发布求助
文献互助 智能选刊 最新文献

2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation最新文献

筛选
英文 中文
AccessAnalysis: A Tool for Measuring the Appropriateness of Access Modifiers in Java Systems AccessAnalysis:一个度量Java系统中访问修饰符的适当性的工具
2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2012-09-23 DOI: 10.1109/SCAM.2012.23
C. Zoller, Axel Schmolitzky
{"title":"AccessAnalysis: A Tool for Measuring the Appropriateness of Access Modifiers in Java Systems","authors":"C. Zoller, Axel Schmolitzky","doi":"10.1109/SCAM.2012.23","DOIUrl":"https://doi.org/10.1109/SCAM.2012.23","url":null,"abstract":"Access modifiers allow Java developers to define package and class interfaces tailored for different groups of clients. According to the principles of information hiding and encapsulation, the accessibility of types, methods, and fields should be as restrictive as possible. However, in programming practice, the potential of the given possibilities seems not always be fully exploited. Access Analysis is a plug-in for the Eclipse IDE that measures the usage of access modifiers for types and methods in Java. It calculates two metrics, Inappropriate Generosity with Accessibility of Types (IGAT) and Inappropriate Generosity with Accessibility of Methods (IGAM), which represent the degree of deviation between actual and necessary access modifiers. As an approximation for the necessary access modifier, we introduce the notion of minimal access modifiers. The minimal access modifier is the most restrictive access modifier that allows all existing references to a type or method in the entire source code of a system. Access Analysis determines minimal access modifiers by static source code analysis using the build-in Java DOM/AST API of Eclipse.","PeriodicalId":291855,"journal":{"name":"2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128252865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
CAWDOR: Compiler Assisted Worm Defense 编译器辅助蠕虫防御
2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2012-09-23 DOI: 10.1109/SCAM.2012.30
Jun Yuan, Rob Johnson
{"title":"CAWDOR: Compiler Assisted Worm Defense","authors":"Jun Yuan, Rob Johnson","doi":"10.1109/SCAM.2012.30","DOIUrl":"https://doi.org/10.1109/SCAM.2012.30","url":null,"abstract":"This paper explores how much the source code analysis can assist worm defense system. Previously-proposed worm defense systems have used disparate mechanisms to detect worms, analyze exploits, verify alerts, and apply mitigations. Furthermore, previous systems have not offered predictability, i.e. it is not possible to verify, in advance, that the defense system will never generate a mitigation that breaks the program. This paper describes a program transformation technique that makes collaborative worm defense systems easy to build, predictable and fast-responsive. Our transformation provides a single building block that can be used to perform worm detection, exploit analysis, alert verification, and mitigation application. In fact, our transformation makes most of these tasks trivial. Furthermore, software vendors and users can test, in advance, that the defense system will very unlikely apply a mitigation that breaks their software. Mitigations are vulnerability-specific not exploit-specific. Finally, our system can respond extremely quickly to a new worm. The exploit analysis becomes trivial so sentinel hosts can issue an alert the instant they detect a worm. We have implemented a prototype of our system based on the Jones and Kelly program transformation for memory safety. During normal operation, our system incurs only 5% overhead. We take advantage of static analysis to develop several optimizations and make the Jones and Kelly approach to memory safety efficient and practical.","PeriodicalId":291855,"journal":{"name":"2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133964337","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Building Useful Program Analysis Tools Using an Extensible Java Compiler 使用可扩展的Java编译器构建有用的程序分析工具
2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2012-09-23 DOI: 10.1109/SCAM.2012.28
E. Aftandilian, R. Sauciuc, Siddharth Priya, Sundaresan Krishnan
{"title":"Building Useful Program Analysis Tools Using an Extensible Java Compiler","authors":"E. Aftandilian, R. Sauciuc, Siddharth Priya, Sundaresan Krishnan","doi":"10.1109/SCAM.2012.28","DOIUrl":"https://doi.org/10.1109/SCAM.2012.28","url":null,"abstract":"Large software companies need customized tools to manage their source code. These tools are often built in an ad-hoc fashion, using brittle technologies such as regular expressions and home-grown parsers. Changes in the language cause the tools to break. More importantly, these ad-hoc tools often do not support uncommon-but-valid code code patterns. We report our experiences building source-code analysis tools at Google on top of a third-party, open-source, extensible compiler. We describe three tools in use on our Java code base. The first, Strict Java Dependencies, enforces our dependency policy in order to reduce JAR file sizes and testing load. The second, error-prone, adds new error checks to the compilation process and automates repair of those errors at a whole-code base scale. The third, Thindex, reduces the indexing burden for a Java IDE so that it can support Google-sized projects.","PeriodicalId":291855,"journal":{"name":"2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133685814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 61
Bakar Alir: Supporting Developers in Construction of Information Flow Contracts in SPARK Bakar Alir:在SPARK中支持开发人员构建信息流契约
2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2012-09-23 DOI: 10.1109/SCAM.2012.25
Hariharan Thiagarajan, J. Hatcliff, Jason Belt, Robby
