发布求助
文献互助 智能选刊 最新文献

2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation最新文献

筛选
英文 中文
A Change-Type Based Empirical Study on the Stability of Cloned Code 基于变化类型的克隆代码稳定性实证研究
2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2014-09-28 DOI: 10.1109/SCAM.2014.13
M. S. Rahman, C. Roy
{"title":"A Change-Type Based Empirical Study on the Stability of Cloned Code","authors":"M. S. Rahman, C. Roy","doi":"10.1109/SCAM.2014.13","DOIUrl":"https://doi.org/10.1109/SCAM.2014.13","url":null,"abstract":"Clones are the duplicate or similar code blocks in software systems. A large number of studies concerning the impacts of clones on software systems mainly focus on the frequency of changes to evaluate stability, consistency in evolution and introduction of bugs. Although it is obvious that not each type of changes has equal impact on software systems, none of the existing studies take the types of changes and their significance into account during comparative evaluation of stability of cloned and non-cloned code. This paper presents an empirical study on the comparative stability of cloned and non-cloned code from the perspective of different change types. Changes from successive revisions are extracted and classified using Change Distiller which employs Abstract Syntax Tree (AST) differencing of the successive revisions of source code and assigns the corresponding level of significance to each of the classified changes. We detect exact (Type-1) and near-miss (Type-2 and Type-3) clones using the hybrid clone detection tool NiCad. Extracted and classified changes and clone information are then analyzed to compare the stability of cloned and non-cloned code from three different perspectives: types of clones, types of changes with respect to the significance of changes, and size and extent of evolution of the systems. Our study on seven open-source Java systems with diversity in their size, length of evolution and application domain shows that changes are more frequent in cloned code than in noncloned code and Type-1 clones are comparatively more vulnerable to the stability of the systems. Therefore, cloned code is less stable than non-cloned code suggesting that cloned code is likely to pose more maintenance challenges than non-cloned code.","PeriodicalId":407060,"journal":{"name":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115130070","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Bit-Level Taint Analysis 位级污点分析
2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2014-09-28 DOI: 10.1109/SCAM.2014.43
B. Yadegari, S. Debray
{"title":"Bit-Level Taint Analysis","authors":"B. Yadegari, S. Debray","doi":"10.1109/SCAM.2014.43","DOIUrl":"https://doi.org/10.1109/SCAM.2014.43","url":null,"abstract":"Taint analysis has a wide variety of applications in software analysis, making the precision of taint analysis an important consideration. Current taint analysis algorithms, including previous work on bit-precise taint analyses, suffer from shortcomings that can lead to significant loss of precision (under/over tainting) in some situations. This paper discusses these limitations of existing taint analysis algorithms, shows how they can lead to imprecise taint propagation, and proposes a generalization of current bit-level taint analysis techniques to address these problems and improve their precision. Experiments using a deobfuscation tool indicate that our enhanced taint analysis algorithm leads to significant improvements in the quality of deobfuscation.","PeriodicalId":407060,"journal":{"name":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132008539","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 37
Efficient Utilization of Secondary Storage for Scalable Dynamic Slicing 二级存储在可扩展动态切片中的有效利用
2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2014-09-28 DOI: 10.1109/SCAM.2014.24
Ulf Kargén, N. Shahmehri
{"title":"Efficient Utilization of Secondary Storage for Scalable Dynamic Slicing","authors":"Ulf Kargén, N. Shahmehri","doi":"10.1109/SCAM.2014.24","DOIUrl":"https://doi.org/10.1109/SCAM.2014.24","url":null,"abstract":"Dynamic program slicing is widely recognized as a powerful aid for e.g. Program comprehension during debugging. However, its widespread use has been impeded in part by scalability issues that occur when constructing the dynamic dependence graph necessary to compute dynamic slices. A few seconds of execution time on a modern CPU can easily yield dynamic dependence graphs on the order of tens of gigabytes in size. Existing methods either produce imprecise slices, incur large time overheads during slice computation, or run out of memory for long program executions. By carefully designing our method to take advantage of locality, we are able to efficiently use secondary storage for dynamic dependence graphs, thus allowing our method to scale to long program executions. Our prototype implementation runs directly on x86 executables, eliminating problems with e.g. Binary-only libraries. We show in our experiments that graphs can be constructed for program runs with billions of executed instructions, at slowdowns ranging from 62x to 173x. Our optimized format also allows graphs to be traversed at speeds of several million dependence edges per second.","PeriodicalId":407060,"journal":{"name":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132113973","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Identifying Source Code Reuse across Repositories Using LCS-Based Source Code Similarity 使用基于lcs的源代码相似度识别跨存储库的源代码重用
2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2014-09-28 DOI: 10.1109/SCAM.2014.17
Naohiro Kawamitsu, T. Ishio, Tetsuya Kanda, R. Kula, Coen De Roover, Katsuro Inoue
