发布求助
文献互助 智能选刊 最新文献

2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation最新文献

筛选
英文 中文
Security Testing of Web Applications: A Search-Based Approach for Cross-Site Scripting Vulnerabilities Web应用程序的安全测试:跨站点脚本漏洞的基于搜索的方法
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.7
Andrea Avancini, M. Ceccato
{"title":"Security Testing of Web Applications: A Search-Based Approach for Cross-Site Scripting Vulnerabilities","authors":"Andrea Avancini, M. Ceccato","doi":"10.1109/SCAM.2011.7","DOIUrl":"https://doi.org/10.1109/SCAM.2011.7","url":null,"abstract":"More and more web applications suffer the presence of cross-site scripting vulnerabilities that could be exploited by attackers to access sensitive information (such as credentials or credit card numbers). Hence proper tests are required to assess the security of web applications. In this paper, we resort to a search based approach for security testing web applications. We take advantage of static analysis to detect candidate cross-site scripting vulnerabilities. Input values that expose these vulnerabilities are searched by a genetic algorithm and, to help the genetic algorithm escape local optima, symbolic constraints are collected at run-time and passed to a solver. Search results represent test cases to be used by software developers to understand and fix security problems. We implemented this approach in a prototype and evaluated it on real world PHP code.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115352718","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 42
What You See is What You Asked for: An Effort-Based Transformation of Code Analysis Tasks into Interactive Visualization Scenarios 你所看到的就是你所要求的:代码分析任务到交互式可视化场景的基于努力的转换
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.6
Ahmed Sfayhi, H. Sahraoui
{"title":"What You See is What You Asked for: An Effort-Based Transformation of Code Analysis Tasks into Interactive Visualization Scenarios","authors":"Ahmed Sfayhi, H. Sahraoui","doi":"10.1109/SCAM.2011.6","DOIUrl":"https://doi.org/10.1109/SCAM.2011.6","url":null,"abstract":"We propose an approach that derives interactive visualization scenarios from descriptions of code analysis tasks. The scenario derivation is treated as an optimization process. In this context, we evaluate different possibilities of using a given visualization tool to perform the analysis task, and select the scenario that requires the least effort from the analyst. Our approach was applied successfully to various analysis tasks such as design defect detection and feature location.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"58 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120815760","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Knitting Music and Programming: Reflections on the Frontiers of Source Code Analysis 编织音乐和编程:对源代码分析前沿的思考
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.10
N. Gold
{"title":"Knitting Music and Programming: Reflections on the Frontiers of Source Code Analysis","authors":"N. Gold","doi":"10.1109/SCAM.2011.10","DOIUrl":"https://doi.org/10.1109/SCAM.2011.10","url":null,"abstract":"Source Code Analysis and Manipulation (SCAM) underpins virtually every operational software system. Despite the impact and ubiquity of SCAM principles and techniques in software engineering, there are still frontiers to be explored. Looking \"inward\" to existing techniques, one finds frontiers of performance, efficiency, accuracy, and usability, looking \"outward\" one finds new languages, new problems, and thus new approaches. This paper presents a reflective framework for characterizing source languages and domains. It draws on current research projects in music program analysis, musical score processing, and machine knitting to identify new frontiers for SCAM. The paper also identifies opportunities for SCAM to inspire, and be inspired by, problems and techniques in other domains.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115048244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Automatic Parallelization of Side-Effecting Higher-Order Scheme Programs 副作用高阶方案程序的自动并行化
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.13
Jens Nicolay, Coen De Roover, W. Meuter, V. Jonckers
{"title":"Automatic Parallelization of Side-Effecting Higher-Order Scheme Programs","authors":"Jens Nicolay, Coen De Roover, W. Meuter, V. Jonckers","doi":"10.1109/SCAM.2011.13","DOIUrl":"https://doi.org/10.1109/SCAM.2011.13","url":null,"abstract":"The multi-core revolution heralds a challenging era for software maintainers. Manually parallelizing large sequential code bases is often infeasible. In this paper, we present a program transformation that automatically parallelizes real-life Scheme programs. The transformation has to be instantiated with an interprocedural dependence analysis that exposes parallelization opportunities in a sequential program. To this end, we extended a state-of-the art analysis that copes with higher-order procedures and side effects. Our parallelizing transformation exploits all opportunities for parallelization that are exposed by the dependence analysis. Experiments demonstrate that this brute-force approach realizes scalable speedups in certain benchmarks, while others would benefit from a more selective parallelization.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122533690","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Equational Reasoning on x86 Assembly Code x86汇编代码的等式推理
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.15
Kevin Coogan, S. Debray
{"title":"Equational Reasoning on x86 Assembly Code","authors":"Kevin Coogan, S. Debray","doi":"10.1109/SCAM.2011.15","DOIUrl":"https://doi.org/10.1109/SCAM.2011.15","url":null,"abstract":"Analysis of software is essential to addressing problems of correctness, efficiency, and security. Existing source code analysis tools are very useful for such purposes, but there are many instances where high-level source code is not available for software that needs to be analyzed. A need exists for tools that can analyze assembly code, whether from disassembled binaries or from handwritten sources. This paper describes an equational reasoning system for assembly code for the ubiquitous Intel x86 architecture, focusing on various problems that arise in low-level equational reasoning, such as register-name aliasing, memory indirection, condition-code flags, etc. Our system has successfully been applied to the problem of simplifying execution traces from obfuscated malware executables.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124542536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Lightweight Transformation and Fact Extraction with the srcML Toolkit 使用srcML工具包进行轻量级转换和事实提取
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.19
M. Collard, M. J. Decker, Jonathan I. Maletic
