We have an excellent list of projects, and I’d like to thank all the project mentors for taking the time to work with our students.
Review Board is a powerful web-based code review tool that helps developers do peer review as they write code. Review Board is used by thousands of software companies including Twitter, Yahoo, and VMware, as well as many open-source projects like Apache and KDE.
For a full list of project suggestions, check out our wiki:Student Project Ideas
For more information, see the project web page at http://reviewboard.org, or our students demo videos at https://www.youtube.com/channel/UCTnwzlRTtx8wQOmyXiA_iCg/featured
Umple is an open source toolkit whose objective is to merge UML modeling and programming into a single activity. Umple can be used in several ways: It can be used as a textual language for UML. It can also be used as a programming-language pre-processor, allowing UML concepts like associations and state machines to be added directly to Java, C++, and PHP. In addition, Umple allows drawing UML diagrams online and generating code directly from those diagrams. It is the goal of the Umple team to have large numbers of programmers and modelers incrementally adopt Umple. The barriers to entry are low, since using Umple can be done in a minimal way, without disrupting the existing model or code. Umple is an open-source project hosted on Github. You will have the opportunity to learn some or all of the following:
Mozilla has two long term goals for CodeCoverage.
For a given changeset, what new lines of source code are covered? If new lines are not covered, are they important? Should we write more tests?
The Release Management team will use this to spot trends of increased or decreased coverage by module (top level directory in the source tree) and work with module owners/managers to understand risks and plan future work. They will also use this data to look at coverage changes in soon-to-land, or landed, patches.
This interface has gone through a single iteration of feedback, and now needs polish: See milestone
For any file, for any revision, show what tests cover that file.
This interface is is going through review now and will soon be ready for a round of feedback from users within Mozilla. This feedback will undoubtedly generate a list of fixes and features to work on.
Coverage is not collected at a per-test level yet, but we hope to have some initial data after January
Last year, the Firefox Debugger team decided to re-write the UI on Github with React. Today it has a modern web stack (React, Webpack, Babel) and is one of the most widely contributed to Mozilla projects.
With this project, we want to take the next step and build on our relationships with the major framework and library teams to build the kind of tools that we would have liked to have while building the Debugger. We hope that these integrations will make the debugger feel more like a React or Ember debugger than a JS debugger.
Some examples of framework and library integrations include:
Highlighting framework frames in the call stack will let us tell the user what frameworks are doing when the application pauses. For instance, if the user pauses while making an API call, the debugger call stack can show the user that the application is updating the user record because the “save” button was pressed.
Showing framework components in the source tree will let users see their application’s framework types. In the case of React and Redux that includes (Components, Actions, and Stores). We think this view can be more valuable than just seeing source files because it is closer to how developers think about their applications. It also provides us a way to link to other framework information in the future.
Previewing library objects will let frameworks format the objects the way they were intended to be seen. For instance, the most important data in a React component is the props and state. We hope to give frameworks control over how users see their framework objects because we think it paves the way for future integration points in the future.
These features are exciting because it shows that when we work closely with libraries and framework teams, we can build new types of tools that help developers every day.
In the Inspector, we will be working on a number of tools related to various CSS properties, Layout and Font inspection. Some examples of these new tools and features that previous students have worked on included:
To read about some of the accomplishments from previous UCOSP students, visit https://hacks.mozilla.org/2017/06/new-css-grid-layout-panel-in-firefox-nightly/.
For the Inspector, we want to continue to working on better CSS Layout tooling such as CSS Grids and Flexbox inspector. In addition, we are aiming to implement more visual editors that will help developers and designers with debugging and editing complex CSS properties visually. Since CSS is very declarative by nature, we can provide tools that are commonly found in digital design tools, such as Adobe Photoshop and Illustrator, and Sketch, in order to bridge the learning gap of new developers and designers learning CSS. This would allow them to edit various CSS properties such as box-shadow, clip-path, gradient, filters, etc without knowing what the properties are.
Our goal is to help developers and designers come into the Inspector and be able to easily edit and learn HTML and CSS, and make changes to their web pages and eventually provide better authoring tools to help them also extract these changes.
Formulize is a tool for making data management systems on the web.
Formulize has extensive support for modelling workflows, so that organizations can customize how users interact with the data that Formulize is managing. It is aimed at “power users” in not-for-profits and other organizations without large IT departments and resources, empowering them to create systems that would otherwise require custom programming to deploy.
The most basic operation in Formulize, is the creation of forms. Administrators can specify what elements should appear on the form, and also how different groups of end users should be able to interact with the form. From there, administrators can make custom screens that control how lists of entries in each form are shown to end users.
Administrators can also control how different forms relate to each other, similar to describing table relationships in an ERD. These relationships then govern how data is queried from the database, enabling screens to display complex sets of information to users, rather than just entries from a single form.
Formulize can work as a standalone application, installed on a web server. Formulize can also be embedded within any PHP-driven web application on the same server where it is installed. A Drupal module has been created that supports extensive integration with the Drupal content management platform, including single sign-on for users. Integration plugins for WordPress and Joomla have also been created (by previous UCOSP students!).
Formulize is used by organizations around the world, for a variety of purposes, from tracking the status of housing renovations, to recording the activities of wilderness rescue teams. Formulize was created by Freeform Solutions, a Canadian not-for-profit organization that helps other not-for-profits with IT.
Because it is a tool that you use to create other systems, rather than a tool that does something for end users by itself, there is a high degree of abstraction throughout the codebase, especially the parts that interact with the database. The code has to read configuration information specified by the administrators, and use that to dynamically generate all operations, including database queries.
The newer parts of the codebase employ some object orientation. Older parts remain largely procedural. The codebase is maintained on GitHub. Over the years, Formulize has developed a specific process for managing code, tests and documentation all through our GitHub repository. Our the tests are run automatically by a continuous integration system, based on Travis-CI and Sauce Labs. Students will have exposure to this process as part of contributing to the Formulize project.
Students will have extensive exposure to PHP of course, and related web technologies. This term, we will be focusing on creating a web services API that will allow the cross-site integration of Formulize to operate via http requests, not just through server-side includes as it does now. Students who are interested in web technologies, particularly web services, are strongly encouraged to join the project this term.
Learn more about Formulize:
Download Formulize and docs: http://formulize.org/formulize-downloads
Browse the GitHub repository: https://github.com/jegelstaff/formulize
Video tutorials for using Formulize (the full series is about three hours, but you can skip around between various videos at your leisure): http://formulize.org/formulize-workshop
Learn about our version control and continuous integration process: https://jegelstaff.github.io/formulize/developers/
Apple is a dominant player in the mobile space, and Swift is its new language for writing mobile apps. The LLVM-based tooling that Apple provides is low-level machinery that is not readily usable by researchers working on program analysis at a higher level. Current research frameworks such as WALA and SOOT have little support for Swift, while, on the other hand, they provide extensive support for even the latest versions of Android. The result is a plethora of published tools for Android, e.g. Flowdroid, Scandroid, Stringoid, DroidInfer to name a few, and a relative dearth of tools for Apple platforms.
Given the popularity of Apple products and a wealth of published work for Android based on available infrastructure, we believe that a lack of suitable Swift infrastructure is a significant impediment. Therefore, support for Swift in a major platform like WALA would enable a wide range of new work. For example, Apple’s security model is significantly different from that of Android; similarly, Swift is rather different from popular languages on Android, especially at the type system level. It would be interesting to understand how these aspects affect program analysis, and analysis infrastructure is a prerequisite for such investigations.
