首页 > 最新文献

2013 20th Working Conference on Reverse Engineering (WCRE)最新文献

英文 中文
Leveraging specifications of subcomponents to mine precise specifications of composite components 利用子组件的规范来挖掘组合组件的精确规范
Pub Date : 2013-11-21 DOI: 10.1109/WCRE.2013.6671291
Ziying Dai, Xiaoguang Mao, Yan Lei, Liqian Chen
Specifications play an important role in many software engineering activities. Despite their usefulness, formal specifications are often unavailable in practice. Specification mining techniques try to automatically recover specifications from existing programs. Unfortunately, mined specifications are often overly general, which hampers their applications in the downstream analysis and testing. Nowadays, programmers develop software systems by utilizing existing components that usually have some available specifications. However, benefits of these available specifications are not explored by current specification miners. In this paper, we propose an approach to leverage available specifications of subcomponents to improve the precision of specifications of the composite component mined by state-based mining techniques. We monitor subcomponents against their specifications during the mining process and use states that are reached to construct abstract states of the composite component. Our approach makes subcomponents' states encoded within their specifications visible to their composite component, and improves the precision of mined specifications by effectively increasing the number of their states. The empirical evaluation shows that our approach can significantly improve the precision of mined specifications by removing erroneous behavior without noticeable loss of recall.
规格说明在许多软件工程活动中扮演着重要的角色。尽管它们很有用,但在实践中通常无法获得正式的规范。规范挖掘技术试图从现有程序中自动恢复规范。不幸的是,挖掘的规范通常过于一般化,这阻碍了它们在下游分析和测试中的应用。如今,程序员通过利用通常具有一些可用规范的现有组件来开发软件系统。然而,当前的规范挖掘者并没有探索这些可用规范的好处。在本文中,我们提出了一种利用子组件的可用规范来提高基于状态的挖掘技术挖掘的复合组件规范的精度的方法。在挖掘过程中,我们根据子组件的规范监视子组件,并使用所达到的状态来构造复合组件的抽象状态。我们的方法使子组件在其规范中编码的状态对其复合组件可见,并通过有效地增加其状态的数量来提高挖掘规范的精度。经验评估表明,我们的方法可以通过去除错误行为来显著提高挖掘规格的精度,而不会造成明显的召回损失。
{"title":"Leveraging specifications of subcomponents to mine precise specifications of composite components","authors":"Ziying Dai, Xiaoguang Mao, Yan Lei, Liqian Chen","doi":"10.1109/WCRE.2013.6671291","DOIUrl":"https://doi.org/10.1109/WCRE.2013.6671291","url":null,"abstract":"Specifications play an important role in many software engineering activities. Despite their usefulness, formal specifications are often unavailable in practice. Specification mining techniques try to automatically recover specifications from existing programs. Unfortunately, mined specifications are often overly general, which hampers their applications in the downstream analysis and testing. Nowadays, programmers develop software systems by utilizing existing components that usually have some available specifications. However, benefits of these available specifications are not explored by current specification miners. In this paper, we propose an approach to leverage available specifications of subcomponents to improve the precision of specifications of the composite component mined by state-based mining techniques. We monitor subcomponents against their specifications during the mining process and use states that are reached to construct abstract states of the composite component. Our approach makes subcomponents' states encoded within their specifications visible to their composite component, and improves the precision of mined specifications by effectively increasing the number of their states. The empirical evaluation shows that our approach can significantly improve the precision of mined specifications by removing erroneous behavior without noticeable loss of recall.","PeriodicalId":275092,"journal":{"name":"2013 20th Working Conference on Reverse Engineering (WCRE)","volume":"182 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133323046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Automatic recovery of root causes from bug-fixing changes 从bug修复更改中自动恢复根本原因
Pub Date : 2013-11-21 DOI: 10.1109/WCRE.2013.6671284
Ferdian Thung, D. Lo, Lingxiao Jiang
What is the root cause of this failure? This question is often among the first few asked by software debuggers when they try to address issues raised by a bug report. Root cause is the erroneous lines of code that cause a chain of erroneous program states eventually leading to the failure. Bug tracking and source control systems only record the symptoms (e.g., bug reports) and treatments of a bug (e.g., committed changes that fix the bug), but not its root cause. Many treatments contain non-essential changes, which are intermingled with root causes. Reverse engineering the root cause of a bug can help to understand why the bug is introduced and help to detect and prevent other bugs of similar causes. The recovered root causes are also better ground truth for bug detection and localization studies. In this work, we propose a combination of machine learning and code analysis techniques to identify root causes from the changes made to fix bugs. We evaluate the effectiveness of our approach based on a golden set (i.e., ground truth data) of manually recovered root causes of 200 bug reports from three open source projects. Our approach is able to achieve a precision, recall, and F-measure (i.e., the harmonic mean of precision and recall) of 76.42%, 71.88%, and 74.08% respectively. Compared with the work by Kawrykow and Robillard, our approach achieves a 60.83% improvement in F-measure.
