Projects for 2006/2007

Richard Paige

My projects involve software engineering in some way, typically: OO, model-driven develpment, (e.g., UML, BON, Java, Eiffel, EJB, CASE tools, patterns, metamodelling), method integration, distributed systems, security, and formal methods. Inevitably they involve constructing some software (writing code or specifications), and may involve some maths. I am willing to consider self-defined projects in these areas.

There are lots of projects suggested here; I will supervise no more than my quota of projects (normally 6 or so), since otherwise I will not be able to do a good job. I try to balance projects between those running over the summer (i.e., MSc SWE and MSc IP) versus those running over the undergraduate year (i.e., MEng and BSc/BEng). I allocate projects based on: student ability to carry out the project; my level of interest in the project; and balancing load across the year. I am sorry if you really want to do one of my projects, but I cannot allocate it to you.

IMPORTANT NOTE: I will not discuss these projects until the project database is open. However, I'm happy to discuss self-defined projects in the interim.

RFP/1: Extracting Stateflow Models from Ada Source Code

(Suitable for Advanced MSc, MEng)

(This project is co-supervised with Gerald Luettgen.)

Statecharts is a popular visual notation for designing reactive systems, which is based on hierarchical, concurrent state machines. The aim of this project is to -- both manually and with the aid of suitable automated tools -- extract statecharts from existing Ada source code. This is to be carried out in order to promote design understanding, to identify problems or areas for improvement with designs, and to provide documentation for designs that may have migrated from their initial conception, The Statecharts dialect of interest is Stateflow(r) by MathWorks, which is available as an add-on module to the company's successful Matlab/Simulink(r) design environment for control systems.

The deliverables of the project will include: Stateflow statecharts for subsets of a system, as well as recommendations and guidance on any supporting tools that were used to assist in the process. Challenges with this project include understanding a dialect of statecharts; understanding source code from a real system; and managing complicated, perhaps very messy statecharts.

Source code from real, industrial case studies will be provided where possible.

Prerequisite knowledge: a knowledge of Ada (e.g., through ADS) and some experience with finite state machines or statecharts (a la the Unified Modelling Language [UML]) is essential.


  1. D. Harel. Statecharts: A visual formalism for complex systems. Science of Computer Programming, 8:231-274, 1987
  2. The MathWorks. Stateflow User's Guide, 2003, at
  3. J. Barnes. High Integrity Software: The SPARK Approach. Addison Wesley, 2003

RFP/2 - Object-Oriented Modelling in PVS

(Suitable for CS, Advanced MSc, MEng)

The PVS system is an industrially applicable theorem prover and type checker based on higher order logic. It is strongly typed and provides semi-automatic support for reasoning. It has been successfully applied to a number of industrial verification tasks, e.g., microprocessor verification, software verification, compiler verification, etc. This project examines the use of the PVS specification language for object-oriented modelling. PVS provides no object-oriented constructs (e.g., classes, associations, objects, etc.) so the project will focus on designing an encoding of object-oriented models in PVS. In particular, the project can take two approaches:

Based on the mapping, a tool could be constructed to automate the generation of PVS theories from BON or UML models. The main challenge with this project is to devise the mapping from the modelling language into PVS. This is primarily a theoretical exercise; implementing a code generator for the translation should be mechanical. I foresee particular challenges in translating inheritance and method overriding into PVS. Thus, the theoretical aspects of this project offer more challenges than other projects that I offer. I do recommend that you have some experience with logic and functional programming if you choose to take up this project.

Prerequisite knowledge: familiarity with object-oriented modelling (e.g., from MSD), familiarity with LISP or Scheme (e.g., from POP), comfortable with predicate logic.


K. Walden and J.-M. Nerson, Seamless Object-Oriented Software Architecture, Prentice-Hall, 1995. Available from the supervisor, and also as a PDF document from the authors, e.g.,

G. Booch, J. Rumbaugh, I. Jacobsen, The UML Reference Guide, Addison-Wesley, 1999.

S. Owre et al., The PVS Specification Language, CSL-SRI Technical Report, September 1999. Available from The PVS Web Site.

RFP/3 - Bunch Theory in PVS

(Suitable for CS, MEng PR4)

Bunch theory is a simple set theory for specification. It represents unpackaged, unindexed data. You can think of a bunch as the contents of a set. Here are some examples of bunches:

Bunches can, in general, contain elements of any type: integers, reals, characters, lists, etc. A bunch cannot contain other bunches (since they do not allow packaging). A full axiomatization of bunch theory is in [Hehner 1993].

This project will involve expressing bunch theory in the PVS specification language, and proving some sample theorems using the PVS automated theorem prover. Two approaches seem feasible: a direct axiomatization using [Hehner 1993], and an implementation of bunch theory using another PVS data structure. The two approaches should be compared and contrasted. It should be explained how to use PVS to specify and reason about bunch theory via examples and case studies.

The main challenge with this project is in determining the best way to represent bunches (though it will likely involve a set-based representation), and in becoming experienced with PVS.

Prerequisite knowledge: comfortable with predicate logic, some experience with Scheme or LISP is helpful.


E.C.R. Hehner, A Practical Theory of Programming, Springer-Verlag, 1993.

S. Owre et al., The PVS Specification Language, CSL-SRI Technical Report, September 1999. Available from The PVS Web Site.

RFP/4 - Epsilon

(Suitable for Adv MSc, MEng, CS)

Epsilon is a generic model management platform. It has been designed to allow users to build language definitions (e.g., for UML) and construct domain-specific tools for these language definitions. Epsilon has a core model navigation language (with some similarities to OCL) and this language is used as the basis of new, domain-specific languages. We have constructed prototypes of two model management languages: the Epsilon Inter-Model Consistency Checking Language (a model consistency language) and the Epsilon Merging Language [EML] (a model merging language).

There are several projects available on working with Epsilon. Project RFP/4 focuses on EML, whereas project RFP/5 focuses on other aspects of Epsilon. Your options include:

Prerequisite knowledge: UML modelling (e.g., from MSD). Experience with Eclipse would be very helpful, if not advisable.

Readings: for information on Eclipse for information on Epsilon, including a technical report. Other technical reports cannot be published on the web yet as they are under review (but can be obtained from the supervisor).

F. Jouault. Loosely Coupled Traceability with ATL. In Proc. Workshop on Traceability (co-located with EC-MDA'05), Nuremberg, Germany, November 2005. Available at

RFP/5 - Epsilon Tutorial

(Suitable for MSc IP)

The Epsilon platform (see RFP/4 for more details) is an evolving framework for building model management tools. Limited documentation exists, and the platform would benefit substantially from a detailed, introductory tutorial on (a) how to install and get started with Epsilon; (b) how to use two of the Epsilon languages - the Epsilon Object Language, and EML (see RFP/4) in two case studies. The intent with the case studies is to illustrate how to use Epsilon's features, and to demonstrate the different language elements - it is not necessary for the case studies to be extremely complex. One of the case studies should emphasise the use of structural modelling (e.g., merging different versions of class diagrams), whereas the second should emphasise the use of behavioural modelling (e.g., merging use cases or activity diagrams or state charts). The deliverables will be: an introductory user guide ("Getting Started with Epsilon") and a tutorial, which may be a document, or a web-based tutorial (e.g., written in Javascript, Flash, etc).

Prerequisite knowledge: UML modelling, some familiarity with Java, interest in Model-Driven Development. Experience with Flash or Javascript would be helpful in the case where a web-based tutorial was constructed.

Readings: for information on Eclipse. for information on Epsilon, including a technical report. Other material (which is not publically available and therefore cannot be uploaded here) is available from the supervisor.

M. Fowler, UML Distilled, Addison-Wesley, 2003.

Campion and Walrath, The Java Tutorial (current edition), Addison-Wesley.

Designing Web-Based Tutorials,

RFP/6 - Model Transformation in Eiffel

(Suitable for CS, MEng, Adv. MSc)

The Eiffel programming language ( is a clean, expressive, powerful object-oriented language supporting single and multiple inheritance, generic types, covariance, and contracts. The Query-View-Transformation OMG standard is a declarative specification language for describing how models/programs are to be transformed into models/programs in a not-necessarily-different second language. This project will involve determining how to use Eiffel as a specification language for writing transformations. The starting point will be the ATL transformation language, which will be used as inspiration for expressing transformation rules. It will then be determined how to specify and implement transformation rules in a simple, lightweight way in Eiffel. A simple case study in transformation will be carried out, and the approach will be compared with that of ATL for simplicity, conciseness, precision, and easy of production.

Prerequisite knowledge: familiarity with object-oriented programming, e.g., with Java or C++. Familiarity with UML ( e.g., from MSD).


B. Meyer. Object-Oriented Software Construction, Prentice-Hall, 1997.

The ATL Web page:

QVT Specification, available at

R.F. Paige and A. Radjenovic. Towards Model Transformation with TXL, in Proc. Metamodelling for MDA Workshop 2003, York, UK, November 2003.

RFP/7 - A Seamless Eiffel Translation to C

(Suitable for Advanced MSc)

The Eiffel programming language ( is a clean, expressive, powerful object-oriented language supporting single and multiple inheritance, generic types, covariance, and contracts. There are two powerful compilers available for it: Eiffel Studio from ESI, and the GNU Smart Eiffel compiler. Both generate C code from Eiffel. In both cases it is difficult to see the relationship between the Eiffel code and the C code. This project aims at defining and prototyping (parts of) a seamless Eiffel-to-C compiler. The emphasis will be on designing and implementing the simplest possible translation of each Eiffel construct. The main mapping will be to translate each Eiffel class to a .h/.c file, dynamic dispatch to a virtual function table, and method dispatch to function pointers.

This is an open-ended project: we shall define a subset of Eiffel to attack, and as much emphasis should be put on designing a seamless mapping as in implementing it efficiently. It is to your advantage to have taken a course on compilers (particularly code generation) and you should be a good C programmer. You should also be familiar with at least one OO language (Eiffel preferably, but this isn't required).

Prerequisite knowledge: experience with C is essential. Previous work on compiler design is strongly recommended. No knowledge of Eiffel is required, but you should be comfortable with OO programming concepts.


Documentation on Eiffel at

GNU SmartEiffel available at

Aho, Sethi, and Ullman. Compilers, Addison-Wesley, 1986.

B. Stroustrup, The Design and Evolution of C++, Addison-Wesley.

RFP/8 - Expressing OCL in PVS

(Suitable for CS, Advanced MSc, MEng)

The Object Constraint Language is part of standard UML. It is used for writing constraints that can be applied to models, for example:

Tool support is need for manipulating and reasoning about OCL constraints. This project will study the feasibility of using the PVS language for specifying OCL, and using the PVS theorem prover for reasoning about OCL constraints. The project will involve:

I expect this to be a challenging project. The semantics of OCL is unclear in many places, and there are likely many pitfalls in mapping it to a well-founded language like PVS. However, the potential for making a contribution to the UML development and to our understanding of OCL is great (this may lead to publishable work). I think the main challenge in this project will be in considering the alternatives for mapping OCL to PVS, and weighing the pros and cons of each.

Prerequisite knowledge: familiarity with predicate logic is essential. Knowledge of OCL (e.g., from MSD or OOD) would be very useful. Of most importance is familiarity with functional programming (e.g., Scheme, Lisp, Haskell) since PVS's specification language effectively builds on a Lisp-like syntax, and you need to think functionally.


J. Warmer and A. Kleppe, The Object Constraint Language, Addison-Wesley, 1999.

S. Owre et al, The PVS Specification Language, CSL SRI Technical Report, Sept 1999, available from

E.C.R. Hehner, A Practical Theory of Programming, Springer-Verlag, 1993.

RFP/9 - Agile Product Line Development

(Suitable for Advanced MSc)

A software product line (SPL) is a set of software-intensive systems that share a common, managed set of features satisfying the specific needs of a particular market segment or mission and that are developed from a common set of core assets in a prescribed way.

Software product lines are rapidly emerging as a viable and important software development paradigm allowing companies to realize order-of-magnitude improvements in time to market, cost, productivity, quality, and other business drivers. Software product line engineering can also enable rapid market entry and flexible response, and provide a capability for mass customization.

Agile development techniques (like XP, Feature-Driven Development) aim to be responsive to change, while providing flexible development processes that de-emphasize documentation. There is an apparent disconnect between the requirements of building SPLs and the facilities offered by agile development.

In 2005, Xiaochen Wang did an initial feasibility study on integrating agile methods and software product lines. His MSc project produced an agile process (based on Feature-Driven Development) and considered two small case studies. This continuation project will evaluate the process developed by Wang on a larger case study, and will attempt to evaluate the overall agility of the process with empirical data. One of two case studies will be chosen: type managers, or Eclipse. A subset of requirements and configurations will be identified, and the agile process applied directly to the case study.

Prerequisite knowledge: knowledge of software architecture (e.g., from SYA).


Product line documentation at

Agile documentation available at

L. Bass et al, Software Architecture in Practice, AWL.

Xiaochen Wang, Agile Software Product Line Development, MSc in Software Engineering Project, University of York, 2005.

Information on type managers at:

RFP/10 - TXL for Model Transformation

(Suitable for Advanced MSc, MEng, CS)

TXL is a language transformation tool due to Jim Cordy at Queens University, Canada. When using TXL, two or more grammar specifications of languages are provided (e.g., a C grammar and a Java grammar). Transformation rules are then described which show how one language is transformed into the second language. The transformations can be partial and algorithmic, and emphasise reuse - rules defined for transforming one set of language constructs can be used to transform new constructs.

This project will focus on using TXL to define transformations of modelling languages, particularly transformations applied to UML. The focus will be on transforming a profile (subset) of UML class diagrams to a programming language, e.g., Java or C++. Challenges include: learning TXL, defining UML class diagrams using XML/XMI in TXL, and defining the mapping. A set of small examples will be carried out to show how the TXL tool works in this domain.

Prerequisite knowledge: familiarity with UML (e.g., from MSD or OOD) is essential. An understanding of language transformation or translation (e.g., from a compiler course) would be helpful. Familiarity with an OO programming language is necessary, too.


TXL information at

R.F. Paige and A. Radjenovic. Towards Model Transformation with TXL, in Proc. Metamodelling for MDA Workshop 2003, York, UK, November 2003.

Aho, Sethi, and Ullman. Compilers, AWL, 1986.

M. Fowler, UML Distilled, AWL, latest edition.

RFP/11 - Networked Multiplayer Games

(MEng, Advanced MSc)

In collaboration with Phil Brooke, University of Teesside, an abstract architecture for networked multiplayer games (similar to, e.g., Half-Life Firearms) has been produced. The basic idea is to partition functionality - scenario processing, ambient processing, security - amongst several processes (possibly distributed over several machines) and to assume that (simple, possibly differently enabled) clients are untrustworthy. This project can involve one or two of the following elements:

This is a very challenging project, and is clearly open-ended. The architectural design that exists is still quite loose, and formalising it in an industrial modeling language is likely a suitable challenge for a project. In terms of implementation, code exists in the open-source domain (e.g., Xpilot) that would be suitable for reuse.

Prerequisite knowledge: knowledge of networking (e.g., NDS) and distributed systems, comfortable with C++ or C programming. NB: this project will require a lot of coding.


Rudy Rucker, Software Engineering and Computer Games, AWL, 2003. Available in the library.

A. Rollings and D. Morris, Game Architecture and Design, Coriolis, 2000. Available in the library.

S. Rabin, Introduction to Game Development, Charles River Media, 2005.

T. Attridge, The use of contracts and design patterns in game design and implementation, BSc project, 2004 (available in department library).

X. Dong, Software architectures for networked games, BSc project, 2005 (available in project library).

RFP/12 - Agile Development of Grids

(Advanced MSc)

A Grid is a flexible system that orchestrates services (e.g., Grid or Web services) to deliver high-performance results to customers. Grids can be implemented using Globus, or OGSA/OGSI, and other technologies. This project aims to use Extreme Programming to build a representative Grid using a standard toolkit like Globus, OGSA/OGSI, or the OMII middleware. The case study to be considered is an estate agency, where properties can be bought or sold. The case study will clearly delimit how Extreme Programming was used, where it was helpful, where it hindered progress, and may propose new agile principles or practices for building Grids.

Prerequisite knowledge: familiarity with distributed systems is useful (especially web services). Knowledge of agile processes such as XP is helpful. Good programming skills required.


Globus information:

OMII information:


R.F. Paige, J. Cakic, X. Ge, and H. Chivers. Towards Agile Re-engineering of Dependable Grid Applications, in Proc. International Conference on Software Engineering and its Applications 2004, Paris, France, December 2004.

J. Cakic, R.F. Paige, H. Chivers, X. Ge, J.A. McDermid, and J. Austin. Flexible Dynamic Binding in Agile Grid Development, in Proc. All Hands Meeting 2005, Nottingham, UK, September 2005.

H. Chivers, R.F. Paige, and X. Ge. Agile Security via an Incremental Security Architecture, in Proc. Extreme Programming 2005, LNCS 3556, June 2005.

E.G. Aydal, Extreme programming and refactoring for building secure web-based applications and web services, MSc SWE project, 2005 (available in the project library).

RFP/13 - Two-Way Translation between AIM and XML

(CS, MEng, Advanced MSc)

A tool is required to provide two-way translation of text between an architectural description language and its XML representation. The notation in question is AIM, developed in the DARP HIRTS project at the University of York. The student will be provided with the description of AIM (particularly its grammar in BNF form), and its equivalent XML Schema, and a two-way mapping will be designed and implemented. The ideal implementation platform is C# under .NET, but C++, Delphi, and Java are alternatives that could be considered. A clear justification for choosing an implementation platform is a part of the project. The deliverables include a clear set of mapping rules (i.e., AIM constructs to XML, XML schema constructs to AIM), an implementation of both mappings, and several small case studies illustrating how to use the mappings and their supporting tools.

The AIM notation (and schema) is stable at the moment. However, minor modifications and extensions are anticipated and the tool should be flexible enough to support these changes.

Prerequisite knowledge: experience with architectures (e.g., from SYA). Some familiarity with translation (e.g., a compiler course) or transformation would be helpful.


AIM architectural notation, documentation available from the supervisor (documentation is proprietary at the moment).

L. Bass, P. Clements, and R. Kazman, Software Architecture in Practice, AWL, 2000.

C# information, available from Microsoft at

XML information, available at The material on XML schema is particularly important:

RFP/14 - Design-by-Contract for Game Design

(Suitable for Adv MSc, CS, MEng)

In 2003/4 Triston Attridge completed a project that explored the use of design by contract and design patterns in building a networked multiplayer game. In particular, he analysed the kinds of errors that contracts helped to track down, and tried to construct an argument that contracts added value to the game design and development process.

This project will repeat the experiment, and will attempt to produce additional evidence that contracts will help track down errors in the game development process. The project will therefore involve applying design by contract techniques in a suitable OO language (e.g., C++) to the construct of an interactive game. The emphasis of this project is on drawing conclusions on

The challenges include: designing a game scenario, designing and implementing the game in a suitably efficient language (i.e., C or C++ - but probably not Java!), and analyzing the use of contracts throughout the development process.

Prerequisite knowledge: You should be proficient with C or C++ and have some familiarity with UML and object-oriented techniques in general; even though the game may be implemented in a non-OO language, contracts are often expressed in an OO style.


B. Meyer, Object-Oriented Software Construction, Second Edition, Prentice-Hall, 1997.

Rudy Rucker, Software Engineering and Computer Games, AWL, 2003. Available in the library.

T. Attridge, The use of contracts and design patterns in game design and implementation, BSc project, 2004 (available in department library).