There has been some ongoing work on Swift support since the WALA hack-a-thon held at PLDI 2017, where participants implemented some basic level of functionality for people to explore call WALA from within the Swift compiler. During UCOSP Fall 2017, the team was able to add WALA support for some Swift features including Integer Literals, String Literals, and Boolean Short-Circuit Evaluation.
Karim Ali, University of Alberta Julian Dolby, IBM T. J. Watson Research Center
C++, Java, Swift, JNI, LLVM, Swift Compiler, WALA, Static Analysis, Mac/Ubuntu CLI, Xcode, clang, Maven, Ninja, CMake
Current work on safe browsing and tracker prevention largely rely on heuristic
 approaches or (semi) manually updated
. When it comes to measuring the efficacy of privacy and tracking protection service, client-side performance is difficult
to asses. Current anti-tracking technologies attempt to block the execution of (primarily
assets to third-party entities. This project will perform largely exploratory analysis into the potential for real-time and element-wise
In order to improve upon current methods for assessing anti-tracking performance, a criteria of “information leakage” will be developed and articulated in the context of reference statistics derived from the crawl data. This quantity will relate to the distinctiveness of a particular browser visit to a page in a feature space defined by the information accessible by the page. Preliminary work on browser fingerprinting has been done by the EFF utilizing a worst-case assumption of data collection; the work performed in this project will compliment that research by providing a realistic model of attempted collection behaviour exhibited by websites in the wild.
Visualization – A key component to tracking protection is raising awareness of the mechanisms and severity of tracking. This may help users to change their online behaviour through the use of tools that help protect against tracking. The data analysis of the crawl data should for the basis of a sub-task related to visualizing privacy loss as a result of online tracking.
Project lead: Martin Lopatka (Mozilla)
Differential Privacy expert: Dave Zeber (Mozilla)
TrackWare specialist: Luke Crouch (Mozilla)
A common way of testing software or research prototypes is to use well-known benchmark suites such as the DaCapo suite  for example. However, such large benchmarks are hard to create and to maintain, and this work is often done by hand. Moreover, benchmark suites currently only exist to test for specific properties, and are not necessarily adapted to the needs of the tested software. The Automated Benchmark Management (ABM) methodology  has been created to address the shortcomings of current benchmark suites. It aims at automatizing the process of benchmark creation and maintenance, and makes it fully customizable to the user, so that they can create benchmark suites adapted to their use. We are currently building a website  to implement the ABM methodology. The current implementation crawls GitHub for open-source, real-world projects. It allows users to filter out unsuitable projects using the Hermes project, which analyzes projects and collects various metrics , and create and update collections from the remaining projects.
After the initial search, users can filter out unsuitable projects, using sets of pre-defined filters. Your work will be to re-design and implement the user interface for the filtering module, and to improve its usability. At the end of this project, users should be able to easily select the set of projects they need with respect to the filters they select.
Your work will mainly focus on frontend programming in AngularJS. Interactions with the backend are handled in Java. ABM is managed through multiple branches on a git repository, and is updated using the Jenkins continuous integration system.
Karim Ali, University of Alberta
Lisa Nguyen, Fraunhofer IEM
Ben Hermann, Paderborn University
 Stephen M. Blackburn, et al. 2006. The DaCapo benchmarks: java benchmarking development and analysis. In Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications (OOPSLA ‘06). ACM, New York, NY, USA, 169-190. DOI = http://dx.doi.org/10.1145/1167473.1167488
 Lisa Nguyen Quang Do, Michael Eichberg, and Eric Bodden. 2016. Toward an automated benchmark management system. In Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2016). ACM, New York, NY, USA, 13-17. DOI: http://dx.doi.org/10.1145/2931021.2931023
 ABM: http://abm.cs.upb.de/abm/index.html#/
 Michael Reif, Michael Eichberg, Ben Hermann, and Mira Mezini. 2017. Hermes: assessment and creation of effective test corpora. In Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2017). ACM, New York, NY, USA, 43-48. DOI: https://doi.org/10.1145/3088515.3088523