失败的根本原因是什么?当软件调试人员试图解决由bug报告引起的问题时,这个问题通常是他们最先问的几个问题之一。根本原因是错误的代码行导致一系列错误的程序状态,最终导致失败。缺陷跟踪和源代码控制系统只记录缺陷的症状(例如,缺陷报告)和处理方法(例如,修复缺陷的已提交的更改),而不记录其根本原因。许多治疗包含非必要的改变,这些改变与根本原因混杂在一起。对错误的根本原因进行逆向工程可以帮助理解为什么会引入错误,并有助于检测和防止其他类似原因的错误。恢复的根本原因对于bug检测和本地化研究来说也是更好的基础事实。在这项工作中,我们提出了机器学习和代码分析技术的结合,以从修复错误的更改中识别根本原因。我们基于一组黄金集(即,ground truth数据)来评估我们方法的有效性,这些黄金集是来自三个开源项目的200个bug报告的手工恢复的根本原因。我们的方法能够实现精度,召回率和f测量(即精度和召回率的调和平均值)分别为76.42%,71.88%和74.08%。与Kawrykow和Robillard的工作相比,我们的方法在F-measure上提高了60.83%。
{"title":"Automatic recovery of root causes from bug-fixing changes","authors":"Ferdian Thung, D. Lo, Lingxiao Jiang","doi":"10.1109/WCRE.2013.6671284","DOIUrl":"https://doi.org/10.1109/WCRE.2013.6671284","url":null,"abstract":"What is the root cause of this failure? This question is often among the first few asked by software debuggers when they try to address issues raised by a bug report. Root cause is the erroneous lines of code that cause a chain of erroneous program states eventually leading to the failure. Bug tracking and source control systems only record the symptoms (e.g., bug reports) and treatments of a bug (e.g., committed changes that fix the bug), but not its root cause. Many treatments contain non-essential changes, which are intermingled with root causes. Reverse engineering the root cause of a bug can help to understand why the bug is introduced and help to detect and prevent other bugs of similar causes. The recovered root causes are also better ground truth for bug detection and localization studies. In this work, we propose a combination of machine learning and code analysis techniques to identify root causes from the changes made to fix bugs. We evaluate the effectiveness of our approach based on a golden set (i.e., ground truth data) of manually recovered root causes of 200 bug reports from three open source projects. Our approach is able to achieve a precision, recall, and F-measure (i.e., the harmonic mean of precision and recall) of 76.42%, 71.88%, and 74.08% respectively. Compared with the work by Kawrykow and Robillard, our approach achieves a 60.83% improvement in F-measure.","PeriodicalId":275092,"journal":{"name":"2013 20th Working Conference on Reverse Engineering (WCRE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130088421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
What help do developers seek, when and how? 开发者应该寻求什么帮助,何时以及如何寻求?
Pub Date : 2013-11-21 DOI: 10.1109/WCRE.2013.6671289
HongWei Li, Zhenchang Xing, Xin Peng, Wenyun Zhao
Software development often requires knowledge beyond what developers already possess. In such cases, developers have to seek help from different sources of information. As a metacognitive skill, help seeking influences software developers' efficiency and success in many situations. However, there has been little research to provide a systematic investigation of the general process of help seeking activities in software engineering and human and system factors affecting help seeking. This paper reports our empirical study aiming to fill this gap. Our study includes two human experiments, involving 24 developers and two typical software development tasks. Our study gathers empirical data that allows us to provide an in-depth analysis of help-seeking task structures, task strategies, information sources, process model, and developers' information needs and behaviors in seeking and using help information and in managing information during help seeking. Our study provides a detailed understanding of help seeking activities in software engineering, the challenges that software developers face, and the limitations of existing tool support. This can lead to the design and development of more efficient and usable help seeking support that helps developers become better help seekers.
