Following the line established by the Itacio project, it seemed necessary to evaluate the existing static analysis technologies and to apply them in a more traditional way to code analysis to find defects. A lot of work has been made with static analysis in a theoretical domain, but in the real world it seems that use cases specifically aimed at solving everyday problems in a company are sparse and very restricted, and we thought it was necessary to find out about their usefulness and establish a working procedure.
In the field of language processors, it's easy to find real cases of application. There are well-known techniques and working tools, which are used relatively often. Technology transfer, in that sense, has worked well. However, in the case of static analysis techniques there is much theoretical work and very specific implementation projects, and also some commercial tools; but we don't find a spread culture for leveraging these techniques with the aim of detecting defects in real-world projects with widely used programming languages. In the ATACS project we intend to find out ourselves whether this situation is justified.
ATACS is an acronym for "Aplicación de Tecnologías de Análisis estático a la Calidad del Software", wich is the Spanish expression for "Applying static Analysis Technologies to Software Quality".
After much effort, we've obtained a grant from the Government of the Principality of Asturias for the period 2004-2006, with the collaboration of Seresco, a software development company which, apart from the economic contribution, will also act as a customer and give us valuable real information about their needs, granting us access to their code base.
In ATACS we're working on several ideas, and one of them is to apply static analysis technologies to web services choreographies and orchestrations. As a result of this research, we presented in september 2005 a proposal at JSWEB 2005 [site in Spanish], the First Scientific and Technical Conference on Web Services, an event promoted by the W3C spanish office.
In December 12, 2005 we presented our proposal of static verification of business processes compatibility at WESC 05 (First International Workshop on Engineering Service Compositions), held in conjunction with 3rd Int. Conference on Service Oriented Computing (ICSOC 2005). Our proposal was very positively considered, and we could chat with other researchers working on this same line.
You can "attend" to this participation by using the materials offered below:
There was a first stage of conveying information about algorithms, different options... We started a bit late, but soon we hired a full-time person (Cristina González Muñoz). The company gave us some suggestions about interesting verifications, and real code (business logic and UI code) for our study. We passed that unavoidable stage where we didn't know exactly neither what we were doing nor what we should have been doing (as of march, 2005). As a hint, we studied something about SPARK Ada, XUL, ANTLR (and other alike), Phoenix, etc.
After that, we tried to implement static analysis algorithms for Java programs. Cristinadid a terrific job. We've got a first version of an analyzer that detects about 10 kinds of errors, although there's still much work ahead. Meanwhile, we also worked at a more theoretical level on web services.
Unfortunately, since 2005 I only work part-time at the University, and this research is pretty much stopped, until some moment when I hope I'll be back. Right now, I only do some research on teaching aspects. But I'll be glad to comment any facet of this project.