61 research outputs found
Linking analysis and transformation tools with source-based mappings
This paper discusses an approach to linking separate analysis and transformation tools, such that analysis results can be used to guide transformations. Our approach consists of two phases. First, the analysis tool maps its results to relevant locations in the source code. Second, a mapping in the reverse direction is performed: the analysis results expressed as source positions and data are mapped to the abstractions used in the transformation tool. We discuss a prototype implementation of this approach in detail, and present the results of a number of case studies
Looking Towards a Future where Software is Controlled by the Public (and not the other way round)
Nowadays, software has a ubiquitous presence in everyday life and this phenomenon gives rise to a range of challenges that affect both individuals and society as a whole. In this article we argue that in the future, the domain of software should no longer belong to technical experts and system integrators alone. Instead it should transition to a firmly engaged public domain, similar to city planning, social welfare and security. The challenge that lies at the heart of this problem is the ability to understand, on a technical level, what all the different software actually is and what it does with our information
Identifying Personal Data Processing for Code Review
Code review is a critical step in the software development life cycle, which
assesses and boosts the code's effectiveness and correctness, pinpoints
security issues, and raises its quality by adhering to best practices. Due to
the increased need for personal data protection motivated by legislation, code
reviewers need to understand where personal data is located in software systems
and how it is handled. Although most recent work on code review focuses on
security vulnerabilities, privacy-related techniques are not easy for code
reviewers to implement, making their inclusion in the code review process
challenging. In this paper, we present ongoing work on a new approach to
identifying personal data processing, enabling developers and code reviewers in
drafting privacy analyses and complying with regulations such as the General
Data Protection Regulation (GDPR).Comment: Accepted by The 9th International Conference on Information Systems
Security and Privacy (ICISSP 2023
Isolating crosscutting concerns in system software
This paper reports upon our experience in automatically migrating the crosscutting concerns of a large-scale software system, written in C, to an aspect-oriented implementation. We zoom in on one particular crosscutting concern, and show how detailed information about it is extracted from the source code, and how this information enables us to characterise this code and define an appropriate aspect automatically. Additionally, we compare the already existing solution to the aspect-oriented solution, and discuss advantages as well as disadvantages of both in terms of selected quality attributes. Our results show that automated migration is feasible, and can lead to significant improvements in source code qualit
An evaluation of clone detection techniques for identifying crosscutting concerns
Code implementing a crosscutting concern is often spread over many different parts of an application. Identifying such code automatically greatly improves both the maintainability and the evolvability of the application. First of all, it allows a developer to more easily find the places in the code that must be changed when the concern changes, and thus makes such changes less time consuming and less prone to errors. Second, it allows a developer to refactor the code, so that it uses modern and more advanced abstraction mechanisms, thereby restoring its modularity. In this paper, we evaluate the suitability of clone detection as a technique for the identification of crosscutting concerns. To that end, we manually identify four specific concerns in an industrial C application, and analyze to what extent clone detection is capable of finding these concerns. We consider our results as a stepping stone toward an automated 'concern miner' based on clone detection
Enabling real-time feedback in software engineering
Modern software projects consist of more than just code: Teams follow development processes, the code runs on servers or mobile phones and produces run time logs and users talk about the software in forums like StackOverflow and Twitter and rate it on app stores. Insights stemming from the real-time analysis of combined software engineering data can help software practitioners to conduct faster decision-making. With the development of CodeFeedr, a Real-time Software Analytics Platform , we aim to make software analytics a core feedback loop for software engineering projects. CodeFeedr's vision entails: (1) The ability to unify archival and current software analytics data under a single query language, and (2) The feasibility to apply new techniques and methods for high-level aggregation and summarization of near real-time information on software development. In this paper, we outline three use cases where our platform is expected to have a significant impact on the quality and speed of decision making; dependency management, productivity analytics, and run-time error feedback
- …