{"title":"Bakar Alir: Supporting Developers in Construction of Information Flow Contracts in SPARK","authors":"Hariharan Thiagarajan, J. Hatcliff, Jason Belt, Robby","doi":"10.1109/SCAM.2012.25","DOIUrl":"https://doi.org/10.1109/SCAM.2012.25","url":null,"abstract":"This tool paper describes the design and implementation of an interactive environment for discovering and browsing information flow in SPARK programs. SPARK is a subset of Ada that has been used in a number of industrial contexts for implementing certified safety and security critical systems. SPARK requires explicit specification of information flow properties in the form of procedure contracts. To write such contracts, developers need to understand the data and control dependencies in the program. Our tool Bakar Alir, implemented as an Eclipse Plug-in, utilizes classic slicing and chopping techniques to assist developers in writing information flow contracts.","PeriodicalId":291855,"journal":{"name":"2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation","volume":"139 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114316309","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Folding Repeated Instructions for Improving Token-Based Code Clone Detection 改进基于令牌的代码克隆检测的折叠重复说明
2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2012-09-23 DOI: 10.1109/SCAM.2012.21
Hiroaki Murakami, Keisuke Hotta, Yoshiki Higo, H. Igaki, S. Kusumoto
{"title":"Folding Repeated Instructions for Improving Token-Based Code Clone Detection","authors":"Hiroaki Murakami, Keisuke Hotta, Yoshiki Higo, H. Igaki, S. Kusumoto","doi":"10.1109/SCAM.2012.21","DOIUrl":"https://doi.org/10.1109/SCAM.2012.21","url":null,"abstract":"A variety of code clone detection methods have been proposed before now. However, only a small part of them is widely used. Widely-used methods are line-based and token-based ones. They have high scalability because they neither require deep source code analysis nor constructing complex intermediate structures for the detection. High scalability is one of the big advantages in code clone detection tools. On the other hand, line/token-based detections yield many false positives. One of the factors is the presence of repeated instructions in the source code. For example, herein we assume that there are consecutive three printf statements in C source code. If we apply a token-based detection to them, the former two statements are detected as a code clone of the latter two statements. However, such overlapped code clones are redundant and so not useful for developers. In this paper, we propose a new detection method that is free from the influence of the presence of repeated instructions. The proposed method transforms every of repeated instructions into a special form, and then it detects code clones using a suffix array algorithm. The transformation prevents many false positives from being detected. Also, the detection speed remains. The proposed detection method has already been developed as a software tool, FRISC. We confirmed the usefulness of the proposed method by conducting a quantitative evaluation of FRISC with Bellon's oracle.","PeriodicalId":291855,"journal":{"name":"2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation","volume":"57 10","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114014492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 29
Aucsmith-Like Obfuscation of Java Bytecode 类似于aucsmith的Java字节码混淆
2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2012-09-23 DOI: 10.1109/SCAM.2012.14
Andrea Zambon
{"title":"Aucsmith-Like Obfuscation of Java Bytecode","authors":"Andrea Zambon","doi":"10.1109/SCAM.2012.14","DOIUrl":"https://doi.org/10.1109/SCAM.2012.14","url":null,"abstract":"This paper describes a functional dynamic Java byte code obfuscator based on the general ideas introduced by Aucsmith's algorithm. This tool provides a very high level of security for the obfuscated code due to the fact that the code that gets executed is not visible at all in the initial jar file, but at the cost of an extreme performance overhead. However, further improvements promise to drastically improve the performance of the obfuscated application.","PeriodicalId":291855,"journal":{"name":"2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation","volume":"30 6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131847477","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Improving Bug Location Using Binary Class Relationships 使用二进制类关系改进Bug定位
2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2012-09-23 DOI: 10.1109/SCAM.2012.26
Nasir Ali, Aminata Sabane, Yann-Gaël Guéhéneuc, G. Antoniol
{"title":"Improving Bug Location Using Binary Class Relationships","authors":"Nasir Ali, Aminata Sabane, Yann-Gaël Guéhéneuc, G. Antoniol","doi":"10.1109/SCAM.2012.26","DOIUrl":"https://doi.org/10.1109/SCAM.2012.26","url":null,"abstract":"Bug location assists developers in locating culprit source code that must be modified to fix a bug. Done manually, it requires intensive search activities with unpredictable costs of effort and time. Information retrieval (IR) techniques have been proven useful to speedup bug location in object-oriented programs. IR techniques compute the textual similarities between a bug report and the source code to provide a list of potential culprit classes to developers. They rank the list of classes in descending order of the likelihood of the classes to be related to the bug report. However, due to the low textual similarity between source code and bug reports, IR techniques may put a culprit class at the end of a ranked list, which forces developers to manually verify all non-culprit classes before finding the actual culprit class. Thus, even with IR techniques, developers are not