451 research outputs found
Embedding Spatial Software Visualization in the IDE: an Exploratory Study
Software visualization can be of great use for understanding and exploring a
software system in an intuitive manner. Spatial representation of software is a
promising approach of increasing interest. However, little is known about how
developers interact with spatial visualizations that are embedded in the IDE.
In this paper, we present a pilot study that explores the use of Software
Cartography for program comprehension of an unknown system. We investigated
whether developers establish a spatial memory of the system, whether clustering
by topic offers a sound base layout, and how developers interact with maps. We
report our results in the form of observations, hypotheses, and implications.
Key findings are a) that developers made good use of the map to inspect search
results and call graphs, and b) that developers found the base layout
surprising and often confusing. We conclude with concrete advice for the design
of embedded software maps.Comment: To appear in proceedings of SOFTVIS 2010 conferenc
Security Code Smells in Android ICC
Android Inter-Component Communication (ICC) is complex, largely
unconstrained, and hard for developers to understand. As a consequence, ICC is
a common source of security vulnerability in Android apps. To promote secure
programming practices, we have reviewed related research, and identified
avoidable ICC vulnerabilities in Android-run devices and the security code
smells that indicate their presence. We explain the vulnerabilities and their
corresponding smells, and we discuss how they can be eliminated or mitigated
during development. We present a lightweight static analysis tool on top of
Android Lint that analyzes the code under development and provides just-in-time
feedback within the IDE about the presence of such smells in the code.
Moreover, with the help of this tool we study the prevalence of security code
smells in more than 700 open-source apps, and manually inspect around 15% of
the apps to assess the extent to which identifying such smells uncovers ICC
security vulnerabilities.Comment: Accepted on 28 Nov 2018, Empirical Software Engineering Journal
(EMSE), 201
PerfVis: Pervasive Visualization in Immersive AugmentedReality for Performance Awareness
Developers are usually unaware of the impact of code changes to the
performance of software systems. Although developers can analyze the
performance of a system by executing, for instance, a performance test to
compare the performance of two consecutive versions of the system, changing
from a programming task to a testing task would disrupt the development flow.
In this paper, we propose the use of a city visualization that dynamically
provides developers with a pervasive view of the continuous performance of a
system. We use an immersive augmented reality device (Microsoft HoloLens) to
display our visualization and extend the integrated development environment on
a computer screen to use the physical space. We report on technical details of
the design and implementation of our visualization tool, and discuss early
feedback that we collected of its usability. Our investigation explores a new
visual metaphor to support the exploration and analysis of possibly very large
and multidimensional performance data. Our initial result indicates that the
city metaphor can be adequate to analyze dynamic performance data on a large
and non-trivial software system.Comment: ICPE'19 vision, 4 pages, 2 figure, conferenc
Classbox/J: Controlling the Scope of Change in Java
International audienceUnanticipated changes to complex software systems can introduce anomalies such as duplicated code, suboptimal inheritance rela- tionships and a proliferation of run-time downcasts. Refactoring to eliminate these anomalies may not be an option, at least in certain stages of software evolution. Classboxes are modules that restrict the visibility of changes to selected clients only, thereby offering more freedom in the way unanticipated changes may be imple- mented, and thus reducing the need for convoluted design anoma- lies. In this paper we demonstrate how classboxes can be imple- mented in statically-typed languages like Java. We also present an extended case study of Swing, a Java GUI package built on top of AWT, and we document the ensuing anomalies that Swing intro- duces. We show how Classbox/J, a prototype implementation of classboxes for Java, is used to provide a cleaner implementation of Swing using local refinement rather than subclassing
Crypto Experts Advise What They Adopt
Previous studies have shown that developers regularly seek advice on online forums to resolve their cryptography issues. We investigated whether users who are active in cryptography discussions also use cryptography in practice. We collected the top 1 of responders who have participated in crypto discussions on Stack Overflow, and we manually analyzed their crypto contributions to open source projects on GitHub. We could identify 319 GitHub profiles that belonged to such crypto responders and found that 189 of them used cryptography in their projects. Further investigation revealed that the majority of analyzed users (i.e., 85) use the same programming languages for crypto activity on Stack Overflow and crypto contributions on GitHub. Moreover, 90 of the analyzed users employed the same concept of cryptography in their projects as they advised about on Stack Overflow
- …