3,025 research outputs found
CC2Vec: Distributed representations of code changes
National Research Foundation (NRF) Singapore; ANR ITrans projec
A Mocktail of Source Code Representations
Efficient representation of source code is essential for various software
engineering tasks such as code search and code clone detection. One such
technique for representing source code involves extracting paths from the AST
and using a learning model to capture program properties. Code2vec is a
commonly used path-based approach that uses an attention-based neural network
to learn code embeddings which can then be used for various software
engineering tasks. However, this approach uses only ASTs and does not leverage
other graph structures such as Control Flow Graphs (CFG) and Program Dependency
Graphs (PDG). Similarly, most recent approaches for representing source code
still use AST and do not leverage semantic graph structures. Even though there
exists an integrated graph approach (Code Property Graph) for representing
source code, it has only been explored in the domain of software security.
Moreover, it does not leverage the paths from the individual graphs. In our
work, we extend the path-based approach code2vec to include semantic graphs,
CFG, and PDG, along with AST, which is still largely unexplored in the domain
of software engineering. We evaluate our approach on the task of MethodNaming
using a custom C dataset of 730K methods collected from 16 C projects from
GitHub. In comparison to code2vec, our approach improves the F1 Score by 11% on
the full dataset and up to 100% with individual projects. We show that semantic
features from the CFG and PDG paths are indeed helpful. We envision that
looking at a mocktail of source code representations for various software
engineering tasks can lay the foundation for a new line of research and a
re-haul of existing research
A Pre-Trained BERT Model for Android Applications
The automation of an increasingly large number of software engineering tasks
is becoming possible thanks to Machine Learning (ML). One foundational building
block in the application of ML to software artifacts is the representation of
these artifacts (e.g., source code or executable code) into a form that is
suitable for learning. Many studies have leveraged representation learning,
delegating to ML itself the job of automatically devising suitable
representations. Yet, in the context of Android problems, existing models are
either limited to coarse-grained whole-app level (e.g., apk2vec) or conducted
for one specific downstream task (e.g., smali2vec). Our work is part of a new
line of research that investigates effective, task-agnostic, and fine-grained
universal representations of bytecode to mitigate both of these two
limitations. Such representations aim to capture information relevant to
various low-level downstream tasks (e.g., at the class-level). We are inspired
by the field of Natural Language Processing, where the problem of universal
representation was addressed by building Universal Language Models, such as
BERT, whose goal is to capture abstract semantic information about sentences,
in a way that is reusable for a variety of tasks. We propose DexBERT, a
BERT-like Language Model dedicated to representing chunks of DEX bytecode, the
main binary format used in Android applications. We empirically assess whether
DexBERT is able to model the DEX language and evaluate the suitability of our
model in two distinct class-level software engineering tasks: Malicious Code
Localization and Defect Prediction. We also experiment with strategies to deal
with the problem of catering to apps having vastly different sizes, and we
demonstrate one example of using our technique to investigate what information
is relevant to a given task
A Survey on Automated Software Vulnerability Detection Using Machine Learning and Deep Learning
Software vulnerability detection is critical in software security because it
identifies potential bugs in software systems, enabling immediate remediation
and mitigation measures to be implemented before they may be exploited.
Automatic vulnerability identification is important because it can evaluate
large codebases more efficiently than manual code auditing. Many Machine
Learning (ML) and Deep Learning (DL) based models for detecting vulnerabilities
in source code have been presented in recent years. However, a survey that
summarises, classifies, and analyses the application of ML/DL models for
vulnerability detection is missing. It may be difficult to discover gaps in
existing research and potential for future improvement without a comprehensive
survey. This could result in essential areas of research being overlooked or
under-represented, leading to a skewed understanding of the state of the art in
vulnerability detection. This work address that gap by presenting a systematic
survey to characterize various features of ML/DL-based source code level
software vulnerability detection approaches via five primary research questions
(RQs). Specifically, our RQ1 examines the trend of publications that leverage
ML/DL for vulnerability detection, including the evolution of research and the
distribution of publication venues. RQ2 describes vulnerability datasets used
by existing ML/DL-based models, including their sources, types, and
representations, as well as analyses of the embedding techniques used by these
approaches. RQ3 explores the model architectures and design assumptions of
ML/DL-based vulnerability detection approaches. RQ4 summarises the type and
frequency of vulnerabilities that are covered by existing studies. Lastly, RQ5
presents a list of current challenges to be researched and an outline of a
potential research roadmap that highlights crucial opportunities for future
work
A systematic literature review on source code similarity measurement and clone detection: techniques, applications, and challenges
Measuring and evaluating source code similarity is a fundamental software
engineering activity that embraces a broad range of applications, including but
not limited to code recommendation, duplicate code, plagiarism, malware, and
smell detection. This paper proposes a systematic literature review and
meta-analysis on code similarity measurement and evaluation techniques to shed
light on the existing approaches and their characteristics in different
applications. We initially found over 10000 articles by querying four digital
libraries and ended up with 136 primary studies in the field. The studies were
classified according to their methodology, programming languages, datasets,
tools, and applications. A deep investigation reveals 80 software tools,
working with eight different techniques on five application domains. Nearly 49%
of the tools work on Java programs and 37% support C and C++, while there is no
support for many programming languages. A noteworthy point was the existence of
12 datasets related to source code similarity measurement and duplicate codes,
of which only eight datasets were publicly accessible. The lack of reliable
datasets, empirical evaluations, hybrid methods, and focuses on multi-paradigm
languages are the main challenges in the field. Emerging applications of code
similarity measurement concentrate on the development phase in addition to the
maintenance.Comment: 49 pages, 10 figures, 6 table
- …