saved from manual effort. In this paper, we conjecture that binary class relationships (BCRs) could improve the rankings by IR techniques of classes and, thus, help reducing developers' manual effort. We present an approach, LIBCROOS, that combines the results of any IR technique with BCRs gathered through source code analyses. We perform an empirical study on four programs -- Jabref, Lucene, muCommander, and Rhino -- to compare the accuracy, in terms of ranking, of LIBCROOS with two IR techniques: latent semantic indexing (LSI) and vector space model (VSM). The results of this empirical study show that LIBCROOS improves the rankings of both IR technique statistically when compared to LSI and VSM alone and, thus, may reduce the developers' effort.","PeriodicalId":291855,"journal":{"name":"2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126340739","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Alias-Aware Propagation of Simple Pattern-Based Properties in PHP Applications PHP应用程序中基于模式的简单属性的感知别名传播
2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2012-09-23 DOI: 10.1109/SCAM.2012.19
François Gauthier, E. Merlo
{"title":"Alias-Aware Propagation of Simple Pattern-Based Properties in PHP Applications","authors":"François Gauthier, E. Merlo","doi":"10.1109/SCAM.2012.19","DOIUrl":"https://doi.org/10.1109/SCAM.2012.19","url":null,"abstract":"In this paper, we present novel algorithms for the propagation of pattern-based properties in PHP applications. Intuitively, pattern-based properties designate those properties that are intrinsically associated to syntactic patterns in the source code. Security checks in access control models are an example of pattern-based properties. At the source code level, permissions are typically verified with stereotyped constructs, called security checks, that can be detected with syntactic patterns. Depending on the program, pattern-based properties can be a liased to variables that are propagated through the application. In that context, support from data-flow approaches is needed to track the propagation of patterns through the application. In the context of this paper, we focus on the alias-aware propagation of security checks through PHP applications. Specifically, we investigated the propagation of security checks in 8 PHP applications that implement access control models. We show how, using the Data log language, one can implement conceptually complex data-flow algorithms in an incremental, intuitive and compact manner. From the results perspective, we show how our algorithm identifies security checks and security check a liased variables in a precise way. The reported false positive rate varies between 0% and 4% for the investigated applications.","PeriodicalId":291855,"journal":{"name":"2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation","volume":"124 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125952989","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Closed Symbolic Execution for Verifying Program Termination 用于验证程序终止的封闭符号执行
2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2012-09-23 DOI: 10.1109/SCAM.2012.13
G. Vidal
{"title":"Closed Symbolic Execution for Verifying Program Termination","authors":"G. Vidal","doi":"10.1109/SCAM.2012.13","DOIUrl":"https://doi.org/10.1109/SCAM.2012.13","url":null,"abstract":"Symbolic execution, originally introduced as a method for program testing and debugging, is usually incomplete because of infinite symbolic execution paths. In this work, we adapt some well-known notions from partial evaluation in order to have a complete symbolic execution scheme which can then be used to check liveness properties like program termination. We also introduce a representation of the symbolic transitions as a term rewrite system so that existing termination provers for these systems can be used to verify the termination of the original program.","PeriodicalId":291855,"journal":{"name":"2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131364298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
On the Use of Stemming for Concern Location and Bug Localization in Java 在Java中使用词干提取进行关注定位和Bug定位
2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2012-09-23 DOI: 10.1109/SCAM.2012.29
Emily Hill, Shivani Rao, A. Kak
{"title":"On the Use of Stemming for Concern Location and Bug Localization in Java","authors":"Emily Hill, Shivani Rao, A. Kak","doi":"10.1109/SCAM.2012.29","DOIUrl":"https://doi.org/10.1109/SCAM.2012.29","url":null,"abstract":"As the popularity of text-based source code search and analysis grows, the use of stemmers to strip suffixes has increased. Although widely investigated in the information retrieval community, the comparative effectiveness of stemmers in the domain of software is relatively unknown. In this paper, we investigate which of the well-known stemmers perform best in the domain of Java software for concern location and bug localization. For these two problems, we evaluate the use of stemming on over 500 search tasks for six different Java applications. Using MAP and Rank Measure, we conducted an overall qualitative study and a query-by-query quantitative study of the impact of stemming on retrieval effectiveness. As one might expect, our contribution demonstrates that how stemming affects retrieval performance is mediated by other factors, such as the use of tf-idf to filter commonly occurring terms and the precise nature of the queries. Specifically, we find that the extent to which stemming improves the retrieval performance relates to the degree of natural language content in a query.","PeriodicalId":291855,"journal":{"name":"2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115610714","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信