检索结果-内蒙古大学图书馆

23rd ieee International working conference on source code analysis and manipulation, SCAM 2023

作者： Reid, David Mockus, Audris University of Tennessee KnoxvilleTN United States

ISBN: (纸本)9798350305067

The ability to easily copy code among open source projects makes it difficult to comply with the need to determine the provenance of code essential for cybersecurity and for complying with the licensing terms. Such provenance encompasses the exact origin of each component and its license, and various qualities of the component, such as absence of vulnerabilities and high likelihood of future maintenance. With the aim to address these challenges, we created an approach supported by a tool prototype, UVHistory, that links each piece of source code to all projects where it resides and, also, to its version histories in all these projects. This combined version history of a file from all open source projects we refer to as universal version history. We exemplify UVHistory via scenarios illustrating how it can help developers identify bugs and vulnerabilities and verify that license terms are not violated. Specifically, using UVHistory, developers can find the origin of a file including the open source repository where it originated, follow the evolution of the file over time and across different repositories, identify which authors have worked on a file, and read all the log messages for any modifications to that file in any repository. We also evaluate UVHistory in two contexts: to identify license non-compliance and to find instances of unfixed vulnerabilities. We find that in active and popular projects both problems are common and anyone can easily identify them using our approach. © 2023 ieee.

关键词： Open source software

来源：评论

学校读者我要写书评

暂无评论

May/must analysis and the DFAGen data-flow analysis generator

引用

INFORMATION AND SOFTWARE TECHNOLOGY 2009年第10期51卷 1440-1453页

作者： Stone, Andrew Strout, Michelle Behere, Shweta Colorado State Univ Dept Comp Sci Ft Collins CO 80523 USA Avaya Inc Milpitas CA 95035 USA

Data-flow analysis is a common technique for gathering program information for use in program transformations such as register allocation, dead-code elimination, common subexpression elimination, and scheduling. Current tools for generating data-flow analysis implementations enable analysis details to be specified orthogonally to the iterative analysis algorithm but still require implementation details regarding the may and must use and definition sets that occur due to the effects of pointers, side effects, arrays, and user-defined structures. This paper presents the Data-Flow analysis Generator tool (DFAGen), which enables analysis writers to generate analyses for separable and nonseparable data-flow analyses that are pointer, aggregate, and side-effect cognizant from a specification that assumes only scalars. By hiding the compiler-specific details behind predefined set definitions, the analysis specifications for the DFAGen tool are typically less than ten lines long and similar to those in standard compiler textbooks. The main contribution of this work is the automatic determination of when to use the may or must variant of a predefined set usage in the analysis specification. (C) 2009 Elsevier B.V. All rights reserved.

关键词： Data-flow analysis May Must Static analysis Program analysis Compilers

来源：评论

学校读者我要写书评

暂无评论

Do code Quality and Style Issues Differ Across (Non-)Machine Learning Notebooks? Yes! 23

Do Code Quality and Style Issues Differ Across (Non-)Machine...

引用

23rd ieee International working conference on source code analysis and manipulation, SCAM 2023

作者： Siddik, Md Saeed Bezemer, Cor-Paul University of Alberta Department of Electrical and Computer Engineering Canada

ISBN: (纸本)9798350305067

The popularity of computational notebooks is rapidly increasing because of their interactive code-output visualization and on-demand non-sequential code block execution. These notebook features have made notebooks especially popular with machine learning developers and data scientists. However, as prior work shows, notebooks generally contain low quality code. In this paper, we investigate whether the low quality code is inherent to the programming style in notebooks, or whether it is correlated with the use of machine learning techniques. We present a large-scale empirical analysis of 246,599 opensource notebooks to explore how machine learning code quality in Jupyter Notebooks differs from non-machine learning code, thereby focusing on code style issues. We explored code style issues across the Error, Convention, Warning, and Refactoring categories. We found that machine learning notebooks are of lower quality regarding PEP-8 code standards than non-machine learning notebooks, and their code quality distributions significantly differ with a small effect size. We identified several code style issues with large differences in occurrences between machine learning and non-machine learning notebooks. For example, package and import-related issues are more prevalent in machine learning notebooks. Our study shows that code quality and code style issues differ significantly across machine learning and non-machine learning notebooks. © 2023 ieee.

关键词： Machine learning

来源：评论

学校读者我要写书评

暂无评论

Alias-aware propagation of simple pattern-based properties in PHP applications

Alias-aware propagation of simple pattern-based properties i...

引用

2012 ieee 12th International working conference on source code analysis and manipulation, SCAM 2012

作者： Gauthier, François Merlo, Ettore Department of Computer Engineering École Polytechnique de Montréal France

ISBN: (纸本)9780769547831

In this paper, we present novel algorithms for the propagation of pattern-based properties in PHP applications. Intuitively, pattern-based properties designate those properties that are intrinsically associated to syntactic patterns in the source code. Security checks in access control models are an example of pattern-based properties. At the source code level, permissions are typically verified with stereotyped constructs, called security checks, that can be detected with syntactic patterns. Depending on the program, pattern-based properties can be a liased to variables that are propagated through the application. In that context, support from data-flow approaches is needed to track the propagation of patterns through the application. In the context of this paper, we focus on the alias-aware propagation of security checks through PHP applications. Specifically, we investigated the propagation of security checks in 8 PHP applications that implement access control models. We show how, using the Data log language, one can implement conceptually complex data-flow algorithms in an incremental, intuitive and compact manner. From the results perspective, we show how our algorithm identifies security checks and security check a liased variables in a precise way. The reported false positive rate varies between 0% and 4% for the investigated applications. © 2012 ieee.

关键词： Static analysis

来源：评论

学校读者我要写书评

暂无评论

Folding repeated instructions for improving token-based code clone detection

Folding repeated instructions for improving token-based code...

引用

2012 ieee 12th International working conference on source code analysis and manipulation, SCAM 2012

作者： Murakami, Hiroaki Hotta, Keisuke Higo, Yoshiki Igaki, Hiroshi Kusumoto, Shinji Graduate School of Information Science and Technology Osaka University 1-5 Yamadaoka Suita Osaka 565-0871 Japan

ISBN: (纸本)9780769547831

A variety of code clone detection methods have been proposed before now. However, only a small part of them is widely used. Widely-used methods are line-based and token-based ones. They have high scalability because they neither require deep source code analysis nor constructing complex intermediate structures for the detection. High scalability is one of the big advantages in code clone detection tools. On the other hand, line/token-based detections yield many false positives. One of the factors is the presence of repeated instructions in the source code. For example, herein we assume that there are consecutive three printf statements in C source code. If we apply a token-based detection to them, the former two statements are detected as a code clone of the latter two statements. However, such overlapped code clones are redundant and so not useful for developers. In this paper, we propose a new detection method that is free from the influence of the presence of repeated instructions. The proposed method transforms every of repeated instructions into a special form, and then it detects code clones using a suffix array algorithm. The transformation prevents many false positives from being detected. Also, the detection speed remains. The proposed detection method has already been developed as a software tool, FRISC. We confirmed the usefulness of the proposed method by conducting a quantitative evaluation of FRISC with Bellon's oracle. © 2012 ieee.

关键词： Cloning

来源：评论

学校读者我要写书评

暂无评论

INVocD: Identifier Name Vocabulary Dataset

INVocD: Identifier Name Vocabulary Dataset

引用

10th ieee working conference on Mining Software Repositories (MSR)

作者： Butler, Simon Wermelinger, Michel Yu, Yijun Sharp, Helen Open Univ Ctr Res Comp Dept Comp Milton Keynes Bucks England

ISBN: (纸本)9781479903450;9781467329361

INVocD is a database of the identifier name declarations and vocabulary found in 60 FLOSS Java projects where the source code structure is recorded and the identifier name vocabulary is made directly available, offering advantages for identifier name research over conventional source code models. The database has been used to support a range of research projects from identifier name analysis to concept location, and provides many opportunities to researchers. INVocD may be downloaded from http://***/36992

关键词： identifier names source code model source code mining

来源：评论

学校读者我要写书评

暂无评论

Change Pattern Detection for Optimising Incremental Static analysis 23

Change Pattern Detection for Optimising Incremental Static A...

引用

23rd ieee International working conference on source code analysis and manipulation, SCAM 2023

作者： Wauters, Cindy Plas, Jens Van Der Stievenart, Quentin Roover, Coen De Vrije Universiteit Brussel Brussels Belgium Université du Québec À Montréal Montréal Canada

ISBN: (纸本)9798350305067

Static analyses can be used by developers to compute properties of a program, enabling e.g., bug detection and program verification. However, reanalysing a program from scratch upon every change is time-consuming, especially in settings where code changes often, such as within IDEs. To avoid such full reanalyses, incremental analyses instead reuse parts of the previous analysis result, and reanalyse the changed code as necessary. While incrementality improves the analysis time, we introduce a complementary approach that further reduces the analysis time. A traditional incremental analysis updates previous analysis results without domain-specific knowledge. However, the effect of particular source code changes on analysis results can be predicted. Performing a traditional incremental analysis of the changed code might therefore be unnecessary. Instead, we propose to detect code change patterns of which the effect on analysis results can be predicted and to update these results accordingly, saving potentially expensive computations. In this paper, we explore the idea of adapting the analysis results for behaviour-preserving change patterns. In particular, we consider consistent renamings, inverted conditionals, and moved function definitions within Scheme programs. We implemented our approach and evaluated it on 30 programs. We show decreases in incremental analysis time between 3% and 99% on 25 programs that contain at least one behaviour-preserving change pattern. © 2023 ieee.

