首页 > 最新文献

Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering最新文献

英文 中文
Social health cues developers use when choosing open source packages 开发人员在选择开源包时使用的社会健康提示
Andrew Head
Developers choose open source packages from many alternatives. One increasingly important factor when choosing a package is its "social health", or a developer’s ability to get help on communication channels. We conduct a study to understand how developers learn about the social health of open source packages before using them. We offer preliminary results of the cues developers find.
开发人员从许多替代方案中选择开源软件包。在选择软件包时,一个越来越重要的因素是它的“社会健康”,或者开发者在沟通渠道上获得帮助的能力。我们进行了一项研究,以了解开发人员在使用开源包之前如何了解它们的社会健康状况。我们提供了开发人员发现的线索的初步结果。
{"title":"Social health cues developers use when choosing open source packages","authors":"Andrew Head","doi":"10.1145/2950290.2983973","DOIUrl":"https://doi.org/10.1145/2950290.2983973","url":null,"abstract":"Developers choose open source packages from many alternatives. One increasingly important factor when choosing a package is its \"social health\", or a developer’s ability to get help on communication channels. We conduct a study to understand how developers learn about the social health of open source packages before using them. We offer preliminary results of the cues developers find.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"109 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76143803","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Analyzing the validity of selective mutation with dominator mutants 用显性突变体分析选择突变的有效性
Bob Kurtz, P. Ammann, J. Offutt, M. Delamaro, M. Kurtz, N. Gökçe
Various forms of selective mutation testing have long been accepted as valid approximations to full mutation testing. This paper presents counterevidence to traditional selective mutation. The recent development of dominator mutants and minimal mutation analysis lets us analyze selective mutation without the noise introduced by the redundancy inherent in traditional mutation. We then exhaustively evaluate all small sets of mutation operators for the Proteum mutation system and determine dominator mutation scores and required work for each of these sets on an empirical test bed. The results show that all possible selective mutation approaches have poor dominator mutation scores on at least some of these programs. This suggests that to achieve high performance with respect to full mutation analysis, selective approaches will have to become more sophisticated, possibly by choosing mutants based on the specifics of the artifact under test, that is, specialized selective mutation.
长期以来,各种形式的选择性突变检测被认为是完全突变检测的有效近似。本文提出了对传统选择突变理论的反证。近年来,显性突变和最小突变分析的发展使我们能够在分析选择性突变时避免传统突变所固有的冗余所带来的噪声。然后,我们详尽地评估了Proteum突变系统的所有小突变操作符集,并确定了显性突变分数和在经验测试台上为每个这些集所需的工作。结果表明,所有可能的选择性突变方法至少在某些程序上具有较差的显性突变分数。这表明,为了获得关于全突变分析的高性能,选择方法将必须变得更加复杂,可能是通过基于被测试工件的细节来选择突变,也就是说,专门的选择突变。
{"title":"Analyzing the validity of selective mutation with dominator mutants","authors":"Bob Kurtz, P. Ammann, J. Offutt, M. Delamaro, M. Kurtz, N. Gökçe","doi":"10.1145/2950290.2950322","DOIUrl":"https://doi.org/10.1145/2950290.2950322","url":null,"abstract":"Various forms of selective mutation testing have long been accepted as valid approximations to full mutation testing. This paper presents counterevidence to traditional selective mutation. The recent development of dominator mutants and minimal mutation analysis lets us analyze selective mutation without the noise introduced by the redundancy inherent in traditional mutation. We then exhaustively evaluate all small sets of mutation operators for the Proteum mutation system and determine dominator mutation scores and required work for each of these sets on an empirical test bed. The results show that all possible selective mutation approaches have poor dominator mutation scores on at least some of these programs. This suggests that to achieve high performance with respect to full mutation analysis, selective approaches will have to become more sophisticated, possibly by choosing mutants based on the specifics of the artifact under test, that is, specialized selective mutation.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"4 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85287549","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 79
DiagDroid: Android performance diagnosis via anatomizing asynchronous executions DiagDroid:通过剖析异步执行来诊断Android性能
Yu Kang, Yangfan Zhou, Hui Xu, Michael R. Lyu
Rapid UI responsiveness is a key consideration to Android app developers. However, the complicated concurrency model of Android makes it hard for developers to understand and further diagnose the UI performance. This paper presents DiagDroid, a tool specifically designed for Android UI performance diagnosis. The key notion of DiagDroid is that UI-triggered asynchronous executions contribute to the UI performance, and hence their performance and their runtime dependency should be properly captured to facilitate performance diagnosis. However, there are tremendous ways to start asynchronous executions, posing a great challenge to profiling such executions and their runtime dependency. To this end, we properly abstract five categories of asynchronous executions as the building basis. As a result, they can be tracked and profiled based on the specifics of each category with a dynamic instrumentation approach carefully tailored for Android. DiagDroid can then accordingly profile the asynchronous executions in a task granularity, equipping it with low-overhead and high compatibility merits. The tool is successfully applied in diagnosing 33 real-world open-source apps, and we find 14 of them contain 27 performance issues. It shows the effectiveness of our tool in Android UI performance diagnosis. The tool is open-source released online.
快速的UI响应是Android应用开发者的关键考虑因素。然而,Android复杂的并发模型使得开发者很难理解和进一步诊断UI性能。本文介绍了专门为Android UI性能诊断设计的工具DiagDroid。DiagDroid的关键概念是,由UI触发的异步执行有助于提高UI性能,因此应该适当地捕获它们的性能和运行时依赖关系,以促进性能诊断。然而,有很多方法可以启动异步执行,这对分析此类执行及其运行时依赖性提出了很大的挑战。为此,我们适当地抽象了五类异步执行作为构建基础。因此,可以根据每个类别的具体情况,使用为Android精心定制的动态检测方法对它们进行跟踪和分析。然后,DiagDroid可以在任务粒度中相应地分析异步执行,使其具有低开销和高兼容性的优点。该工具成功地用于诊断33个真实的开源应用程序,我们发现其中14个包含27个性能问题。它显示了我们的工具在Android UI性能诊断中的有效性。该工具是在线发布的开源工具。
{"title":"DiagDroid: Android performance diagnosis via anatomizing asynchronous executions","authors":"Yu Kang, Yangfan Zhou, Hui Xu, Michael R. Lyu","doi":"10.1145/2950290.2950316","DOIUrl":"https://doi.org/10.1145/2950290.2950316","url":null,"abstract":"Rapid UI responsiveness is a key consideration to Android app developers. However, the complicated concurrency model of Android makes it hard for developers to understand and further diagnose the UI performance. This paper presents DiagDroid, a tool specifically designed for Android UI performance diagnosis. The key notion of DiagDroid is that UI-triggered asynchronous executions contribute to the UI performance, and hence their performance and their runtime dependency should be properly captured to facilitate performance diagnosis. However, there are tremendous ways to start asynchronous executions, posing a great challenge to profiling such executions and their runtime dependency. To this end, we properly abstract five categories of asynchronous executions as the building basis. As a result, they can be tracked and profiled based on the specifics of each category with a dynamic instrumentation approach carefully tailored for Android. DiagDroid can then accordingly profile the asynchronous executions in a task granularity, equipping it with low-overhead and high compatibility merits. The tool is successfully applied in diagnosing 33 real-world open-source apps, and we find 14 of them contain 27 performance issues. It shows the effectiveness of our tool in Android UI performance diagnosis. The tool is open-source released online.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"61 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81121168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
PerfGuard: binary-centric application performance monitoring in production environments PerfGuard:生产环境中以二进制为中心的应用程序性能监控
C. Kim, J. Rhee, K. H. Lee, X. Zhang, Dongyan Xu
Diagnosis of performance problems is an essential part of software development and maintenance. This is in particular a challenging problem to be solved in the production environment where only program binaries are available with limited or zero knowledge of the source code. This problem is compounded by the integration with a significant number of third-party software in most large-scale applications. Existing approaches either require source code to embed manually constructed logic to identify performance problems or support a limited scope of applications with prior manual analysis. This paper proposes an automated approach to analyze application binaries and instrument the binary code transparently to inject and apply performance assertions on application transactions. Our evaluation with a set of large-scale application binaries without access to source code discovered 10 publicly known real world performance bugs automatically and shows that PerfGuard introduces very low overhead (less than 3% on Apache and MySQL server) to production systems.
