Towards Product Lining Model-Driven Development Code Generators

A code generator systematically transforms compact models to detailed code. Today, code generation is regarded as an integral part of model-driven development (MDD). Despite its relevance, the development of code generators is an inherently complex task and common methodologies and architectures are lacking. Additionally, reuse and extension of existing code generators only exist on individual parts. A systematic development and reuse based on a code generator product line is still in its infancy. Thus, the aim of this paper is to identify the mechanism necessary for a code generator product line by (a) analyzing the common product line development approach and (b) mapping those to a code generator specific infrastructure. As a first step towards realizing a code generator product line infrastructure, we present a component-based implementation approach based on ideas of variability-aware module systems and point out further research challenges.Comment: 6 pages, 1 figure, Proceedings of the 3rd International Conference on Model-Driven Engineering and Software Development, pp. 539-545, Angers, France, SciTePress, 201

Algorithmic Diversity for Software Security

Software diversity protects against a modern-day exploits such as code-reuse attacks. When an attacker designs a code-reuse attack on an example executable, it relies on replicating the target environment. With software diversity, the attacker cannot reliably replicate their target. This is a security benefit which can be applied to massive-scale software distribution. When applied to large-scale communities, an invested attacker may perform analysis of samples to improve the chances of a successful attack (M. Franz). We present a general NOP-insertion algorithm which can be expanded and customized for security, performance, or other costs. We demonstrate an improvement in security so that a code-reuse attack based on any one variant has minimal chances of success on another and analyse the costs of this method. Alternately, the variants may be customized to meet performance or memory overhead constraints. Deterministic diversification allows for the flexibility to balance these needs in a way that doesn't exist in a random online method

Stack Overflow: A Code Laundering Platform?

Developers use Question and Answer (Q&A) websites to exchange knowledge and expertise. Stack Overflow is a popular Q&A website where developers discuss coding problems and share code examples. Although all Stack Overflow posts are free to access, code examples on Stack Overflow are governed by the Creative Commons Attribute-ShareAlike 3.0 Unported license that developers should obey when reusing code from Stack Overflow or posting code to Stack Overflow. In this paper, we conduct a case study with 399 Android apps, to investigate whether developers respect license terms when reusing code from Stack Overflow posts (and the other way around). We found 232 code snippets in 62 Android apps from our dataset that were potentially reused from Stack Overflow, and 1,226 Stack Overflow posts containing code examples that are clones of code released in 68 Android apps, suggesting that developers may have copied the code of these apps to answer Stack Overflow questions. We investigated the licenses of these pieces of code and observed 1,279 cases of potential license violations (related to code posting to Stack overflow or code reuse from Stack overflow). This paper aims to raise the awareness of the software engineering community about potential unethical code reuse activities taking place on Q&A websites like Stack Overflow.Comment: In proceedings of the 24th IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER

Code Reuse in Open Source Software

Code reuse is a form of knowledge reuse in software development that is fundamental to innovation in many fields. However, to date there has been no systematic investigation of code reuse in open source software projects. This study uses quantitative and qualitative data gathered from a sample of six open source software projects to explore two sets of research questions derived from the literature on software reuse in firms and open source software development. We find that code reuse is extensive across the sample and that open source software developers, much like developers in firms, apply tools that lower their search costs for knowledge and code, assess the quality of software components, and have incentives to reuse code. Open source software developers reuse code because they want to integrate functionality quickly, because they want to write preferred code, because they operate under limited resources in terms of time and skills, and because they can mitigate development costs through code reuse

FACTORS AFFECTING CODE REUSE: lMPLICATIONS FOR A MODEL OF COMPUTER AIDED SOFTWARE ENGINEERING DEVELOPMENT PERFORMANCE

An examination of code reuse at a large financial institution yields insights into the process of code reuse. The software development environment -- based on an integrated CASE system -- was designed to support code reuse, but at the end of its first two years we find that programmers are not taking full advantage of the reuse opportunities which the CASE environment provides, The organization has provided technical support for code reuse, but has not made organizational adjustments, and the technical solution alone does not suffice. We also review an existing economic model of CASE development performance that incorporates code reuse, suggesting refinements that are based upon our observations. Finally, we draw some conclusions about steps that managers can take to promote code reuse.Information Systems Working Papers Serie