The material was reused in one of the chapters of inheritance in the second edition of Object-Oriented Software Construction [502]. | ||
[390] The Reusability Challenge, in Computer (IEEE), vol. 29, no. 2, February 1996, pages 76-78,. | ||
Few people deny that reuse is desirable, but it can be hard to achieve. This short article discusses the more advanced contributions of object technology to reuse. Published in the IEEE Computer “Object and Component Technology” column [137]. | ||
[389] The Conceptual Perspective, in Computer (IEEE), vol. 29, no. 1, January 1996, pages 86-88. | ||
First installment of the IEEE Computer Object-Oriented Column, later renamed later “Components and Object Technology” [137]. Set the tone for the couple dozen articles that followed. | ||
[388] (With other authors) Where is Software Headed? A Virtual Roundtable, in Computer (IEEE), vol. 28, no. 8, August 1995, pages 119-121. | ||
IEEE Software asked a number of people for their views on the future of software technology. | ||
[387] Systematic Concurrent Object-Oriented Programming, in Communications of the ACM, 36, 9, September 1993, pp. 56-80 (part of special issue [141]. | ||
The world is still waiting for a comprehensive solution to the problem of concurrent programming. SCOOP (Simple, Concurrent Object-Oriented Programming, where the S first stood for “Sequential” and then for “Systematic”) is our proposal. It is still in development; this Communications of the ACM paper, picking up on the initial version [253], described the basis. The basic idea of SCOOP is to make concurrent programming easy, by taking full advantage of the benefits of object-oriented programming and contracts. Although some details have changed and the model continues to be improved — see in particular [502] and [213] —, this Communications of the ACM article is still a good place to read about the key concepts and the rationale. | ||
[386] What is an Object-Oriented Environment? Five Principles and their Application, in Journal of Object-Oriented Programming, Volume 6, Number 4, July-August 1993, pages 75-81. | ||
Discusses how object-oriented principles affect the nature of the development environment (IDE) and can serve as a guide for the user interface and the interaction with the programmer. Based on an early version of the EiffelStudio IDE (then called EiffelBench). One of a regular series of papers in JOOP, before it officially became the Eiffel column [138]. | ||
[385] Towards an Object-Oriented Curriculum, in Journal of Object-Oriented Programming, Volume 6, Number 2, May 1993, pages 76-81. (Revised as [254].) | ||
The first in a series of publications describing a general approach to teaching introductory programming, known as the “inverted curriculum” (a term first used by Bernie Cohen for teaching electrical engineering, in an article that John Potter first brought to my attention). The basic idea is that we should start with reusable components and teach students first to reuse them through their contracts, then to study them internally, then to extend them, then to build their own. Many later articles developed the concepts further, culminating in the ETH course and the Touch of Class introductory programming textbook [503]. One of a regular series of papers in JOOP, before it officially became the Eiffel column [138]. | ||
[384] Design by contract: building bug-free O-O software, in Hotline on Object-Oriented Technology, volume 4, Number 2, December 1992, pages 4-8. Revised version (2000) online at eiffel.com. Translations: German in ComputerWoche, February 1994; Russian in Otkrytye Systemy (Open Systems Journal), vol. 6, no. 32, 1998, pages 34-38; Chinese by Jian Hu. | ||
Survey paper on Design by Contract. Obviously people found it useful since it was reprinted and translated in many different places. | ||
[383] Applying “Design by Contract ”, in Computer (IEEE), 25, 10, October 1992, pages 40-51. (Invited paper in special object-oriented issue; slightly revised version of [159].) Republished in Object-Oriented Systems and Applications, ed. David Rine, IEEE Computer Society Press, 1994. | ||
This was intended to be the first paper on Design by Contract, but it ended up being published long after other descriptions, notably the Design by Contract chapter of Object-Oriented Software Construction [496] in 1988 and my contribution to the Capri book [203]. I wrote the paper in 1986 and sent it to IEEE Computer in early 87; it languished for more than five years in the refereeing circuit, with three referees saying that it was great and three that it was terrible, and the editor-in-chief not making a decision. Finally in 1992 I was invited to contribute to a special issue on O-O and happily provided the text. Today (April 2015) it has over 2250 citations on Google Scholar. A good encouragement to persist if you think you have a good idea and the world does not recognize it right away! | ||
[382] The Legacy of Simula, in Object Magazine, October 1992 (invited paper in 25th anniversary issue on O-O technology). | ||
Simula 67 is at the root of all subsequent object-oriented languages and developments. I used Simula extensively and benefitted tremendously from it. On the occasion of its 25-th anniversary, this invited paper reflects on the contributions of Simula. | ||
[381] Tools for the New Culture: Lessons from the Design of the Eiffel Libraries, in Communications of the ACM, volume 33, Number 9, pages 40-60, September 1990. | ||
A presentation of the principles of library design, buttressed by the experience with EIffelBase and other Eiffel libraries. The book Reusable Software [500] refines and extends the ideas. | ||
[380] Writing Correct Software, in Dr. Dobb's Journal, February 1990, pages 48-63. | ||
A tutorial paper introducing practicing programmers to assertion- and exception-based techniques for building correct software. | ||
[379] The New Culture of Software Development, in Journal of Object-Oriented Programming, Volume 3, Number 4, pages 76-81, November-December 1990. (Revised version of TOOLS 89 article [252]; see also the book chapter version [202].) | ||
Discusses the effect of an object-oriented mode of development on the fundamental practices of software engineering. Part of a set of successive revisions of the same basic article first presented at TOOLS in 1989. One of a regular series of papers in JOOP, before it officially became the Eiffel column [138]. | ||
[378] You can write, but can you type?, in Journal of Object-Oriented Programming, Volume 1, Number 6, pages 58-67, March-April 1989. | ||
Discusses in some depth why object-oriented programming should use strong typing, and what kind of type system it requires. One of a regular series of papers in JOOP, before it officially became the Eiffel column [138]. | ||
[377] From Structured Programming to Object-Oriented Design: The Road to Eiffel, in Structured Programming, Volume 10, Number 1, January 1989, pages 19-39. (reconstructed from pre-publication text). | ||
Many people see object-oriented programming as the next thing after structured programming. This made no sense to me, particularly since I had learned both from the Structured Programming volume (Dahl, Dijkstra, Hoare), where the first monograph by Dijkstra presented structured programming, the second by Hoare presented a structured approach to data modeling, and the third by Dahl (with Hoare) presented Simula 67, i.e. O-O techniques. I took the opportunity of an invitation by the Structured Programming journal to present the conceptual path that led from structured programming to the full implementation of O-O ideas in Eiffel. | ||
[376] Harnessing Multiple Inheritance, in Journal of Object-Oriented Programming, Volume 1, Number 5, pages 48-51, November-December 1988. | ||
Explains why multiple inheritance, in its full glory, is essential to proper software design. One of a regular series of papers in JOOP, before it officially became the Eiffel column [138]. | ||
[375] Bidding Farewell to Globals, in Journal of Object-Oriented Programming, Volume 1, Number 4, pages 73-76, August-September 1988. | ||
Explains why global variables are an impediment to software quality, and how Eiffel provides an object-oriented mechanism to handle shared information: once routines. The lesson has not really been heeded in other languages, which continue to provide static functions and other constructs incompatible with object-oriented concepts and principles of modular design. One of a regular series of papers in JOOP, before it officially became the Eiffel column [138]. | ||
[374] The Eiffel Environment, in Unix Review, Volume 6, Number 8, pages 44-55, August 1988. | ||
The first publication, I think, to talk not only about the Eiffel method and language but also about the environment — a very early and primitive version of it. | ||
[373] Eiffel: Applying the Principles of Object-Oriented Design, in Computer Language, May 1988. | ||
One of the first publications about Eiffel. Computer Language, which I believe no longer exists, was an industry-oriented publication reaching a broad audience. I wasn't too excited to see that the article had been published under the rubric “Exotic Language of the Month Club”, although it turned out not to matter at all. | ||
[372] Eiffel: A Language and Environment for Software Engineering, in The Journal of Systems and Software, 1988. | ||
The first extensive published description of Eiffel. It was very difficult to publish about Eiffel at the time; I am deeply grateful to Robert Glass, the editor of the Journal of Systems and Software, for accepting the paper. JSS remains one of the best journals in the field. | ||
[371] Reusability: the Case for Object-Oriented Design, in IEEE Software, vol. 4, no. 2, March 1987, pages 50-62. Republished in the following volumes: Selected Reprints in Software, ed. M. Zelkowitz, IEEE Press, 1987; Software Reusability, ed. T. Biggerstaff, Addison-Wesley, 1988; Object-Oriented Computing, IEEE Press, 1988. (In the list of most influential Software papers in the 25th-anniversary list of IEEE Software. | ||
A widely cited paper that explained the link between object-oriented techniques and software engineering concerns such as reusability. | ||
[370] Language-based Editing with Cépage, in The Journal of Systems and Software, 1987. | ||
ArchiText (originally called Cépage), a sophisticated syntax-directed editor adaptable to any language, was the first product of Eiffel Software. [243] and [241] described the original prototype; this article presents the released version of the tool. See [365] about the display algorithm and its supporting theory. | ||
[369] Genericity versus inheritance, in The Journal of Pascal, Ada and Modula-2, 1987. (Revised version of OOPSLA '86 paper [248].) | ||
See the comments for reference [248]. | ||
[368] Cépage: A Software Design Tool, in Computer Language, September 1986, vol. 3, no. 9, pages 43-53. | ||
[367] Incremental String Matching, 1985, in Information Processing Letters, vol. 21, 18 November 1985, pages 219-227. | ||
