检索结果-内蒙古大学图书馆

2012 ieee 12th International working conference on source code analysis and manipulation, SCAM 2012

作者： Gauthier, François Merlo, Ettore Department of Computer Engineering École Polytechnique de Montréal France

ISBN: (纸本)9780769547831

In this paper, we present novel algorithms for the propagation of pattern-based properties in PHP applications. Intuitively, pattern-based properties designate those properties that are intrinsically associated to syntactic patterns in the source code. Security checks in access control models are an example of pattern-based properties. At the source code level, permissions are typically verified with stereotyped constructs, called security checks, that can be detected with syntactic patterns. Depending on the program, pattern-based properties can be a liased to variables that are propagated through the application. In that context, support from data-flow approaches is needed to track the propagation of patterns through the application. In the context of this paper, we focus on the alias-aware propagation of security checks through PHP applications. Specifically, we investigated the propagation of security checks in 8 PHP applications that implement access control models. We show how, using the Data log language, one can implement conceptually complex data-flow algorithms in an incremental, intuitive and compact manner. From the results perspective, we show how our algorithm identifies security checks and security check a liased variables in a precise way. The reported false positive rate varies between 0% and 4% for the investigated applications. © 2012 ieee.

关键词： Static analysis

来源：评论

学校读者我要写书评

暂无评论

May/must analysis and the DFAGen data-flow analysis generator

引用

INFORMATION AND SOFTWARE TECHNOLOGY 2009年第10期51卷 1440-1453页

作者： Stone, Andrew Strout, Michelle Behere, Shweta Colorado State Univ Dept Comp Sci Ft Collins CO 80523 USA Avaya Inc Milpitas CA 95035 USA

Data-flow analysis is a common technique for gathering program information for use in program transformations such as register allocation, dead-code elimination, common subexpression elimination, and scheduling. Current tools for generating data-flow analysis implementations enable analysis details to be specified orthogonally to the iterative analysis algorithm but still require implementation details regarding the may and must use and definition sets that occur due to the effects of pointers, side effects, arrays, and user-defined structures. This paper presents the Data-Flow analysis Generator tool (DFAGen), which enables analysis writers to generate analyses for separable and nonseparable data-flow analyses that are pointer, aggregate, and side-effect cognizant from a specification that assumes only scalars. By hiding the compiler-specific details behind predefined set definitions, the analysis specifications for the DFAGen tool are typically less than ten lines long and similar to those in standard compiler textbooks. The main contribution of this work is the automatic determination of when to use the may or must variant of a predefined set usage in the analysis specification. (C) 2009 Elsevier B.V. All rights reserved.

关键词： Data-flow analysis May Must Static analysis Program analysis Compilers

来源：评论

学校读者我要写书评

暂无评论

Impact analysis in the presence of dependence clusters using static execute after in WebKit

Impact analysis in the presence of dependence clusters using...

引用

2012 ieee 12th International working conference on source code analysis and manipulation, SCAM 2012

作者： Schrettner, Lajos Jász, Judit Gergely, Tamás Beszédes, Árpád Gyimóthy, Tibor Department of Software Engineering University of Szeged Hungary Research Group on Artificial Intelligence Hungarian Academy of Sciences Szeged Hungary

ISBN: (纸本)9780769547831

Impact analysis based on code dependence can be an integral part of software quality assurance by providing opportunities to identify those parts of the software system that are affected by a change. Because changes usually have far reaching effects in programs, effective and efficient impact analysis is vital, which has different applications including change propagation and regression testing. Static Execute After (SEA) is a relation on program elements (procedures) that is efficiently computable and accurate enough to be a candidate for use in impact analysis in practice. To assess the applicability of SEA in terms of capturing real defects, we present results on integrating it into the build system of Web Kit, a large, open source software system, and on related experiments. We show that a large number of real defects can be captured by impact sets computed by SEA, albeit many of them are large. We demonstrate that this is not an issue in applying it to regression test prioritization, but generally it can be an obstacle in the path to efficient use of impact analysis. We believe that the main reason for large impact sets is the formation of dependence clusters in code. As apparently dependence clusters cannot be easily avoided in the majority of cases, we focus on determining the effects these clusters have on impact analysis. © 2012 ieee.

关键词： Application programs

来源：评论

学校读者我要写书评

暂无评论

Multilingual source code analysis: State of the Art and Challenges 9

Multilingual Source Code Analysis: State of the Art and Chal...

引用

International conference on Open source Systems & Technologies (ICOSST)

作者： Mushtaq, Zaigham Rasool, Ghulam COMSATS Inst Informat Technol Dept Comp Sci Lahore Pakistan

ISBN: (纸本)9781479978120

source code analysis and manipulation for multilingual types of software applications is an important research topic and its importance is continuously increasing. As utilization of multilingual source code applications is increasing, the demand of multilingual source code analysis is escalating. We discuss the widespread applications of multiple technologies and languages used for development of software systems and difficulties for analyzing the source code of these applications in this paper. We highlight the key challenges and open research problems in the field of multilingual software applications that require the attention of research community.

