检索结果-内蒙古大学图书馆

23rd ieee International working conference on source code analysis and manipulation, SCAM 2023

作者： Reid, Brittany Treude, Christoph Wagner, Markus The University of Adelaide Australia The University of Melbourne Australia Monash University Australia

ISBN: (纸本)9798350305067

Most online code snippets do not run. This means that developers looking to reuse code from online sources must manually find and fix errors. We present an approach for automatically evaluating and correcting errors in *** code snippets: Node code Correction (NCC). NCC leverages the ability of the TypeScript compiler to generate errors and inform code corrections through the combination of TypeScript's builtin codefixes, our own targeted fixes, and deletion of erroneous lines. Compared to existing approaches using linters, our findings suggest that NCC is capable of detecting a larger number of errors per snippet and more error types, and it is more efficient at fixing snippets. We find that 73.7% of the code snippets in NPM documentation have errors;with the use of NCC's corrections, this number was reduced to 25.1%. Our evaluation confirms that the use of the TypeScript compiler to inform code corrections is a promising strategy to aid in the reuse of code snippets from online sources. © 2023 ieee.

关键词： Static analysis

来源：评论

学校读者我要写书评

暂无评论

Leveraging User-Defined Identifiers for Counterfactual Data Generation in source code Vulnerability Detection 23

Leveraging User-Defined Identifiers for Counterfactual Data ...

引用

23rd ieee International working conference on source code analysis and manipulation, SCAM 2023

作者： Kuang, Hongyu Yang, Feng Zhang, Long Tang, Gaigai Yang, Lin Natl. Key Lab. of Sci. and Technology on Information System Security Systems Engineering Institute Academy of Military Sciences Beijing China

ISBN: (纸本)9798350305067

Software vulnerability detection is a critical aspect of ensuring the security and reliability of software systems. However, traditional vulnerability detection approaches often have limitations due to the scarcity and need for more diversity in labeled data. This research introduces a novel approach to overcome these challenges by utilizing user-defined identifiers in the source code to generate counterfactual training data. User-defined identffiers, such as variable and function names, contain essential information about the intentions and logic of the program. By perturbing these identifiers while maintaining the syntactic and semantic structure of the code, we create a diverse set of counterfactual examples that simulate potential vulnerabilities. When combined with existing labeled data, these counterfactual examples enrich the training process for vulnerability detection models. To evaluate the effectiveness of our approach, we conduct experiments on various datasets, achieving state-of-the-art performance on the VulDeePecker and Draper datasets. Our approach also outperforms models that utilize the same pre-trained language model in terms of accuracy. © 2023 ieee.

关键词： Semantics

来源：评论

学校读者我要写书评

暂无评论

codemetropolis ' code visualisation in minecraft

Codemetropolis ' code visualisation in minecraft

引用

2013 ieee 13th International working conference on source code analysis and manipulation, SCAM 2013

作者： Balogh, Gergo Beszédes, Árpád Department of Software Engineering University of Szeged Hungary

ISBN: (纸本)9781467357395

Data visualisation with high expressive power plays an important role in code comprehension. Recent visualization tools try to fulfil the expectations of the users and use various analogies. For example, in an architectural metaphor, each class is represented by a building. Buildings are grouped into districts according to the structure of the namespaces. We think that these unique ways of code representation have great potential, but in our opinion they use very simple graphical techniques (shapes, figures, low resolution) to visualize the structure of the source code. On the other hand, computer games use high quality graphic and good expressive power. A good example is Minecraft, a popular role playing game with great extensibility and interactivity from another (third party) software. It supports both high definition, photo-realistic textures and long range 3D scene displaying. Our main contribution is to connect data visualisation with high end-user graphics capabilities. To achieve this, a conversion tool was implemented. It processes the basic source code metrics as input and generates a Minecraft world with buildings, districts, and gardens. The tool is in the prototype state, but it can be used to investigate the possibilities of this kind of data visualisation. © 2013 ieee.

