检索结果-内蒙古大学图书馆

Sensei: Enforcing secure coding guidelines in the integrated development environment

SOFTWARE-PRACTICE & EXPERIENCE 2020年第9期50卷 1682-1718页

作者： De Cremer, Pieter Desmet, Nathan Madou, Matias De Sutter, Bjorn Secure CodeWarrior Baron Ruzettelaan 5-3 B-8310 Assebroek Belgium Univ Ghent Comp Syst Lab Ghent Belgium

We discuss the potential benefits, requirements, and implementation challenges of a security-by-design approach in which an integrated development environment plugin assists software developers to write code that complies with secure coding guidelines. We discuss how such a plugin can enable a company's policy-setting security experts and developers to pass their knowledge on to each other more efficiently, and to let developers more effectively put that knowledge into practice. This is achieved by letting the team members develop customized rule sets that formalize coding guidelines and by letting the plugin check the compliance of code being written to those rule sets in real time, similar to an as-you-type spell checker. Upon detected violations, the plugin suggests options to quickly fix them and offers additional information for the developer. We share our experience with proof-of-concept designs and implementations rolled out in multiple companies, and present some future research and development directions.

关键词： coding guidelines IDE support security by design software development

来源：评论

学校读者我要写书评

暂无评论

A Proposal for the Tailoring of AUTOSAR coding guidelines C++ to ISO 26262-6:2018 28th

A Proposal for the Tailoring of AUTOSAR Coding Guidelines C+...

引用

28th European Conference on Systems, Software and Services Process Improvement (EuroSPI)

作者： Eito-Brun, Ricardo Univ Carlos III Madrid Madrid 28903 Spain

ISBN: (纸本)9783030855215;9783030855208

ISO 26262 6 provides requirements for the development of safety automotive software applications and establishes a set of methods that must be applied in the different software development and validation activities depending on the criticality level (ASIL) allocated to the software components. When adopting ISO 26262-6, organizations must respond to the requirements in the standard, and identify how they are going to implement the different methods and controls. In the case of AUTOSAR Classic software developments using the C and C++ programming languages, the industry has previously documented references on how to adapt MISRA coding guidelines to respond to ISO 26262 requirements, but no equivalent proposal has been proposed and discussed in the context of developments based on AUTOSAR Adaptive developments. This paper proposes the tailoring of AUTOSAR coding guidelines for C++, which is the coding standard typically used in AUTOSAR Adaptive developments, to respond to the requirements in the ISO standard.

关键词： ISO 26262-6 coding guidelines AUTOSAR adaptive Tailoring

来源：评论

学校读者我要写书评

暂无评论

An Efficient and Scalable Platform for Java Source Code Analysis Using Overlaid Graph Representations

引用

IEEE ACCESS 2020年 8卷 72239-72260页

作者： Rodriguez-Prieto, Oscar Mycroft, Alan Ortin, Francisco Univ Oviedo Dept Comp Sci Oviedo 33007 Spain Univ Cambridge Dept Comp Sci & Technol Cambridge CB2 1TN England Cork Inst Technol Dept Comp Sci Cork T12 P928 Ireland

Although source code programs are commonly written as textual information, they enclose syntactic and semantic information that is usually represented as graphs. This information is used for many different purposes, such as static program analysis, advanced code search, coding guideline checking, software metrics computation, and extraction of semantic and syntactic information to create predictive models. Most of the existing systems that provide these kinds of services are designed ad hoc for the particular purpose they are aimed at. For this reason, we created ProgQuery, a platform to allow users to write their own Java program analyses in a declarative fashion, using graph representations. We modify the Java compiler to compute seven syntactic and semantic representations, and store them in a Neo4j graph database. Such representations are overlaid, meaning that syntactic and semantic nodes of the different graphs are interconnected to allow combining different kinds of information in the queries/analyses. We evaluate ProgQuery and compare it to the related systems. Our platform outperforms the other systems in analysis time, and scales better to program sizes and analysis complexity. Moreover, the queries coded show that ProgQuery is more expressive than the other approaches. The additional information stored by ProgQuery increases the database size and associated insertion time, but these increases are significantly lower than the query/analysis performance gains obtained.