软件开发通常需要开发人员已经拥有的知识之外的知识。在这种情况下,开发人员必须从不同的信息来源寻求帮助。寻求帮助作为一种元认知技能,在很多情况下影响着软件开发人员的工作效率和成功。然而,很少有研究对软件工程中寻求帮助活动的一般过程以及影响寻求帮助的人为因素和系统因素进行系统的调查。本文报告了我们的实证研究,旨在填补这一空白。我们的研究包括两个人体实验,涉及24名开发人员和两个典型的软件开发任务。本研究收集了经验数据,深入分析了求助任务结构、任务策略、信息源、过程模型以及开发人员在寻求和使用帮助信息以及在寻求帮助过程中管理信息的信息需求和行为。我们的研究提供了对软件工程中寻求帮助活动的详细理解,软件开发人员面临的挑战,以及现有工具支持的限制。这可以导致设计和开发更有效和可用的帮助寻求支持,帮助开发人员成为更好的帮助寻求者。
{"title":"What help do developers seek, when and how?","authors":"HongWei Li, Zhenchang Xing, Xin Peng, Wenyun Zhao","doi":"10.1109/WCRE.2013.6671289","DOIUrl":"https://doi.org/10.1109/WCRE.2013.6671289","url":null,"abstract":"Software development often requires knowledge beyond what developers already possess. In such cases, developers have to seek help from different sources of information. As a metacognitive skill, help seeking influences software developers' efficiency and success in many situations. However, there has been little research to provide a systematic investigation of the general process of help seeking activities in software engineering and human and system factors affecting help seeking. This paper reports our empirical study aiming to fill this gap. Our study includes two human experiments, involving 24 developers and two typical software development tasks. Our study gathers empirical data that allows us to provide an in-depth analysis of help-seeking task structures, task strategies, information sources, process model, and developers' information needs and behaviors in seeking and using help information and in managing information during help seeking. Our study provides a detailed understanding of help seeking activities in software engineering, the challenges that software developers face, and the limitations of existing tool support. This can lead to the design and development of more efficient and usable help seeking support that helps developers become better help seekers.","PeriodicalId":275092,"journal":{"name":"2013 20th Working Conference on Reverse Engineering (WCRE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128971647","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 72
The influence of non-technical factors on code review 非技术因素对代码审查的影响
Pub Date : 2013-11-21 DOI: 10.1109/WCRE.2013.6671287
Olga Baysal, Oleksii Kononenko, Reid Holmes, Michael W. Godfrey
When submitting a patch, the primary concerns of individual developers are “How can I maximize the chances of my patch being approved, and minimize the time it takes for this to happen?” In principle, code review is a transparent process that aims to assess qualities of the patch by their technical merits and in a timely manner; however, in practice the execution of this process can be affected by a variety of factors, some of which are external to the technical content of the patch itself. In this paper, we describe an empirical study of the code review process for WebKit, a large, open source project; we replicate the impact of previously studied factors - such as patch size, priority, and component and extend these studies by investigating organizational (the company) and personal dimensions (reviewer load and activity, patch writer experience) on code review response time and outcome. Our approach uses a reverse engineered model of the patch submission process and extracts key information from the issue tracking and code review systems. Our findings suggest that these nontechnical factors can significantly impact code review outcomes.
当提交一个补丁时,个人开发者的主要关注点是“我如何才能最大化我的补丁被批准的机会,并最小化所需的时间?”原则上,代码审查是一个透明的过程,目的是根据补丁的技术优点及时评估其质量;然而,在实践中,该过程的执行可能受到各种因素的影响,其中一些因素是贴片本身的技术含量之外的。在本文中,我们描述了对WebKit(一个大型开源项目)代码审查过程的实证研究;我们复制了之前研究过的因素——比如补丁大小、优先级和组件——的影响,并通过调查组织(公司)和个人维度(审稿人负载和活动、补丁作者经验)对代码审查响应时间和结果的影响来扩展这些研究。我们的方法使用补丁提交过程的逆向工程模型,并从问题跟踪和代码审查系统中提取关键信息。我们的发现表明,这些非技术因素可以显著地影响代码审查的结果。
{"title":"The influence of non-technical factors on code review","authors":"Olga Baysal, Oleksii Kononenko, Reid Holmes, Michael W. Godfrey","doi":"10.1109/WCRE.2013.6671287","DOIUrl":"https://doi.org/10.1109/WCRE.2013.6671287","url":null,"abstract":"When submitting a patch, the primary concerns of individual developers are “How can I maximize the chances of my patch being approved, and minimize the time it takes for this to happen?” In principle, code review is a transparent process that aims to assess qualities of the patch by their technical merits and in a timely manner; however, in practice the execution of this process can be affected by a variety of factors, some of which are external to the technical content of the patch itself. In this paper, we describe an empirical study of the code review process for WebKit, a large, open source project; we replicate the impact of previously studied factors - such as patch size, priority, and component and extend these studies by investigating organizational (the company) and personal dimensions (reviewer load and activity, patch writer experience) on code review response time and outcome. Our approach uses a reverse engineered model of the patch submission process and extracts key information from the issue tracking and code review systems. Our findings suggest that these nontechnical factors can significantly impact code review outcomes.","PeriodicalId":275092,"journal":{"name":"2013 20th Working Conference on Reverse Engineering (WCRE)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128605436","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 103
Capture-replay vs. programmable web testing: An empirical assessment during test case evolution 捕获-重放与可编程web测试:测试用例演进过程中的经验评估
Pub Date : 2013-11-21 DOI: 10.1109/WCRE.2013.6671302
Maurizio Leotta, Diego Clerissi, F. Ricca, P. Tonella
There are several approaches for automated functional web testing and the choice among them depends on a number of factors, including the tools used for web testing and the costs associated with their adoption. In this paper, we present an empirical cost/benefit analysis of two different categories of automated functional web testing approaches: (1) capture-replay web testing (in particular, using Selenium IDE); and, (2) programmable web testing (using Selenium WebDriver). On a set of six web applications, we evaluated the costs of applying these testing approaches both when developing the initial test suites from scratch and when the test suites are maintained, upon the release of a new software version. Results indicate that, on the one hand, the development of the test suites is more expensive in terms of time required (between 32% and 112%) when the programmable web testing approach is adopted, but on the other hand, test suite maintenance is less expensive when this approach is used (with a saving between 16% and 51%). We found that, in the majority of the cases, after a small number of releases (from one to three), the cumulative cost of programmable web testing becomes lower than the cost involved with capture-replay web testing and the cost saving gets amplified over the successive releases.
有几种自动化功能web测试的方法,其中的选择取决于许多因素,包括用于web测试的工具和与采用它们相关的成本。在本文中,我们对两种不同类型的自动化功能web测试方法进行了实证成本/收益分析:(1)捕获-重播web测试(特别是使用Selenium IDE);(2)可编程web测试(使用Selenium WebDriver)。在一组六个web应用程序上,我们评估了应用这些测试方法的成本,包括从零开始开发初始测试套件和在发布新软件版本时维护测试套件的成本。结果表明,一方面,当采用可编程web测试方法时,测试套件的开发在所需的时间方面更昂贵(在32%到112%之间),但另一方面,当使用该方法时,测试套件的维护成本更低(节省16%到51%之间)。我们发现,在大多数情况下,经过少量的发布(从一个到三个),可编程web测试的累积成本变得比捕获-重播web测试的成本更低,并且成本节省在后续的发布中被放大。
{"title":"Capture-replay vs. programmable web testing: An empirical assessment during test case evolution","authors":"Maurizio Leotta, Diego Clerissi, F. Ricca, P. Tonella","doi":"10.1109/WCRE.2013.6671302","DOIUrl":"https://doi.org/10.1109/WCRE.2013.6671302","url":null,"abstract":"There are several approaches for automated functional web testing and the choice among them depends on a number of factors, including the tools used for web testing and the costs associated with their adoption. In this paper, we present an empirical cost/benefit analysis of two different categories of automated functional web testing approaches: (1) capture-replay web testing (in particular, using Selenium IDE); and, (2) programmable web testing (using Selenium WebDriver). On a set of six web applications, we evaluated the costs of applying these testing approaches both when developing the initial test suites from scratch and when the test suites are maintained, upon the release of a new software version. Results indicate that, on the one hand, the development of the test suites is more expensive in terms of time required (between 32% and 112%) when the programmable web testing approach is adopted, but on the other hand, test suite maintenance is less expensive when this approach is used (with a saving between 16% and 51%). We found that, in the majority of the cases, after a small number of releases (from one to three), the cumulative cost of programmable web testing becomes lower than the cost involved with capture-replay web testing and the cost saving gets amplified over the successive releases.","PeriodicalId":275092,"journal":{"name":"2013 20th Working Conference on Reverse Engineering (WCRE)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125353451","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 96
PsybOt malware: A step-by-step decompilation case study PsybOt恶意软件:一步一步的反编译案例研究
Pub Date : 2013-11-21 DOI: 10.1109/WCRE.2013.6671321
Lukás Durfina, J. Kroustek, Petr Zemek
Decompilation (i.e. reverse compilation) represents one of the most toughest and challenging tasks in reverse engineering. Even more difficult task is the decompilation of malware because it typically does not follow standard application binary interface conventions, has stripped symbols, is obfuscated, and can contain polymorphic code. Moreover, in the recent years, there is a rapid expansion of various smart devices, running different types of operating systems on many types of processors, and malware targeting these platforms. These facts, combined with the boundedness of standard decompilation tools to a particular platform, imply that a considerable amount of effort is needed when decompiling malware for such a diversity of platforms. This is an experience paper reporting the decompilation of a real-world malware. We give a step-by-step case study of decompiling a MIPS worm called psyb0t by using a retargetable decompiler that is being developed within the Lissom project. First, we describe the decompiler in detail. Then, we present the case study. After that, we analyse the results obtained during the decompilation and present our personal experience. The paper is concluded by discussing future research possibilities.
反编译(即反向编译)是逆向工程中最困难和最具挑战性的任务之一。更困难的任务是反编译恶意软件,因为它通常不遵循标准的应用程序二进制接口约定,剥离符号,混淆,并且可以包含多态代码。此外,近年来,各种智能设备迅速扩张,在许多类型的处理器上运行不同类型的操作系统,恶意软件针对这些平台。这些事实,再加上标准反编译工具对特定平台的局限性,意味着在为如此多样化的平台反编译恶意软件时需要付出相当大的努力。这是一篇报告真实世界恶意软件反编译的经验论文。我们给出了一个逐步的案例研究,通过使用Lissom项目中正在开发的可重定向反编译器来反编译名为psyb0t的MIPS蠕虫。首先,我们详细描述反编译器。然后,我们介绍了案例研究。然后,我们分析了在反编译过程中得到的结果,并介绍了我们的个人经验。最后讨论了未来研究的可能性。
{"title":"PsybOt malware: A step-by-step decompilation case study","authors":"Lukás Durfina, J. Kroustek, Petr Zemek","doi":"10.1109/WCRE.2013.6671321","DOIUrl":"https://doi.org/10.1109/WCRE.2013.6671321","url":null,"abstract":"Decompilation (i.e. reverse compilation) represents one of the most toughest and challenging tasks in reverse engineering. Even more difficult task is the decompilation of malware because it typically does not follow standard application binary interface conventions, has stripped symbols, is obfuscated, and can contain polymorphic code. Moreover, in the recent years, there is a rapid expansion of various smart devices, running different types of operating systems on many types of processors, and malware targeting these platforms. These facts, combined with the boundedness of standard decompilation tools to a particular platform, imply that a considerable amount of effort is needed when decompiling malware for such a diversity of platforms. This is an experience paper reporting the decompilation of a real-world malware. We give a step-by-step case study of decompiling a MIPS worm called psyb0t by using a retargetable decompiler that is being developed within the Lissom project. First, we describe the decompiler in detail. Then, we present the case study. After that, we analyse the results obtained during the decompilation and present our personal experience. The paper is concluded by discussing future research possibilities.","PeriodicalId":275092,"journal":{"name":"2013 20th Working Conference on Reverse Engineering (WCRE)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123938236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Migrating a large scale legacy application to SOA: Challenges and lessons learned 将大规模遗留应用程序迁移到SOA:挑战和经验教训
Pub Date : 2013-11-21 DOI: 10.1109/WCRE.2013.6671318
R. Khadka, Amir Saeidi, S. Jansen, Jurriaan Hage, Geer P. Haas
This paper presents the findings of a case study of a large scale legacy to service-oriented architecture migration process in the payments domain of a Dutch bank. The paper presents the business drivers that initiated the migration, and describes a 4-phase migration process. For each phase, the paper details benefits of using the techniques, best practices that contribute to the success, and possible challenges that are faced during migration. Based on these observations, the findings are discussed as lessons learned, including the implications of using reverse engineering techniques to facilitate the migration process, adopting a pragmatic migration realization approach, emphasizing the organizational and business perspectives, and harvesting knowledge of the system throughout the system's life cycle.
本文介绍了一家荷兰银行支付领域中大规模遗留到面向服务的体系结构迁移过程的案例研究结果。本文介绍了启动迁移的业务驱动因素,并描述了一个4阶段的迁移过程。对于每个阶段,本文详细介绍了使用这些技术的好处、有助于成功的最佳实践,以及在迁移过程中可能面临的挑战。基于这些观察,将这些发现作为经验教训进行讨论,包括使用逆向工程技术来促进迁移过程的含义,采用实用的迁移实现方法,强调组织和业务的观点,以及在整个系统生命周期中获取系统的知识。
{"title":"Migrating a large scale legacy application to SOA: Challenges and lessons learned","authors":"R. Khadka, Amir Saeidi, S. Jansen, Jurriaan Hage, Geer P. Haas","doi":"10.1109/WCRE.2013.6671318","DOIUrl":"https://doi.org/10.1109/WCRE.2013.6671318","url":null,"abstract":"This paper presents the findings of a case study of a large scale legacy to service-oriented architecture migration process in the payments domain of a Dutch bank. The paper presents the business drivers that initiated the migration, and describes a 4-phase migration process. For each phase, the paper details benefits of using the techniques, best practices that contribute to the success, and possible challenges that are faced during migration. Based on these observations, the findings are discussed as lessons learned, including the implications of using reverse engineering techniques to facilitate the migration process, adopting a pragmatic migration realization approach, emphasizing the organizational and business perspectives, and harvesting knowledge of the system throughout the system's life cycle.","PeriodicalId":275092,"journal":{"name":"2013 20th Working Conference on Reverse Engineering (WCRE)","volume":"40 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123476914","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
Empirical evidence of code decay: A systematic mapping study 代码衰减的经验证据:一个系统的映射研究
Pub Date : 2013-11-21 DOI: 10.1109/WCRE.2013.6671309
A. Bandi, Byron J. Williams, E. B. Allen
Code decay is a gradual process that negatively impacts the quality of a software system. Developers need trusted measurement techniques to evaluate whether their systems have decayed. The research aims to find what is currently known about code decay detection techniques and metrics used to evaluate decay. We performed a systematic mapping study to determine which techniques and metrics have been empirically evaluated. A review protocol was developed and followed to identify 30 primary studies with empirical evidence of code decay. We categorized detection techniques into two broad groups: human-based and metric-based approaches. We describe the attributes of each approach and distinguish features of several subcategories of both high-level groups. A tabular overview of code decay metrics is also presented. We exclude studies that do not use time (i.e., do not use evaluation of multiple software versions) as a factor when evaluating code decay. This limitation serves to focus the review. We found that coupling metrics are the most widely used at identifying code decay. Researchers use various terms to define code decay, and we recommend additional research to operationalize the terms to provide more consistent analysis.
代码衰减是一个渐进的过程,它会对软件系统的质量产生负面影响。开发人员需要可信的度量技术来评估他们的系统是否已经衰减。这项研究的目的是找出目前已知的代码衰减检测技术和用于评估衰减的指标。我们进行了一项系统的测绘研究,以确定哪些技术和指标已经进行了经验评估。制定并遵循了一项审查方案,以确定具有代码衰减经验证据的30项主要研究。我们将检测技术分为两大类:基于人的方法和基于度量的方法。我们描述了每种方法的属性,并区分了两个高级组的几个子类别的特征。还提供了代码衰减度量的表格概述。在评估代码衰减时,我们排除了不使用时间(即,不使用多个软件版本的评估)作为因素的研究。这一限制有助于集中审查。我们发现耦合度量最广泛地用于识别代码衰减。研究人员使用不同的术语来定义代码衰减,我们建议进行额外的研究来操作这些术语,以提供更一致的分析。
{"title":"Empirical evidence of code decay: A systematic mapping study","authors":"A. Bandi, Byron J. Williams, E. B. Allen","doi":"10.1109/WCRE.2013.6671309","DOIUrl":"https://doi.org/10.1109/WCRE.2013.6671309","url":null,"abstract":"Code decay is a gradual process that negatively impacts the quality of a software system. Developers need trusted measurement techniques to evaluate whether their systems have decayed. The research aims to find what is currently known about code decay detection techniques and metrics used to evaluate decay. We performed a systematic mapping study to determine which techniques and metrics have been empirically evaluated. A review protocol was developed and followed to identify 30 primary studies with empirical evidence of code decay. We categorized detection techniques into two broad groups: human-based and metric-based approaches. We describe the attributes of each approach and distinguish features of several subcategories of both high-level groups. A tabular overview of code decay metrics is also presented. We exclude studies that do not use time (i.e., do not use evaluation of multiple software versions) as a factor when evaluating code decay. This limitation serves to focus the review. We found that coupling metrics are the most widely used at identifying code decay. Researchers use various terms to define code decay, and we recommend additional research to operationalize the terms to provide more consistent analysis.","PeriodicalId":275092,"journal":{"name":"2013 20th Working Conference on Reverse Engineering (WCRE)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129566868","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Documenting APIs with examples: Lessons learned with the APIMiner platform 用示例记录api:从APIMiner平台获得的经验教训
Pub Date : 2013-11-21 DOI: 10.1109/WCRE.2013.6671315
João Eduardo Montandon, H. Borges, Daniel Felix, M. T. Valente
Software development increasingly relies on Application Programming Interfaces (APIs) to increase productivity. However, learning how to use new APIs in many cases is a nontrivial task given their ever-increasing complexity. To help developers during the API learning process, we describe in this paper a platform - called APIMiner - that instruments the standard Java-based API documentation format with concrete examples of usage. The examples are extracted from a private source code repository - composed by real systems - and summarized using a static slicing algorithm. We also describe a particular instantiation of our platform for the Android API. To evaluate the proposed solution, we performed a field study, when professional Android developers used the platform by four months.
软件开发越来越依赖于应用程序编程接口(api)来提高生产力。然而,在许多情况下,学习如何使用新的api是一项艰巨的任务,因为它们的复杂性在不断增加。为了在API学习过程中帮助开发人员,我们在本文中描述了一个称为APIMiner的平台,该平台通过具体的使用示例为标准的基于java的API文档格式提供工具。这些示例是从私有源代码存储库中提取出来的——由实际系统组成——并使用静态切片算法进行总结。我们还描述了Android API平台的一个特定实例。为了评估建议的解决方案,我们进行了实地研究,让专业的Android开发人员使用该平台四个月。
{"title":"Documenting APIs with examples: Lessons learned with the APIMiner platform","authors":"João Eduardo Montandon, H. Borges, Daniel Felix, M. T. Valente","doi":"10.1109/WCRE.2013.6671315","DOIUrl":"https://doi.org/10.1109/WCRE.2013.6671315","url":null,"abstract":"Software development increasingly relies on Application Programming Interfaces (APIs) to increase productivity. However, learning how to use new APIs in many cases is a nontrivial task given their ever-increasing complexity. To help developers during the API learning process, we describe in this paper a platform - called APIMiner - that instruments the standard Java-based API documentation format with concrete examples of usage. The examples are extracted from a private source code repository - composed by real systems - and summarized using a static slicing algorithm. We also describe a particular instantiation of our platform for the Android API. To evaluate the proposed solution, we performed a field study, when professional Android developers used the platform by four months.","PeriodicalId":275092,"journal":{"name":"2013 20th Working Conference on Reverse Engineering (WCRE)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125373528","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 80