关键词： Data visualization

来源：评论

学校读者我要写书评

暂无评论

C/C++ thread safety analysis 14

C/C++ thread safety analysis

引用

14th ieee International working conference on source code analysis and manipulation, SCAM 2014

作者： Hutchins, Delesley Ballman, Aaron Sutherland, Dean Google Inc. United States CERT/SEI United States

ISBN: (纸本)9780769553047

Writing multithreaded programs is hard. Static analysis tools can help developers by allowing threading policies to be formally specified and mechanically checked. They essentially provide a static type system for threads, and can detect potential race conditions and deadlocks. This paper describes Clang Thread Safety analysis, a tool which uses annotations to declare and enforce thread safety policies in C and C++ programs. Clang is a production-quality C++ compiler which is available on most platforms, and the analysis can be enabled for any build with a simple warning flag:-Wthread-safety. The analysis is deployed on a large scale at Google, where it has provided sufficient value in practice to drive widespread voluntary adoption. Contrary to popular belief, the need for annotations has not been a liability, and even confers some benefits with respect to software evolution and maintenance. © 2014 ieee.

关键词： Static analysis

来源：评论

学校读者我要写书评

暂无评论

Identification and analysis of attributes and base measures within ISO 9126

引用

SOFTWARE QUALITY JOURNAL 2011年第2期19卷 447-460页

作者： Desharnais, Jean-Marc Abran, Alain Suryn, Witold TAM Project Istanbul Turkey Univ Quebec Ecole Technol Super Montreal PQ H3C 1K3 Canada Bogazici Univ Istanbul Turkey

The ISO 9126 quality model is a 4-part suite of documents presenting 10 characteristics of the quality of software products, 27 subcharacteristics, and an inventory of more than 250 derived measures proposed to quantify these quality characteristics and subcharacteristics. However, these measures are presented only at a fairly abstract level as formulae composed from a set of 80 base measures. As the base measures themselves lack detailed descriptions, including the attributes they are attempting to measure, they are highly susceptible to individual interpretation. Improving the design of the 80 base measures is a daunting task. The ISO 9126 standard is currently under revision by an ISO working group (ISO/IEC JTC1/SC7 WG6), and this paper proposes a process to determine which of these base measures should be improved in the timeliest fashion.

关键词： ISO 9126 Base measures Attributes

来源：评论

学校读者我要写书评

暂无评论

Change impact graphs: Determining the impact of prior code changes

引用

INFORMATION AND SOFTWARE TECHNOLOGY 2009年第10期51卷 1394-1408页

作者： German, Daniel M. Hassan, Ahmed E. Robles, Gregorio Univ Victoria Dept Comp Sci Victoria BC V8W 2Y2 Canada Queens Univ Sch Comp Kingston ON K7L 3N6 Canada

The source code of a software system is in constant change. The impact of these changes spreads out across the software system and may lead to the sudden manifestation of failures in unchanged parts. To help developers fix such failures, we propose a method that, in a pre-processing stage. analyzes prior code changes to determine what functions have been modified. Next, given a particular period of time in the past, the functions changed during that period are propagated throughout the rest of the system using the dependence graph of the system. This information is visualized using Change Impact Graphs (CIGs). Through a case study based on the Apache Web Server, we demonstrate the benefit of using CIGs to investigate several real defects. (C) 2009 Elsevier B.V. All rights reserved.

关键词： Change impact graph Defect detection code changes Software evolution

来源：评论

学校读者我要写书评

暂无评论

Modular Decompilation of Low-Level code by Partial Evaluation

Modular Decompilation of Low-Level Code by Partial Evaluatio...

引用

8th ieee International working conference on source code analysis and manipulation

作者： Gomez-Zamalloa, Miguel Albert, Elvira Puebla, German Univ Complutense Madrid DSIC E-28040 Madrid Spain Tech Univ Madrid CLIP Madrid Spain

ISBN: (纸本)9780769533537

Decompiling low-level code to a high-level intermediate representation facilitates the development of analyzers, model checkers, etc. which reason about properties of the low-level code (e.g., bytecode, NET). Interpretive decompilation consists in partially evaluating an interpreter for the low-level language (written in the high-level language) w.r.t. the code to be decompiled. There have been proofs-of-concept that interpretive decompilation is feasible, but there remain important open issues when it comes to decompile a real language: does the approach scale up? is the quality of decompiled programs comparable to that obtained by ad-hoc decompilers? do decompiled programs preserve the structure of the original programs? This paper addresses these issues by presenting, to the best of our knowledge, the first modular scheme to enable interpretive decompilation of low-level code to a high-level representation, namely, we decompile bytecode into Prolog. We introduce two notions of optimality. The first one requires that each method/block is decompiled just once. The second one requires that each program point is traversed at most once during decompilation. We demonstrate the impact of our modular approach and optimality issues on a series of realistic benchmarks. Decompilation times and decompiled program sizes are linear with the size of the input bytecode program. This demostrates empirically the scalability of modular decompilation of low-level code by partial evaluation.