关键词： Java Syntactics Semantics Tools Databases Ciphers Database languages Code analysis graph database coding guidelines declarative query language program representation Cypher Java Neo4j

来源：评论

学校读者我要写书评

暂无评论

Suboptimal Comments in Java Projects: From Independent Comment Changes to Commenting Practices

引用

ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY 2023年第2期32卷 1-33页

作者： Wang, Chao He, Hao Pal, Uma Marinov, Darko Zhou, Minghui Peking Univ Sch Comp Sci 5 Yiheyuan Rd Beijing 100871 Peoples R China Minist Educ Key Lab High Confidence Software Technol Beijing Peoples R China Univ Massachusetts Amherst Coll Informat & Comp Sci 181 Presidents Dr Amherst Amherst MA 01003 USA Univ Illinois Dept Comp Sci 201 N Goodwin Ave Champaign IL 61820 USA

High-quality source code comments are valuable for software development and maintenance, however, code often contains low-quality comments or lacks them altogether. We name such source code comments as suboptimal comments. Such suboptimal comments create challenges in code comprehension and maintenance. Despite substantial research on low-quality source code comments, empirical knowledge about commenting practices that produce suboptimal comments and reasons that lead to suboptimal comments are lacking. We help bridge this knowledge gap by investigating (1) independent comment changes (ICCs)-comment changes committed independently of code changes-which likely address suboptimal comments, (2) commenting guidelines, and (3) comment-checking tools and comment-generating tools, which are often employed to help commenting practice-especially to prevent suboptimal comments. We collect 24M+ comment changes from 4,392 open-source GitHub Java repositories and find that ICCs widely exist. The ICC ratio-proportion of ICCs among all comment changes-is similar to 15.5%, with 98.7% of the repositories having ICC. Our thematic analysis of 3,533 randomly sampled ICCs provides a three-dimensional taxonomy for what is changed (four comment categories and 13 subcategories), how it changed (six commenting activity categories), and what factors are associated with the change (three factors). We investigate 600 repositories to understand the prevalence, content, impact, and violations of commenting guidelines. We find that only 15.5% of the 600 sampled repositories have any commenting guidelines. We provide the first taxonomy for elements in commenting guidelines: where and what to comment are particularly important. The repositories without such guidelines have a statistically significantly higher ICC ratio, indicating the negative impact of the lack of commenting guidelines. However, commenting guidelines are not strictly followed: 85.5% of checked repositories have violations. We also

关键词： Code comments software documentation coding guidelines software evolution

来源：评论

学校读者我要写书评

暂无评论

SCRUB: a tool for code reviews

引用

INNOVATIONS IN SYSTEMS AND SOFTWARE ENGINEERING 2010年第4期6卷 311-318页

作者： Holzmann, Gerard J. CALTECH Jet Prop Laboratory Lab Reliable Software Pasadena CA 91109 USA

This paper describes a tool called Source Code Review User Browser (SCRUB) that was developed to support a more effective and tool-based code review process. The tool was designed to support a large team-based software development effort of mission critical software at JPL, but can also be used for individual software development on small projects. The tool combines classic peer code review with machine-generated analyses from a customizable range of source code analyzers. All reports, whether generated by humans or by background tools, are accessed through a single uniform interface provided by SCRUB.

关键词： Peer code review Static source code analysis coding rules coding guidelines coding standards Compliance verification

来源：评论

学校读者我要写书评

暂无评论

A code refinement methodology for performance-improved synthesis from C

A code refinement methodology for performance-improved synth...

引用

IEEE/ACM International Conference on Computer Aide Digest

作者： Stitt, Greg Vahid, Frank Najjar, Walid Univ Calif Riverside Dept Comp Sci & Engn Riverside CA 92521 USA

ISBN: (纸本)9781595933898

Although many recent advances have been made in hardware synthesis techniques from software programming languages such as C, the performance of synthesized hardware commonly suffers due to the use of C constructs and coding practices that are not appropriate for hardware. Most previous approaches to addressing this problem require drastic changes to coding practice. We present an approach that instead requires only minimal changes but yields significant speedups. In this approach, a software developer initially writes C code as they normally would, and then applies simple refinement guidelines to only the performance-critical code regions, which are the regions most likely to be synthesized to hardware. Alternatively, if a designer is aware of performance-critical parts of the application, the guidelines could be followed during development. In this study, we analyze dozens of embedded benchmarks to determine the most common C coding practices that limit hardware performance, and introduce coding guidelines to make the code more amenable to synthesis. Those guidelines typically require minimal coding effort, generally consisting of less than ten lines of code for each guideline. The guidelines typically represent modifications that require designer knowledge, making the guidelines difficult or impossible for synthesis tools to automate. We apply these guidelines to six benchmarks, resulting in average speedups of 3.5x compared to synthesis from the original code with a negligible software size and performance overhead.

关键词： performance design synthesis hardware/software partitioning coding guidelines code refinement embedded systems FPGA compilation

来源：评论

学校读者我要写书评

暂无评论

Interrupted time series design to evaluate the effect of the ICD-9-CM to ICD-10-CM coding transition on injury hospitalization trends

引用

Injury Epidemiology 2018年第1期5卷 36页

作者： Slavova, Svetla Costich, Julia F. Luu, Huong Fields, Judith Gabella, Barbara A. Tarima, Sergey Bunn, Terry L. Department of Biostatistics College of Public Health University of Kentucky Lexington KY United States Kentucky Injury Prevention and Research Center University of Kentucky Lexington KY United States Department of Health Management and Policy College of Public Health University of Kentucky Lexington KY United States Colorado Department of Public Health and Environment Denver CO United States Institute for Health and Equity Medical College of Wisconsin Milwaukee WI United States Department of Preventive Medicine and Environmental Health College of Public Health University of Kentucky Lexington United States

Background: Implementation of the International Classification of Diseases, Tenth Revision, Clinical Modification (ICD-10-CM) in the U.S. on October 1, 2015 was a significant policy change with the potential to affect established injury morbidity trends. This study used data from a single state to demonstrate 1) the use of a statistical method to estimate the effect of this coding transition on injury hospitalization trends, and 2) interpretation of significant changes in injury trends in the context of the structural and conceptual differences between ICD-9-CM and ICD-10-CM, the new ICD-10-CM-specific coding guidelines, and proposed ICD-10-CM-based framework for reporting of injuries by intent and mechanism. Segmented regression analysis was used for statistical modeling of interrupted time series monthly data to evaluate the effect of the transition to ICD-10-CM on Kentucky hospitalizations’ external-cause-of-injury completeness (percentage of records with principal injury diagnoses supplemented with external-cause-of-injury codes), as well as injury hospitalization trends by intent or mechanism, January 2012–December 2017. Results: The segmented regression analysis showed an immediate significant drop in external-cause-of-injury completeness during the transition month, but returned to its pre-transition levels in November 2015. There was a significant immediate change in the percentage of injury hospitalizations coded for unintentional (3.34%) and undetermined intent (− 3.39%). There were immediate significant changes in the level of injury hospitalization rates due to poisoning, suffocation, struck by/against, other transportation, unspecified mechanism, and other specified not elsewhere classifiable mechanism. Significant change in slope after the transition (without immediate level change) was identified for assault, firearm, cut/pierce, and motor vehicle traffic injury rates. The observed trend changes reflected structural and conceptual features of ICD-10-C

关键词： Injury Hospitalizations Segmented Regression Analysis Injury Codes Administrative Billing Data coding guidelines

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：