一种精简二进制代码的程序理解方法

精简二进制代码形式的软件是软件分析和程序理解需要处理的一类具有代表性的对象,基于高级语言源代码和调试符号信息的传统分析方法在处理此类软件时受到了极大限制。提出一种精简二进制形式软件的理解方法,首先将分析对象转变为运行期进程,引入实际运行中的进程信息;然后引入程序的行为特征,以程序表现出的外在行为和对外接口作为辅助信息,将此类外部特征映射到程序代码;最后基于切片思想和调试技术,获得程序切片并分析。这种方法为分析理解过程扩展了信息量,降低了复杂度,解决了分析此类软件时信息缺失和难以建立理解模型的问题。     

Estimating test effectiveness with dynamic complexity measurement

This paper presents an investigation into four distinct aspects of software complexity. An initial partition of the software complexity domain would be the attributes of static software complexity and those of dynamic software comlexity. Static complexity measurement views all program modules monolithically. That is, all of the code for all of the modules is measured as extracted from source code files. When computer software is actually executed, not all modules are executed to the same extent. Some receive a large proportion of execution activity. Further, when these modules execute, not all code in the modules executes. If just the code that is executed is measured for complexity a completely different view of the program module emerges. In this investigation we will examine the static complexity of a program together with the three dynamic measures of functional, fractional, and operational complexity. The eminent value of the dynamic metrics is shown in their role as measures of test outcomes.     

基于符号执行和N-scope复杂度的代码混淆度量方法

代码混淆可有效对抗逆向工程等各类MATE攻击威胁,作为攻击缓和性质的内生安全技术发展较为成熟,对代码混淆效果的合理度量具有重要价值。代码混淆度量研究相对较少,针对代码混淆弹性的度量方法与泛化性、实用性度量方法相对缺乏。符号执行技术广泛应用于反混淆攻击,其生成遍历程序完整路径输入测试集的难度可为混淆弹性度量提供参考,然而基于程序嵌套结构的对抗技术可显著降低符号执行效率,增加其混淆弹性参考误差。针对上述问题,提出结合符号执行技术和N-scope复杂度的代码混淆度量方法,该方法首先基于程序符号执行时间定义程序混淆弹性;其次提出适配符号执行的N-scope复杂度,定义程序混淆强度同时增强符号执行对多层嵌套结构程序的混淆弹性度量鲁棒性;进而提出结合动态分析与静态分析的混淆效果关联性分析,通过对程序进行符号执行与控制流图提取量化混淆效果。面向C程序构建了该度量方法的一种实现框架并验证,实验对3个公开程序集及其混淆后程序集约4 000个程序进行混淆效果度量,度量结果表明,提出的度量方法在较好地刻画混淆效果的同时拥有一定的泛化能力与实用价值;模拟真实混淆应用场景给出了该度量方法的使用样例,为混淆技术使...     

Automated refactoring to the Null Object design pattern

ContextNull-checking conditionals are a straightforward solution against null dereferences. However, their frequent repetition is considered a sign of poor program design, since they introduce source code duplication and complexity that impacts code comprehension and maintenance. The Null Object design pattern enables the replacement of null-checking conditionals with polymorphic method invocations that are bound, at runtime, to either a real object or a Null Object.ObjectiveThis work proposes a novel method for automated refactoring to Null Object that eliminates null-checking conditionals associated with optional class fields, i.e., fields that are not initialized in all class instantiations and, thus, their usage needs to be guarded in order to avoid null dereferences.MethodWe introduce an algorithm for automated discovery of refactoring opportunities to Null Object. Moreover, we specify the source code transformation procedure and an extensive set of refactoring preconditions for safely refactoring an optional field and its associated null-checking conditionals to the Null Object design pattern. The method is implemented as an Eclipse plug-in and is evaluated on a set of open source Java projects.ResultsSeveral refactoring candidates are discovered in the projects used in the evaluation and their refactoring lead to improvement of the cyclomatic complexity of the affected classes. The successful execution of the projects’ test suites, on their refactored versions, provides empirical evidence on the soundness of the proposed source code transformation. Runtime performance results highlight the potential for applying our method to a wide range of project sizes.ConclusionOur method automates the elimination of null-checking conditionals through refactoring to the Null Object design pattern. It contributes to improvement of the cyclomatic complexity of classes with optional fields. The runtime processing overhead of applying our method is limited and allows its integration to the programmer’s routine code analysis activities.     

面向对象程序复杂性度量层次模型

程序复杂性度量可以实现定量地分析程序复杂性，从而为估计成本提供一个标准。为了度量面向对象程序复杂性，在讨论了度量的定义．度量的理论基础后，提出了一种面向对象程序复杂性度量的层次模型。该模型分成5个层次：系统层、类簇层、类继承树层、类层和方法层，每个层次都有自己的度量方法。采用这种分层度量模型的好处是：它是一个框架，各度量方法归属到各层中；各层之间相互独立；一层中方法的修改并不影响其它层。     

A two-folded impact analysis of schema changes on database applications

Database applications are becoming increasingly popular, mainly due to the advanced data management facilities that the underlying database management system offers compared against traditional legacy software applications. The interaction, however, of such applications with the database system introduces a number of issues, among which, this paper addresses the impact analysis of the changes performed at the database schema level. Our motivation is to provide the software engineers of database applications with automated methods that facilitate major maintenance tasks, such as source code corrections and regression testing, which should be triggered by the occurrence of such changes. The presented impact analysis is thus two-folded： the impact is analysed in terms of both the affected source code statements and the affected test suites concerning the testing of these applications. To achieve the former objective, a program slicing technique is employed, which is based on an extended version of the program dependency graph. The latter objective requires the analysis of test suites generated for database applications, which is accomplished by employing testing techniques tailored for this type of applications. Utilising both the slicing and the testing techniques enhances program comprehension of database applications, while also supporting the development of a number of practical metrics regarding their maintainability against schema changes. To evaluate the feasibility and effectiveness of the presented techniques and metrics, a software tool, called DATA, has been implemented. The experimental results from its usage on the TPC-C case study are reported and analysed.     

Using convert to transform source code

There are a number of reasons why one might wish to transform the source code of an operational program:

• 1 To make the program conform to a standard layout.
• 2 To make the program conform to syntax and semantics standards.
• 3 To improve the performance of the program.

The primary advantage of transforming source code into a standard form is that the programs become easier to maintain. The cost-benefit of standardization is thus realized at a later stage in the lifetime of the programs. Alternatively the cost-benefit of improving performance is immediate. The desirability of transforming source code is affected by several parameters:

• 1 The benefit to be realized from transformation.
• 2 The cost of transformation.
• 3 The time involved in transformation.
• 4 The risk associated with transformation.

If the benefit of transformation is significant, the cost, time and risk associated with the process can be considerably reduced by automating the process. In this paper, application of the CONVERT language to the transformation problem is discussed. CONVERT was developed as a vehicle for writing automatic language and dialect converters. Clearly, the features useful for converters are also applicable when the application involves transformation of source code.     

Standards-establishing a standard metrics program

Guidelines for establishing a standard metrics program for organizations are presented. Initially, it is suggested that the collection effort be minimal, meaning the data to be processed should already be in the collection phase so that the total metrics effort will not be viewed as a burden; the raw metric data must be such that it can be processed automatically; the initial metrics effort should rely on computer programs that already exist in some basic form; and the metric must be viewed as worthwhile. Sources of data are discussed. The data needed for documentation metrics, source code metrics, problem-change report metrics, cost metrics, productivity metrics, and rework metrics are identified     

A study of several metrics for programming effort

As the cost of programming becomes a major component of the cost of computer systems, it becomes imperative that program development and maintenance be better managed. One measurement a manager could use is programming complexity. Such a measure can be very useful if the manager is confident that the higher the complexity measure is for a programming project, the more effort it takes to complete the project and perhaps to maintain it. Until recently most measures of complexity were based only on intuition and experience. In the past 3 years two objective metrics have been introduced, McCabe's cyclomatic number v(G) and Halstead's effort measure E. This paper reports an empirical study designed to compare these two metrics with a classic size measure, lines of code. A fourth metric based on a model of programming is introduced and shown to be better than the previously known metrics for some experimental data.     

Producing maintainable software

The increasing cost of software maintenance has resulted in greater emphasis on the production of maintainable software. One method used to enhance the development of maintainable software is to employ complexity metrics as a technique for controlling software complexity. In order to control complexity, it is imperative to plan for increases in complexity levels from code generation to code implementation. This paper presents a study of complexity increases during the testing and debugging phases of the software life cycle. The metrics used to measure complexity are lines of code, unique operators, unique operands, data difficulty, Halstead's effort and cyclomatic complexity.     

Comparison and Evaluation of Clone Detection Tools

Many techniques for detecting duplicated source code (software clones) have been proposed in the past. However, it is not yet clear how these techniques compare in terms of recall and precision as well as space and time requirements. This paper presents an experiment that evaluates six clone detectors based on eight large C and Java programs (altogether almost 850 KLOC). Their clone candidates were evaluated by one of the authors as an independent third party. The selected techniques cover the whole spectrum of the state-of-the-art in clone detection. The techniques work on text, lexical and syntactic information, software metrics, and program dependency graphs.     

Restructuring Software: A Case Study

We use knot count and path count metrics to identify which routines in the Level 1 basic linear algebra subroutines (BLAS) might benefit from code restructuring. We then consider how logical restructuring and the improvements in the facilities available from successive versions of Fortran have allowed us to improve the complexity of the code as measured by knot count, path count and cyclomatic complexity, and the user interface of one of the identified routines which computes the Euclidean norm of a vector. With these reductions in complexity we hope that we have contributed to improvements in the maintainability and clarity of the code. Software complexity metrics and the control graph are used to quantify and provide a visual guide to the quality of the software, and the performance of two Fortran code restructuring tools is reported. Finally, we give some indication of the cost of the extra numerical robustness offered by the BLAS routine over the use of new Fortran 90 intrinsic functions.     

