Since the pioneer work by Ottenstein and Ottenstein, the notion of program dependency graph (PDG) has attracted a wide variety of compelling applications in software engineering, e.g. program slicing, information flow...
详细信息
ISBN:
(纸本)9789897584435
Since the pioneer work by Ottenstein and Ottenstein, the notion of program dependency graph (PDG) has attracted a wide variety of compelling applications in software engineering, e.g. program slicing, information flow security analysis, debugging, code-optimization, code-reuse, code-understanding, and many more. In order to exploit the power of dependencygraph in solving problems related to relational database applications, Willmor et al. first proposed Database Oriented program dependency graph (DOPDG), an extension of PDG by taking database statements and their dependencies further into consideration. However, the dependency information generated by the DOPDG construction algorithm is prone to imprecision due to its syntax-based computation, and therefore the approach may increase the susceptibility of false alarms in the above-mentioned application scenarios. Addressing this challenge, in this paper, the following two main research objectives are highlighted: (1) How to obtain more precise dependency information (hence more precise DOPDG)? and (2) How to compute them efficiently? To this aim, a data-centric based approach is proposed to compute precise dependency information by removing false alarms. To refine the database-database dependency, the syntax-based DOPDG construction is augmented by adding three extra nodes and edges (as per the condition-action execution sequence) with each node that represents the database statement.
Automatic application of refactoring techniques can help developer save effort for removing bad smells from their code which improves software maintainability. To remove automatically long method bad smell, which is o...
详细信息
ISBN:
(纸本)9781479979615
Automatic application of refactoring techniques can help developer save effort for removing bad smells from their code which improves software maintainability. To remove automatically long method bad smell, which is one of the most serious bad smells, we need an automatic application of six refactoring techniques. However, only one refactoring technique "Extract Method" can be automated. In this research, we propose an algorithm to identify code locations which will be extracted for creating a query method. We performed an experiment to conclude the workability and correctness of our algorithm. This is the most important step towards an automatic application of refactoring technique "replace temp with query".
Locate the faults is more complex for software program. In this paper propose a control flow and data flow coverage based fault localization technique used to locate the fault and less complexity to calculate an execu...
详细信息
ISBN:
(纸本)9781538608074
Locate the faults is more complex for software program. In this paper propose a control flow and data flow coverage based fault localization technique used to locate the fault and less complexity to calculate an executing program. Fault localization technique can be locating the fault in a program. Control flow coverage based fault localization get the suspicious lines to drawn as control flow graph for the purpose of visualize of the code that can be include the number of test cases. All the control statements can be covered by the test cases that can be arise the problem for more failed test cases and less successful test cases. The quality of suspiciousness lines affected to the effective test cases, so programdependency proposed in this paper that can be used to improve the quality of test cases. An experiments results provide a Siemen suite program that can be include whole information about test cases.
At present, the explosive growth of software code volume and quantity makes the code review process very labor-intensive and time-consuming. An automated code review model can assist in improving the efficiency of the...
详细信息
At present, the explosive growth of software code volume and quantity makes the code review process very labor-intensive and time-consuming. An automated code review model can assist in improving the efficiency of the process. Tufano et al., designed two automated tasks to help improve the efficiency of code review based on the deep learning approach, from two different perspectives, namely, the developer submitting the code and the code reviewer. However, they only used code sequence information and did not explore the logical structure information with a richer meaning of the code. To improve the learning of code structure information, a program dependency graph serialization algorithm PDG2Seq algorithm is proposed, which converts the program dependency graph into a unique graph code sequence in a lossless manner, while retaining the program structure information and semantic information. We then designed an automated code review model based on the pre-trained model CodeBERT architecture, which strengthens the learning of code information by fusing program structure information and code sequence information, and then fine-tuned the model according to the code review activity scene to complete the automatic modification of the code. To verify the efficiency of the algorithm, the two tasks in the experiment were compared with the best Algorithm 1-encoder/2-encoder. The experimental results show that the model we proposed has a significant improvement under the BLEU, Lewinshtein distance and ROUGE-L metrics.
Software piracy is an act of illegal stealing and distributing commercial software either for revenue or identify theft. Pirated applications on Android app stores are harming developers and their users by clone scamm...
详细信息
Software piracy is an act of illegal stealing and distributing commercial software either for revenue or identify theft. Pirated applications on Android app stores are harming developers and their users by clone scammers. The scammers usually generate pirated versions of the same applications and publish them in different open-source app stores. There is no centralized system between these app stores to prevent scammers from publishing pirated applications. As most of the app stores are hosted on cloud storage, therefore a cloud-based interaction system can prevent scammers from publishing pirated applications. In this paper, we proposed IoT-based cloud architecture for clone detection using programdependency analysis. First, the newly submitted APK and possible original files are selected from app stores. The APK Extractor and JDEX decompiler extract APK and DEX files for Java source code analysis. The dependencygraphs of Java files are generated to extract a set of weighted features. The Stacked-Long Short-Term Memory (S-LSTM) deep learning model is designed to predict possible clones. Experimental results have shown that the proposed approach can achieve an average accuracy of 95.48% among clones from different application stores.
Deep learning models have been widely used in the field of vulnerability detection. Deep learning-based vulnerability detection methods can automatically learn code patterns. Some methods consider processing codes as ...
详细信息
Deep learning models have been widely used in the field of vulnerability detection. Deep learning-based vulnerability detection methods can automatically learn code patterns. Some methods consider processing codes as text sequences to achieve scalable vulnerability detection. They leverage natural language processing models to extract code features. These methods do not consider the code's semantic structure and treat code slices as text. Vulnerability detection methods based on graph structures and graph neural networks are more accurate than text-based methods. However, these methods lack scalability in practice. Both graph generation and graph neural network training are all time-consuming. We propose a vulnerability detection method based on graphs and images (VulGAI). VulGAI choose the more reasonable node centrality to generate the image. It can preserve program details and distinguish node importance from different perspectives. In addition, we design a more efficient CNN model, which reduces computational overhead and improves detection performance (Time and Accuracy). We implement VulGAI and evaluate six methods (VulDePecker, SySeVR, Devign, VulCNN, mVulPreter, and VulGAI) on 40,657 functions. Experimental results show that VulGAI achieves higher Accuracy, TPR, and F1-Score than the others. In addition, we compare VulGAI and VulCNN on 30270 real-world functions. VulGAI outperforms VulCNN by 1.48 times in the number of TP. VulGAI is about 3.9 times faster than VulCNN in detection time.
Web development technology has experienced significant progress. The creation of JavaScript has highly enriched the interactive ability of the client. However, the attacker uses the dynamic characteristics of the Java...
详细信息
Web development technology has experienced significant progress. The creation of JavaScript has highly enriched the interactive ability of the client. However, the attacker uses the dynamic characteristics of the JavaScript language to embed malicious code into web pages to achieve the purpose of smuggling, redirection, and so on. Traditional methods based on static feature detection are therefore difficult to detect malicious code after confusion, and the method based on dynamic analysis is inefficient. To meet these challenges, this paper proposes a static detection model JStrong based on graph neural network. The model first generates an abstract syntax tree from the JavaScript source code, and then adds data flow and control flow information into the program dependency graph. In addition, we embed the nodes and edges of the graph into the feature vector and fully learn the features of the whole graph through the graph neural network. We take advantage of a real-world dataset collected from the top website and GitHub to evaluate JStrong and compare it to the state-of-the-art method. Experimental results show that JStrong achieves near-perfect classification performance and is superior to the state-of-the-art method.(c) 2022 Elsevier Ltd. All rights reserved.
暂无评论