1,524 Hits in 2.7 sec

Static analysis tools in the era of cloud-native systems [article]

Tomas Cerny, Davide Taibi
2022 arXiv   pre-print
The independent nature of this modular architecture also leads to challenges and gaps.  ...  However, dynamic analysis does not have access to details only available in codebases. Besides, we must consider the separation of duty relevant to telemetry.  ...  However, we see that static analysis is rather in control of developers and the dynamic analysis is more relevant to DevOps.  ... 
arXiv:2205.08527v1 fatcat:2co64cksije2hhzffd34wbfuzm

Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery [article]

Tommi Unruh, Bhargava Shastry, Malte Skoruppa, Federico Maggi, Konrad Rieck, Jean-Pierre Seifert, Fabian Yamaguchi
2017 arXiv   pre-print
the security of open-source projects.  ...  Our analysis framework has been running on a standard PC, analyzed 64,415 PHP codebases hosted on GitHub thus far, and found a total of 117 vulnerabilities that have a strong syntactic similarity to vulnerable  ...  Thus, traditional code clone detection tools seek code replicas in a single codebase, or a set of codebases with the same provenance.  ... 
arXiv:1704.02786v1 fatcat:zf7j4pnisrattnwu6ah2aol22i

Towards automated library migrations with error prone and refaster

Rick Ossendrijver, Stephan Schroevers, Clemens Grelck
2022 Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing  
We additionally propose a set of Error Prone extensions to facilitate rewriting method return types. Together they enable a new class of rewrite operations especially relevant to library migrations.  ...  Using the proposed extensions, we manage to fully migrate an additional 35% of the RxJava 2-referencing files in the former codebase, and an initial 39% of such files in the latter codebase.  ...  Lastly, we appreciate the feedback provided by the colleagues at Picnic who evaluated the result of the RxJava to Reactor migration applied to the industrial codebase.  ... 
doi:10.1145/3477314.3507153 fatcat:63c2oqixjrdatj327xh5qq7bha

Interactive Code Review for Systematic Changes

Tianyi Zhang, Myoungkyu Song, Joseph Pinedo, Miryung Kim
2015 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering  
By matching a generalized template against the codebase, it summarizes similar changes and detects potential mistakes. We evaluated CRITICS using two methods.  ...  The results show that human subjects using CRITICS answer questions about systematic changes 47.3% more correctly with 31.9% saving in time during code review tasks, in comparison to the baseline use of  ...  ACKNOWLEDGMENT The authors would like to thank anonymous participants from and University of Texas at Austin for their participation in the user study and their valuable insights and feedback  ... 
doi:10.1109/icse.2015.33 dblp:conf/icse/ZhangSPK15 fatcat:rhzjuhogy5ff5ftgmv53xiv6xe

A Systematic Review of the Literature of the Techniques to Perform Transformations in Software Engineering

Reudismam Rolim de Sousa
2020 Brazilian Journal of Development  
These edits can be identical or similar to different codebase locations, which may occur as developers add features, refactor, or fix a bug.  ...  In this work, we present a systematic review of the literature of the techniques to do transformations in software engineering.  ...  We used this pilot study to review of the search string and databases. We have a set of works relevant to our study in a folder named Relevant Papers. Our study must select this set of works.  ... 
doi:10.34117/bjdv6n7-361 fatcat:dj43wxhojjbivajsipzzgmokea

Microservice Architecture Reconstruction and Visualization Techniques: A Review [article]

Tomas Cerny, Amr S. Abdelfattah, Vincent Bushong, Abdullah Al Maruf, Davide Taibi
2022 arXiv   pre-print
We considered various architectural perspectives relevant to microservices and assessed the relevancy of the traditional method, comparing it to alternative data visualization using 3D space.  ...  As a representative of the 3D method, we considered a 3D graph model presented in augmented reality.  ...  capable of multi-codebases Fig. 6 .  ... 
arXiv:2207.02988v2 fatcat:l4onzoatcnfjxd7jihsrbvboeu

Towards Automated Library Migrations with Error Prone and Refaster

Rick Ossendrijver, Stephan Schroevers, Clemens Grelck
2021 Zenodo  
Together these improvements enable a new class of rewrite operations, especially relevant to library migrations.  ...  We additionally propose a set of Error Prone extensions which facilitate rewriting method return types. Lastly, several generalizations and improvements of existing Error Prone plugins are discussed.  ...  Acknowledgements This project is the result of a journey of several months, involving people to which I owe deep gratitude. First and foremost, Stephan Schroevers.  ... 
doi:10.5281/zenodo.5801921 fatcat:ijd4fueohrh73hwtp2doqzpp5e

