Comparison and Evaluation of Clone Detection Tools

Many techniques for detecting duplicated source code (software clones) have been proposed in the past. However, it is not yet clear how these techniques compare in terms of recall and precision as well as space and time requirements. This paper presents an experiment that evaluates six clone detectors based on eight large C and Java programs (altogether almost 850 KLOC). Their clone candidates were evaluated by one of the authors as an independent third party. The selected techniques cover the whole spectrum of the state-of-the-art in clone detection. The techniques work on text, lexical and syntactic information, software metrics, and program dependency graphs

Developing Legacy System Migration Methods and Tools for Technology Transfer

This paper presents the research results of an ongoing technology transfer project carried out in coopera- tion between the University of Salerno and a small software company. The project is aimed at developing and transferring migration technology to the industrial partner. The partner should be enabled to migrate monolithic multi-user COBOL legacy systems to a multi-tier Web-based architecture. The assessment of the legacy systems of the partner company revealed that these systems had a very low level of decompos- ability with spaghetti-like code and embedded control flow and database accesses within the user interface descriptions. For this reason, it was decided to adopt an incremental migration strategy based on the reengineering of the user interface using Web technology, on the transformation of interactive legacy programs into batch programs, and the wrapping of the legacy programs. A middleware framework links the new Web-based user interface with the Wrapped Legacy System. An Eclipse plug-in, named MELIS (migration environment for legacy information systems), was also developed to support the migration process. Both the migration strategy and the tool have been applied to two essential subsystems of the most business critical legacy system of the partner company

JAVA DESIGN PATTERN OBFUSCATION

Software Reverse Engineering (SRE) consists of analyzing the design and imple- mentation of software. Typically, we assume that the executable file is available, but not the source code. SRE has many legitimate uses, including analysis of software when no source code is available, porting old software to a modern programming language, and analyzing code for security vulnerabilities. Attackers also use SRE to probe for weaknesses in closed-source software, to hack software activation mecha- nisms (or otherwise change the intended function of software), to cheat at games, etc. There are many tools available to aid the aspiring reverse engineer. For example, there are several tools that recover design patterns from Java byte code or source code. In this project, we develop and analyze a technique to obfuscate design patterns. We show that our technique can defeat design pattern detection tools, thereby making reverse engineering attacks more difficult

Evaluating Legacy System Migration Technologies through Empirical Studies

We present two controlled experiments conducted with master students and practitioners and a case study conducted with practitioners to evaluate the use of MELIS (Migration Environment for Legacy Information Systems) for the migration of legacy COBOL programs to the web. MELIS has been developed as an Eclipse plug-in within a technology transfer project conducted with a small software company [16]. The partner company has developed and marketed in the last 30 years several COBOL systems that need to be migrated to the web, due to the increasing requests of the customers. The goal of the technology transfer project was to define a systematic migration strategy and the supporting tools to migrate these COBOL systems to the web and make the partner company an owner of the developed technology. The goal of the controlled experiments and case study was to evaluate the effectiveness of introducing MELIS in the partner company and compare it with traditional software development environments. The results of the overall experimentation show that the use of MELIS increases the productivity and reduces the gap between novice and expert software engineers

Feature Detection in Ajax-enabled Web Applications

Abstract-In this paper we propose a method for reverse engineering the features of Ajax-enabled web applications. The method first collects instances of the DOM trees underlying the application web pages, using a state-of-the-art crawling framework. Then, it clusters these instances into groups, corresponding to distinct features of the application. The contribution of this paper lies in the novel DOM-tree similarity metric of the clustering step, which makes a distinction between simple and composite structural changes. We have evaluated our method on three real web applications. In all three cases, the proposed distance metric leads to a number of clusters that is closer to the actual number of features and classifies web page instances into these feature-specific clusters more accurately than other traditional distance metrics. We therefore conclude that it is a reliable distance metric for reverse engineering the features of Ajax-enabled web applications

To Host a Legacy System to the Web

The dramatic improvements in global interconectivity due to intranets, extranets and the Internet has led to many enterprises to consider migrating legacy systems to a web based systems. While data remapping is relatively straightforward in most cases, greater challenges lie in adapting legacy application software. This research effort describes an experiment in which a legacy system is migrated to a web-client/server environment. First, this thesis reports on the difficulties and issues arising when porting a legacy system International Invoice (IIMM) to a web-client/server environment. Next, this research analyzes the underlying issues, and offer cautionary guidance to future migrators and finally this research effort builds a prototype of the legacy system on a web client/server environment that demonstrates effective strategies to deal with these issues

Reverse engineering of GUI models

Tese de mestrado integrado. Engenharia Informática e Computação. Faculdade de Engenharia. Universidade do Porto. 200