Clustering static analysis defect reports to reduce maintenance costs 聚类静态分析缺陷报告以减少维护成本
Pub Date : 2013-11-21 DOI: 10.1109/WCRE.2013.6671303
Zachary P. Fry, Westley Weimer
Static analysis tools facilitate software maintenance by automatically identifying bugs in source code. However, for large systems, these tools often produce an overwhelming number of defect reports. Many of these defect reports are conceptually similar, but addressing each report separately costs developer effort and increases the maintenance burden. We propose to automatically cluster machine-generated defect reports so that similar bugs can be triaged and potentially fixed in aggregate. Our approach leverages both syntactic and structural information available in static bug reports to accurately cluster related reports, thus expediting the maintenance process. We evaluate our technique using 8,948 defect reports produced by the Coverity Static Analysis and FindBugs tools in both C and Java programs totaling over 14 million lines of code. We find that humans overwhelmingly agree that clusters of defect reports produced by our tool could be handled aggregately, thus reducing developer maintenance effort. Additionally, we show that our tool is not only capable of perfectly accurate clusters, but can also significantly reduce the number of defect reports that have to be manually examined by developers. For instance, at a level of 90% accuracy, our technique can reduce the number of individually inspected defect reports by 21.33% while other multi-language tools fail to obtain more than a 2% reduction.
静态分析工具通过自动识别源代码中的错误来促进软件维护。然而,对于大型系统,这些工具通常会产生大量的缺陷报告。这些缺陷报告中的许多在概念上是相似的,但是分别处理每个报告会耗费开发人员的精力并增加维护负担。我们建议自动集群机器生成的缺陷报告,这样类似的错误可以被分类和潜在地修复在一起。我们的方法利用静态bug报告中可用的语法和结构信息来准确地聚类相关报告,从而加快维护过程。我们使用C和Java程序中的Coverity静态分析和FindBugs工具生成的8,948个缺陷报告来评估我们的技术,总共超过1400万行代码。我们发现绝大多数人都同意由我们的工具产生的缺陷报告集群可以被集中处理,从而减少了开发人员的维护工作。另外,我们展示了我们的工具不仅能够完美精确的聚类,而且还可以显著减少必须由开发人员手工检查的缺陷报告的数量。例如,在90%的准确度水平上,我们的技术可以将单独检查的缺陷报告的数量减少21.33%,而其他多语言工具无法获得超过2%的减少。
{"title":"Clustering static analysis defect reports to reduce maintenance costs","authors":"Zachary P. Fry, Westley Weimer","doi":"10.1109/WCRE.2013.6671303","DOIUrl":"https://doi.org/10.1109/WCRE.2013.6671303","url":null,"abstract":"Static analysis tools facilitate software maintenance by automatically identifying bugs in source code. However, for large systems, these tools often produce an overwhelming number of defect reports. Many of these defect reports are conceptually similar, but addressing each report separately costs developer effort and increases the maintenance burden. We propose to automatically cluster machine-generated defect reports so that similar bugs can be triaged and potentially fixed in aggregate. Our approach leverages both syntactic and structural information available in static bug reports to accurately cluster related reports, thus expediting the maintenance process. We evaluate our technique using 8,948 defect reports produced by the Coverity Static Analysis and FindBugs tools in both C and Java programs totaling over 14 million lines of code. We find that humans overwhelmingly agree that clusters of defect reports produced by our tool could be handled aggregately, thus reducing developer maintenance effort. Additionally, we show that our tool is not only capable of perfectly accurate clusters, but can also significantly reduce the number of defect reports that have to be manually examined by developers. For instance, at a level of 90% accuracy, our technique can reduce the number of individually inspected defect reports by 21.33% while other multi-language tools fail to obtain more than a 2% reduction.","PeriodicalId":275092,"journal":{"name":"2013 20th Working Conference on Reverse Engineering (WCRE)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124427226","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
期刊
2013 20th Working Conference on Reverse Engineering (WCRE)
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1