An algorithm description, with correctness and performance analysis. The purpose of the algorithm is to search for strings in a text, where the set of search strings may change as the execution processes; an example is an application to build a book index automatically (truly automatically, with the system actually looking in the text for words selected so far). | ||
[366] On Formalism in Specifications, in IEEE Software, vol. 3, no. 1, January 1985, pages 6-25 (cover feature). (Translated and adapted from [1].) Republished in T. Colburn, J. Fetzer, and T. Rankin (eds.), Program Verification: Fundamental Problems in Computer Science, Kluwer Academic Publishers, Dordrecht, Netherlands, 1993. Also in Dutch translation: Over het gebruijk van formalismen in specificaties, in Informatie, jaargang 28 nr. 5-6, 1986. | ||
This is an advocacy paper for the use of formal techniques in software specification. Some of the important points are a list of common mistakes in requirements documents (“The Seven Sins of the specifier”), and the advice of having a roundtrip between informal and formal: if you start from informal (natural language, say English) requirements and write a formal version — as the paper does — don't stop there but produce a new English text that reflects the mathematical description. This gives a different kind of natural language requirements, possibly surprising at first but more precise and usable. The description of the Eiffel language [498] is written in such a style. | ||
[365] With Jean-Marc Nerson and Soon Hae Ko: Showing Programs on a Screen, in Science of Computer Programming, vol. 5, no. 2, 1985, pages 111-142. | ||
Describes an algorithm for smart display of program texts on a fixed-size area: instead of forcing users to scroll up and down, the tool automatically adapts the view to the available space, collapsing and expanding syntactic structures as needed. The resulting user experience is more comfortable than with usual approaches to program display (which typically are not specifically designed for programs but just display them as any other texts). The algorithm relies on a small mathematical theory, expressed in the form of an abstract data type specification. It was designed and implemented as part of our ArchiText tool [243] [241] [368] [370]. I hope to get back to it some day and include it in EiffelStudio. | ||
[364] With Alain Bossavit: An Application of Program Transformation to Supercomputer Programming, pages 27-38 in Vector and Parallel Processors in Computational Science (Eds. Duff and Reid), special issue of Computer Physics Communications, North-Holland Publishing Company, Amsterdam, 1985. (Revised version of the VAPP conference presentation, Oxford, 1984; see [244].) | ||
Part of my collaboration with Alain Bossavit on bringing modern programming techniques to scientific computing. The focus here is on applying mathematically rigorous program transformations to derive an efficient parallel algorithm (for a vector computer) from a sequential version. | ||
[363] Principles of Package Design, in Communications of the ACM, vol. 25, no. 7, pages 419-428 July 1982. | ||
Working in a traditional environment (Fortran, IBM operating systems) I strived to apply modern principles of programming methodology, including object-oriented technques. In particular I developed a set of strict principles for building software packages that provided a close equivalent to O-O libraries. The article describes these principles and presents some of the packages they helped develop, which were widely used for many years. It includes a presentation of the concept of abstract data type that several people told me they had found useful. | ||
[362] Quelques concepts importants des langages de programmation modernes et leur expression en Simula 67 (Some Important Concepts of Modern Programming Languages and their Expression in Simula 67), in Bulletin de la Direction des Etudes et Recherches d'Electricité de France, Série C (Informatique), Clamart (France), no. 1, 1979, pages 89-150 Also in GROPLAN 9, AFCET, 1979. | ||
A presentation of object-oriented programming and the Simula language. I had started by that time to use Simula extensively; the reception to O-O ideas was tepid, however — even in the academic community where Pascal and Ada were all the rage. There were exceptions, in particular Jacques André and Jean Bézivin in France. The paper was first presented at a very stimulating meeting of GROPLAN, the French programming language interest group (i.e. similar to SIGPLAN), in Corsica, where I also first heard about abstract interpretation from Patrick and Radhia Cousot. | ||
[361] With Alain Bossavit: Sur la Programmation rationnelle des Algorithmes numériques (On the systematic development of numerical algorithms), in Bulletin de la Direction des Etudes et Recherches d'Electricité de France, Série C (Informatique), Clamart (France), no. 2, 1979. | ||
Part of my collaboration with Alain Bossavit on bringing modern programming techniques to scientific computing applications. The focus is on systematic development from specifications through refinement. | ||
[360] With Michel Demuynck: Les Langages de Spécification (Specification Languages), in Bulletin de la Direction des Etudes et Recherches d'Electricité de France, Série C (Informatique), Clamart (France), no. 1, 1979, pages 39-60. | ||
An early survey of specification languages. See also [153] for a later version. The impetus whas that we had become excited about Z (in its version of the time) and wanted to showcase it. | ||
[359] A Note on Computing Multiple Sums, in Software, Practice and Experience, vol. 8, 1978, pages 3-8. | ||
An algorithm description. | ||
[358] Initiation à la programmation en milieu industriel (Teaching Modern Programming Methodology in an Industrial Environment), in RAIRO, série bleue (informatique), vol. 11, no. 1, pages 21-34 1977. | ||
Reported on our experience of teaching modern programming techniques in an industrial setting, to programmers previously trained in very traditional ways. | ||
[357] La Description des Structures de Données (The Description of Data Structures), in Bulletin de la Direction des Etudes et Recherches d'Electricité de France, Série C (Informatique), Clamart (France), 1976. | ||
A theoretical and practical discussion of abstract data types, expanding on the initial work of Liskov and Zilles and including many ideas that were also found in Guttag's work published a year later. Unfortunately I never wrote an English version. | ||
| ||
[356] With Li Huang, Ilgiz Mustafin, Marco Piccioni, Alessandro Schena and Reto Weber: Do AI models help produce verified bug fixes?, draft to be presented at VERIFAI-2026, First International Workshop on the Interplay Between Artifical Intelligence and Formal Verification, Villebrumier (France), 8-11 March 2026. | ||
Abstract from the paper itself:
| ||
[355] With Li Huang and Reto Weber: Loop unrolling: formal definition and application to improving test suites and test coverage, in Proceedings of ICTSS (International Conference on Testing Software and Systems, Cyprus, September 2025, Springer Leture Notes in Computer Science, 2025 | ||
Testing coverage criteria usually make a gross simplification: they assume that loops will have their bodies executed 0 or 1 time. How much (specificall,y how many bugs) are we missing as a result?
| ||
[354] With Victoria Kamanchuk and Ilgiz Mustafin: Bugfix: a standard language, database schema and repository for research on bugs and automatic program repair, October 2024, submitted for publication. | ||
An ambitious project (initially sketched in [349]) to provide a common basis (language, API, repository...) of bugs and their fixes available to researchers in program testing and automatic program repair (APR), enabling them to compare their techniques on a widely accepted and exhaustive reference base. | ||
[353] Software Engineering as a Domain to Formalize, Technical Report, Eiffel Software, February 2025 | ||
Software engineering concepts and processes are worthy of formal study; and yet we seldom formalize them. This "research ideas" article explores what a theory of software engineering could and should look like.
| ||
[352] With Li Huang and Manuel Oriol: Seeding Contradiction: a fast method for generating full-coverage test suites, Springer Nature Computer Science, vol. 6, no. 4, 2025. |
Seeding contradiction (published version on journal site)
| |
(Revised and extended version of a conference paper: [348].) A new method for achieving full test coverage, very fast, without execution. The idea is to insert an incorrect instruction in every path of the program (teachnically, every basic block). Then, attempt to prove the program correct, using an SMT-solver-based prover. The proof will (obviously) fail, but the solver will generate a counter-example which we can turn into a test using the techniques first presented in [190]. The resulting set of tests is guaranteed to achieve full coverage! | ||
[351] With Li Huang and Manuel Oriol: Is MCDC really better? Lessons from combining tests and proofs, in TAP 2024, proceedings of TAP 24, International Conference on Tests and Proofs, Milan, 7-9 September 2024, Lecture Notes in Computer Science 15153, pages 25-44, Springer, 2024. | ||
Part of a series of articles on the combination of tests and proofs. iUsing a prover, we are able to generate test suites that satisfy the MCDC (Modified Condition / Decision Coverage) used widely in industry, particularly in aerospace. | ||
[350] With Li Huang, Ilgiz Mustafin and Manuel Oriol: Execution-free Program Repair, in FSE 2024, in proceedings of ACM International Conference on the Foundations of Software Engineering, Porto de Galinhas, Brazil, 15-19 July 2024. | ||
Part of a series of articles on the combination of tests and proofs. Existing work on program repair typically needs to execute proposed fixes to see if they pass previous tests -- a slow and uncertain approach, which often results in overfitting. Here, in line with our recent work based on AutoProof, we use a prover both to help find patches and to verify them. The paper describes the results: we are able to correct many bugs. | ||
[349] With Viktoryia Kananchuk and Li Huang: BUGFIX: towards a common language and framework for the Automatic Program Repair Community, to be presented at Automatic Program Repair workshop of ICSE 2024 (International Conference on Software Engineering), Lisbon, 20 April 2024. | ||
A first proposal for a general effort to help the Automatic Program Repair community through a general framework for recording bugs and fixes. Considerably extended (and superseded) by [354] (see the more detailed description there). Original version kept here for the record. | ||
[348] With Manuel Oriol and Huang Li: Seeding Contradiction: a fast method for generating full-coverage test suites, in ICTSS 2023, proceedings of 35th IFIP International Conference on Testing Software and Systems, Bergamo (Italy), 18-21 September 2023. | ||
A new method for achieving full test coverage, very fast, without execution. This conference paper was selected for revision and extension into a journal article; see that newer version [352] for the full description. | ||
[347] With Li Huang and Manuel Oriol: Improving Counterexample Quality from Failed Program Verification, in ISWF (International Workshop on Software Faults), part of ISSRE-2022, October 2022. | Improving counterexample quality (arXiv) | |
Part of a series of articles on the combination of tests and proofs; see [190]. Explain how one can start from a counter-example generated by a program prover after a failed verification attempt, and optimize it so that it yields a test case easily understandable by a programmer. | ||
[346] With Jean-Michel Bruel, Sophie Ebersold, Florian Galinier and Alexandr Naumchev: Towards an Anatomy of Software Requirements, in TOOLS 2019, pages 10-40. | ||
Part of a systematic effort to define requirements concepts precisely. Much of the material found its way into my requirements textbook [506]. | ||
[345] With Alexander Naumchev: Complete Contracts Through Specification Drivers, in TASE 2016, 10th International Symposium on Theoretical Aspects of Software Engineering, Shanghai, 17-19 July 2016, IEEE Computer Society, 2016, pages 160-167, | ||
The idea of specification drivers provides a new way to integrate precise, formal elements to requirements. It also introduces a new way to make object-oriented specifications complete, an interesting alternative or complement to the technique of model queries [210] [317] [297] ref which we previously introduced and used in the verification of EiffelBase2. A specification driver is a specification element that talks about some part of the software specification or implementation. Look in particular for the description of stacks, expressing the full power of a mathematical Abstract Data Type specification within the context of an imperative OO programming language. | ||
[344] With Mischael Schill and Christopher M. Poskitt: An Interference-Free Programming Model for Network Objects, in COORDINATION 2016, Proc. 18th IFIP International Conference on Coordination Models and Languages, Heraklion, Greece, Lecture Notes in Computer Science 9686, Springer, pages 227-244. | ||
Making SCOOP ready for distributed programming, with the concept of network objects. | ||
[343] With Alexey Kolesnichenko, Christopher M. Poskitt and Sebastian Nanz: Contract-based general-purpose GPU programming, in GPSE 2015, Proceedings of 2015 ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences, ACM SIGPLAN Notices, vol. 51, Issue 3, March 2016, pages 75-84. | ||
GPU programming typically uses low-level primitives. This paper describes a simple approach to GPU programming based on the SCOOP model. | ||
[342] With Alexander Naumchev and Victor Rivera: Unifying Requirements and Code: an Example, in Perspective of System Informatics, Proceedings of fifth Andrei Ershov Memorial Conference, Kazan, 24-27 August 2015, eds. Manuel Mazzara and Andrei Voronkov,Lecture Notes in Computer Science 9609, Springer, 2015, pages 233-234. | Unifying reqs and code (pre-publication version) | |
[341] With Scott West and Sebastian Nanz: Efficient and Reasonable Object-oriented Concurrency , in ESEC/FSE 2015, Proceedings of 2015 European Software Engineering Conference and Foundations of Software Engineering Symposium, ACM Press, 2015, pages 734-744. | ||
Recent work on SCOOP (by Scott West and others, building on earlier improvements by Benjamin Morandi and others), as part of the Concurrency Made Easy ERC project, has resulted in spectacular improvements of concurrent programming performance. This paper describes the techniques and the results. | ||
[340] With Jiwon Shin, David Itten and Andrey Rusakov: Towards an Intelligent Robotic Walker for the Elderly, in 11th International Conference on Intelligent Environments (IE 11), Prague,17-19 July 2015, IEEE, August 2015 (best paper award). | ||
[339] With Paolo Antonucci, Christian Estler, Durica Nikolic and Marco Piccioni: An Incremental Hint System For Automated Programming Assignments, in ITiCSE '15, Proceedings of 2015 ACM Conference on Innovation and Technology in Computer Science Education, 6-8 July 2015, Vilnius, ACM Press, pages 320-325. | ||
In connection with the Codeboard automated program compilation and execution system, designed by Christian Estler and others and used extensively both in our courses and in our MOOCs, Paolo Antonucci in his master's thesis, supervised by Marco Piccioni, built a clever mechanism to help students answer exercises, through successive hints that the instructor can prepare for each question. A clueless students can get more and more help by pressing the Hint button repeatedly. | ||
[338] With Jiwon Shin and Ivo Steinmann: Automatic Speed Control for SmartWalker, in PETRA 2015, Proceedings of 8th ACM International Conference on PErvasive Technologies Related to Assistive Environments, 21-23 June 2015, Rhodes, Greece, ACM Press, 2015. | ||
Part of the work on the SmartWalker mobility-assistance robot, see [451]. The speed-control mechanism of SmartWalker, as devised by Ivo Steinmann during his master's thesis supervised by Jiwon Shin. | ||
[337] With Jiwon Shin and Andrey Rusakov: Concurrent Software Engineering and Robotics Education, in 37th International Conference on Software Engineering (ICSE 2015), Florence, May 2015, IEEE Press, pages 370-379. | ||
The Roboscoop project applies concurrency and modern software engineering techniques to robot programming. Since 2013 we are holding at ETH a multi-disciplinary course, the “Robotics Programming Laboratory”, teaching robotics software to students from computer science as well as mechanical engineering and electrical engineering. This paper presents empirical results on the results of the course. | ||
[336] With Yu Pei, Carlo A. Furia and Martin Nordio: Automated Program Repair in an Integrated Development Environment, in 37th International Conference on Software Engineering (ICSE 2015), Florence, May 2015, IEEE Press, pages 681-684. | ||
Our AutoFix tool suite provides the ability to suggest high-quality fixes for bugs. Previous papers on AutoFix (see [289], [295], [307]) described the theory, applications and experimental results. In this one we discuss how automatic fixing fits in an integrated development environment, where AutoFix collaborates with other development and verification tools. One of the key aspects is timeliness: how can we ensure, in spite of the time AutoFix needs to produce good fix candidates, that it provides users with useful feedback fast enough? Only under that condition can AutoFix hold it promises for improving the development process. | ||
[335] An automatic technique for static deadlock prevention, in PSI 2014 (Ershov Informatics Conference), eds. Irina Virbitskaite and Andrei Voronkov, Lecture Notes in Computer Science 8974, Springer, 2015, pages 45-58. | ||
Deadlocks remain one of the biggest threats to concurrent programming. Usually, the best programmers can expect is dynamic deadlock detection, which is only a palliative. Object-oriented programs, with their rich reference structure and the resulting presence of aliasing, raise additional problems. The technique developed in this paper relies on the alias calculus to offer a completely static and completely automatic analysis of concurrent object-oriented programs. The discussion illustrates the technique by applying it to two versions of the dining philosophers program, of which it proves informally that the first is deadlock-free and the second deadlock-prone. The technique is still incomplete but, I think, promising. It is one more application of the alias calculus [445] [450]. | ||
[334] With Scott West and Sebastian Nanz: Efficient and Reasonable Object-oriented Concurrency , in PPoPP 2015, Proceedings of the 20th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, San Francisco, 7-11 February 2015, ACM SIGPLAN Notices, vol. 50, no. 8, August 2015, pages 273-274. | Efficient SCOOP (short version) | |
An earlier two-page summary of the work reported more completely later that year at ESEC [341]. | ||
[333] With Andrey Rusakov and Jiwon Shin: Simple Concurrency for Robotics with the Roboscoop Framework, in IROS 2014 (IEEE/RSJ International Conference on Intelligent Robots and Systems, Chicago, 14-18 September 2014, IEEE Computer Press. | ||
The first published presentation of the Roboscoop framework for developing reliable robotics applications, taking advantage of concurrency. We have applied Roboscoop to a number of systems, including the SmartWalker robot for assisting elderly persons better than with ordinary walkers. | ||
[332] With H-Christian Estler, Martin Nordio and Carlo A. Furia: Awareness and Merge Conflicts in Distributed Software Development, in proceedings of ICGSE 2014, 9th International Conference on Global Software Engineering, Shanghai, 18-21 August 2014, IEEE Computer Society Press (best paper award). | ||
A novel approach to handling configuration management in a distributed environment, with minimum overhead on the programmer's work. Part of Christian Estler's thesis work. | ||
[331] With Marco Piccioni and H-Christian Estler: SPOC-supported introduction to Programming, in Proceedings of ITiCSE 2014, 9th Annual Conference on Innovation and Technology in Computer Science Education, June 23-25, 2014, Uppsala, Sweden. | ||
A description of the experience with our first online course, directly associated with our ETH Introduction to Programming course and primarily aimed at our own students although in fact anyone can use it. | ||
[330] With Benjamin Morandi and Sebastian Nanz: Safe and Efficient Data Sharing for Message-Passing Concurrency, in proceedings of COORDINATION 2014, 16th International Conference on Coordination Models and Languages, Berlin, 3-6 June 2014, Lecture Notes in Computer Science 8459, eds. E. Kühn ad R. Pugliese, 2014, pages 99-114. | ||
The SCOOP concurrency model has a clear division of objects into “regions”, improving the clarity and reliability of concurrent programs by establishing a close correspondence between the object structure and the process structure. Each region has an associated “processor”, which executes operations on the region's objects. A literal application of this rule implies, however, a severe performance penalty. Benjamin Morandi found out that a mechanism for specifying certain processors as “passive” yields a considerable performance improvement. The paper describes the technique and its applications. | ||
[329] With H.-Christian Estler, Carlo A. Furia, Martin Nordio and Marco Piccioni: Contracts in Practice, in FM 2014 (proceedings of 19th International Symposium on Formal Methods), Singapore, May 2014, Lecture Notes in Computer Science 8442, eds. C. Jones, P. Pihlajasaari and J. Sun, Springer, 2014, pages 230-246. | ||
For almost anyone programming in Eiffel, as evidenced by Patrice Chalin's pioneering study of a few years ago (reference 2 of the bibliography), contracts are just a standard part of daily life. The present paper is a much larger study, making it possible to understand how developers actually use contracts when available.
It covers 21 programs, not just in Eiffel but also in JML and in Code Contracts for C#, totaling 830,000 lines of code, and following the program's revision history for a grand total of 260 million lines of code over 7700 revisions. It analyzes in detail whether programmers use contracts, how they use them (in particular, which kinds, among preconditions, postconditions and invariants), how contracts evolve over time, and how inheritance interacts with contracts. | ||
[328] With Nadia Polikarpova, Julian Tschannen and Carlo A. Furia: Flexible Invariants Through Semantic Collaboration, in FM 2014 (proceedings of 19th International Symposium on Formal Methods), Singapore, May 2014, Lecture Notes in Computer Science 8442, eds. C. Jones, P. Pihlajasaari and J. Sun, Springer, 2014, pages 514-530. | ||
One of the crucial issues in the verification of object-oriented programs is to provide a correct semantics for invariants. The “semantic collaboration” approach developed by Carlo Furia, Nadia Polikarpova and Julian Tschannen, simplifying techniques due among others to Leino, Leavens and Müller, is a sound solution. It relies on annotations provided by programmers to specify ownership and subject-observer properties. This technique has been extensively used in the AutoProof system [218], in particular for the verification of the EiffelBase 2 library [297].
| ||
[327] With Alexander Kogtenkov: Negative Variables and the Essence of Object-Oriented Programming, in Specification, Algebra, and Software, Kanazawa (Japan), 14-16 April 2014, Lecture Notes in Computer Science 8373, eds. Shusaku IIda, Jose Meseguer and Kazuhiro Ogata, Springer, 2014, pages 171-187. | ||
A specification and verification technique that describes the specific nature of object-oriented programming and takes into account its principle of “general relativity”. It makes it possible to reason about object-oriented programs, handling properties of the global data structures that cannot even be expressed in the traditional approach relying on substitution. [445]. | ||
[326] With Sebastian Nanz, Scott West, Kaue Soares Da Silveira: Benchmarking Usability and Performance of Multicore Languages, in ESEM 2013 (ACM/IEEE International Symposium on Empirical Software Engineering and Measurement), Baltimore, 10-11 October 2013, IEEE Computer Press, 2013, pages 183-192. | Multicore performance (draft) | |
A performance comparison of four parallel languages: Chapel, Cilk, Go and TBB. Notably absent is SCOOP — that will come. | ||
[325] With Marco Piccioni and Carlo A. Furia: An Empirical Study of API Usability, in ESEM 2013 (ACM/IEEE International Symposium on Empirical Software Engineering and Measurement), Baltimore, 10-11 October 2013, IEEE Computer Press, 2013, pages 5-14. | API usability (draft) | |
A systematic empirical study of API choices, assessed by interviewing programmers who were asked to try several variants of an API for a persistence library. | ||
[324] With Alexey Kolesnichenko and Christopher M. Poskitt: Applying Search in an Automatic Contract-Based Searching Tool, in SSBSE 2013 (5th Symposium on Search-Based Software Engineering), Saint Petersburg, 24-26 August 2013, Lecture Notes in Computer Science 8084, eds G. Ruhe and Y. Zhang, 2013, pages 318-323. | ||
The core performance problem in automated random testing, as implemented in AutoTest (see the many references in this bibliography), is to maximize the likelihood of breaking a postcondition. This work, started by Alexey Kolesnichenko, uses search techniques to that effect. | ||
[323] With Mischael Schill and Sebastian Nanz: Handling Parallelism in a Concurrency Model, in Multicore Software Engineering, Performance and Tools (MUSEPAT 2013), Saint Petersburg, 19-20 August 2013, Lecture Notes in Computer Science 8063, eds. J.M. Lourenço and E.Farchi, Springer, 2013, pages 37-48. | Slicing (draft) | |
The SCOOP mechanism provides a simple, safe and elegant approach to handle synchronization, but until now does not offer the kind of performance that one may expect for highly parallelizable programs as they arise for example in scientific computations. Mischael Schill's idea of slices adds library support for computations with arrays, with dramatic performance improvements. | ||
[322] With Alexey Kolesnichenko and Sebastian Nanz: How to Cancel a Task, in Multicore Software Engineering, Performance and Tools (MUSEPAT 2013), Saint Petersburg, 19-20 August 2013, Lecture Notes in Computer Science 8063, eds. J.M. Lourenço and E.Farchi, Springer, 2013, pages 61-72. | ||
Alexey Kolesnichenko is studying useful design patterns for concurrent programs and in this particular paper explores a challenging problem: what happens when a program has started a number of parallel tasks and wants to cancel one of them? This is a survey paper on existing approaches, but it also proposes novel ways to handle the issue of task cancellation. | ||
