发布求助
文献互助 智能选刊 最新文献

2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)最新文献

筛选
英文 中文
When They Go Low: Automated Replacement of Low-level Functions in Ethereum Smart Contracts 当它们变低时:自动替换以太坊智能合约中的低级功能
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00117
Rui Xi, K. Pattabiraman
{"title":"When They Go Low: Automated Replacement of Low-level Functions in Ethereum Smart Contracts","authors":"Rui Xi, K. Pattabiraman","doi":"10.1109/saner53432.2022.00117","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00117","url":null,"abstract":"Smart contracts in the Ethereum blockchain are typically written using a high-level, Turing-complete language called Solidity. However, the Solidity language has many features to allow programmers fine-grained control over their smart contracts. We call these features low-level functions. Unfortunately, the improper use of low-level functions can lead to security vulnerabilities leading to heavy financial losses. Therefore, the Solidity community has suggested alternatives for the low-level functions in the official guidelines for developers. We first perform a large-scale empirical study on the use of low-level functions in Ethereum smart contracts written in Solidity. We find that such functions are widely used in real-world Ethereum smart contracts, and that the majority of these uses are gratuitous for the smart contract's functionality. We then propose GoHigh, a source-to-source transformation tool to eliminate low-level function-related vulnerabilities, by replacing low-level functions with high-level alternatives. We evaluate GoHigh on over 300,000 real-world smart contracts on the Ethereum blockchain. GoHigh replaces all low-level functions that are amenable to replacement in the contracts with 17% fewer compiler warnings, and the externally-visible behaviors of at least 92 % of the replaced contracts are identical to the original ones. Finally, GoHigh takes 7 seconds on average per contract.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125121753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
JISDLab: A web-based interactive literate debugging environment JISDLab:一个基于web的交互式识字调试环境
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00067
Sakutaro Sugiyama, Takashi Kobayashi, Kazumasa Shimari, T. Ishio
{"title":"JISDLab: A web-based interactive literate debugging environment","authors":"Sakutaro Sugiyama, Takashi Kobayashi, Kazumasa Shimari, T. Ishio","doi":"10.1109/saner53432.2022.00067","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00067","url":null,"abstract":"The debugging process is a huge burden on developers, both in terms of time and mentality. Scriptable debugging approaches have been proposed to reduce the burden associated with such debugging work. Scriptable debuggers (SDs) enable to describe developers' debugging process and share the debug scripts to reduce debugging effort. However, SDs require an execution environment for those scripts, and they are unable to manage ancillary information such as execution results and prerequisites for using the script in one place. We extend the existing scriptable debugging and propose an interactive literate debugging environment that enables reproducible bug reporting. The proposed method provides an executable script description that manipulates the debugger, information obtained through the debugger by executing the script, its visualization format, and the ability to save the information in the form of a document that includes explanatory text. By using these documents, it is possible to observe the detailed behavior of a program at runtime and to share the situation in which the focused behavior occurs among developers. In this paper, we describe our proposed interactive literate debugging environment and introduce our prototype tool, JISDLab, which is a web application using Jupyter. The sample debug script used in our demonstration scenario can be accessed via https://github.com/tklabgroup/JISDLab/blob/master/debugspace/case-SANER2022-tooldemo.ipynb","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114386575","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Method Name Generation Based on Code Structure Guidance 基于代码结构指导的方法名生成
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00127
Z. Qu, Y. Hu, Jianhui Zeng, Bowen Cai, Shun-Ching Yang
{"title":"Method Name Generation Based on Code Structure Guidance","authors":"Z. Qu, Y. Hu, Jianhui Zeng, Bowen Cai, Shun-Ching Yang","doi":"10.1109/saner53432.2022.00127","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00127","url":null,"abstract":"The proper names of software engineering functions and methods can greatly assist developers in understanding and maintaining the code. Most researchers convert the method name generation task into the text summarization task. They take the token sequence and the abstract syntax tree (AST) of source code as input, and generate method names with a decoder. However, most proposed models learn semantic and structural features of the source code separately, resulting in poor performance in the method name generation task. Actually, each token in source code must have a corresponding node in its AST. Inspired by this observation, we propose SGMNG, a structure-guided method name generation model that learns the representation of two combined features. Additionally, we build a code graph called code relation graph (CRG) to describe the code structure clearly. CRG retains the structure of the AST of source code and contains data flows and control flows. SGMNG captures the semantic features of the code by encoding the token sequence and captures the structural features of the code by encoding the CRG. Then, SGMNG matches tokens in the sequence and nodes in the CRG to construct the combination of two features. We demonstrate the effectiveness of the proposed approach on the public dataset Java-Small with 700K samples, which indicates that our approach achieves significant improvement over the state-of-the-art baseline models in the ROUGE metric.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"317 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122977395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
What really is software design? 软件设计到底是什么?
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00046
Giovanni Viviani, G. Murphy
{"title":"What really is software design?","authors":"Giovanni Viviani, G. Murphy","doi":"10.1109/saner53432.2022.00046","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00046","url":null,"abstract":"Software design has been considered an integral part of software development for over fifty years. Over this time, software developers have improved how software systems are designed and have determined which designs lead to different desired characteristics in the systems built. In parallel, software engineering researchers have studied the processes software developers use to design and have considered many aspects of software design, such as how to represent a design. Given all of the practical experience gained and all of the study about software design, you might expect that there is a sophisticated common understanding about what software design is and is not. Unfortunately, such a common understanding is not evident in the literature. To investigate how software design is perceived, we conducted an interview study involving 16 participants representing both academia and industry. Our analysis of the interview transcripts reveals five main themes: 1) design cuts across multiple development phases and involves multiple people, 2) design involved decision making, 3) design is impacted by context, 4) design involves communication and 5) good design requires experience. We discuss the implications of these themes and describe what can be done to reach a more commonly shared idea of what design represents.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132014281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
HyDRa: A Framework for Modeling, Manipulating and Evolving Hybrid Polystores HyDRa:一个建模、操作和进化混合多存储库的框架
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00082
Maxime Gobert, L. Meurice, Anthony Cleve
{"title":"HyDRa: A Framework for Modeling, Manipulating and Evolving Hybrid Polystores","authors":"Maxime Gobert, L. Meurice, Anthony Cleve","doi":"10.1109/saner53432.2022.00082","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00082","url":null,"abstract":"Data-intensive system evolution is a complex and error-prone process, as most evolution scenarios impact several interdependent artefacts such as the application code, the data structures or data instances. This process is becoming even more challenging with the emergence of heterogeneous database architectures, commonly called hybrid polystores, that rely on a combination of several, possibly overlapping relational and NoSQL databases. This paper presents HyDRa, a framework aiming to facilitate the evolution of polystores thanks to automatically generated data access APIs. For a given polystore, a conceptual API can be derived from the conceptual schema of the polystore and its correspondences with the physical schemas of the underlying databases. Applications built on top of the generated API are then protected from future schema and data reconfiguration changes applied to the polystore. Furthermore, HyDRa automatically enforces cross-database data integrity constraints and does not require developers to master multiple data models and query languages. This paper presents HyDRa and demonstrates its main features based on open-source datasets and realistic use cases.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115207145","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Evolution of GitHub Action Workflows GitHub动作工作流的演变
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00026
Pablo Valenzuela-Toledo, Alexandre Bergel
{"title":"Evolution of GitHub Action Workflows","authors":"Pablo Valenzuela-Toledo, Alexandre Bergel","doi":"10.1109/saner53432.2022.00026","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00026","url":null,"abstract":"GitHub Actions are an event-driven tool to automatically respond to particular GitHub events. Typical events are receiving new pull requests or publishing a software release. Despite the massive and quick adoption of GitHub Actions, little is known about the incremental construction of GitHub Actions workflow by practitioners. This paper presents the result of a manual inspection of 222 commits of GitHub Actions workflows obtained from 10 popular open-source repositories. Our hierarchical taxonomy, obtained by systematically categorizing and tagging workflow modifications, reveals 11 types of modifications and presents opportunities for improvement in the way workflows are built and edited. In particular, our results highlight the need for adequate tooling to support refactoring, debugging and code editing of GitHub Actions workflows.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122960202","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
desync-cc: An Automatic Disassembly-Desynchronization Obfuscator desync-cc:一个自动反汇编-不同步混淆器
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00063
Ulf Kargén, Ivar Härnqvist, Johannes Wilson, Gustav Eriksson, Evelina Holmgren, N. Shahmehri
{"title":"desync-cc: An Automatic Disassembly-Desynchronization Obfuscator","authors":"Ulf Kargén, Ivar Härnqvist, Johannes Wilson, Gustav Eriksson, Evelina Holmgren, N. Shahmehri","doi":"10.1109/saner53432.2022.00063","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00063","url":null,"abstract":"Code obfuscation is an important topic, both in terms of defense, when trying to prevent intellectual property theft, and from the offensive point of view, when trying to break obfuscation used by malware authors to hide their malicious intents. Consequently, several works in recent years have discussed techniques that aim to prevent or delay reverse-engineering of binaries. While most works focus on methods that obscure the program logic from potential attackers, the complimentary approach of disassembly desynchronization has received relatively little attention. This technique puts another hurdle in the way of attackers by targeting the most fundamental step of the reverse-engineering process: recovering assembly code from a program binary. The technique works by tricking a