发布求助
文献互助 智能选刊 最新文献

2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation最新文献

筛选
英文 中文
Counting Bugs is Harder Than You Think 数虫子比你想象的要难
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.24
P. Black
{"title":"Counting Bugs is Harder Than You Think","authors":"P. Black","doi":"10.1109/SCAM.2011.24","DOIUrl":"https://doi.org/10.1109/SCAM.2011.24","url":null,"abstract":"Software Assurance Metrics and Tool Evaluation (SAMATE) is a broad, inclusive project at the U.S. National Institute of Standards and Technology (NIST) with the goal of improving software assurance by developing materials, specifications, and methods to test tools and techniques and measure their effectiveness. We review some SAMATE sub-projects: web application security scanners, malware research protocol, electronic voting systems, the SAMATE Reference Dataset, a public repository of thousands of example programs with known weaknesses, and the Static Analysis Tool Exposition (SATE). Along the way we list over two dozen possible research questions, which are also collaboration opportunities. Software metrics are incomplete without metrics of what is variously called bugs, flaws, or faults. We detail numerous critical research problems related to such metrics. For instance, is a warning from a source code scanner a real bug, a false positive, or something else? If a numeric overflow leads to buffer overflow, which leads to command injection, what is the error? How many bugs are there if two sources call two sinks: 1, 2, or 4? Where is a missing feature? We conclude with a list of concepts which may be a useful basis of bug metrics.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"196 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121107902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
I2SD: Reverse Engineering Sequence Diagrams from Enterprise Java Beans with Interceptors 从带有拦截器的企业Java bean中逆向工程序列图
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.5
S. Roubtsov, Alexander Serebrenik, A. Mazoyer, M. Brand, Ella E. Roubtsova
{"title":"I2SD: Reverse Engineering Sequence Diagrams from Enterprise Java Beans with Interceptors","authors":"S. Roubtsov, Alexander Serebrenik, A. Mazoyer, M. Brand, Ella E. Roubtsova","doi":"10.1109/SCAM.2011.5","DOIUrl":"https://doi.org/10.1109/SCAM.2011.5","url":null,"abstract":"An Enterprise Java Beans (EJB) interceptor is a software mechanism that provides for introducing behavior implemented as separate code into the execution of a Java application. In this way EJB interceptors provide a clear separation of the core functionality of the bean and other concerns, such as logging or performance analysis. Despite the beauty of the idea behind the interceptors, developing, testing and managing dependencies introduced by the interceptors are considered to be daunting tasks. For example, the developers can specify interceptors at multiple locations and by multiple means. However, different locations and specification means influence the order of the interceptor invocation, which is governed by more than fifteen different intertwined rules according to the EJB standard. To facilitate development of EJB applications we have designed I2SD, Interceptors to Sequence Diagrams, a tool for reverse engineering EJB applications with interceptors to UML sequence diagrams. I2SD provides the developer with a visual feedback and can be used by quality managers to get a broader understanding of the way interceptors are used in their project.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128935699","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Are the Clients of Flawed Classes (Also) Defect Prone? 有缺陷类的客户端也有缺陷倾向吗?
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.9
Radu Marinescu, C. Marinescu
{"title":"Are the Clients of Flawed Classes (Also) Defect Prone?","authors":"Radu Marinescu, C. Marinescu","doi":"10.1109/SCAM.2011.9","DOIUrl":"https://doi.org/10.1109/SCAM.2011.9","url":null,"abstract":"Design flaws are those characteristics of design entities (e.g., methods, classes) which make them harder to maintain. Existing studies show that classes revealing particular design flaws are more change and defect prone than the other classes. Since various collaborations are found among the instances of classes, classes are not isolated within the source code of object-oriented systems. In this paper we investigate if classes using classes revealing design flaws are more defect prone than classes which do not use classes revealing design flaws. We detect four design flaws in three releases of Eclipse and investigate the relation between classes that use/do not use flawed classes and defects. The results show that classes that use flawed classes are defect prone and this does not depend on the number of the used flawed classes. This findings show a new type of correlation between design flaws and defects, bringing evidence related to an increased likelihood of exhibiting defects for classes that use classes revealing design flaws. Based on the provided evidence, practitioners are advised once again about the negative impact design flaws have at a source code level.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"191 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129570102","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Program Analysis Too Loopy? Set the Loops Aside 程序分析太混乱?把循环放在一边
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.22
E. Larson
{"title":"Program Analysis Too Loopy? Set the Loops Aside","authors":"E. Larson","doi":"10.1109/SCAM.2011.22","DOIUrl":"https://doi.org/10.1109/SCAM.2011.22","url":null,"abstract":"Among the many obstacles in efficient and sound program analysis, loops may be the most prevalent. In program analyses that traverse paths, loops introduce a variable, possibly infinite, number of paths. This paper looks at whether loops could be analyzed separately and replaced with a summary. First, the complexity of a loop is estimated by counting the paths through the body of the loop. 85% of the loops have fewer than ten paths and less than 1% have more than 10,000 paths. Second, the number of paths is computed by analyzing loops separately to assess the feasibility of such an analysis approach. While the number of paths is decreased in many cases, it is typically not sufficient for long, complex functions. Finally, loops are classified based on their stopping condition and further analyzed for programming elements that may make loop analysis more difficult. Nearly half of the loops are array traversals and over half of the loops contain a function call.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"219 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121877754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Assumption Hierarchy for a CHA Call Graph Construction Algorithm CHA调用图构建算法的假设层次
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.20
Jason Sawin, A. Rountev
{"title":"Assumption Hierarchy for a CHA Call Graph Construction Algorithm","authors":"Jason Sawin, A. Rountev","doi":"10.1109/SCAM.2011.20","DOIUrl":"https://doi.org/10.1109/SCAM.2011.20","url":null,"abstract":"Method call graphs are integral components of many interprocedural static analyses which are widely used to aid in the development and maintenance of software. Unfortunately, the existences of certain dynamic features in modern programming languages, such as Java or C++, can lead to either unsoundness or imprecision in statically constructed call graphs. We investigate a hierarchy of assumptions that a Class Hierarchy Analysis (CHA) call graph construction algorithm can make about dynamic features in Java. Each successive level of the assumption hierarchy introduces new relaxations of suppositions. These relaxations allow the call graph algorithm to treat some uses of dynamic features more precisely and still remain sound. The hierarchy includes a novel assumption that dynamic features will respect encapsulation. We present an empirical study in which a unique call graph algorithm is implemented for each level of the assumption hierarchy. This study shows that assuming that dynamic features will respect encapsulation can lead to a call graph with 44% fewer edges than the fully conservative graph. By incorporating assumptions about casting operations and string values, it is possible to remain conservative and reduce the number of graph edges by 54% and graph nodes by 10% through the use of various resolution techniques. This work demonstrates that even a slight relaxation of assumptions can greatly improve the precision of a call graph. It further articulates the exact assumptions that a CHA call graph construction algorithm must make in order to use advanced resolution techniques.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116944125","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Computation of Alias Sets from Shape Graphs for Comparison of Shape Analysis Precision 形状图混叠集的计算及其形状分析精度的比较
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.11
Viktor Pavlu, M. Schordan, A. Krall
{"title":"Computation of Alias Sets from Shape Graphs for Comparison of Shape Analysis Precision","authors":"Viktor Pavlu, M. Schordan, A. Krall","doi":"10.1109/SCAM.2011.11","DOIUrl":"https://doi.org/10.1109/SCAM.2011.11","url":null,"abstract":"Various shape analysis algorithms have been introduced but their relation in terms of precision often remains unclear as different analyses use different representations of analysis results. The aim of our work is to extract alias sets from shape analysis results to compute a relative precision factor that expresses for a given program how much more precise one analysis is than the other. We present a significant improvement over an existing algorithm based on 3-valued logic to compute alias sets from shape graphs. Instead of looking only at the final nodes in pointer access paths, our common tail algorithm takes sequences of selectors into account. The common tail algorithm is strictly more precise than the existing algorithm by Reps, Sagiv, and Wilhelm, for our benchmarks we can reduce the number of conservative results by a factor of up to 5 in the best case while incurring an additional analysis overhead that is below 10% even in the worst case of our benchmarks. We selected two well-known graph-based shape analyses that use different representations of analysis results to demonstrate the usefulness of our approach. The shape analysis proposed by Nielson, Nielson & Hankin (NNH) and the analysis by Sagiv, Reps & Wilhelm (SRW) were implemented for a subset of C++ in the SATIrE program analysis framework. We are thus able to determine that NNH is more precise than SRW by a factor of 1.62 on average for our set of benchmarks.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131910813","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Tuning Static Data Race Analysis for Automotive Control Software 汽车控制软件的静态数据竞争分析调优
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.16
Steffen Keul
{"title":"Tuning Static Data Race Analysis for Automotive Control Software","authors":"Steffen Keul","doi":"10.1109/SCAM.2011.16","DOIUrl":"https://doi.org/10.1109/SCAM.2011.16","url":null,"abstract":"Implementation of concurrent software systems is difficult and error-prone. Race conditions can cause intermittent failures, which are rarely found during testing. In safety-critical applications, the absence of race conditions should be demonstrated before deployment of the system. Several static analysis techniques to show the absence of data races are known today. In this paper, we report on our experiences with a static data race detector. We define a basic analysis based on classical lockset analysis and present three enhancements to that algorithm. We evaluate and compare the effectiveness of the basic and enhanced analysis algorithms empirically for an automotive embedded system. We find that the number of warnings could be reduced by more than 40% and that the ratio of true positives per total number of warnings could be doubled.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"133 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114302538","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
A Constraint Programming Approach to Conflict-Aware Optimal Scheduling of Prioritized Code Clone Refactoring 优先代码克隆重构中冲突感知最优调度的约束规划方法
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.21
M. Zibran, C. Roy
{"title":"A Constraint Programming Approach to Conflict-Aware Optimal Scheduling of Prioritized Code Clone Refactoring","authors":"M. Zibran, C. Roy","doi":"10.1109/SCAM.2011.21","DOIUrl":"https://doi.org/10.1109/SCAM.2011.21","url":null,"abstract":"Duplicated code, also known as code clones, are one of the malicious ‘code smells' that often need to be removed through refactoring for enhancing maintainability. Among all the potential refactoring opportunities, the choice and order of a set of refactoring activities may have distinguishable effect on the design/code quality. Moreover, there may be dependencies and conflicts among those refactorings. The organization may also impose priorities on certain refactoring activities. Addressing all these conflicts, priorities, and dependencies, manual formulation of an optimal refactoring schedule is very expensive, if not impossible. Therefore, an automated refactoring scheduler is necessary, which will maximize benefit and minimize refactoring effort. In this paper, we present a refactoring effort model, and propose a constraint programming approach for conflict-aware optimal scheduling of code clone refactoring.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121339735","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 52
Recovering a Balanced Overview of Topics in a Software Domain 恢复软件领域主题的平衡概述
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.23
Matthew B. Kelly, Jason S. Alexander, Bram Adams, A. Hassan
{"title":"Recovering a Balanced Overview of Topics in a Software Domain","authors":"Matthew B. Kelly, Jason S. Alexander, Bram Adams, A. Hassan","doi":"10.1109/SCAM.2011.23","DOIUrl":"https://doi.org/10.1109/SCAM.2011.23","url":null,"abstract":"Domain analysis is a crucial step in the development of product lines and software reuse in general, in which domain experts try to identify the commonalities and variability between different products of a particular domain. This identification is challenging, since it requires significant manual analysis of requirements, design documents, and source code. In order to support domain analysts, this paper proposes to use topic modeling techniques to automatically identify common and unique concepts (topics) from the source code of different software products in a domain. An empirical case study of 19 projects, spread across the domains of web browsers and operating systems (totaling over 39 MLOC), shows that our approach is able to identify commonalities and variabilities at different levels of granularity (sub-domain and domain). In addition, we show how the commonalities are evenly spread across all projects of the domain.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"39 7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122505934","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
A Study of Cloning in the Linux SCSI Drivers Linux SCSI驱动程序克隆的研究
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2011-09-25 DOI: 10.1109/SCAM.2011.17
Wei Wang, Michael W. Godfrey
{"title":"A Study of Cloning in the Linux SCSI Drivers","authors":"Wei Wang, Michael W. Godfrey","doi":"10.1109/SCAM.2011.17","DOIUrl":"https://doi.org/10.1109/SCAM.2011.17","url":null,"abstract":"To date, most research on software code cloning has concentrated on detection and analysis techniques and their evaluation, and most empirical studies of cloning have investigated cloning within single system versions. In this paper, we present the results of a longitudinal study of cloning among the SCSI drivers for the Linux operating system that spans 16 years of evolution. We have chosen the SCSI driver subsystem as a test subject as it is known that cloning has been embraced by these developers as a design practice: when a new SCSI card comes out that is similar to an old one, but different enough to warrant its own implementation, a new driver may be cloned from an existing one. We discuss the results of our qualitative and quantitative analyses, including how the layered architecture of the SCSI subsystem seems to have affected the use of cloning as a design tool, the likelihood of consistent and inconsistent change over time, and the predictive power of using cloning between two independent driver implementations to model the similarity between two target devices.","PeriodicalId":286433,"journal":{"name":"2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129500144","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信