{"title":"Identifying Source Code Reuse across Repositories Using LCS-Based Source Code Similarity","authors":"Naohiro Kawamitsu, T. Ishio, Tetsuya Kanda, R. Kula, Coen De Roover, Katsuro Inoue","doi":"10.1109/SCAM.2014.17","DOIUrl":"https://doi.org/10.1109/SCAM.2014.17","url":null,"abstract":"Developers often reuse source files developed for another project. In order to update a reused file to a newer version released by the original project, developers have to track which revision of a file was reused and how its content was modified. However, such tracking is tedious for developers. Many projects keep older versions of files whose bugs are already fixed in the original project. In this paper, we propose a technique to automatically identify source code reuse relationships between two repositories. Using a similarity metric based on longest common subsequence, we identify pairs of similar revisions of files across the repositories. To evaluate our approach, we have analyzed eight project pairs of open source software projects and compared the result with the recorded information in the repositories. As a result, we have identified 1394 file revisions as instances of source code reuse. While 75.3% of the instances are recorded in the repositories, 20.1% of the instances are unrecorded but recovered by our approach.","PeriodicalId":407060,"journal":{"name":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129244054","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 31
Instrumentation of Annotated C Programs for Test Generation 用于测试生成的注释C程序的仪器仪表
2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2014-09-28 DOI: 10.1109/SCAM.2014.19
Guillaume Petiot, Bernard Botella, J. Julliand, N. Kosmatov, Julien Signoles
{"title":"Instrumentation of Annotated C Programs for Test Generation","authors":"Guillaume Petiot, Bernard Botella, J. Julliand, N. Kosmatov, Julien Signoles","doi":"10.1109/SCAM.2014.19","DOIUrl":"https://doi.org/10.1109/SCAM.2014.19","url":null,"abstract":"Software verification and validation often rely on formal specifications that encode desired program properties. Recent research proposed a combined verification approach in which a program can be incrementally verified using alternatively deductive verification and testing. Both techniques should use the same specification expressed in a unique specification language. This paper addresses this problem within the Frama-C framework for analysis of C programs, that offers ACSL as a common specification language. We provide a formal description of an automatic translation of ACSL annotations into C code that can be used by a test generation tool either to trigger and detect specification failures, or to gain confidence, or, under some assumptions, even to confirm that the code is in conformity with respect to the annotations. We implement the proposed specification translation in a combined verification tool Study. Our initial experiments suggest that the proposed support for a common specification language can be very helpful for combined static-dynamic analyses.","PeriodicalId":407060,"journal":{"name":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation","volume":"2018 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129758443","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
ACUA: API Change and Usage Auditor ACUA: API变更和使用审计员
2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2014-09-28 DOI: 10.1109/SCAM.2014.33
Wei Wu, Bram Adams, Yann-Gaël Guéhéneuc, G. Antoniol
{"title":"ACUA: API Change and Usage Auditor","authors":"Wei Wu, Bram Adams, Yann-Gaël Guéhéneuc, G. Antoniol","doi":"10.1109/SCAM.2014.33","DOIUrl":"https://doi.org/10.1109/SCAM.2014.33","url":null,"abstract":"Modern software uses frameworks through their Application Programming Interfaces (APIs). Framework APIs may change while frameworks evolve. Client programs have to upgrade to new releases of frameworks if security vulnerabilities are discovered in the used releases. Patching security vulnerabilities can be delayed by non-security-related API changes when the frameworks used by client programs are not up to date. Keeping frameworks updated can reduce the reaction time to patch security leaks. Client program upgrades are not cost free, developers need to understand the API usages in client programs and API changes between framework releases before conduct upgrading tasks. In this paper, we propose a tool ACUA to generate reports containing detailed API change and usage information by analyzing the binary code of both frameworks and clients programs written in Java. Developers can use the API change and usage reports generated by ACUA to estimate the work load and decide when to starting upgrading client programs based on the estimation.","PeriodicalId":407060,"journal":{"name":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126952501","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
A Pattern Search Method for Unpreprocessed C Programs Based on Tokenized Syntax Trees 基于标记化语法树的未预处理C程序模式搜索方法
2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2014-09-28 DOI: 10.1109/SCAM.2014.16
Atsushi Yoshida, Yoshinari Hachisu
{"title":"A Pattern Search Method for Unpreprocessed C Programs Based on Tokenized Syntax Trees","authors":"Atsushi Yoshida, Yoshinari Hachisu","doi":"10.1109/SCAM.2014.16","DOIUrl":"https://doi.org/10.1109/SCAM.2014.16","url":null,"abstract":"Pattern search of programs is a fundamental function for supporting programming. In this paper, we propose a search method for unpreprocessed programs, which are difficult to parse. Our parser directly parses them by rewriting token sequences, and allows minor errors in syntax trees. The search tool takes queries that are the same as the format of program fragments. By using the same parser for both queries and target programs, programmers have no need to describe the detail structures of syntax trees in queries. To support accurate search, we also show an alignment tool for branch directives, which converts undisciplined directives to discipline ones, and a reverse macro expansion tool, which integrates the use of macro calls. Finally, we present some experiments in which we have applied the tools to an open source application, and discuss how to improve our tools.","PeriodicalId":407060,"journal":{"name":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation","volume":"92 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126298161","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Effect of Clone Information on the Performance of Developers Fixing Cloned Bugs 克隆信息对开发者修复克隆bug性能的影响
2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2014-09-28 DOI: 10.1109/SCAM.2014.10
Saman Bazrafshan, R. Koschke
{"title":"Effect of Clone Information on the Performance of Developers Fixing Cloned Bugs","authors":"Saman Bazrafshan, R. Koschke","doi":"10.1109/SCAM.2014.10","DOIUrl":"https://doi.org/10.1109/SCAM.2014.10","url":null,"abstract":"Duplicated source code -- clones -- is known to occur frequently in software systems and bears the risk of inconsistent updates of the code. The impact of clones has been investigated mostly by retrospective analysis of software systems. Only little effort has been spent to investigate human interaction when dealing with clones. A previous study by Chatterji and colleagues found that cloned defects are removed significantly more accurately when clone information is provided to the programmers. We conducted a controlled experiment to extend the previous study on the use of clone information by investigating the effect of clone information on the performance of developers in common bug-fixing tasks. The experiment shows that developers are quite capable to compensate missing clone information through testing to provide correct solutions. Clone information does help to detect cloned defects faster, although developers may exploit semantic code relations such as inheritance to uncover cloned defects only slightly slower if they do not have clone information. If cloned defects lurk in semantically unrelated places however, clone information helps to find them faster at statistical significance. Developers without clone information needed 17 minutes longer on average or 140% more time in relative terms to complete the task successfully.","PeriodicalId":407060,"journal":{"name":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132518485","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
A Comparative Study of Bug Patterns in Java Cloned and Non-cloned Code Java克隆与非克隆代码中Bug模式的比较研究
2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2014-09-28 DOI: 10.1109/SCAM.2014.12
Hitesh Sajnani, V. Saini, C. Lopes
{"title":"A Comparative Study of Bug Patterns in Java Cloned and Non-cloned Code","authors":"Hitesh Sajnani, V. Saini, C. Lopes","doi":"10.1109/SCAM.2014.12","DOIUrl":"https://doi.org/10.1109/SCAM.2014.12","url":null,"abstract":"Code cloning via copy-and-paste is a common practice in software engineering. Traditionally, this practice has been considered harmful, and a symptom that some important design abstraction is being ignored. As such, many previous studies suggest approaches to facilitate the discovery, removal, and refactoring of clones. However, not many studies exist that empirically investigate the relationship of code clones with code quality. In this paper, we conduct an empirical study of 31 open source Java projects (1.7 MSLOC) to explore the relationship between code clones and a set of bug patterns reported by Find Bugs. We found that: (i) the defect density in cloned code is 3.7 times less than that of the rest of the code, (ii) 66% of the bug patterns associated with code clones are related to issues in coding style and practice, the two least problematic of the Find Bugs' categories, while that number is 49% for non-cloned code, and (iii) 75% of the bug patterns in cloned code are duplicated without any changes, while 25% are only present in one of the clones. These results show that, when using Find Bugs to detect bug patterns, there is a positive differentiation of cloned code with respect to the rest of the code: the cloned code has considerably less, and less problematic, bug patterns. While our study does not unveil any explanation for this, results from other, more qualitative studies indicate that developers use copy-and-paste intentionally and wisely, which may explain the quantitative observations of our study. Overall, these research results suggest that the practice of code cloning in Java, and possibly in all other object-oriented languages, needs to be given serious consideration on the part of tool designers.","PeriodicalId":407060,"journal":{"name":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114686981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Fast Flow Analysis with Godel Hashes 哥德尔哈希快速流分析
2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2014-09-28 DOI: 10.1109/SCAM.2014.40
Shuying Liang, Weibin Sun, M. Might
{"title":"Fast Flow Analysis with Godel Hashes","authors":"Shuying Liang, Weibin Sun, M. Might","doi":"10.1109/SCAM.2014.40","DOIUrl":"https://doi.org/10.1109/SCAM.2014.40","url":null,"abstract":"Flow analysis, such as control-flow, data-flow, and exception-flow analysis, usually depends on relational operations on flow sets. Unfortunately, set related operations, such as inclusion and equality, are usually very expensive. They can easily take more than 97% of the total analyzing time, even in a very simple analysis. We attack this performance bottleneck by proposing Godel hashes to enable fast and precise flow analysis. Godel hashes is an ultra compact, partial-order-preserving, fast and perfect hashing mechanism, inspired by the proofs of Godel's incompleteness theorems. Compared with array, tree, traditional hash, and bit vector-backed set implementations, we find Godel hashes to be tens or even hundreds of times faster for performance in the critical operations of inclusion and equality. We apply Godel hashes in real-world analysis for object-oriented programs. The instrumented analysis is tens of times faster than the one with original data structures on DaCapo benchmarks.","PeriodicalId":407060,"journal":{"name":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation","volume":"141 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132020772","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信