This paper focuses on optimization of the precise configuration of functional modules. Customers usually face difficulties in explaining their personalized requirements clearly as they are lack of professional knowled...
详细信息
Integrated development environment (IDE) plugins aimed at detecting web application security vulnerabilities can help developers create secure applications in the first place. Most of such IDE plugins use static sourc...
详细信息
ISBN:
(纸本)9781665437844
Integrated development environment (IDE) plugins aimed at detecting web application security vulnerabilities can help developers create secure applications in the first place. Most of such IDE plugins use static source code analysis approaches. Although several empirical studies evaluated the plugins and compared their precision and recall of detecting web application security, few follow-up studies tried to understand the evaluation results. We analyzed more than 20,000 vulnerability reports based on 7,215 distinct test cases spanning 11 categories of web application vulnerabilities to understand the evaluation results of three open-source IDE plugins, namely, SpotBugs, FindSecBugs, and Early Security Vulnerability Detector (ESVD), which aimed at detecting security vulnerabilities of Java-based web applications. Our results identify many factors besides the source code analysis approach that can dramatically bias the detection performance. Based on our insights, we improved the studied plugins. In addition, our study raises the alarm that, without solid root cause analyses, the evaluation and comparisons of security vulnerability detection approaches and tools could be misleading. Thus, we proposed a guideline on reporting the evaluation results of the security vulnerability detection approaches.
The adoption of software Product Lines in the industry remains a major challenge. This paper presents an experience report focused on the application of a novel tool-based approach called Mobioos Forge. We introduce t...
The adoption of software Product Lines in the industry remains a major challenge. This paper presents an experience report focused on the application of a novel tool-based approach called Mobioos Forge. We introduce the vision and operational activities of Mobioos Forge, emphasizing its significance through an examination of the complex process of migrating the ArgoUML application - an open-source codebase exceeding 400KLOCs. We highlight the achieved feature model and detail the feature-to-source code mapping. Additionally, we explain the derivation process used to generate the source code for multiple variants. We discuss the time and effort expended on this migration, showcasing that, even with no prior familiarity with ArgoUML, it took less than 11 hours to successfully migrate the entire application into an SPL.
With the rapid development of IoT, more and more sensors are deployed in areas that lack infrastructure such as marine areas. We propose a new ISE-IoT scenario by combining the transmission of IoT data from the ocean ...
详细信息
Smart contracts are computerized transaction protocols built on top of blockchain networks. Users are charged with fees, a.k.a. gas in Ethereum, when they create, deploy or execute smart contracts. Since smart contrac...
详细信息
ISBN:
(纸本)9781665437844
Smart contracts are computerized transaction protocols built on top of blockchain networks. Users are charged with fees, a.k.a. gas in Ethereum, when they create, deploy or execute smart contracts. Since smart contracts may contain vulnerabilities which may result in huge financial loss, developers and smart contract compilers often insert codes for security checks. The trouble is that those codes consume gas every time they are executed. Many of the inserted codes are however redundant. In this work, we present sOptimize, a tool that optimizes smart contract gas consumption automatically without compromising functionality or security. sOptimize works on smart contract bytecode, statically identifies 3 kinds of code patterns, and further removes them through verification-assisted techniques. The resulting code is guaranteed to be equivalent to the original one and can be directly deployed on blockchain. We evaluate sOptimize on a collection of 1,152 real-world smart contracts and show that it optimizes 43% of them, and the reduction on gas consumption is about 2.0% while in deployment and 1.2% in transactions, the amount can be as high as 954,201 gas units per contract.
Despite widespread agreement on the benefits of code review, its outcomes may not be as expected. The complications can undermine the purpose of the development process and even destroy the entire development cycle. B...
详细信息
ISBN:
(纸本)9781665437844
Despite widespread agreement on the benefits of code review, its outcomes may not be as expected. The complications can undermine the purpose of the development process and even destroy the entire development cycle. Both academia and the industrial communities have invested a great deal of time and effort into code reviews. When a project team adheres to the best practices and creates a conducive environment, it is likely that code reviews could be conducted effectively and efficiently. By reviewing peer-reviewed scientific publications and gray literature on code review best practices, we summarized 57 practices as well as 19 code review pains that they address. Our review has shown that following best practices can ease the process of code review considerably. Multiple actionable practices are needed to support code review pains at the same time. To enable the adoption of best practices, OSS and industrial communities alike invest in integrating automatic techniques with code review tools. We hope that this review will provide researchers and practitioners with a comprehensive understanding of code review practices, aiding them in conducting code reviews more successfully.
The traditional code analysis approach to measure code quality, such as bad smells, coupling, cohesion, complexity, and common weakness enumeration, was a rule-based mechanism. In current, analyzing code through AI is...
The traditional code analysis approach to measure code quality, such as bad smells, coupling, cohesion, complexity, and common weakness enumeration, was a rule-based mechanism. In current, analyzing code through AI is being studied by many researchers. AI code analysis approach trains code patterns to AI model through labeled code datasets. The problem is that AI models require plenty of training datasets for better performance, but there are not enough datasets to train. To solve this problem, we suggest training an AI model with core building blocks of a target language and similar languages together. We can solve two problems the lack of datasets and the low performance of the AI model. Finally, we will compare the performance of the two models. One is a model trained with a dataset containing only one target language, and the other is a model trained with a dataset containing similar languages.
The Internet of Things (IoT) is a cutting-edge concept that unites the Internet with actual physical objects from a variety of industries, such as home automation, manufacturing, human health, and environmental monito...
详细信息
Due to the fixed slip ratio threshold being difficult to balance accuracy and response speed in estimating tire-road friction coefficient, this paper proposes a method that combines a seven degree-of-freedom vehicle d...
详细信息
ISBN:
(数字)9798350393682
ISBN:
(纸本)9798350393699
Due to the fixed slip ratio threshold being difficult to balance accuracy and response speed in estimating tire-road friction coefficient, this paper proposes a method that combines a seven degree-of-freedom vehicle dynamics model, a tire kinematics model, and a Kalman filter to estimate lateral and longitudinal forces on the vehicle’s tires. Then, the brush tire model and recursive least squares estimation method are employed to identify the tire-road friction coefficient during overtaking maneuvers. Finally, a dynamic slip ratio boundary is designed to optimize the road recognition algorithm. Simulation analysis shows that this proposed algorithm can accurately identify the tire-road friction coefficient and respond to its changes in a timely manner.
暂无评论