Identifying reusable functions in code using specification driven techniques

The work described in this thesis addresses the field of software reuse. Software reuse is widely considered as a way to increase the productivity and improve the quality and reliability of new software systems. Identifying, extracting and reengineering software. components which implement abstractions within existing systems is a promising cost-effective way to create reusable assets. Such a process is referred to as reuse reengineering. A reference paradigm has been defined within the RE(^2) project which decomposes a reuse reengineering process in five sequential phases. In particular, the first phase of the reference paradigm, called Candidature phase, is concerned with the analysis of source code for the identification of software components implementing abstractions and which are therefore candidate to be reused. Different candidature criteria exist for the identification of reuse-candidate software components. They can be classified in structural methods (based on structural properties of the software) and specification driven methods (that search for software components implementing a given specification).In this thesis a new specification driven candidature criterion for the identification and the extraction of code fragments implementing functional abstractions is presented. The method is driven by a formal specification of the function to be isolated (given in terms of a precondition and a post condition) and is based on the theoretical frameworks of program slicing and symbolic execution. Symbolic execution and theorem proving techniques are used to map the specification of the functional abstractions onto a slicing criterion. Once the slicing criterion has been identified the slice is isolated using algorithms based on dependence graphs. The method has been specialised for programs written in the C language. Both symbolic execution and program slicing are performed by exploiting the Combined C Graph (CCG), a fine-grained dependence based program representation that can be used for several software maintenance tasks

Localisation de fonctionnalités par analyse statique dans du code avionique configuré dynamiquement

RÉSUMÉ La localisation de l'emplacement où diverses fonctionnalités d'un logiciel sont implémentées au sein du code source peut être utile à la compréhension de programme et pour diverses activités de réingénierie. Dans l'industrie avionique, la réingénierie est un sujet d'actualité puisque plusieurs systèmes logiciels doivent être modernisés. Or, cette réingénierie doit conserver la richesse algorithmique des logiciels existants. Les travaux présentés dans ce mémoire visent donc à appuyer les efforts de réingénierie en avionique via l'utilisation d'une méthodologie de localisation de fonctionnalités à partir de l'analyse statique du code source. Le principal objectif est de définir une telle méthodologie applicable à des logiciels configurés dynamiquement, type de logiciel qu'on retrouve entre autres dans l'industrie avionique. La méthodologie développée se base sur l'extraction d'un graphe de flux de contrôle représentant le code source et l'utilisation de model checking pour vérifier diverses propriétés reliées aux fonctionnalités du logiciel. Chacune des étapes de la méthodologie est automatisée, ce qui lui confère un avantage très intéressant par rapport aux autres techniques de localisation de fonctionnalités existantes. Un second objectif des recherches présentées est d'appliquer cette méthodologie sur un système de gestion de vol provenant de l'industrie avionique. Par la suite, les résultats obtenus sont interprétés afin de déterminer la distribution des différentes fonctionnalités au sein du code source de ce logiciel. Cette distribution est présentée en termes de quantité de fichiers, de blocs de code et de lignes de code reliés à chaque fonctionnalité. La technique développée permet d'identifier le code relié à un ensemble de fonctionnalités du logiciel, ce qui serait utilisable dans une optique d'identification de produits logiciels. Les résultats obtenus peuvent donc être utilisés dans le cadre d'une réingénierie du logiciel et peuvent faciliter l'extraction d'un modèle de ligne de produits logiciels. La méthodologie présentée ici est, à notre connaissance, la première technique automatisée de localisation de fonctionnalités basées sur l'analyse statique. Les résultats obtenus suite à l'analyse du système de gestion de vol montrent que la localisation de fonctionnalités par analyse statique du code source est possible sous certaines conditions. Diverses améliorations, telles que le traitement des pointeurs de fonctions et l'analyse de la propagation des variables, pourraient éventuellement être appliquées à la méthodologie afin d'améliorer sa précision dans certains contextes.----------ABSTRACT Locating where software features are implemented in source code can be useful to program comprehension and software reengineering. In the avionics industry, reengineering is a hot topic since many software systems need to be modernized. However, this reengineering effort must preserve existing algorithms to allow their reuse. This thesis aims to support avionics software reengineering by using a feature location methodology based on static analysis of the source code. The main objective is to define such methodology applicable in dynamically configured software, a type of software sometimes found in the avionics industry. The methodology is based on the extraction of a control flow graph representing the source code and the use of model checking to verify properties related to each feature found in the software program. Each step of the methodology is automated, which provides an interesting advantage compared to other existing feature location approaches. A second objective of the researches presented in this thesis is to apply the developed methodology on a flight management system from the avionics industry. Results are then interpreted to obtain the system features' distribution over the source code. This distribution is presented by number of files, code blocks and lines of code related to each software feature. The developed methodology allows a user to obtain the source code related to a set of software features, which is information that could be used to identify software products. Thus, results can be used in the context of software reengineering and can facilitate the extraction of a software product line model. To the best our knowledge, the methodology presented here is the first automated feature location approach based solely on static analysis. Results from the analysis of the flight management system show that locating features using static analysis of the source code is possible under certain conditions. Some improvements, such as considering function pointers and the propagation of variables, could eventually be applied to our methodology to improve its precision in some contexts