51,837 research outputs found
Structured Review of the Evidence for Effects of Code Duplication on Software Quality
This report presents the detailed steps and results of a structured review of code clone literature. The aim of the review is to investigate the evidence for the claim that code duplication has a negative effect on code changeability. This report contains only the details of the review for which there is not enough place to include them in the companion paper published at a conference (Hordijk, Ponisio et al. 2009 - Harmfulness of Code Duplication - A Structured Review of the Evidence)
Context2Name: A Deep Learning-Based Approach to Infer Natural Variable Names from Usage Contexts
Most of the JavaScript code deployed in the wild has been minified, a process
in which identifier names are replaced with short, arbitrary and meaningless
names. Minified code occupies less space, but also makes the code extremely
difficult to manually inspect and understand. This paper presents Context2Name,
a deep learningbased technique that partially reverses the effect of
minification by predicting natural identifier names for minified names. The
core idea is to predict from the usage context of a variable a name that
captures the meaning of the variable. The approach combines a lightweight,
token-based static analysis with an auto-encoder neural network that summarizes
usage contexts and a recurrent neural network that predict natural names for a
given usage context. We evaluate Context2Name with a large corpus of real-world
JavaScript code and show that it successfully predicts 47.5% of all minified
identifiers while taking only 2.9 milliseconds on average to predict a name. A
comparison with the state-of-the-art tools JSNice and JSNaughty shows that our
approach performs comparably in terms of accuracy while improving in terms of
efficiency. Moreover, Context2Name complements the state-of-the-art by
predicting 5.3% additional identifiers that are missed by both existing tools
Who you gonna call? Analyzing Web Requests in Android Applications
Relying on ubiquitous Internet connectivity, applications on mobile devices
frequently perform web requests during their execution. They fetch data for
users to interact with, invoke remote functionalities, or send user-generated
content or meta-data. These requests collectively reveal common practices of
mobile application development, like what external services are used and how,
and they point to possible negative effects like security and privacy
violations, or impacts on battery life. In this paper, we assess different ways
to analyze what web requests Android applications make. We start by presenting
dynamic data collected from running 20 randomly selected Android applications
and observing their network activity. Next, we present a static analysis tool,
Stringoid, that analyzes string concatenations in Android applications to
estimate constructed URL strings. Using Stringoid, we extract URLs from 30, 000
Android applications, and compare the performance with a simpler constant
extraction analysis. Finally, we present a discussion of the advantages and
limitations of dynamic and static analyses when extracting URLs, as we compare
the data extracted by Stringoid from the same 20 applications with the
dynamically collected data
Precise Packet Loss Pattern Generation by Intentional Interference
Abstract—Intermediate-quality links often cause vulnerable
connectivity in wireless sensor networks, but packet losses caused by such volatile links are not easy to trace. In order to equip link layer protocol designers with a reliable test and debugging tool, we develop a reactive interferer to generate packet loss patterns precisely. By using intentional interference to emulate parameterized lossy links with very low intrusiveness, our tool facilitates both robustness evaluation of protocols and flaw detection in protocol implementation
CacheZoom: How SGX Amplifies The Power of Cache Attacks
In modern computing environments, hardware resources are commonly shared, and
parallel computation is widely used. Parallel tasks can cause privacy and
security problems if proper isolation is not enforced. Intel proposed SGX to
create a trusted execution environment within the processor. SGX relies on the
hardware, and claims runtime protection even if the OS and other software
components are malicious. However, SGX disregards side-channel attacks. We
introduce a powerful cache side-channel attack that provides system adversaries
a high resolution channel. Our attack tool named CacheZoom is able to virtually
track all memory accesses of SGX enclaves with high spatial and temporal
precision. As proof of concept, we demonstrate AES key recovery attacks on
commonly used implementations including those that were believed to be
resistant in previous scenarios. Our results show that SGX cannot protect
critical data sensitive computations, and efficient AES key recovery is
possible in a practical environment. In contrast to previous works which
require hundreds of measurements, this is the first cache side-channel attack
on a real system that can recover AES keys with a minimal number of
measurements. We can successfully recover AES keys from T-Table based
implementations with as few as ten measurements.Comment: Accepted at Conference on Cryptographic Hardware and Embedded Systems
(CHES '17
Recovering Architectural Variability of a Family of Product Variants
A Software Product Line (SPL) aims at applying a pre-planned systematic reuse
of large-grained software artifacts to increase the software productivity and
reduce the development cost. The idea of SPL is to analyze the business domain
of a family of products to identify the common and the variable parts between
the products. However, it is common for companies to develop, in an ad-hoc
manner (e.g. clone and own), a set of products that share common
functionalities and differ in terms of others. Thus, many recent research
contributions are proposed to re-engineer existing product variants to a SPL.
Nevertheless, these contributions are mostly focused on managing the
variability at the requirement level. Very few contributions address the
variability at the architectural level despite its major importance. Starting
from this observation, we propose, in this paper, an approach to reverse
engineer the architecture of a set of product variants. Our goal is to identify
the variability and dependencies among architectural-element variants at the
architectural level. Our work relies on Formal Concept Analysis (FCA) to
analyze the variability. To validate the proposed approach, we experimented on
two families of open-source product variants; Mobile Media and Health Watcher.
The results show that our approach is able to identify the architectural
variability and the dependencies
Worst Configurations (Instantons) for Compressed Sensing over Reals: a Channel Coding Approach
We consider the Linear Programming (LP) solution of the Compressed Sensing
(CS) problem over reals, also known as the Basis Pursuit (BasP) algorithm. The
BasP allows interpretation as a channel-coding problem, and it guarantees
error-free reconstruction with a properly chosen measurement matrix and
sufficiently sparse error vectors. In this manuscript, we examine how the BasP
performs on a given measurement matrix and develop an algorithm to discover the
sparsest vectors for which the BasP fails. The resulting algorithm is a
generalization of our previous results on finding the most probable
error-patterns degrading performance of a finite size Low-Density Parity-Check
(LDPC) code in the error-floor regime. The BasP fails when its output is
different from the actual error-pattern. We design a CS-Instanton Search
Algorithm (ISA) generating a sparse vector, called a CS-instanton, such that
the BasP fails on the CS-instanton, while the BasP recovery is successful for
any modification of the CS-instanton replacing a nonzero element by zero. We
also prove that, given a sufficiently dense random input for the error-vector,
the CS-ISA converges to an instanton in a small finite number of steps. The
performance of the CS-ISA is illustrated on a randomly generated matrix. For this example, the CS-ISA outputs the shortest instanton (error
vector) pattern of length 11.Comment: Accepted to be presented at the IEEE International Symposium on
Information Theory (ISIT 2010). 5 pages, 2 Figures. Minor edits from previous
version. Added a new reference
An extensible benchmark and tooling for comparing reverse engineering approaches
Various tools exist to reverse engineer software source code and generate design information, such as UML projections. Each has specific strengths and weaknesses, however no standardised benchmark exists that can be used to evaluate and compare their performance and effectiveness in a systematic manner. To facilitate such comparison in this paper we introduce the Reverse Engineering to Design Benchmark (RED-BM), which consists of a comprehensive set of Java-based targets for reverse engineering and a formal set of performance measures with which tools and approaches can be analysed and ranked. When used to evaluate 12 industry standard tools performance figures range from 8.82\% to 100\% demonstrating the ability of the benchmark to differentiate between tools. To aid the comparison, analysis and further use of reverse engineering XMI output we have developed a parser which can interpret the XMI output format of the most commonly used reverse engineering applications, and is used in a number of tools
- …