Maintaining trace ability links between application code and unit test cases plays an important role for effectively managing the development and evolution of software systems. Unfortunately, the support in the contemporary development environment to identify such links is still inadequate. This research presents an automated solution to recover trace ability links between test cases and classes under test. The approach is based on dynamic slicing and conceptual coupling. A preliminary evaluation indicates that the proposed approach identifies trace ability links between unit test cases and tested classes with a high accuracy and greater stability than existing techniques.
{"title":"Recovering Test-to-Code Traceability Via Slicing and Conceptual Coupling","authors":"A. Qusef","doi":"10.1109/WCRE.2011.59","DOIUrl":"https://doi.org/10.1109/WCRE.2011.59","url":null,"abstract":"Maintaining trace ability links between application code and unit test cases plays an important role for effectively managing the development and evolution of software systems. Unfortunately, the support in the contemporary development environment to identify such links is still inadequate. This research presents an automated solution to recover trace ability links between test cases and classes under test. The approach is based on dynamic slicing and conceptual coupling. A preliminary evaluation indicates that the proposed approach identifies trace ability links between unit test cases and tested classes with a high accuracy and greater stability than existing techniques.","PeriodicalId":350863,"journal":{"name":"2011 18th Working Conference on Reverse Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124767850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The existing body of feature-location research focuses on discovering feature-code trace ability links for supporting programmers in understanding and modifying static artifacts of software. In this paper, we propose a different utilization of this type of reverse-engineering information. We introduce the concept of runtime feature awareness that enables a running program to establish and make use of its own feature-code trace ability links. We present an implementation of this idea, a dynamic-analysis Java library called JAwareness. JAwareness provides a meta-level architecture that can be non-invasively added to a legacy program to enable it to act upon the activations of its own features. We demonstrate the feasibility of runtime feature awareness by discussing its three applications: error reporting, usage statistics and behavior adaptation.
{"title":"Meta-Level Runtime Feature Awareness for Java","authors":"Andrzej Olszak, Martin Rytter, B. Jørgensen","doi":"10.1109/WCRE.2011.40","DOIUrl":"https://doi.org/10.1109/WCRE.2011.40","url":null,"abstract":"The existing body of feature-location research focuses on discovering feature-code trace ability links for supporting programmers in understanding and modifying static artifacts of software. In this paper, we propose a different utilization of this type of reverse-engineering information. We introduce the concept of runtime feature awareness that enables a running program to establish and make use of its own feature-code trace ability links. We present an implementation of this idea, a dynamic-analysis Java library called JAwareness. JAwareness provides a meta-level architecture that can be non-invasively added to a legacy program to enable it to act upon the activations of its own features. We demonstrate the feasibility of runtime feature awareness by discussing its three applications: error reporting, usage statistics and behavior adaptation.","PeriodicalId":350863,"journal":{"name":"2011 18th Working Conference on Reverse Engineering","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125368274","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A crash is an unexpected termination of an application during normal execution. Crash reports record stack traces and run-time information once a crash occurs. A group of similar crash reports represents a crash-type. The triaging of crash-types is critical to shorten the development and maintenance process. Crash triaging process decides the priority of crash-types to be fixed. The decision typically depends on many factors, such as the impact of the crash-type, (i.e, its severity), the frequency of occurring, and the effort required to implement a fix for the crash-type. In this paper, we propose the use of entropy region graphs to triage crash-types. An entropy region graph captures the distribution of the occurrences of crash-types among the users of a system. We conduct an empirical study on crash reports and bugs, collected from 10 beta releases of Fire fox 4. We show that our proposed triaging technique enables a better classification of crash-types than the current triaging used by Fire fox teams. Developers and managers could use such a technique to prioritize crash-types during triage, to estimate developer workloads, and to decide which crash-types patches should be included in a next release.