性能问题的诊断是软件开发和维护的重要组成部分。这在生产环境中是一个特别具有挑战性的问题,因为只有程序二进制文件可用,对源代码的了解有限或为零。在大多数大型应用程序中,与大量第三方软件的集成使这个问题更加复杂。现有的方法要么需要源代码嵌入人工构造的逻辑来识别性能问题,要么需要事先进行人工分析来支持有限范围的应用程序。本文提出了一种自动化的方法来分析应用程序二进制文件,并透明地检测二进制代码,以便在应用程序事务中注入和应用性能断言。我们在不访问源代码的情况下对一组大规模应用程序二进制文件进行了评估,自动发现了10个公开的现实世界性能错误,并表明PerfGuard给生产系统带来了非常低的开销(在Apache和MySQL服务器上不到3%)。
{"title":"PerfGuard: binary-centric application performance monitoring in production environments","authors":"C. Kim, J. Rhee, K. H. Lee, X. Zhang, Dongyan Xu","doi":"10.1145/2950290.2950347","DOIUrl":"https://doi.org/10.1145/2950290.2950347","url":null,"abstract":"Diagnosis of performance problems is an essential part of software development and maintenance. This is in particular a challenging problem to be solved in the production environment where only program binaries are available with limited or zero knowledge of the source code. This problem is compounded by the integration with a significant number of third-party software in most large-scale applications. Existing approaches either require source code to embed manually constructed logic to identify performance problems or support a limited scope of applications with prior manual analysis. This paper proposes an automated approach to analyze application binaries and instrument the binary code transparently to inject and apply performance assertions on application transactions. Our evaluation with a set of large-scale application binaries without access to source code discovered 10 publicly known real world performance bugs automatically and shows that PerfGuard introduces very low overhead (less than 3% on Apache and MySQL server) to production systems.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"485 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79974760","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Training the future workforce through task curation in an OSS ecosystem 通过OSS生态系统中的任务管理培训未来的劳动力
A. Sarma, M. Gerosa, Igor Steinmacher, Rafael Leano
Volunteers to Open Source Software (OSS) projects contribute not only to help creating software that they use, but also to gain skills and enrich their expertise and resumes. However, newcomers to OSS face several challenges when joining a project. Particularly, they do not know where to start, or choose tasks that they can be successful at. Here, we describe our vision towards BugExchange, a system that curates tasks from OSS projects and helps train newcomers. While evaluating and executing these tasks, newcomers can gain an understanding about the project, its technology, and concepts. There are many challenges in designing such a system. For example, identifying the information needs of newcomers, creating task recommendations that match newcomers’ skills and career goals, and providing mentoring and networking support. We plan to leverage our previous work to conceive and prototype our system, which will include multiple research lines. BugExchange has the potential to improve newcomer learning experiences, reduce dropouts, and foster community building.
开源软件(OSS)项目的志愿者不仅帮助创建他们使用的软件,而且还获得了技能,丰富了他们的专业知识和简历。然而,OSS的新手在加入一个项目时会面临一些挑战。特别是,他们不知道从哪里开始,或者选择他们可以成功的任务。在这里,我们描述了我们对BugExchange的愿景,这是一个从OSS项目中策划任务并帮助培训新人的系统。在评估和执行这些任务时,新手可以获得对项目、其技术和概念的理解。设计这样一个系统有许多挑战。例如,确定新人的信息需求,创建符合新人技能和职业目标的任务建议,并提供指导和网络支持。我们计划利用我们以前的工作构思和原型我们的系统,这将包括多个研究线。BugExchange有潜力改善新人的学习体验,减少辍学率,并促进社区建设。
{"title":"Training the future workforce through task curation in an OSS ecosystem","authors":"A. Sarma, M. Gerosa, Igor Steinmacher, Rafael Leano","doi":"10.1145/2950290.2983984","DOIUrl":"https://doi.org/10.1145/2950290.2983984","url":null,"abstract":"Volunteers to Open Source Software (OSS) projects contribute not only to help creating software that they use, but also to gain skills and enrich their expertise and resumes. However, newcomers to OSS face several challenges when joining a project. Particularly, they do not know where to start, or choose tasks that they can be successful at. Here, we describe our vision towards BugExchange, a system that curates tasks from OSS projects and helps train newcomers. While evaluating and executing these tasks, newcomers can gain an understanding about the project, its technology, and concepts. There are many challenges in designing such a system. For example, identifying the information needs of newcomers, creating task recommendations that match newcomers’ skills and career goals, and providing mentoring and networking support. We plan to leverage our previous work to conceive and prototype our system, which will include multiple research lines. BugExchange has the potential to improve newcomer learning experiences, reduce dropouts, and foster community building.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"140 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88742296","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Foraging and navigations, fundamentally: developers' predictions of value and cost 觅食和导航,从根本上说:开发者对价值和成本的预测
David Piorkowski, Austin Z. Henley, Tahmid Nabi, S. Fleming, Christopher Scaffidi, M. Burnett
Empirical studies have revealed that software developers spend 35%–50% of their time navigating through source code during development activities, yet fundamental questions remain: Are these percentages too high, or simply inherent in the nature of software development? Are there factors that somehow determine a lower bound on how effectively developers can navigate a given information space? Answering questions like these requires a theory that captures the core of developers' navigation decisions. Therefore, we use the central proposition of Information Foraging Theory to investigate developers' ability to predict the value and cost of their navigation decisions. Our results showed that over 50% of developers' navigation choices produced less value than they had predicted and nearly 40% cost more than they had predicted. We used those results to guide a literature analysis, to investigate the extent to which these challenges are met by current research efforts, revealing a new area of inquiry with a rich and crosscutting set of research challenges and open problems.
经验研究表明,软件开发人员在开发活动中花费了35%-50%的时间来浏览源代码,然而基本的问题仍然存在:这些百分比是否太高,或者仅仅是软件开发的本质所固有的?是否存在某种因素以某种方式决定了开发人员如何有效地驾驭给定信息空间的下限?回答这些问题需要一个理论来抓住开发人员导航决策的核心。因此,我们使用信息觅食理论的中心命题来研究开发人员预测其导航决策的价值和成本的能力。我们的结果显示,超过50%的开发者的导航选择产生的价值低于他们的预期,近40%的导航选择的成本高于他们的预期。我们使用这些结果来指导文献分析,以调查当前研究工作应对这些挑战的程度,揭示一个具有丰富和横切研究挑战和开放问题的新研究领域。
{"title":"Foraging and navigations, fundamentally: developers' predictions of value and cost","authors":"David Piorkowski, Austin Z. Henley, Tahmid Nabi, S. Fleming, Christopher Scaffidi, M. Burnett","doi":"10.1145/2950290.2950302","DOIUrl":"https://doi.org/10.1145/2950290.2950302","url":null,"abstract":"Empirical studies have revealed that software developers spend 35%–50% of their time navigating through source code during development activities, yet fundamental questions remain: Are these percentages too high, or simply inherent in the nature of software development? Are there factors that somehow determine a lower bound on how effectively developers can navigate a given information space? Answering questions like these requires a theory that captures the core of developers' navigation decisions. Therefore, we use the central proposition of Information Foraging Theory to investigate developers' ability to predict the value and cost of their navigation decisions. Our results showed that over 50% of developers' navigation choices produced less value than they had predicted and nearly 40% cost more than they had predicted. We used those results to guide a literature analysis, to investigate the extent to which these challenges are met by current research efforts, revealing a new area of inquiry with a rich and crosscutting set of research challenges and open problems.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"s3-41 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90831895","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
Preventing signedness errors in numerical computations in Java 防止Java中数值计算中的签名错误
Christopher A. Mackie
We have developed and implemented a type system, the Signedness Type System, that captures usage of signed and unsigned integers in Java programs. This type system enables developers to detect errors regarding unsigned integers at compile time, and guarantees that such errors cannot occur at run time. In a case study. our type system proved easy to use and detected a previously unknown bug. Our type system is implemented as the Signedness Checker and will be available with the Checker Framework (http://CheckerFramework.org/).
我们已经开发并实现了一个类型系统,即签名类型系统,它可以捕获Java程序中有符号整数和无符号整数的使用情况。该类型系统使开发人员能够在编译时检测有关无符号整数的错误,并保证此类错误不会在运行时发生。在案例研究中。我们的类型系统被证明很容易使用,并检测到一个以前未知的错误。我们的类型系统是作为签名检查器实现的,并且可以在检查器框架(http://CheckerFramework.org/)中使用。
{"title":"Preventing signedness errors in numerical computations in Java","authors":"Christopher A. Mackie","doi":"10.1145/2950290.2983978","DOIUrl":"https://doi.org/10.1145/2950290.2983978","url":null,"abstract":"We have developed and implemented a type system, the Signedness Type System, that captures usage of signed and unsigned integers in Java programs. This type system enables developers to detect errors regarding unsigned integers at compile time, and guarantees that such errors cannot occur at run time. In a case study. our type system proved easy to use and detected a previously unknown bug. Our type system is implemented as the Signedness Checker and will be available with the Checker Framework (http://CheckerFramework.org/).","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"500 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91449395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Understanding behavioural patterns in JavaScript 理解JavaScript中的行为模式
Saba Alimadadi
JavaScript is one of the most popular programming languages. How- ever, understanding the dynamic behaviour of JavaScript apps is challenging in practice. There are many factors that hinder JavaScript comprehension, such as its dynamic, asynchronous, and event- driven nature, the dynamic interplay between JavaScript and the Document Object Model, and the asynchronous communication between client and server. In this research work, we have already proposed methods for understanding event-based and asynchronous JavaScript behaviour. To enhance the scalability of our methods, we propose a new technique that adopts bio-informatics algorithms to extract sequences of actions from execution traces that form higher-level patterns.
JavaScript是最流行的编程语言之一。然而,理解JavaScript应用程序的动态行为在实践中是具有挑战性的。有很多因素会阻碍JavaScript的理解,比如它的动态、异步和事件驱动的特性,JavaScript和文档对象模型之间的动态交互,以及客户端和服务器之间的异步通信。在这项研究工作中,我们已经提出了理解基于事件和异步JavaScript行为的方法。为了增强我们方法的可扩展性,我们提出了一种采用生物信息学算法的新技术,从形成高级模式的执行痕迹中提取动作序列。
{"title":"Understanding behavioural patterns in JavaScript","authors":"Saba Alimadadi","doi":"10.1145/2950290.2983947","DOIUrl":"https://doi.org/10.1145/2950290.2983947","url":null,"abstract":"JavaScript is one of the most popular programming languages. How- ever, understanding the dynamic behaviour of JavaScript apps is challenging in practice. There are many factors that hinder JavaScript comprehension, such as its dynamic, asynchronous, and event- driven nature, the dynamic interplay between JavaScript and the Document Object Model, and the asynchronous communication between client and server. In this research work, we have already proposed methods for understanding event-based and asynchronous JavaScript behaviour. To enhance the scalability of our methods, we propose a new technique that adopts bio-informatics algorithms to extract sequences of actions from execution traces that form higher-level patterns.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"9 8","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91452977","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
BinGo: cross-architecture cross-OS binary search 对了:跨架构、跨操作系统的二进制搜索
Mahinthan Chandramohan, Yinxing Xue, Zhengzi Xu, Yang Liu, Chia Yuan Cho, Hee Beng Kuan Tan
Binary code search has received much attention recently due to its impactful applications, e.g., plagiarism detection, malware detection and software vulnerability auditing. However, developing an effective binary code search tool is challenging due to the gigantic syntax and structural differences in binaries resulted from different compilers, architectures and OSs. In this paper, we propose BINGO — a scalable and robust binary search engine supporting various architectures and OSs. The key contribution is a selective inlining technique to capture the complete function semantics by inlining relevant library and user-defined functions. In addition, architecture and OS neutral function filtering is proposed to dramatically reduce the irrelevant target functions. Besides, we introduce length variant partial traces to model binary functions in a program structure agnostic fashion. The experimental results show that BINGO can find semantic similar functions across architecture and OS boundaries, even with the presence of program structure distortion, in a scalable manner. Using BINGO, we also discovered a zero-day vulnerability in Adobe PDF Reader, a COTS binary.
近年来,二进制代码搜索因其在剽窃检测、恶意软件检测和软件漏洞审计等方面的重要应用而受到广泛关注。然而,开发一个有效的二进制代码搜索工具是具有挑战性的,因为不同的编译器、体系结构和操作系统导致二进制代码的巨大语法和结构差异。在本文中,我们提出了BINGO -一个可扩展和强大的二进制搜索引擎,支持各种架构和操作系统。关键的贡献是一种选择性内联技术,通过内联相关的库和用户定义函数来捕获完整的函数语义。此外,提出了结构和操作系统中立函数滤波,以显著减少不相关的目标函数。此外,我们还引入了长度变化的部分轨迹,以一种与程序结构无关的方式对二元函数进行建模。实验结果表明,即使存在程序结构失真,BINGO也能以可扩展的方式找到跨架构和操作系统边界的语义相似函数。使用BINGO,我们还在Adobe PDF Reader中发现了一个零日漏洞,这是一个COTS二进制文件。
{"title":"BinGo: cross-architecture cross-OS binary search","authors":"Mahinthan Chandramohan, Yinxing Xue, Zhengzi Xu, Yang Liu, Chia Yuan Cho, Hee Beng Kuan Tan","doi":"10.1145/2950290.2950350","DOIUrl":"https://doi.org/10.1145/2950290.2950350","url":null,"abstract":"Binary code search has received much attention recently due to its impactful applications, e.g., plagiarism detection, malware detection and software vulnerability auditing. However, developing an effective binary code search tool is challenging due to the gigantic syntax and structural differences in binaries resulted from different compilers, architectures and OSs. In this paper, we propose BINGO — a scalable and robust binary search engine supporting various architectures and OSs. The key contribution is a selective inlining technique to capture the complete function semantics by inlining relevant library and user-defined functions. In addition, architecture and OS neutral function filtering is proposed to dramatically reduce the irrelevant target functions. Besides, we introduce length variant partial traces to model binary functions in a program structure agnostic fashion. The experimental results show that BINGO can find semantic similar functions across architecture and OS boundaries, even with the presence of program structure distortion, in a scalable manner. Using BINGO, we also discovered a zero-day vulnerability in Adobe PDF Reader, a COTS binary.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"24 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87266325","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 161
Revamping JavaScript static analysis via localization and remediation of root causes of imprecision 通过本地化和修复不精确的根本原因来改进JavaScript静态分析
Shiyi Wei, Omer Tripp, B. Ryder, Julian T Dolby
Static analysis is challenged by the dynamic language constructs of JavaScript which often lead to unacceptable performance and/or precision results. We describe an approach that focuses on improving the practicality and accuracy of points-to analysis and call graph construction for JavaScript programs. The approach first identifies program constructs which are sources of imprecision (i.e., root causes) through monitoring the static analysis process. We then examine and suggest specific context-sensitive analyses to apply. Our technique is able to to find that the root causes comprise less than 2% of the functions in JavaScript library applications. Moreover, the specialized analysis derived by our approach finishes within a few seconds, even on programs which can not complete within 10 minutes with the original analysis.
静态分析受到JavaScript的动态语言结构的挑战,这通常会导致不可接受的性能和/或精度结果。我们描述了一种专注于提高JavaScript程序的点分析和调用图构建的实用性和准确性的方法。该方法首先通过监视静态分析过程来识别作为不精确源(即根本原因)的程序构造。然后,我们检查并建议应用特定的上下文敏感分析。我们的技术能够发现,根本原因包括JavaScript库应用程序中不到2%的函数。此外,我们的方法衍生的专业分析在几秒钟内完成,即使在程序不能在10分钟内完成与原始分析。
{"title":"Revamping JavaScript static analysis via localization and remediation of root causes of imprecision","authors":"Shiyi Wei, Omer Tripp, B. Ryder, Julian T Dolby","doi":"10.1145/2950290.2950338","DOIUrl":"https://doi.org/10.1145/2950290.2950338","url":null,"abstract":"Static analysis is challenged by the dynamic language constructs of JavaScript which often lead to unacceptable performance and/or precision results. We describe an approach that focuses on improving the practicality and accuracy of points-to analysis and call graph construction for JavaScript programs. The approach first identifies program constructs which are sources of imprecision (i.e., root causes) through monitoring the static analysis process. We then examine and suggest specific context-sensitive analyses to apply. Our technique is able to to find that the root causes comprise less than 2% of the functions in JavaScript library applications. Moreover, the specialized analysis derived by our approach finishes within a few seconds, even on programs which can not complete within 10 minutes with the original analysis.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"57 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79453136","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
期刊
Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1