关键词： Static analysis

来源：评论

学校读者我要写书评

暂无评论

Proteum/FL: A tool for localizing faults using mutation analysis

Proteum/FL: A tool for localizing faults using mutation anal...

引用

2013 ieee 13th International working conference on source code analysis and manipulation, SCAM 2013

作者： Papadakis, Mike Delamaro, Marcio E. Traon, Yves Le University of Luxembourg Luxembourg Instituto de Ciências Matemáticas e de Computaçã o Universidade de São Paulo São Carlos SP Brazil

ISBN: (纸本)9781467357395

Fault diagnosis is the process of analyzing programs with the aim of identifying the code fragments that are faulty. It has been identified as one of the most expensive and time consuming tasks of software development. Even worst, this activity is usually accomplished based on manual analysis. To this end, automatic or semi-automatic fault diagnosis approaches are useful in assisting software developers. Hence, they can play an essential role in decreasing the overall development cost. This paper presents Proteum/FL, a mutation analysis tool for diagnosing previously detected faults. Given an ANSI-C program and a set of test cases, Proteum/FL returns a list of program statements ranked according to their likelihood of being faulty. The tool differs from the rest of the mutation analysis and fault diagnosis tools by employing mutation analysis as a means of diagnosing program faults. It therefore demonstrates the effective use of mutation in supporting both testing and debugging activities. © 2013 ieee.

关键词： Software testing

来源：评论

学校读者我要写书评

暂无评论

Fast and precise points-to analysis

引用

INFORMATION AND SOFTWARE TECHNOLOGY 2009年第10期51卷 1428-1439页

作者： Lundberg, Jonas Gutzmann, Tobias Edvinsson, Marcus Lowe, Welf Vaxjo Univ Software Technol Grp Sch Math & Syst Engn S-35195 Vaxjo Sweden

Many software engineering applications require points-to analysis. These client applications range from optimizing compilers to integrated program development environments (IDEs) and from testing environments to reverse-engineering tools. Moreover, software engineering applications used in an edit-compile cycle need points-to analysis to be fast and precise. In this article, we present a new context- and flow-sensitive approach to points-to analysis where calling contexts are distinguished by the points-to sets analyzed for their call target expressions. Compared to other well-known context-sensitive techniques it is faster in practice, on average, twice as fast as the call string approach and by an order of magnitude faster than the object-sensitive technique. In fact, it shows to be only marginally slower than a context-insensitive baseline analysis. At the same time, it provides higher precision than the call string technique and is similar in precision to the object-sensitive technique. We confirm these statements with experiments using a number of abstract precision metrics and a concrete client application: escape analysis. (C) 2009 Elsevier B.V. All rights reserved.

关键词： Points-to analysis Dataflow analysis Escape analysis

来源：评论

学校读者我要写书评

暂无评论

PASD: A Performance analysis Approach Through the Statistical Debugging of Kernel Events 23

PASD: A Performance Analysis Approach Through the Statistica...

引用

23rd ieee International working conference on source code analysis and manipulation, SCAM 2023

作者： Khan, Mohammed Adib Noferesti, Morteza Ezzati-Jivan, Naser Brock University Department of Computer Science St. Catharines Canada

ISBN: (纸本)9798350305067

Dynamic performance analysis plays a crucial role in optimizing systems and identifying performance bottlenecks. Traditional software debugging methods frequently encounter difficulties when trying to pinpoint performance problems in complex software settings. This is often because performance issues remain hidden during the code execution within debugging tools or under certain run-time circumstances, making them challenging to identify and address. This paper introduces PASD (Performance analysis through Statistical Debugging), a dynamic performance analysis approach based on statistical debugging of kernel-level trace events. Importantly, this approach requires no application code instrumentation and purely utilizes operating system kernel trace events for analysis. PASD collects kernel trace events generated during software execution and utilizes heuristics to analyze their performance issues and the root-causes. Through statistical debugging techniques, PASD identifies the most important functions correlated with performance problems. It notably does so without disrupting the software's normal functions and ensuring that any issues are detected in the software's typical operating conditions, thus avoiding additional complexity in the debugging process. We have conducted two empirical studies to assess the effectiveness of PASD on performance issues in the Firefox web browser as well as the 'ls' tool (a common utility in Unix-like systems). Our experiments demonstrate that PASD successfully identifies performance issues and their causes in software without prior knowledge of the architecture or source code instrumentation. By providing an overview of software behavior through the kernel-level, our proposed method can aid developers and testers in quickly pinpointing performance problems in the source code. This, in turn, can result in improved software quality, increased user satisfaction, and the prevention of critical system failures. © 2023 ieee.

关键词： Program debugging

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：