{"title":"An Entropy Evaluation Approach for Triaging Field Crashes: A Case Study of Mozilla Firefox","authors":"Foutse Khomh, Brian Chan, Ying Zou, A. Hassan","doi":"10.1109/WCRE.2011.39","DOIUrl":"https://doi.org/10.1109/WCRE.2011.39","url":null,"abstract":"A crash is an unexpected termination of an application during normal execution. Crash reports record stack traces and run-time information once a crash occurs. A group of similar crash reports represents a crash-type. The triaging of crash-types is critical to shorten the development and maintenance process. Crash triaging process decides the priority of crash-types to be fixed. The decision typically depends on many factors, such as the impact of the crash-type, (i.e, its severity), the frequency of occurring, and the effort required to implement a fix for the crash-type. In this paper, we propose the use of entropy region graphs to triage crash-types. An entropy region graph captures the distribution of the occurrences of crash-types among the users of a system. We conduct an empirical study on crash reports and bugs, collected from 10 beta releases of Fire fox 4. We show that our proposed triaging technique enables a better classification of crash-types than the current triaging used by Fire fox teams. Developers and managers could use such a technique to prioritize crash-types during triage, to estimate developer workloads, and to decide which crash-types patches should be included in a next release.","PeriodicalId":350863,"journal":{"name":"2011 18th Working Conference on Reverse Engineering","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127185021","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Qusef, G. Bavota, R. Oliveto, A. D. Lucia, D. Binkley
In this demonstration we present an Eclipse plug-in, called SCOTCH (Slicing and Coupling based Test to Code trace Hunter), that uses dynamic slicing and conceptual coupling to recover the trace ability links between unit tests and tested classes. Empirical evaluation shows that SCOTCH identifies trace ability links between unit tests and tested classes with a high accuracy.
{"title":"SCOTCH: Slicing and Coupling Based Test to Code Trace Hunter","authors":"A. Qusef, G. Bavota, R. Oliveto, A. D. Lucia, D. Binkley","doi":"10.1109/WCRE.2011.68","DOIUrl":"https://doi.org/10.1109/WCRE.2011.68","url":null,"abstract":"In this demonstration we present an Eclipse plug-in, called SCOTCH (Slicing and Coupling based Test to Code trace Hunter), that uses dynamic slicing and conceptual coupling to recover the trace ability links between unit tests and tested classes. Empirical evaluation shows that SCOTCH identifies trace ability links between unit tests and tested classes with a high accuracy.","PeriodicalId":350863,"journal":{"name":"2011 18th Working Conference on Reverse Engineering","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128376512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A protocol defines the sequencing constraints for the operations that can be applied to an object. Quante introduced a protocol recovery technique that is able to extract protocols from existing software by means of dynamic analysis. This approach represents the behavior as object process graphs (OPG). OPGs are a projection of the control flow graph reduced to the operations relevant to an individual object. The protocol is inferred from a set of OPGs. The extraction was designed to handle sequential programs only. As multi-core architectures and, hence, multi-threading becomes more and more common in nowadays programming, it is necessary to extend reverse engineering techniques for multi-threaded programs. In this paper, we extend Quante's approach to protocol reconstruction for programs with multiple threads. We are formalizing this process using concepts from automata theory, namely, product and shuffle automata. We present a naive approach to combine these concepts and a combined approach. Our evaluation for realistic Java programs demonstrates the scalability of the combined approach and the combinatorial explosion of the naive approach.
{"title":"Object-Based Dynamic Protocol Recovery for Multi-Threading Programs","authors":"Bernhard Scholz, R. Koschke","doi":"10.1109/WCRE.2011.38","DOIUrl":"https://doi.org/10.1109/WCRE.2011.38","url":null,"abstract":"A protocol defines the sequencing constraints for the operations that can be applied to an object. Quante introduced a protocol recovery technique that is able to extract protocols from existing software by means of dynamic analysis. This approach represents the behavior as object process graphs (OPG). OPGs are a projection of the control flow graph reduced to the operations relevant to an individual object. The protocol is inferred from a set of OPGs. The extraction was designed to handle sequential programs only. As multi-core architectures and, hence, multi-threading becomes more and more common in nowadays programming, it is necessary to extend reverse engineering techniques for multi-threaded programs. In this paper, we extend Quante's approach to protocol reconstruction for programs with multiple threads. We are formalizing this process using concepts from automata theory, namely, product and shuffle automata. We present a naive approach to combine these concepts and a combined approach. Our evaluation for realistic Java programs demonstrates the scalability of the combined approach and the combinatorial explosion of the naive approach.","PeriodicalId":350863,"journal":{"name":"2011 18th Working Conference on Reverse Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128945526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
There exist many large object-oriented software systems consisting of several thousands of classes that are organized into several hundreds of packages. In such software systems, classes cannot be considered as units for software modularization. In such context, packages are not simply classes containers, but they also play the role of modules: a package should focus to provide well identified services to the rest of the software system. Therefore, understanding and assessing package organization is primordial for software maintenance tasks. Although there exist a lot of works proposing metrics for the quality of a single class and/or the quality of inter-class relationships, there exist few works dealing with some aspects for the quality of package organization and relationship. We believe that additional investigations are required for assessing package modularity aspects. The goal of this paper is to provide a complementary set of metrics that assess some modularity principles for packages in large legacy object-oriented software: Information-Hiding, Changeability and Reusability principles. Our metrics are defined with respect to object-oriented dependencies that are caused by inheritance and method call. We validate our metrics theoretically through a careful study of the mathematical properties of each metric.
{"title":"Modularization Metrics: Assessing Package Organization in Legacy Large Object-Oriented Software","authors":"H. Abdeen, Stéphane Ducasse, H. Sahraoui","doi":"10.1109/WCRE.2011.55","DOIUrl":"https://doi.org/10.1109/WCRE.2011.55","url":null,"abstract":"There exist many large object-oriented software systems consisting of several thousands of classes that are organized into several hundreds of packages. In such software systems, classes cannot be considered as units for software modularization. In such context, packages are not simply classes containers, but they also play the role of modules: a package should focus to provide well identified services to the rest of the software system. Therefore, understanding and assessing package organization is primordial for software maintenance tasks. Although there exist a lot of works proposing metrics for the quality of a single class and/or the quality of inter-class relationships, there exist few works dealing with some aspects for the quality of package organization and relationship. We believe that additional investigations are required for assessing package modularity aspects. The goal of this paper is to provide a complementary set of metrics that assess some modularity principles for packages in large legacy object-oriented software: Information-Hiding, Changeability and Reusability principles. Our metrics are defined with respect to object-oriented dependencies that are caused by inheritance and method call. We validate our metrics theoretically through a careful study of the mathematical properties of each metric.","PeriodicalId":350863,"journal":{"name":"2011 18th Working Conference on Reverse Engineering","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132870191","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Communication protocols determine how network components interact with each other. Therefore, the ability to derive a specification of a protocol can be useful in various contexts, such as to support deeper black-box testing or effective defense mechanisms. Unfortunately, it is often hard to obtain the specification because systems implement closed (i.e., undocumented) protocols, or because a time consuming translation has to be performed, from the textual description of the protocol to a format readable by the tools. To address these issues, we propose a new methodology to automatically infer a specification of a protocol from network traces, which generates automata for the protocol language and state machine. Since our solution only resorts to interaction samples of the protocol, it is well-suited to uncover the message formats and protocol states of closed protocols and also to automate most of the process of specifying open protocols. The approach was implemented in a tool and experimentally evaluated with publicly available FTP traces. Our results show that the inferred specification is a good approximation of the reference specification, exhibiting a high level of precision and recall.
{"title":"Reverse Engineering of Protocols from Network Traces","authors":"João Antunes, N. Neves, P. Veríssimo","doi":"10.1109/WCRE.2011.28","DOIUrl":"https://doi.org/10.1109/WCRE.2011.28","url":null,"abstract":"Communication protocols determine how network components interact with each other. Therefore, the ability to derive a specification of a protocol can be useful in various contexts, such as to support deeper black-box testing or effective defense mechanisms. Unfortunately, it is often hard to obtain the specification because systems implement closed (i.e., undocumented) protocols, or because a time consuming translation has to be performed, from the textual description of the protocol to a format readable by the tools. To address these issues, we propose a new methodology to automatically infer a specification of a protocol from network traces, which generates automata for the protocol language and state machine. Since our solution only resorts to interaction samples of the protocol, it is well-suited to uncover the message formats and protocol states of closed protocols and also to automate most of the process of specifying open protocols. The approach was implemented in a tool and experimentally evaluated with publicly available FTP traces. Our results show that the inferred specification is a good approximation of the reference specification, exhibiting a high level of precision and recall.","PeriodicalId":350863,"journal":{"name":"2011 18th Working Conference on Reverse Engineering","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123745253","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Reuse has significantly improved software productivity and quality. An application interacts with a reused system through its Application Programming Interfaces (API). To make the life of the application developer easier, it is desirable for the API to be both sufficiently powerful and stable. Unfortunately, in reality APIs inevitably change, to be more powerful or to remove design flaws. This may create additional work for the application developer to adapt to the changed API. Thus, to counter the negative impacts of API evolution, we need to study how and why APIs are evolved. To that end, we performed a detailed analysis of the evolution of a production API. In particular, we categorized the changes to the API according to its domain semantics and design intent. We discussed the implications of our findings for both API designers and application developers.