{"title":"Lightweight Transformation and Fact Extraction with the srcML Toolkit","authors":"M. Collard, M. J. Decker, Jonathan I. Maletic","doi":"10.1109/SCAM.2011.19","DOIUrl":"https://doi.org/10.1109/SCAM.2011.19","url":null,"abstract":"The srcML toolkit for lightweight transformation and fact-extraction of source code is described. srcML is an XML format for C/C++/Java source code. The open source toolkit that includes the source-to-srcML and srcML-to-source translators for round-trip reverse engineering is freely available. The direct use of XPath and XSLT is supported, an archive format for large projects is included, and a rich set of input and output formats through a command-line interface is available. Applying transformations and formulating queries using srcML is very convenient. Application use-cases of transformations and fact-extraction are shown and demonstrated to be practical and scalable.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125994082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 93
Exploring the Development of Micro-apps: A Case Study on the BlackBerry and Android Platforms 探讨微应用开发:以黑莓和Android平台为例
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.25
Mark D. Syer, Bram Adams, Ying Zou, A. Hassan
{"title":"Exploring the Development of Micro-apps: A Case Study on the BlackBerry and Android Platforms","authors":"Mark D. Syer, Bram Adams, Ying Zou, A. Hassan","doi":"10.1109/SCAM.2011.25","DOIUrl":"https://doi.org/10.1109/SCAM.2011.25","url":null,"abstract":"The recent meteoric rise in the use of smart phones and other mobile devices has led to a new class of applications, i.e., micro-apps, that are designed to run on devices with limited processing, memory, storage and display resources. Given the rapid succession of mobile technologies and the fierce competition, micro-app vendors need to release new features at break-neck speed, without sacrificing product quality. To understand how different mobile platforms enable such a rapid turnaround-time, this paper compares three pairs of feature-equivalent Android and Blackberry micro-apps. We do this by analyzing the micro-apps along the dimensions of source code, code dependencies and code churn. BlackBerry micro-apps are much larger and rely more on third party libraries. However, they are less susceptible to platform changes since they rely less on the underlying platform. On the other hand, Android micro-apps tend to concentrate code into fewer files and rely heavily on the Android platform. On both platforms, code churn of micro-apps is very high.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134266629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 51
The Effect of Lexicon Bad Smells on Concept Location in Source Code 词典异味对源代码中概念定位的影响
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.18
S. Abebe, S. Haiduc, P. Tonella, Andrian Marcus
{"title":"The Effect of Lexicon Bad Smells on Concept Location in Source Code","authors":"S. Abebe, S. Haiduc, P. Tonella, Andrian Marcus","doi":"10.1109/SCAM.2011.18","DOIUrl":"https://doi.org/10.1109/SCAM.2011.18","url":null,"abstract":"Experienced programmers choose identifier names carefully, in the attempt to convey information about the role and behavior of the labeled code entity in a concise and expressive way. In fact, during program understanding the names given to code entities represent one of the major sources of information used by developers. We conjecture that lexicon bad smells, such as, extreme contractions, inconsistent term use, odd grammatical structure, etc., can hinder the execution of maintenance tasks which rely on program understanding. We propose an approach to determine the extent of this impact and instantiate it on the task of concept location. In particular, we conducted a study on two open source software systems where we investigated how lexicon bad smells affect Information Retrieval-based concept location. In this study, the classes changed in response to past modification requests are located before and after lexicon bad smells are identified and removed from the source code. The results indicate that lexicon bad smells impact concept location when using IRbased techniques.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122322307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 42
A Comparative Study of Code Query Technologies 代码查询技术的比较研究
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.14
Tiago L. Alves, Jurriaan Hage, P. Rademaker
{"title":"A Comparative Study of Code Query Technologies","authors":"Tiago L. Alves, Jurriaan Hage, P. Rademaker","doi":"10.1109/SCAM.2011.14","DOIUrl":"https://doi.org/10.1109/SCAM.2011.14","url":null,"abstract":"When analyzing software systems we face the challenge of how to implement a particular analysis for different programming languages. A solution for this problem is to write a single analysis using a code query language, abstracting from the specificities of languages being analyzed. Over the past ten years many code query technologies have been developed, based on different formalisms. Each technology comes with its own query language and set of features. To determine the state of the art of code querying we compare the languages and tools for seven code query technologies: Grok, Rscript, JRelCal, Semmle Code, JGraLab, CrocoPat and JTransformer. The specification of a package stability metric is used as a running example to compare the languages. The comparison involves twelve criteria, some of which are concerned with properties of the query language (paradigm, types, parametrization, polymorphism, modularity, and libraries), and some of which are concerned with the tool itself (output formats, interactive interface, API support, interchange formats, extraction support, and licensing). We contextualize the criteria in two usage scenarios: interactive and tool integration. We conclude that there is no particularly weak or dominant tool. As important improvement points, we identify the lack of library mechanisms, interchange formats, and possibilities for integration with source code extractors.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124313609","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
CheckPointer - A C Memory Access Validator 一个C内存访问验证器
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.8
M. Mehlich
{"title":"CheckPointer - A C Memory Access Validator","authors":"M. Mehlich","doi":"10.1109/SCAM.2011.8","DOIUrl":"https://doi.org/10.1109/SCAM.2011.8","url":null,"abstract":"Check Pointer is a memory access validator for checking spatial and temporal pointer usage errors in multi-threaded applications by tracking meta data and validating pointer dereferences at run-time. The tool uses source-to source transformations implemented with DMS to instrument the source code of the application to be validated with meta data checks. Libraries available only in binary form are handled by using function wrappers that check meta data immediately before calling a library function and update meta data as necessary immediately after the library function returns.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123320506","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信