程序代码相似度检测方法的设计与实现

程序代码的相似度是剽窃检测的关键技术。通过对现有程序代码相似度度量技术进行研究后,基于属性技术法、结构度量法提出了一种属性计数和结构度量相结合的方法。通过统计程序源代码的操作符和操作数个数以及程序逻辑结构从而产生出一个特征向量,利用向量夹角的余弦计算属性相似度。实验结果表明,该方法能够有效检测出作业中相似的程序代码。     

Software Structure Metrics Based on Information Flow

Structured design methodologies provide a disciplined and organized guide to the construction of software systems. However, while the methodology structures and documents the points at which design decisions are made, it does not provide a specific, quantitative basis for making these decisions. Typically, the designers' only guidelines are qualitative, perhaps even vague, principles such as "functionality," "data transparency," or "clarity." This paper, like several recent publications, defines and validates a set of software metrics which are appropriate for evaluating the structure of large-scale systems. These metrics are based on the measurement of information flow between system components. Specific metrics are defined for procedure complexity, module complexity, and module coupling. The validation, using the source code for the UNIX operating system, shows that the complexity measures are strongly correlated with the occurrence of changes. Further, the metrics for procedures and modules can be interpreted to reveal various types of structural flaws in the design and implementation.     

一种基于深度学习的上帝类检测方法

上帝类是指某个承担了本应由多个类分别承担的多个职责的类.上帝类违背了分而治之的基本思想以及单一职责的设计原则,严重影响软件的可维护性和可理解性.但上帝类又是一种比较常见的代码坏味.因此,针对上帝类的检测与重构一直是代码重构领域的研究热点之一.为此,提出了一种基于深度神经网络的上帝类检测方法.该方法不仅利用了常见的软件度量,而且充分利用了代码中的文本信息,意图通过挖掘文本语义揭示每个类所承担的主要角色.此外,为了解决有监督深度学习所需的海量标签数据,提出了一种基于开源代码构造标签数据的方法.最后,基于开源数据集对所提出的方法进行了实验验证.实验结果表明,这些方法优于现有的上帝类检测方法,尤其是在查全率上有大幅度的提升（提高了35.58%）.     

一种基于分层切片模型思想的源程序信息分析方案

作为软件理解的手段之一,程序切片技术通过寻找程序内部的相关性来分解程序,再通过对分解所得程序切片的分析达到对整个程序的分析和理解。程序切片算法必须建立在对源程序信息正确、完整分析的基础上。详细地描述了一种基于分层切片模型思想的程序信息提取方案。该方案已成功运用到一种Java程序切片工具模型JSTM（Java Slicing Tools Model)中。     

程序代码相似度度量的研究与实现

针对程序代码相似度的度量问题,提出一种属性计数和结构度量相结合的方法,通过统计程序源代码的操作符和操作数个数,产生Halstead长度、Halstead词汇和Halstead容量3个程序的特征向量,利用向量夹角的余弦计算属性相似度,采用最长公共子序列算法获取结构相似度,从而衡量程序对间的相似程度。实验结果表明,该方法能够有效检测出学生作业中的相似程序代码。     

An analysis of static metrics and faults in C software

In this empirical study, we evaluate the extent to which a set of software measures are correlated with the number of faults and the total estimated repair effort for a large software system. The measures we use are basic counts reflecting program size and structure and metrics proposed by McCabe and Halstead. The effect of program size has a major influence on these metrics, and we present a suitable method of adjusting the metrics for size. In modeling faults or repair effort as a function of one variable, a number of measures individually explain approximately one-quarter of the variation observed in the fault data. No one measure does significantly better than size in explaining the variation in faults found across software units, and thus multiple variable models are necessary to find metrics of importance in addition to program size. The “best” multivariate model explains approximately one-half the variation in the fault data. The metrics included in this model (in addition to size) are: the ratio of block comments to total lines of code, the number of decisions per function, and the relative vocabulary of program variables and operators. These metrics have potential for future use in the quality control of software.     

A family of experiments to assess the effectiveness and efficiency of source code obfuscation techniques

Context: code obfuscation is intended to obstruct code understanding and, eventually, to delay malicious code changes and ultimately render it uneconomical. Although code understanding cannot be completely impeded, code obfuscation makes it more laborious and troublesome, so as to discourage or retard code tampering. Despite the extensive adoption of obfuscation, its assessment has been addressed indirectly either by using internal metrics or taking the point of view of code analysis, e.g., considering the associated computational complexity. To the best of our knowledge, there is no publicly available user study that measures the cost of understanding obfuscated code from the point of view of a human attacker. Aim: this paper experimentally assesses the impact of code obfuscation on the capability of human subjects to understand and change source code. In particular, it considers code protected with two well-known code obfuscation techniques, i.e., identifier renaming and opaque predicates. Method: We have conducted a family of five controlled experiments, involving undergraduate and graduate students from four Universities. During the experiments, subjects had to perform comprehension or attack tasks on decompiled clients of two Java network-based applications, either obfuscated using one of the two techniques, or not. To assess and compare the obfuscation techniques, we measured the correctness and the efficiency of the performed task. Results: —at least for the tasks we considered—simpler techniques (i.e., identifier renaming) prove to be more effective than more complex ones (i.e., opaque predicates) in impeding subjects to complete attack tasks.