{"title":"Exploring the Intent behind API Evolution: A Case Study","authors":"Daqing Hou, Xiaojia Yao","doi":"10.1109/WCRE.2011.24","DOIUrl":"https://doi.org/10.1109/WCRE.2011.24","url":null,"abstract":"Reuse has significantly improved software productivity and quality. An application interacts with a reused system through its Application Programming Interfaces (API). To make the life of the application developer easier, it is desirable for the API to be both sufficiently powerful and stable. Unfortunately, in reality APIs inevitably change, to be more powerful or to remove design flaws. This may create additional work for the application developer to adapt to the changed API. Thus, to counter the negative impacts of API evolution, we need to study how and why APIs are evolved. To that end, we performed a detailed analysis of the evolution of a production API. In particular, we categorized the changes to the API according to its domain semantics and design intent. We discussed the implications of our findings for both API designers and application developers.","PeriodicalId":350863,"journal":{"name":"2011 18th Working Conference on Reverse Engineering","volume":"194 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125109382","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal cipher text data in malware is now critical for malware forensics and cyber-crime analysis. In this paper, we present a novel approach to automatically extract secrets from malware. Our approach identifies and extracts binary code relevant to secret hiding behaviors. Then, we relocate and reuse the extracted binary code in a self-contained fashion to reveal hidden information. We demonstrate the feasibility of our approach through a proof-of-concept prototype called ASES (Automatic and Systematic Extraction of Secrets) along with experimental results.
{"title":"Automatic Extraction of Secrets from Malware","authors":"Ziming Zhao, Gail-Joon Ahn, Hongxin Hu","doi":"10.1109/WCRE.2011.27","DOIUrl":"https://doi.org/10.1109/WCRE.2011.27","url":null,"abstract":"As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal cipher text data in malware is now critical for malware forensics and cyber-crime analysis. In this paper, we present a novel approach to automatically extract secrets from malware. Our approach identifies and extracts binary code relevant to secret hiding behaviors. Then, we relocate and reuse the extracted binary code in a self-contained fashion to reveal hidden information. We demonstrate the feasibility of our approach through a proof-of-concept prototype called ASES (Automatic and Systematic Extraction of Secrets) along with experimental results.","PeriodicalId":350863,"journal":{"name":"2011 18th Working Conference on Reverse Engineering","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121796758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
R. Lämmel, Rufus Linke, Ekaterina Pek, A. Varanovich
We develop a basic form of framework comprehension which is based on simple, reuse-related metrics for the as-implemented design and usage of frameworks. To this end, we provide a framework profile which incorporates potential reuse characteristics (e.g., specializability of types in a framework) as well as actual reuse characteristics (e.g., evidence of specialization of framework types in projects). We apply framework comprehension in an empirical study of the Microsoft. NET Framework. The approach is helpful in several contexts of software reverse and re-engineering.
{"title":"A Framework Profile of .NET","authors":"R. Lämmel, Rufus Linke, Ekaterina Pek, A. Varanovich","doi":"10.1109/WCRE.2011.25","DOIUrl":"https://doi.org/10.1109/WCRE.2011.25","url":null,"abstract":"We develop a basic form of framework comprehension which is based on simple, reuse-related metrics for the as-implemented design and usage of frameworks. To this end, we provide a framework profile which incorporates potential reuse characteristics (e.g., specializability of types in a framework) as well as actual reuse characteristics (e.g., evidence of specialization of framework types in projects). We apply framework comprehension in an empirical study of the Microsoft. NET Framework. The approach is helpful in several contexts of software reverse and re-engineering.","PeriodicalId":350863,"journal":{"name":"2011 18th Working Conference on Reverse Engineering","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127544461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: