Diomidis Spinellis, Professor and Head of Department, Athens University


Diomidis-Spinellis2.jpg

How would you present the project?

Modern software is created by assembling components made by others. These handle tasks such as reliably storing data, networking, security, and screen display. For example, a simple phone app may contain a few tens of such parts, an e-shop site hundreds of such parts, and a smartphone thousands.  This construction through the reuse of software components is made possible, because most of these elements are distributed with a so-called, open source software license, which allows anyone to use them and modify them without paying their originators. This has allowed organizations to efficiently build very sophisticated software. The downside of this practice is that the organizations know little about all the intricate third-party dependencies of the software they’re delivering. They know the part names, but have little idea how all these fit and work together. If some part has a security vulnerability or other bug and gets fixed, they don’t know if they need to update it or not. Updating it can be expensive, but failing to update it can result in failures. 

The FASTEN project aims to create a detailed map of how open source software components fit and work together. Imagine this as a map of bus routes. Currently software developers have the equivalent of route maps joining cities; in software this means knowing only which components comprise an app. Such physical maps can be helpful for finding out how you can travel from Milan to Munich, but they cannot guide you on how to get from your Milan apartment to a hotel in Munich. FASTEN will deliver a much more detailed map, called a call graph. This is the equivalent of knowing how all public transport networks are interconnected at each bus stop and metro station. At the level of travel maps, this allows end-to-end travel planning. For software it allows organizations to know when software components need to be updated, and which component parts they are actually using.

What is your role in the project?

Our role is developing technologies for mapping two popular programming languages, called C and Python. The C programming language is used a lot for building infrastructure software, such as databases, web servers, and operating systems. The Python language is widely used for building user-facing applications, such as web sites. Other FASTEN partners add support for more programming languages, such as Java, and for combining all the maps into one giant map. This will then be used by business partners that develop software to improve their operations.

What key innovation do you bring or help to develop?

Going back to our analogy of travel maps, in the absence of them, there are two ways to create them. One is to examine the schedules posted at each bus stop or station in order to derive a complete map. In the context of software call graphs this is termed static analysis. The other way is to actually travel on each route, noting its stops. When deriving call graphs like this the process is termed dynamic analysis. Each method has advantages and problems. For example, by travelling on a bus route you may discover some stops that the driver makes although they are not posted on the schedule as well as low-traffic ones that are skipped. You may also however miss a different route taken on Sundays. Similarly, with software call graphs: dynamic call graphs can provide you links missed by static call graphs, but they may also miss parts that were not exercised.

We aim to combine these two graphs to create a more accurate and detailed map. We also aim to automate the creation of call graphs and join maps of diverse components together to create a huge map that organizations all over the world can use for the unique needs.

A word about yourself and your organization.

I’m the head and professor of software engineering in the Department of Management Science and Technology, at the Athens University of Economics and Business. We’re participating in the project through the Department’s Business Analytics Laboratory. There we research, develop, and disseminate software, systems, methods, and practices associated with software engineering applications of data analytics; business analytics software and systems; data analytics approaches for IT security; and the industrial adoption of business analytics applications and systems. The 26 member laboratory is staffed by three faculty members, three senior researchers, six associate researchers, and 14 researchers. Our participation in the FASTEN project allows us to collaborate with top researchers and companies from other countries to achieve a valuable result of a scale we could not have conquered on our own.