[321] With H-Christian Estler, Martin Nordio and Carlo A. Furia: Distributed Collaborative Debugging, in ICGSE 2013 (8th IEEE International Conference on Global Software Engineering, Bari, 26-29 August 2013 (best paper award). | ||
[320] With Benjamin Morandi and Sebastian Nanz: Testing a Concurrency Model, in ACSD 2013 (13th IEEE International Conference on Application of Concurrency to System Design, Barcelona, 8-10 July 2013, IEEE Computer Press, 2013, pages 170-179. | Testing a concurrency model (draft) | |
How does one get a language mechanism, in this case the delicate details of a concurrency mechanism, right? One approach is to rely on Jose Meseguer's Maude specificaton framework, whose specifications are executable and hence can be executed. Benjamin Morandi did this for the SCOOP concurrency mechanism, and in the process was able to fine-tune some important semantic details, and try out various designs for aspects such as exception handling in a concurrent context. The paper describes an original and productive way to support innovative language design through experimentation. | ||
[319] With H-Christian Estler, Martin Nordio and Carlo A. Furia: Unifying Configuration Management with Awareness Systems and Merge Conflict Detection, in 22nd Australasian Software Engineering Conference, Melbourne (Australia), 4-7 June 2013. | ||
[318] With Julian Tschannen, Carlo A. Furia and Martin Nordio: Program Checking With Less Hassle, in proceedings of VSTTE 2013 (Verified Software: Theories, Tools and Experiments), Atherton (California), May 2013, Lecture Notes in Computer Science 8164, eds. E. Cohen and A. Rybalchenko, Springer, 2013, pages 149-169. | ||
A presentation of “two-step verification” as implemented in the EVE verification environment, which integrates a number of verification tools as part of a single IDE. | ||
[317] With Nadia Polikarpova, Carlo A. Furia, Yi Pei and Yi Wei: What Good are Strong Specifications?, in proceedings of ICSE 2013 (35th International Conference on Software Engineering), San Francisco, May 2013. | ||
This is a continuation of our work on equipping software with extensive contracts expressing full specifications rather than the partial properties used in Design by Contract; see [210] and [297] for the initial forays into this area. The article shows that the extra effort of writing stronger specifications pays off in many respects, beginning with far more faults found in testing. | ||
[316] With Carlo A. Furia, Manuel Oriol, Andrey Tikhomirov and Yi Wei:The Search for the Laws of Automatic Random Testing, in Proceedings of the 28th ACM Symposium on Applied Computing (SAC 2013), Coimbra (Portugal), ACM Press, 2013. | ||
For several years I have been fascinated by the question of whether there exists a kind of natural law for the long-term behavior of automated testing: how does the number of bugs found evolve, and do we reach an asymptote? If there is a law of some kind with wide applicability, it provides a solid answer to the project manager's eternal question: Are we shipping yet?. (By comparing the bug detection rates of the current project to the general law, we can estimate how many bugs remain.) this paper provides a systematic analysis of automated testing in Eiffel, using AutoTest, and other languages, and derives a general law. | ||
[315] With Scott West and Sebastian Nanz: Demonic Testing of Concurrent Programs, in Proc. of 14th International Conference on Formal Engineering Methods (ICFEM 2012), Kyoto, 12-16 November 2012, Lecture Notes in Computer Science, Springer, 2012. | ||
Based on Scott West's doctoral work with Sebastian Nanz's participation, an approach to testing concurrent programs which creates “demonic” interferences to exercise worst-case scheduling behavior. | ||
[314] With Christian Estler, Martin Nordio, Carlo A. Furia, and Johannes Schneider: Agile vs. Structured Distributed Software Development: A Case Study, in 7th International Conference on Global Software Engineering (ICGSE), IEEE Computer Press, 2012 (best paper award). | ||
A review of 66 projects in Europe, Asia and America comparing the results of applying agile versus more traditional techniques. | ||
[313] With Benjamin Morandi and Sebastian Nanz: Can Asynchronous Exceptions Expire?, in Proc. of 5th International Workshop on Exception Handling (WEH 2012), ICSE, Zurich, June 2012, IEEE Computer Press, 2012. | ||
What happens when a component of concurrent system triggers an exception and there is no one left to process it, since the original context is no longer alive or active? Based on Benjamin Morandi's doctoral work, this article examines various solutions meant to enforce the consistency of objects and of the computation. | </