关键词： source code analysis Cross-language analysis methods Reverse Engineering source code parsing

来源：评论

学校读者我要写书评

暂无评论

Can the use of types and query expansion help improve large-scale code search? 15

Can the use of types and query expansion help improve large-...

引用

ieee 15th International working conference on source code analysis and manipulation, SCAM 2015

作者： Lemos, Otavio Augusto Lazzarini De Paula, Adriano Carvalho Sajnani, Hitesh Lopes, Cristina V. Science and Technology Department Federal University of Saõ Paulo SJ dos Campos Brazil Donald Bren School of Information and Computer Sciences University of California Irvine United States

ISBN: (纸本)9781467375290

With the open source code movement, code search with the intent of reuse has become increasingly popular. So much so that researchers have been calling it the new facet of software reuse. Although code search differs from general-purpose document search in essential ways, most tools still rely mainly on keywords matched against source code text. Recently, researchers have proposed more sophisticated ways to perform code search, such as including interface definitions in the queries (e.g., return and parameter types of the desired function, along with keywords;called here Interface-Driven code Search-IDCS). However, to the best of our knowledge, there are few empirical studies that compare traditional keyword-based code search (KBCS) with more advanced approaches such as IDCS. In this paper we describe an experiment that compares the effectiveness of KBCS with IDCS in the task of large-scale code search of auxiliary functions implemented in Java. We also measure the impact of query expansion based on types and WordNet on both approaches. Our experiment involved 36 subjects that produced real-world queries for 16 different auxiliary functions and a repository with more than 2,000,000 Java methods. Results show that the use of types can improve recall and the number of relevant functions returned (#RFR) when combined with query expansion (∼30% improvement in recall, and ∼43% improvement in #RFR). However, a more detailed analysis suggests that in some situations it is best to use keywords only, in particular when these are sufficient to semantically define the desired function. © 2015 ieee.

关键词： Computer software reusability

来源：评论

学校读者我要写书评

暂无评论

PASD: A Performance analysis Approach Through the Statistical Debugging of Kernel Events 23

PASD: A Performance Analysis Approach Through the Statistica...

引用

23rd ieee International working conference on source code analysis and manipulation, SCAM 2023

作者： Khan, Mohammed Adib Noferesti, Morteza Ezzati-Jivan, Naser Brock University Department of Computer Science St. Catharines Canada

ISBN: (纸本)9798350305067

Dynamic performance analysis plays a crucial role in optimizing systems and identifying performance bottlenecks. Traditional software debugging methods frequently encounter difficulties when trying to pinpoint performance problems in complex software settings. This is often because performance issues remain hidden during the code execution within debugging tools or under certain run-time circumstances, making them challenging to identify and address. This paper introduces PASD (Performance analysis through Statistical Debugging), a dynamic performance analysis approach based on statistical debugging of kernel-level trace events. Importantly, this approach requires no application code instrumentation and purely utilizes operating system kernel trace events for analysis. PASD collects kernel trace events generated during software execution and utilizes heuristics to analyze their performance issues and the root-causes. Through statistical debugging techniques, PASD identifies the most important functions correlated with performance problems. It notably does so without disrupting the software's normal functions and ensuring that any issues are detected in the software's typical operating conditions, thus avoiding additional complexity in the debugging process. We have conducted two empirical studies to assess the effectiveness of PASD on performance issues in the Firefox web browser as well as the 'ls' tool (a common utility in Unix-like systems). Our experiments demonstrate that PASD successfully identifies performance issues and their causes in software without prior knowledge of the architecture or source code instrumentation. By providing an overview of software behavior through the kernel-level, our proposed method can aid developers and testers in quickly pinpointing performance problems in the source code. This, in turn, can result in improved software quality, increased user satisfaction, and the prevention of critical system failures. © 2023 ieee.

关键词： Program debugging

来源：评论

学校读者我要写书评

暂无评论

Fast and precise points-to analysis

引用

INFORMATION AND SOFTWARE TECHNOLOGY 2009年第10期51卷 1428-1439页

作者： Lundberg, Jonas Gutzmann, Tobias Edvinsson, Marcus Lowe, Welf Vaxjo Univ Software Technol Grp Sch Math & Syst Engn S-35195 Vaxjo Sweden

Many software engineering applications require points-to analysis. These client applications range from optimizing compilers to integrated program development environments (IDEs) and from testing environments to reverse-engineering tools. Moreover, software engineering applications used in an edit-compile cycle need points-to analysis to be fast and precise. In this article, we present a new context- and flow-sensitive approach to points-to analysis where calling contexts are distinguished by the points-to sets analyzed for their call target expressions. Compared to other well-known context-sensitive techniques it is faster in practice, on average, twice as fast as the call string approach and by an order of magnitude faster than the object-sensitive technique. In fact, it shows to be only marginally slower than a context-insensitive baseline analysis. At the same time, it provides higher precision than the call string technique and is similar in precision to the object-sensitive technique. We confirm these statements with experiments using a number of abstract precision metrics and a concrete client application: escape analysis. (C) 2009 Elsevier B.V. All rights reserved.

关键词： Points-to analysis Dataflow analysis Escape analysis

来源：评论

学校读者我要写书评

暂无评论

An integrated crosscutting concern migration strategy and its semi-automated application to JHotDraw

引用

AUTOMATED SOFTWARE ENGINEERING 2009年第2期16卷 323-356页

作者： Marin, Marius van Deursen, Arie Moonen, Leon van der Rijst, Robin Accenture Technol Architecture NL-1082 MA Amsterdam Netherlands Delft Univ Technol Delft Netherlands Simula Res Lab Lysaker Norway

In this paper we propose a systematic strategy for migrating crosscutting concerns in existing object-oriented systems to aspect-oriented programming solutions. The proposed strategy consists of four steps: mining, exploration, documentation and refactoring of crosscutting concerns. We discuss in detail a new approach to refactoring to aspect-oriented programming that is fully integrated with our strategy, and apply the whole strategy to an object-oriented system, namely the JHotDraw framework. Moreover, we present a method to semi-automatically perform the aspect-introducing refactorings based on identified crosscutting concern sorts which is supported by a prototype tool called sair. We perform an exploratory case study in which we apply this tool on the same object-oriented system and compare its results with the results of manual migration in order to assess the feasibility of automated aspect refactoring. Both the refactoring tool sair and the results of the manual migration are made available as open-source, the latter providing the largest aspect-introducing refactoring available to date. We report on our experiences with conducting both case studies and reflect on the success and challenges of the migration process.

关键词： Program analysis code refactoring Cross cutting concerns Concern modeling Aspect-oriented programming Reverse engineering Software engineering

来源：评论

学校读者我要写书评

暂无评论

Cooperative testing and analysis: Human-tool, tool-tool and human-human cooperations to get work done

Cooperative testing and analysis: Human-tool, tool-tool and ...

引用

2012 ieee 12th International working conference on source code analysis and manipulation, SCAM 2012

作者： Xie, Tao Department of Computer Science North Carolina State University Raleigh NC United States

ISBN: (纸本)9780769547831

Tool automation to reduce manual effort has been an active research area in various sub fields of software engineering such as software testing and analysis. To maximize the value of software testing and analysis, effective support for cooperation between engineers and tools is greatly needed and yet lacking in state-of-the-art research and practice. In particular, testing and analysis are in a great need of (1) effective ways for engineers to communicate their testing or analysis goals and guidance to tools and (2) tools with strong enough capabilities to accomplish the given testing or analysis goals and with effective ways to communicate challenges faced by them to engineers - enabling a feedback loop between engineers and tools to refine and accomplish the testing or analysis goals. In addition, different tools have their respective strengths and weaknesses, and there is also a great need of allowing these tools to cooperate with each other. Similarly, there is a great need of allowing engineers (or even users) to cooperate to help tools such as in the form of crowd sourcing. A new research frontier on synergistic co operations between humans and tools, tools and tools, and humans and humans is yet to be explored. This paper presents recent example advances on cooperative testing and analysis. © 2012 ieee.

关键词： Engineers

来源：评论

学校读者我要写书评

暂无评论

Mining source code Repositories at Massive Scale using Language Modeling

Mining Source Code Repositories at Massive Scale using Langu...

引用

10th ieee working conference on Mining Software Repositories (MSR)

作者： Allamanis, Miltiadis Sutton, Charles Univ Edinburgh Sch Informat Edinburgh EH8 9AB Midlothian Scotland

ISBN: (纸本)9781479903450;9781467329361

The tens of thousands of high-quality open source software projects on the Internet raise the exciting possibility of studying software development by finding patterns across truly large source code repositories. This could enable new tools for developing code, encouraging reuse, and navigating large projects. In this paper, we build the first giga-token probabilistic language model of source code, based on 352 million lines of Java. This is 100 times the scale of the pioneering work by Hindle et al. The giga-token model is significantly better at the code suggestion task than previous models. More broadly, our approach provides a new "lens" for analyzing software projects, enabling new complexity metrics based on statistical analysis of large corpora. We call these metrics data-driven complexity metrics. We propose new metrics that measure the complexity of a code module and the topical centrality of a module to a software project. In particular, it is possible to distinguish reusable utility classes from classes that are part of a program's core logic based solely on general information theoretic criteria.

关键词： Java data mining project management software management software metrics source coding statistical analysis

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：