关键词： codes (symbols)

来源：评论

学校读者我要写书评

暂无评论

Improved static resolution of dynamic class loading in Java

Improved static resolution of dynamic class loading in Java

引用

7th ieee International working conference on source code analysis and manipulation

作者： Sawin, Jason Rountev, Atanas Ohio State Univ Columbus OH 43210 USA

ISBN: (纸本)9780769528809

Modern applications are becoming increasingly more dynamic and flexible. In Java software, one important flexibility mechanism is dynamic class loading. Unfortunately, the vast majority of static analyses for Java handle this feature either unsoundly or overly conservatively. We present a set of techniques for static resolution of dynamic-class-loading sites in Java software. Previous work has used static string analysis to achieve this goal. However, a large number of such sites are impossible to resolve with purely static techniques. We present a novel semi-static approach, which combines static string analysis with dynamically gathered information about the execution environment. The key insight behind this approach is the observation that dynamic class loading often depends on characteristics of the execution environment that are encoded in various environment variables. In addition, we propose generalizations of string analysis to increase the number of sites that can be resolved purely statically, and to track the names of environment variables. We present an experimental evaluation on 10,238 classes from the standard Java libraries. Our results show that a state-of-the-art purely static approach resolves only 28% of non-trivial sites, while our approach resolves more than twice as many sites. This work is a step towards making static analysis tools better equipped to handle the dynamic features of Java.

关键词： Static analysis

来源：评论

学校读者我要写书评

暂无评论

On temporal path conditions in dependence graphs

On temporal path conditions in dependence graphs

引用

7th ieee International working conference on source code analysis and manipulation

作者： Lochbihler, Andreas Snelting, Gregor Univ Karlsruhe TH Lehrstuhl Programmierparadigmen Karlsruhe Germany

ISBN: (纸本)0769528805

Program dependence graphs are a well-established device to represent possible information flow in a program. Path conditions in dependence graphs have been proposed to express more detailed circumstances of a particular flow;they provide precise necessary conditions for information flow along a path or chop in a dependence graph. Ordinary boolean path conditions, however, cannot express temporal properties, e.g. that for a specific flow it is necessary that some condition holds, and later another specific condition holds. In this contribution, we introduce temporal path conditions, which extend ordinary path conditions by temporal operators in order to express temporal dependencies between conditions for a flow. We present motivating examples, generation and simplification rules, application of model checking to generate witnesses for a specific flow, and a case study. We prove the following soundness property: if a temporal path condition for a path is satisfiable, then the ordinary boolean path condition for the path is satisfiable. The converse does not hold, indicating that temporal path conditions are more precise.

关键词： Program dependence graph Path condition Temporal logic Security analysis

来源：评论

学校读者我要写书评

暂无评论

Folding repeated instructions for improving token-based code clone detection

Folding repeated instructions for improving token-based code...

引用

2012 ieee 12th International working conference on source code analysis and manipulation, SCAM 2012

作者： Murakami, Hiroaki Hotta, Keisuke Higo, Yoshiki Igaki, Hiroshi Kusumoto, Shinji Graduate School of Information Science and Technology Osaka University 1-5 Yamadaoka Suita Osaka 565-0871 Japan

ISBN: (纸本)9780769547831

A variety of code clone detection methods have been proposed before now. However, only a small part of them is widely used. Widely-used methods are line-based and token-based ones. They have high scalability because they neither require deep source code analysis nor constructing complex intermediate structures for the detection. High scalability is one of the big advantages in code clone detection tools. On the other hand, line/token-based detections yield many false positives. One of the factors is the presence of repeated instructions in the source code. For example, herein we assume that there are consecutive three printf statements in C source code. If we apply a token-based detection to them, the former two statements are detected as a code clone of the latter two statements. However, such overlapped code clones are redundant and so not useful for developers. In this paper, we propose a new detection method that is free from the influence of the presence of repeated instructions. The proposed method transforms every of repeated instructions into a special form, and then it detects code clones using a suffix array algorithm. The transformation prevents many false positives from being detected. Also, the detection speed remains. The proposed detection method has already been developed as a software tool, FRISC. We confirmed the usefulness of the proposed method by conducting a quantitative evaluation of FRISC with Bellon's oracle. © 2012 ieee.

关键词： Cloning

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：