disassembler into decoding the instruction stream at an invalid offset. On CPU architectures with variable-length instructions, this often yields valid albeit meaningless assembly code, while hiding a part of the original code. In the interest of furthering research into disassembly desynchronization, both from a defensive and offensive point of view, we have created desync-cc, a tool for automatic application of disassembly-desynchronization obfuscation. The tool is designed as a drop-in replacement for gcc, and works by intercepting and modifying intermediate assembly code during compilation. By applying obfuscation after the code generation phase, our tool allows a much more granular control over where obfuscation is applied, compared to a source-code level obfuscator. In this paper, we describe the design and implementation of desync-cc, and present a preliminary evaluation of its effectiveness and efficiency on a number of real-world Linux programs.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124654340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Recommending Base Image for Docker Containers based on Deep Configuration Comprehension 基于深度配置理解的Docker容器基础镜像推荐
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00060
Yinyuan Zhang, Yang Zhang, Xinjun Mao, Yiwen Wu, Bo Lin, Shangwen Wang
{"title":"Recommending Base Image for Docker Containers based on Deep Configuration Comprehension","authors":"Yinyuan Zhang, Yang Zhang, Xinjun Mao, Yiwen Wu, Bo Lin, Shangwen Wang","doi":"10.1109/saner53432.2022.00060","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00060","url":null,"abstract":"Docker containers are being widely used in large-scale industrial environments. In practice, developers must manually specify the base image in the dockerfile in the process of container creation. However, finding the proper base image is a nontrivial task because manually searching is time-consuming and easily leads to the use of unsuitable base images, especially for newcomers. There is still a lack of automatic approaches for recommending related base image for developers through dockerfile configuration. To tackle this problem, this paper makes the first attempt to propose a neural network approach named DCCimagerec which is based on deep configuration comprehension. It aims to use the structural configuration features of dockerfile extracted by AST and path-attention model to recommend potentially suitable base image. The evaluation experiments based on about 83,000 dockerfiles show that DCCimagerec outperforms multiple baselines, improving Precision by 7.5%-67.5%, Recall by 6.2%-106.6%, and F1 by 7.5%-150.2%.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130973378","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
On the use of Petri Nets in Smart Contracts modeling, generation and verification Petri网在智能合约建模、生成和验证中的应用
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00142
A. Pinna, R. Tonelli
{"title":"On the use of Petri Nets in Smart Contracts modeling, generation and verification","authors":"A. Pinna, R. Tonelli","doi":"10.1109/saner53432.2022.00142","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00142","url":null,"abstract":"We discuss the contribution of the Petri net formalism to the BOSE for Smart Contract design and development. We address this discussion based on the analysis of recently published literature works we obtained by querying Scopus and Google Scholar. Different types of Petri nets, including coloured Petri nets and workflow nets, and different types of tools emerge from our analysis. Our discussion includes the classification into three categories of application of the Petri net formalism in the design and development of Smart Contracts, namely modeling, generation, and verification.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"122 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116163684","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
On the Evolution of Inheritance and Delegation Mechanisms and Their Impact on Code Quality 继承和委托机制的演变及其对代码质量的影响
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00113
Giammaria Giordano, Antonio Fasulo, Gemma Catolino, Fabio Palomba, F. Ferrucci, C. Gravino
{"title":"On the Evolution of Inheritance and Delegation Mechanisms and Their Impact on Code Quality","authors":"Giammaria Giordano, Antonio Fasulo, Gemma Catolino, Fabio Palomba, F. Ferrucci, C. Gravino","doi":"10.1109/saner53432.2022.00113","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00113","url":null,"abstract":"Source code reuse is considered one of the holy grails of modern software development. Indeed, it has been widely demonstrated that this activity decreases software development and maintenance costs while increasing its overall trustwor-thiness. The Object-Oriented (OO) paradigm provides different internal mechanisms to favor code reuse, i.e., specification inheritance, implementation inheritance, and delegation. While previous studies investigated how inheritance relations impact source code quality, there is still a lack of understanding of their evolutionary aspects and, more particular, of how these mechanisms may impact source code quality over time. To bridge this gap of knowledge, this paper proposes an empirical investigation into the evolution of specification inheritance, implementation inheritance, and delegation and their impact on the variability of source code quality attributes. First, we assess how the implementation of those mechanisms varies over 15 releases of three software systems. Second, we devise a statistical approach with the aim of understanding how inheritance and delegation let source code quality—as indicated by the severity of code smells—vary in either positive or negative manner. The key results of the study indicate that inheritance and delegation evolve over time, but not in a statistically significant manner. At the same time, their evolution often leads code smell severity to be reduced, hence possibly contributing to improve code maintainability.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123736642","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信