Ultimate architecture enforcement

Paulo Merson
2013 Proceedings of the 2013 companion publication for conference on Systems, programming, & applications: software for humanity - SPLASH '13  
This paper reports a successful experience where we addressed these two limitations for a large codebase comprising over 50 Java applications.  ...  The architecture team is also notified and can proactively contact the developer to address any lack of understanding of the architecture.  ...  Application security checks A couple of years ago we had the opportunity to analyze part of our codebase using a static analysis tool called Fortify, which specializes in detecting security vulnerabilities  ... 
doi:10.1145/2508075.2508433 dblp:conf/oopsla/Merson13 fatcat:4ggwtabdqbewleecgbkun3ecfq

MaRTS: A Model-Based Regression Test Selection Approach

Mohammed Al-Refai
2017 ACM/IEEE International Conference on Model Driven Engineering Languages and Systems  
Models can be used to plan the evolution and runtime adaptation of a software system.  ...  The fault detection ability of the selected test cases was equal to that of the baseline test cases.  ...  DejaVu detects fine-grained changes at the statement level, and ChEOPSJ detects fine-grained changes to method invocations.  ... 
dblp:conf/models/Al-Refai17a fatcat:m7rjq6tfxzbvbaukeomiijlify

Survey on Tools and Techniques Detecting Microservice API Patterns [article]

Alexander Bakhtin, Abdullah Al Maruf, Tomas Cerny, Davide Taibi
2022 arXiv   pre-print
This article performs a grey literature review to find and catalog available tools to detect microservice API patterns (MAP). It reasons about mechanisms that can be used to detect these patterns.  ...  Finally, the reader is provided with a route map to detection techniques that can be used to mine MAPs.  ...  across codebases.  ... 
arXiv:2205.10133v1 fatcat:3fydeo7sejgevpi5emxw2q3uzy

Triggerflow: Regression Testing by Advanced Execution Path Inspection [chapter]

Iaroslav Gridin, Cesar Pereida García, Nicola Tuveri, Billy Bob Brumley
2019 Lecture Notes in Computer Science  
We validate this approach with case studies demonstrating how adopting our method in the development pipeline would have promptly detected such accidents.  ...  Cryptographic libraries often feature multiple implementations of primitives to meet both the security needs of handling private information and the performance requirements of modern services when the  ...  Relevant recent works employ symbolic execution to detect side-channel leaks.  ... 
doi:10.1007/978-3-030-22038-9_16 fatcat:wiedpr2kxnewjnbogdxwxnxtzu

An Empirical Study on the Effectiveness of Security Code Review [chapter]

Anne Edmundson, Brian Holtkamp, Emanuel Rivera, Matthew Finifter, Adrian Mettler, David Wagner
2013 Lecture Notes in Computer Science  
With the rise of the web as a dominant application platform, web security vulnerabilities are of increasing concern.  ...  This research aims to quantify the effectiveness of software developers at security code review as well as determine the variation in effectiveness among web developers.  ...  This work was supported in part by TRUST (Team for Research in Ubiquitous Secure Technology) through NSF grant CCF-0424422, by the AFOSR under MURI  ... 
doi:10.1007/978-3-642-36563-8_14 fatcat:ry2l25ggtvfvfgetpuetff2rcy

C-TRAIL: A Program Comprehension Approach for Leveraging Learning Models in Automated Code Trail Generation

Roy Oberhauser
2016 Proceedings of the 11th International Joint Conference on Software Technologies  
With society's increasing utilization of (embedded) software, the amount of program source code is proliferating while the skilled human resources to maintain and evolve this code remain limited.  ...  Visited POIs (including deviations) are detected via events and automatically removed from the adapted trail. Via events, the POI visitation history is tracked and can be replayed later.  ...  While runtime invocations (such as loops) are not considered, it can indicate methods with broader relative utilization and thus likely of greater comprehension relevance.  ... 
doi:10.5220/0005974901770185 dblp:conf/icsoft/Oberhauser16 fatcat:kwkxsmfygrhjvllfmi7liinc7i

Sharing Presentation and Business Logic Between Server and Client

Markus Ast, Stefan Wild, Martin Gaedke
2014 Journal of Web Engineering  
While developers can choose from a rich set of programming languages to implement a Web application's server side, they are bound to JavaScript for the client side.  ...  A Web application's codebase is typically divided into a server side and a client side with essential functionalities being implemented twice, such as validation or rendering.  ...  As soon as the client builds a document, a method must detect all relevant comments and assigns them to their corresponding fragments.  ... 
dblp:journals/jwe/AstWG14 fatcat:lfge574hore3nay3iphvknd7ra

Characterizing Buffer Overflow Vulnerabilities in Large C/C++ Projects

Jose D'Abruzzo Pereira, Naghmeh Ivaki, Marco Vieira
2021 IEEE Access  
Security vulnerabilities are present in most software systems, especially in projects with a large codebase, with several versions over the years, developed by many developers.  ...  of this type of tool in detecting buffer overflow vulnerabilities.  ...  His research interests include security and vulnerability detection, static code analysis, software project management, software quality, and self-adaptive systems.  ... 
doi:10.1109/access.2021.3120349 fatcat:siplqbof2bhgzajm3vxybr4pka
« Previous Showing results 1 — 15 out of 1,524 results