For the increasing complexity of software systems, the main work of software development, maintenance and evolution has been focused on the comprehension of the existing systems. In order to help users comprehend at all aspects and levels of a target system, it is necessary to reversely recover and abstract its high-level architecture, which can reflect the framework and holistic behavioral features of the software system. This paper deals with the problems of architecture recovery from the perspective of process. An approach of extracting process structure graph (PSG) from a target system is presented based on the features of the relations among processes on UNIX platform. First, the static code fragment of a dynamic process can be recognized, then a mapping algorithm that can identify the correspondence between the dynamic process ID and the static process module is given. On the basis of the algorithm, an incremental construction algorithm of PSG and a slicing algorithm for class structure in a process module are implemented respectively. The experimental results show that the extracted PSG is correct, effective and can reflect the high-level structure of the target system in detail at the process level.
{"title":"Architecture recovery and abstraction from the perspective of processes","authors":"Qingshan Li, Hua Chu, Shengming Hu, Ping Chen, Zhao Yun","doi":"10.1109/WCRE.2005.6","DOIUrl":"https://doi.org/10.1109/WCRE.2005.6","url":null,"abstract":"For the increasing complexity of software systems, the main work of software development, maintenance and evolution has been focused on the comprehension of the existing systems. In order to help users comprehend at all aspects and levels of a target system, it is necessary to reversely recover and abstract its high-level architecture, which can reflect the framework and holistic behavioral features of the software system. This paper deals with the problems of architecture recovery from the perspective of process. An approach of extracting process structure graph (PSG) from a target system is presented based on the features of the relations among processes on UNIX platform. First, the static code fragment of a dynamic process can be recognized, then a mapping algorithm that can identify the correspondence between the dynamic process ID and the static process module is given. On the basis of the algorithm, an incremental construction algorithm of PSG and a slicing algorithm for class structure in a process module are implemented respectively. The experimental results show that the extracted PSG is correct, effective and can reflect the high-level structure of the target system in detail at the process level.","PeriodicalId":119724,"journal":{"name":"12th Working Conference on Reverse Engineering (WCRE'05)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2005-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129377453","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Code that is scattered and tangled as a result of orthogonal concerns seriously hinders software maintenance and reuse. As OO decompositions are unable to cleanly encapsulate such orthogonal (cross-cutting) concerns simultaneously, new ideas and languages were devised to capture and encapsulate them. In this paper, we argue that the current leading approaches (AOP as it is understood in AspectJ and MDSOC), although a step forward in the right direction, have some serious limitations. We, then, propose a new conceptual model for encapsulating concerns identified in existing OO code, which we apply to an example taken from the Java Swing library. Our case study shows that our approach is able to capture cross-cutting concerns in a cleaner and more elegant fashion than current state of the art approaches.
{"title":"Capturing nontrivial concerns in object-oriented software","authors":"M. Trifu, Volker Kuttruff","doi":"10.1109/WCRE.2005.11","DOIUrl":"https://doi.org/10.1109/WCRE.2005.11","url":null,"abstract":"Code that is scattered and tangled as a result of orthogonal concerns seriously hinders software maintenance and reuse. As OO decompositions are unable to cleanly encapsulate such orthogonal (cross-cutting) concerns simultaneously, new ideas and languages were devised to capture and encapsulate them. In this paper, we argue that the current leading approaches (AOP as it is understood in AspectJ and MDSOC), although a step forward in the right direction, have some serious limitations. We, then, propose a new conceptual model for encapsulating concerns identified in existing OO code, which we apply to an example taken from the Java Swing library. Our case study shows that our approach is able to capture cross-cutting concerns in a cleaner and more elegant fashion than current state of the art approaches.","PeriodicalId":119724,"journal":{"name":"12th Working Conference on Reverse Engineering (WCRE'05)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2005-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131899451","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We apply static analysis and symbolic interpretation techniques to reverse engineer the semantics of legacy assembler code. We examine the case of IBM-1800 programs in detail. From the documented operational semantics of the IBM-1800, we simultaneously obtain an emulator and a symbolic analysis program. Augmented with some control flow information, we can use the symbolic analysis to provide both complete and generic semantics for some interesting code sequences.
{"title":"Symbolic interpretation of legacy assembly language","authors":"J. Carette, P. K. Chowdhury","doi":"10.1109/WCRE.2005.31","DOIUrl":"https://doi.org/10.1109/WCRE.2005.31","url":null,"abstract":"We apply static analysis and symbolic interpretation techniques to reverse engineer the semantics of legacy assembler code. We examine the case of IBM-1800 programs in detail. From the documented operational semantics of the IBM-1800, we simultaneously obtain an emulator and a symbolic analysis program. Augmented with some control flow information, we can use the symbolic analysis to provide both complete and generic semantics for some interesting code sequences.","PeriodicalId":119724,"journal":{"name":"12th Working Conference on Reverse Engineering (WCRE'05)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2005-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115347499","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The use of design patterns in a software system can provide strong indications about the rationale behind the system's design. As a result, automating the detection of design pattern instances could be of significant help to the process of reverse engineering large software systems. In this paper, we introduce DPVK (Design Pattern Verification toolKit), the first reverse engineering tool to detect pattern instances in Eiffel systems. DPVK is able to detect several different design patterns by examining both the static structure and the dynamic behaviour of a system written in Eiffel. We present three case studies that were performed to assess DPVK's effectiveness.
{"title":"Design pattern detection in Eiffel systems","authors":"Wei Wang, Vassilios Tzerpos","doi":"10.1109/WCRE.2005.14","DOIUrl":"https://doi.org/10.1109/WCRE.2005.14","url":null,"abstract":"The use of design patterns in a software system can provide strong indications about the rationale behind the system's design. As a result, automating the detection of design pattern instances could be of significant help to the process of reverse engineering large software systems. In this paper, we introduce DPVK (Design Pattern Verification toolKit), the first reverse engineering tool to detect pattern instances in Eiffel systems. DPVK is able to detect several different design patterns by examining both the static structure and the dynamic behaviour of a system written in Eiffel. We present three case studies that were performed to assess DPVK's effectiveness.","PeriodicalId":119724,"journal":{"name":"12th Working Conference on Reverse Engineering (WCRE'05)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2005-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125912336","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Buffer overflows have been the most common form of security vulnerability in the past decade. A number of techniques have been proposed to address such attacks. Some are limited to protecting the return address on the stack; others are more general, but have undesirable properties such as large overhead and false warnings. The approach described in this paper uses legality assertions, source code assertions inserted before each subscript and pointer dereference that explicitly check that the referencing expression actually specifies a location within the array or object pointed at run time. A transformation system is developed to analyze a program and annotate it with appropriate assertions automatically. This approach detects buffer vulnerabilities in both stack and heap memory as well as potential buffer overflows in library functions. Runtime checking through using automatically inferred assertions considerably enhances the accuracy and efficiency of buffer overflow detection. A number of example buffer overflow-exploiting C programs are used to demonstrate the effectiveness of this approach.
{"title":"Enhancing security using legality assertions","authors":"Lei Wang, J. Cordy, T. Dean","doi":"10.1109/WCRE.2005.36","DOIUrl":"https://doi.org/10.1109/WCRE.2005.36","url":null,"abstract":"Buffer overflows have been the most common form of security vulnerability in the past decade. A number of techniques have been proposed to address such attacks. Some are limited to protecting the return address on the stack; others are more general, but have undesirable properties such as large overhead and false warnings. The approach described in this paper uses legality assertions, source code assertions inserted before each subscript and pointer dereference that explicitly check that the referencing expression actually specifies a location within the array or object pointed at run time. A transformation system is developed to analyze a program and annotate it with appropriate assertions automatically. This approach detects buffer vulnerabilities in both stack and heap memory as well as potential buffer overflows in library functions. Runtime checking through using automatically inferred assertions considerably enhances the accuracy and efficiency of buffer overflow detection. A number of example buffer overflow-exploiting C programs are used to demonstrate the effectiveness of this approach.","PeriodicalId":119724,"journal":{"name":"12th Working Conference on Reverse Engineering (WCRE'05)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2005-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116716786","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Box-and-arrow diagrams seem inevitable for presentation of software architecture; however, the term "boxology" often mocks their over-use, especially when informal. We introduce in this paper a formal boxology to serve as a semantic domain for graph-based software architecture representation languages: the nested boxes and arrows (NBA) model. NBA graphs use commonly-adopted features of structure diagrams for software: boxes for objects, arrows for relations, attributes for values, and a containment hierarchy. NBA graphs are visualized using a number of conventions, and are transmitted in exchange languages such as GXL and TA. The NBA model is formalized as typed graphs with attributes and an identified spanning tree (containment). Meta-modeling is defined and formalized by schemas, which are also NBA graphs. The universal schema is defined. A number of tools have been developed to query, manipulate and visualize NBA graphs
{"title":"Boxology of NBA and TA: a basis for understanding software architecture","authors":"A. Malton, R. Holt","doi":"10.1109/WCRE.2005.10","DOIUrl":"https://doi.org/10.1109/WCRE.2005.10","url":null,"abstract":"Box-and-arrow diagrams seem inevitable for presentation of software architecture; however, the term \"boxology\" often mocks their over-use, especially when informal. We introduce in this paper a formal boxology to serve as a semantic domain for graph-based software architecture representation languages: the nested boxes and arrows (NBA) model. NBA graphs use commonly-adopted features of structure diagrams for software: boxes for objects, arrows for relations, attributes for values, and a containment hierarchy. NBA graphs are visualized using a number of conventions, and are transmitted in exchange languages such as GXL and TA. The NBA model is formalized as typed graphs with attributes and an identified spanning tree (containment). Meta-modeling is defined and formalized by schemas, which are also NBA graphs. The universal schema is defined. A number of tools have been developed to query, manipulate and visualize NBA graphs","PeriodicalId":119724,"journal":{"name":"12th Working Conference on Reverse Engineering (WCRE'05)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2005-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130495561","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The architecture of many large software systems is rarely documented and if documented it is usually out of date. To support developers maintaining and evolving these systems, an up to date view of the architecture could be recovered from the system's implementation. Source code or object code extractors may be used to recover the architecture. In this paper, we explore using two types of extractors (source code and object code extractors) to recover the architecture of several large open source systems. We then investigate the differences between the results produced by these extractors to gain a better understanding of the benefits and limitations of each type of extractor. Our experimental results show that both types of extractors have their benefits and limitations. For example, an object code extractor is easier to implement while a source code extractor recovers more dependencies that exist in the source code as seen by developers.
{"title":"Source versus object code extraction for recovering software architecture","authors":"A. Hassan, Z. Jiang, R. Holt","doi":"10.1109/WCRE.2005.30","DOIUrl":"https://doi.org/10.1109/WCRE.2005.30","url":null,"abstract":"The architecture of many large software systems is rarely documented and if documented it is usually out of date. To support developers maintaining and evolving these systems, an up to date view of the architecture could be recovered from the system's implementation. Source code or object code extractors may be used to recover the architecture. In this paper, we explore using two types of extractors (source code and object code extractors) to recover the architecture of several large open source systems. We then investigate the differences between the results produced by these extractors to gain a better understanding of the benefits and limitations of each type of extractor. Our experimental results show that both types of extractors have their benefits and limitations. For example, an object code extractor is easier to implement while a source code extractor recovers more dependencies that exist in the source code as seen by developers.","PeriodicalId":119724,"journal":{"name":"12th Working Conference on Reverse Engineering (WCRE'05)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2005-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115316086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Bill Andreopoulos, Aijun An, Vassilios Tzerpos, Xiaogang Wang
Software clustering algorithms presented in the literature rarely incorporate in the clustering process dynamic information, such as the number of function invocations during runtime. Moreover, the structure of a software system is often multi-layered, while existing clustering algorithms often create flat system decompositions. This paper presents a software clustering algorithm called MULICsoft that incorporates in the clustering process both static and dynamic information. MULICsoft produces layered clusters with the core elements of each cluster assigned to the top layer. We present experimental results of applying MULICsoft to a large open-source system. Comparison with existing software clustering algorithms indicates that MULICsoft is able to produce decompositions that are close to those created by system experts.
{"title":"Multiple layer clustering of large software systems","authors":"Bill Andreopoulos, Aijun An, Vassilios Tzerpos, Xiaogang Wang","doi":"10.1109/WCRE.2005.24","DOIUrl":"https://doi.org/10.1109/WCRE.2005.24","url":null,"abstract":"Software clustering algorithms presented in the literature rarely incorporate in the clustering process dynamic information, such as the number of function invocations during runtime. Moreover, the structure of a software system is often multi-layered, while existing clustering algorithms often create flat system decompositions. This paper presents a software clustering algorithm called MULICsoft that incorporates in the clustering process both static and dynamic information. MULICsoft produces layered clusters with the core elements of each cluster assigned to the top layer. We present experimental results of applying MULICsoft to a large open-source system. Comparison with existing software clustering algorithms indicates that MULICsoft is able to produce decompositions that are close to those created by system experts.","PeriodicalId":119724,"journal":{"name":"12th Working Conference on Reverse Engineering (WCRE'05)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2005-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115452005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The today’s diffusion of web services and service– oriented architecture is posing the basis for radical changes in the way of developing, evolving and testing software systems. This tutorial outlines some main research challenges on this topic, and provides guidelines and practical solutions for i) realizing service–oriented systems able to support QoS-aware dynamic binding ii) helping the comprehension of service–oriented systems and iii) testing service– oriented systems.
{"title":"Architecture-Driven Modernization (ADM)","authors":"P. Newcomb","doi":"10.1109/WCRE.2005.7","DOIUrl":"https://doi.org/10.1109/WCRE.2005.7","url":null,"abstract":"The today’s diffusion of web services and service– oriented architecture is posing the basis for radical changes in the way of developing, evolving and testing software systems. This tutorial outlines some main research challenges on this topic, and provides guidelines and practical solutions for i) realizing service–oriented systems able to support QoS-aware dynamic binding ii) helping the comprehension of service–oriented systems and iii) testing service– oriented systems.","PeriodicalId":119724,"journal":{"name":"12th Working Conference on Reverse Engineering (WCRE'05)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2005-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116829848","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Provides an abstract of the tutorial presentation and a brief professional biography of the presenter. The complete presentation was not made available for publication as part of the conference proceedings.
提供教程演示的摘要和演示者的简短专业简介。完整的报告没有作为会议记录的一部分提供出版。
{"title":"Workshop on Code Based Software Security Assessments (CoBaSSA 2005)","authors":"L. Moonen, S. Mancoridis","doi":"10.1109/WCRE.2005.34","DOIUrl":"https://doi.org/10.1109/WCRE.2005.34","url":null,"abstract":"Provides an abstract of the tutorial presentation and a brief professional biography of the presenter. The complete presentation was not made available for publication as part of the conference proceedings.","PeriodicalId":119724,"journal":{"name":"12th Working Conference on Reverse Engineering (WCRE'05)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2005-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129712950","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: