Joshua D. Scarsbrook, R. Ko, Bill Rogers, D. Bainbridge
As a result of the large scale and diverse composition of modern compiled JavaScript applications, comprehending overall program structure for debugging is challenging. In this paper we present our solution: MetropolJS. By using a Treemap-based visualization it is possible to get a high level view within limited screen real estate. Previous approaches to Treemaps lacked the fine detail and interactive features to be useful as a debugging tool. This paper introduces an optimized approach for visualizing complex program structure that enables new debugging techniques where the execution of programs can be displayed in real time from a bird's-eye view. The approach facilitates highlighting and visualizing method calls and distinctive code patterns on top of code segments without a high overhead for navigation. Using this approach enables fast analysis of previously difficult-to-comprehend code bases.
{"title":"MetropolJS","authors":"Joshua D. Scarsbrook, R. Ko, Bill Rogers, D. Bainbridge","doi":"10.1145/3196321.3196368","DOIUrl":"https://doi.org/10.1145/3196321.3196368","url":null,"abstract":"As a result of the large scale and diverse composition of modern compiled JavaScript applications, comprehending overall program structure for debugging is challenging. In this paper we present our solution: MetropolJS. By using a Treemap-based visualization it is possible to get a high level view within limited screen real estate. Previous approaches to Treemaps lacked the fine detail and interactive features to be useful as a debugging tool. This paper introduces an optimized approach for visualizing complex program structure that enables new debugging techniques where the execution of programs can be displayed in real time from a bird's-eye view. The approach facilitates highlighting and visualizing method calls and distinctive code patterns on top of code segments without a high overhead for navigation. Using this approach enables fast analysis of previously difficult-to-comprehend code bases.","PeriodicalId":348046,"journal":{"name":"Proceedings of the 26th Conference on Program Comprehension","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121117756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
To obtain precise and sound results, most of existing static analyzers require whole program analysis with complete source code. However, in reality, the source code of an application always interacts with many third-party libraries, which are often not easily accessible to static analyzers. Worse still, more than 30% of legacy projects cannot be compiled easily due to complicated configuration environments (e.g., third-party libraries, compiler options and macros), making ideal "whole-program analysis" unavailable in practice. This paper presents CoBOT, a static analysis tool that can detect bugs in the presence of incomplete code. It analyzes function APIs unavailable in application code by either using function summarization or automatically downloading and analyzing the corresponding library code as inferred from the application code and its configuration files. The experiments show that CoBOT is not only easy to use, but also effective in detecting bugs in real-world programs with incomplete code. Our demonstration video is at: https://youtu.be/bhjJp3e7LPM.
{"title":"CoBOT","authors":"Qing Gao, Sen Ma, Sihao Shao, Yulei Sui, G. Zhao, Luyao Ma, Xiaozun Ma, Fuyao Duan, Xiao Deng, Shikun Zhang, Xianglong Chen","doi":"10.1145/3196321.3196367","DOIUrl":"https://doi.org/10.1145/3196321.3196367","url":null,"abstract":"To obtain precise and sound results, most of existing static analyzers require whole program analysis with complete source code. However, in reality, the source code of an application always interacts with many third-party libraries, which are often not easily accessible to static analyzers. Worse still, more than 30% of legacy projects cannot be compiled easily due to complicated configuration environments (e.g., third-party libraries, compiler options and macros), making ideal \"whole-program analysis\" unavailable in practice. This paper presents CoBOT, a static analysis tool that can detect bugs in the presence of incomplete code. It analyzes function APIs unavailable in application code by either using function summarization or automatically downloading and analyzing the corresponding library code as inferred from the application code and its configuration files. The experiments show that CoBOT is not only easy to use, but also effective in detecting bugs in real-world programs with incomplete code. Our demonstration video is at: https://youtu.be/bhjJp3e7LPM.","PeriodicalId":348046,"journal":{"name":"Proceedings of the 26th Conference on Program Comprehension","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127542978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jun Ma, Shaocong Liu, Yanyan Jiang, Xianping Tao, Chang Xu, Jian Lu
Services are widely used in Android apps. However, services may leak such that they are no longer used but cannot be recycled by the Garbage Collector. Service leaks may cause an app to misbehave, and are vulnerable to malicious external apps when the service is exported or it is accessible through other exported services. In this paper, we present LESDroid for exported service leaks detection. LESDroid automatically generates service instances and workloads (start/stop or bind/unbind of exported services) of the app under test, and applies a designated oracle to the heap snapshot for service leak detection. We evaluated LESDroid using 375 commercial apps, and found 97 leaked services and 98 distinct leak entries in 70 apps.
{"title":"LESdroid","authors":"Jun Ma, Shaocong Liu, Yanyan Jiang, Xianping Tao, Chang Xu, Jian Lu","doi":"10.1145/3196321.3196336","DOIUrl":"https://doi.org/10.1145/3196321.3196336","url":null,"abstract":"Services are widely used in Android apps. However, services may leak such that they are no longer used but cannot be recycled by the Garbage Collector. Service leaks may cause an app to misbehave, and are vulnerable to malicious external apps when the service is exported or it is accessible through other exported services. In this paper, we present LESDroid for exported service leaks detection. LESDroid automatically generates service instances and workloads (start/stop or bind/unbind of exported services) of the app under test, and applies a designated oracle to the heap snapshot for service leak detection. We evaluated LESDroid using 375 commercial apps, and found 97 leaked services and 98 distinct leak entries in 70 apps.","PeriodicalId":348046,"journal":{"name":"Proceedings of the 26th Conference on Program Comprehension","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127535770","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
To understand program's behavior, using reverse-engineered sequence diagram is a valuable technique. In practice, researchers usually record execution traces and generate a sequence diagram according to them. However, the diagram can be too large to read while treating real-world software due to the massiveness of execution traces. Several studies on minimizing/compressing sequence diagrams have been proposed; however, the resulting diagram may be either still large or losing important information. Besides, existing tools are highly customized for a certain research purpose. To address these problems, we present a generic toolkit SDExplorer in this paper, which is a flexible and lightweight tool to effectively explore a massive-scale sequence diagram in a highly scalable manner. Additionally, SDExplorer supports popular features of existing tools (i.e. search, filter, grouping, etc.). We believe it is an easy-to-use and promising tool in future research to evaluate and compare the minimizing/compressing techniques in real maintenance tasks.
{"title":"SDexplorer","authors":"Kaixie Lyu, Kunihiro Noda, Takashi Kobayashia","doi":"10.1145/3196321.3196366","DOIUrl":"https://doi.org/10.1145/3196321.3196366","url":null,"abstract":"To understand program's behavior, using reverse-engineered sequence diagram is a valuable technique. In practice, researchers usually record execution traces and generate a sequence diagram according to them. However, the diagram can be too large to read while treating real-world software due to the massiveness of execution traces. Several studies on minimizing/compressing sequence diagrams have been proposed; however, the resulting diagram may be either still large or losing important information. Besides, existing tools are highly customized for a certain research purpose. To address these problems, we present a generic toolkit SDExplorer in this paper, which is a flexible and lightweight tool to effectively explore a massive-scale sequence diagram in a highly scalable manner. Additionally, SDExplorer supports popular features of existing tools (i.e. search, filter, grouping, etc.). We believe it is an easy-to-use and promising tool in future research to evaluate and compare the minimizing/compressing techniques in real maintenance tasks.","PeriodicalId":348046,"journal":{"name":"Proceedings of the 26th Conference on Program Comprehension","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116415558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Several conventions and standards aim to improve maintainability of software code. However, low levels of code readability perceived by developers still represent a barrier to their daily work. In this paper, we describe a survey that assessed the impact of a set of Java coding practices on the readability perceived by software developers. While some practices promoted an enhancement of readability, others did not show statistically significant effects. Interestingly, one of the practices worsened the readability. Our results may help to identify coding conventions with a positive impact on readability and, thus, guide the creation of coding standards.
{"title":"Impacts of coding practices on readability","authors":"Rodrigo Magalhães dos Santos, M. Gerosa","doi":"10.1145/3196321.3196342","DOIUrl":"https://doi.org/10.1145/3196321.3196342","url":null,"abstract":"Several conventions and standards aim to improve maintainability of software code. However, low levels of code readability perceived by developers still represent a barrier to their daily work. In this paper, we describe a survey that assessed the impact of a set of Java coding practices on the readability perceived by software developers. While some practices promoted an enhancement of readability, others did not show statistically significant effects. Interestingly, one of the practices worsened the readability. Our results may help to identify coding conventions with a positive impact on readability and, thus, guide the creation of coding standards.","PeriodicalId":348046,"journal":{"name":"Proceedings of the 26th Conference on Program Comprehension","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114258606","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Proceedings of the 26th Conference on Program Comprehension","authors":"","doi":"10.1145/3196321","DOIUrl":"https://doi.org/10.1145/3196321","url":null,"abstract":"","PeriodicalId":348046,"journal":{"name":"Proceedings of the 26th Conference on Program Comprehension","volume":"439 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116019030","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: