8,493 research outputs found
Quire: Lightweight Provenance for Smart Phone Operating Systems
Smartphone apps often run with full privileges to access the network and
sensitive local resources, making it difficult for remote systems to have any
trust in the provenance of network connections they receive. Even within the
phone, different apps with different privileges can communicate with one
another, allowing one app to trick another into improperly exercising its
privileges (a Confused Deputy attack). In Quire, we engineered two new security
mechanisms into Android to address these issues. First, we track the call chain
of IPCs, allowing an app the choice of operating with the diminished privileges
of its callers or to act explicitly on its own behalf. Second, a lightweight
signature scheme allows any app to create a signed statement that can be
verified anywhere inside the phone. Both of these mechanisms are reflected in
network RPCs, allowing remote systems visibility into the state of the phone
when an RPC is made. We demonstrate the usefulness of Quire with two example
applications. We built an advertising service, running distinctly from the app
which wants to display ads, which can validate clicks passed to it from its
host. We also built a payment service, allowing an app to issue a request which
the payment service validates with the user. An app cannot not forge a payment
request by directly connecting to the remote server, nor can the local payment
service tamper with the request
Simplifying Deep-Learning-Based Model for Code Search
To accelerate software development, developers frequently search and reuse
existing code snippets from a large-scale codebase, e.g., GitHub. Over the
years, researchers proposed many information retrieval (IR) based models for
code search, which match keywords in query with code text. But they fail to
connect the semantic gap between query and code. To conquer this challenge, Gu
et al. proposed a deep-learning-based model named DeepCS. It jointly embeds
method code and natural language description into a shared vector space, where
methods related to a natural language query are retrieved according to their
vector similarities. However, DeepCS' working process is complicated and
time-consuming. To overcome this issue, we proposed a simplified model
CodeMatcher that leverages the IR technique but maintains many features in
DeepCS. Generally, CodeMatcher combines query keywords with the original order,
performs a fuzzy search on name and body strings of methods, and returned the
best-matched methods with the longer sequence of used keywords. We verified its
effectiveness on a large-scale codebase with about 41k repositories.
Experimental results showed the simplified model CodeMatcher outperforms DeepCS
by 97% in terms of MRR (a widely used accuracy measure for code search), and it
is over 66 times faster than DeepCS. Besides, comparing with the
state-of-the-art IR-based model CodeHow, CodeMatcher also improves the MRR by
73%. We also observed that: fusing the advantages of IR-based and
deep-learning-based models is promising because they compensate with each other
by nature; improving the quality of method naming helps code search, since
method name plays an important role in connecting query and code
Using High-Rising Cities to Visualize Performance in Real-Time
For developers concerned with a performance drop or improvement in their
software, a profiler allows a developer to quickly search and identify
bottlenecks and leaks that consume much execution time. Non real-time profilers
analyze the history of already executed stack traces, while a real-time
profiler outputs the results concurrently with the execution of software, so
users can know the results instantaneously. However, a real-time profiler risks
providing overly large and complex outputs, which is difficult for developers
to quickly analyze. In this paper, we visualize the performance data from a
real-time profiler. We visualize program execution as a three-dimensional (3D)
city, representing the structure of the program as artifacts in a city (i.e.,
classes and packages expressed as buildings and districts) and their program
executions expressed as the fluctuating height of artifacts. Through two case
studies and using a prototype of our proposed visualization, we demonstrate how
our visualization can easily identify performance issues such as a memory leak
and compare performance changes between versions of a program. A demonstration
of the interactive features of our prototype is available at
https://youtu.be/eleVo19Hp4k.Comment: 10 pages, VISSOFT 2017, Artifact:
https://github.com/sefield/high-rising-city-artifac
Stack Overflow in Github: Any Snippets There?
When programmers look for how to achieve certain programming tasks, Stack
Overflow is a popular destination in search engine results. Over the years,
Stack Overflow has accumulated an impressive knowledge base of snippets of code
that are amply documented. We are interested in studying how programmers use
these snippets of code in their projects. Can we find Stack Overflow snippets
in real projects? When snippets are used, is this copy literal or does it
suffer adaptations? And are these adaptations specializations required by the
idiosyncrasies of the target artifact, or are they motivated by specific
requirements of the programmer? The large-scale study presented on this paper
analyzes 909k non-fork Python projects hosted on Github, which contain 290M
function definitions, and 1.9M Python snippets captured in Stack Overflow.
Results are presented as quantitative analysis of block-level code cloning
intra and inter Stack Overflow and GitHub, and as an analysis of programming
behaviors through the qualitative analysis of our findings.Comment: 14th International Conference on Mining Software Repositories, 11
page
The Search for the Laws of Automatic Random Testing
Can one estimate the number of remaining faults in a software system? A
credible estimation technique would be immensely useful to project managers as
well as customers. It would also be of theoretical interest, as a general law
of software engineering. We investigate possible answers in the context of
automated random testing, a method that is increasingly accepted as an
effective way to discover faults. Our experimental results, derived from
best-fit analysis of a variety of mathematical functions, based on a large
number of automated tests of library code equipped with automated oracles in
the form of contracts, suggest a poly-logarithmic law. Although further
confirmation remains necessary on different code bases and testing techniques,
we argue that understanding the laws of testing may bring significant benefits
for estimating the number of detectable faults and comparing different projects
and practices.Comment: 20 page
- …