Dr. Alexander von Rhein

… ist Berater für Software-Qualität bei der CQSE GmbH. Er promovierte zu den Themen Software Produktlinien und Software Analyse an der Universität Passau.

  • +49 space::159 space::04517754

Blog Posts

Since this post accompanies a talk in German, it is written in German, too.


  • Sprecher: Alexander von Rhein
  • Konferenz: OOP 2019
  • Datum: Mittwoch, 23. Januar 2019, 09:45 - 10:30 Uhr
  • Ort: ICM – Internationales Congress Center München


Many software development projects use online tools for collaboration between developers. For example, developers use GitLab, GitHub, Jira, and Gerrit for asynchronous discussions about code, for reviewing features before accepting them into the »main« branch, and for executing automated tests. Usually, the impact of a feature on code maintainablility is not easily visible in such tools (it is hard to judge this from a simple code diff). Some newly introduced maintainability flaws such as new architecture violations or code that is cloned from non-changed existing code are impossible to recognize when seeing only the changed code. Even if a Teamscale instance exists that contains findings on code quality, opening it is an effort that is often skipped by reviewers. In this blog post, I illustrate how Teamscale results can be integrated easily in existing online-collaboration tools. This helps to make existing code-review processes more thorough and efficient.


Our mission at CQSE is to help customers improve the quality of their code. Our tool Teamscale checks source code and reports issues such as logical flaws, copy&paste programming and possible performance bottlenecks. However there is one aspect of code quality that we did not address so far: code security. Code is secure if it can not be used by an attacker to perform unintented, dangerous actions on the host system. For example, if an attacker inserts '; DROP TABLE Customers; in an input field, this might cause a system to delete the Customers table—a well known »SQL Injection« attack. In this post, I will explain how new analyses in Teamscale can efficiently detect vulnerabilities for such attacks and report them to developers.



Alexander von Rhein, Jörg Liebig, Andreas Janker, Christian Kästner, Sven Apel:

Variability-Aware Static Analysis at Scale: An Empirical Study.

ACM Transactions on Software Engineering and Methodology, Vol. 27, 2018.

Alexander von Rhein:

Analysis Strategies for Configurable Systems.

Dissertation. University of Passau, Germany, 2016.

Alexander von Rhein, Alexander Grebhahn, Sven Apel, Norbert Siegmund, Dirk Beyer, Thorsten Berger:

Presence-Condition Simplification in Highly Configurable Systems.

Proceedings of the International Conference on Software Engineering (ICSE), 2015.

Jörg Liebig, Alexander von Rhein, Christian Kästner, Sven Apel, Jens Dörre, Christian Lengauer:

Scalable Analysis of Variable Software.

Proceedings of the European Software Engineering Conference and the International Symposium on the Foundations of Software Engineering (ESEC/FSE): Companion Papers, 2013.

Sven Apel, Alexander von Rhein, Philipp Wendler, Armin Größlinger, Dirk Beyer:

Strategies for Product-Line Verification: Case Studies and Experiments.

Proceedings of the International Conference on Software Engineering (ICSE), 2013.