Object‐oriented processing of Java source code

Code transformation and analysis tools provide support for software engineering tasks such as style checking, testing, calculating software metrics as well as reverse‐ and re‐engineering. In this paper we describe the architecture and the applications of JTransform, a general Java source code processing and transformation framework. It consists of a Java parser generating a configurable parse tree and various visitors (transformers, tree evaluators) which produce different kinds of outputs. While our framework is written in Java, the paper further opens an opportunity for a new generation of XML‐based source code tools. Copyright © 2004 John Wiley & Sons, Ltd.     

航天嵌入式软件代码逻辑分析

为提高航天嵌入式软件的测试质量、确保航天型号任务的圆满完成,对航天嵌入式软件代码审查重要内容之一的代码逻辑分析进行了研究.通过对软件缺陷的机理、缺陷查找过程、缺陷暴露过程、以及缺陷引发后果的分析,结合多年软件测试工程实践经验的总结,提出了场景分析法、时序分析法、假想故障追源法等10种主要的代码逻辑分析方法.开展了代码逻辑分析方法的应用分析、代码审查与其它测试手段之间的对比分析,通过分析,给出了代码审查的工程适用性说明.研究成果已在航天型号软件第三方评测中全面推广应用,实践数据表明,应用效果良好,使代码审查的缺陷发现率由业界公认的30％～70％提升至90％以上.相关分析方法和分析思路对动态测试设计以及软件缺陷自动化检测工具的研发均具有一定的参考作用.     

一种面向交通管理的城市道路编码的方法

文中给出了一种基于软件工程理论的面向交通管理的城市道路编码方法,并从应用角度对城市道路编码中的几个主要组成要素,即编码对象、编码粒度、编码结构和编码属性进行了详细编码设计。从广州市智能交通管理指挥系统的实施效果来看,编码设计方案实用可行。     

Experiences building a communication‐oriented JavaOS

Mobile code makes it easier to maintain, debug, update, and customize a system. Active networks are one of the more interesting applications of mobile code: code is injected into the nodes of a network to customize the network's functionality, such as routing, and to add new features, such as special‐purpose congestion control and filtering algorithms. The challenge is to develop a communication‐oriented platform for such systems. We refer to mobile code targeted at low‐level, communication‐oriented systems like active networks as liquid software, the key distinction being that liquid software is focused on the efficient transfer of data, not high‐performance computation. To this end, we have designed and implemented Joust, which consists of a complete re‐implementation of the Java virtual machine (including both the runtime system and a just‐in‐time compiler), running on the Scout operating system (a configurable, communication‐oriented OS). The result is a configurable, high‐performance platform for running liquid software. We present the results of implementing two different applications of liquid software on Joust, including a prototype architecture for active networks. Copyright © 2000 John Wiley & Sons, Ltd.     

基于XML的数控仿真系统的NC代码解析

在直接通过NC代码来驱动仿真加工过程的数控仿真系统中,NC代码的解析处于系统的核心地位。然而各种NC代码之间的差异给系统的通用造成巨大的困难,系统各个模块的工作严格依赖于特定的NC代码格式,也使得系统难以扩展与变更。采用XML文档来作为用户提交的NC代码与系统之间的中间代码,很好地解决了以上问题,并获得了良好的应用效果,同时,对实现基于网络服务的数控仿真服务提供了可行性方案。     

代码克隆检测研究进展

代码克隆（code clone）,是指存在于代码库中两个及以上相同或者相似的源代码片段.代码克隆相关问题是软件工程领域研究的重要课题.代码克隆是软件开发中的常见现象,它能够提高效率,产生一定的正面效益.但是研究表明,代码克隆也会对软件系统的开发、维护产生负面的影响,包括降低软件稳定性,造成代码库冗余和软件缺陷传播等.代码克隆检测技术旨在寻找检测代码克隆的自动化方法,从而用较低成本减少代码克隆的负面效应.研究者们在代码克隆检测方面获得了一系列的检测技术成果,根据这些技术利用源代码信息的程度不同,可以将它们分为基于文本、词汇、语法、语义4个层次.现有的检测技术针对文本相似的克隆取得了有效的检测结果,但同时也面临着更高抽象层次克隆的挑战,亟待更先进的理论、技术来解决.着重从源代码表征方式角度入手,对近年来代码克隆检测研究进展进行了梳理和总结.主要内容包括：（1）根据源代码表征方式阐述并归类了现有的克隆检测方法;（2）总结了模型评估中使用的实验验证方法与性能评估指标;（3）从科学性、实用性和技术难点这3个方面归纳总结了代码克隆研究的关键问题,围绕数据标注、表征方法、模型构建和工程实践4个方面,阐述了问题的可能解决思路和研究的未来发展趋势.     

代码搜索方法研究进展

开源软件的成功推动了软件产业的蓬勃发展,大量代码资源为代码搜索创造了条件.如何通过代码搜索技术找到需求代码成为一个重要问题.为了更好地推进后续研究工作,首先对代码搜索相关概念及研究趋势进行介绍和说明;其次对使用不同技术的代码搜索研究工作进行综述,包括基于信息检索、查询和代码描述增强、程序特征分类以及深度学习等方面,并进一步总结归纳不同方法的优缺点;接下来针对代码搜索技术所应用的多个领域进行介绍,包括程序合成、代码推荐与补全和代码风格改善等方面;最后分析现阶段代码搜索面临的主要问题,为未来该方向的发展提供一定的参考与建议.     

A methodology to infer and refactor an object‐oriented model from C applications

When analyzing legacy code, generating a high‐level model of an application during the reverse engineering process helps the developers understand how the application is structured and how the dependencies relate the different software entities. Within the context of procedural programming languages (such as C), the existing approaches to get a model of the code require documentation and/or implicit knowledge that stakeholders acquire during the software building. These approaches use the code itself to build a syntactic model where we see the different software artifacts, such as variables, functions, and modules. However, there is no supporting methodology to detect and analyze if there are relationships/dependencies between those artifacts, such as which variable in a module is declared using an abstract data type described in another one, or which are the functions that are using parameters typed with an abstract data type; or any design decision taken by original developers, such as how the developer has implemented functions in different modules. On the other hand, current developers use object‐oriented (OO) paradigm to implement not only business applications but also useful methodologies/tools that allow semiautomatic analysis of any application. We must remark the legacy procedural code still has worth and is working in several industries, and as any evolving code, the developers have to be able to perform maintenance tasks minimizing the limitations offered by the language. Based on useful properties that the OO paradigm (and their supporting analysis tools) provide, such as UML models, we propose M2K as a methodology to generate a high‐level model from legacy procedural code, mainly written in Ansi C. To understand how C‐based applications were implemented is not a new problem in software reengineering. However, our contribution is based on building an OO model and suggesting different refactorings that help the developer to improve it and to eventually guide a new implementation of the target application. Specifically, the methodology builds cohesive software entities mapped from procedural code and makes the coupling between C entities explicit in the high‐level model. The result of our methodology is a set of refactored class candidates: a structure that groups a set of variables and a set of functions obtained from the C applications. Based on the class candidate model, we propose refactorings based on OO design principles to improve the design of the application. The most relevant design improvements were obtained with algorithm abstraction by applying the strategy pattern, attributes/methods relocalization, variables types generalization, and removing/renaming methods/attributes. Besides a methodology and the supporting tool, we provide 14 case studies based on real projects implemented in C, and we showed how the results validate our proposal.     

基于自封闭代码块的软件保护技术研究

针对传统的基于垃圾指令插入的花指令技术在软件保护应用中的不足,提出了一种基于自封闭代码块的软件反静态分析和动态调试的软件保护技术。重点介绍了自封闭代码块的相关概念,阐述了自封闭代码块的自动生成技术,包括基于指令编码表的随机指令序列生成技术和基于指令逆向思想的逆指令序列生成技术,并给出了相关算法和实例分析。     

基于反汇编的智能电表软件功能检测模型

电力企业在智能电表的生产过程中发现制造商用于招标展示的样品表和竞标成功后大量投产的批量表存在显著差异。由于检测不足,许多投入实际使用的批量表出现工作状态异常、质量不合格的情况,对这些电表的维护造成了不必要的花费。针对此问题制定了一种智能电表软件功能检测方案,设计了一种嵌入式智能电表代码逆向模型。模型以分析智能电表核心程序从而获取系统运行特征为思路,以反汇编算法分析电表固件代码功能为手段,对嵌入式智能电表进行软件功能差异测试。模型包括固件代码提取、固件代码反汇编和软件功能比较三大模块,在反汇编模块中基于现有的线性扫描和递归遍历算法使用了一种改进的单步扫描算法(SDA)。实际应用时对智能电表批量产品和样品进行比较鉴别,对系统功能的差异测量效果明显;同时使用该模型在维护电力企业已使用电表时可控制拟投产电表与已使用电表功能和质量误差在±20%范围内。     

基于低代码平台的水利工程建设管理系统设计与实现

低代码平台开发理念在软件开发领域日趋流行,在面向业务的软件开发方面更为常见。通过梳理水利工程建设管理系统的业务和功能,分析低代码平台开发水利工程建设管理系统应具备的特点,并选取JEPaaS低代码平台进行研发。对水利工程建设管理系统的研发实践表明：低代码平台能有效降低开发门槛,实现快速高效的业务搭建,增加系统设计和实施人员参与系统开发的可行性,降低开发成本,为水利工程建设管理系统开发的技术选择提供思路。     

一种基于模型的应用程序跨平台转换方法

随着计算机应用的迅速普及,软件需求日益增长。应用程序的跨平台转换对资源重用、降低成本、提高软件开发的效率以及解决当前自主研发的操作系统平台有着大量的应用程序缺口等方面有着重大意义。论文借鉴逆向工程、模型驱动开发理念,提出一种基于模型的应用程序跨平台转换方法,讨论了转换过程中的相关策略;并应用该方法实现从Java源代码到PHP的转化。     

一种基于可信计算技术的源代码安全审查模型

在现阶段的大规模软件工程开发中,源代码数量已经变得越来越庞大,动辄就是数百万,甚至是数千万行以上.随着源代码数量的激增,代码的逻辑越来越复杂,相互之间的调用关系越来越繁复,代码的安全漏洞也越来越容易出现.常规的人工检查和调试已经完全不能满足庞大的系统软件的审查需求.此时,常在源代码正式发布之前,使用安全代码审查机制来快速找出系统中绝大多数的安全漏洞.针对这一问题,文章结合传统的代码安全审查原理和当前流行的可信计算技术,提出了一种基于可信计算技术的源代码安全审查模型.在代码的安全审查过程中,利用可信计算的可信度量原理的审查方法,结合运用安全操作系统的访问控制机制,检测出源代码中可能不符合可信计算理论的系统资源访问,防止主体触发来源不可信或已被篡改的代码,从而实现对各种已知和未知恶意代码的防御,让最终的代码在运行时符合可信计算标准.该模型通过将不同的软件进行类型分级,从而确定不同软件对系统资源的不同使用权限.使用文中规范开发的代码遵循可信计算标准,可以杜绝恶意代码对系统资源的不安全访问.     

面向数据库的化工软件集成环境的设计

对于化工领域,用户若能够在一个软件集成环境上对现有的化工软件进行集成,则可以很大程度上节省用户软件二次开发或掌握集成技术所耗费的人力物力。本文试图研究开发一种化工软件集成的环境。利用Windows自身的特点,以及其管理应用程序的一般方法,设计了化工软件的集成环境。该集成环境由界面集成模块、代码集成模块、数据集成模块和数据库管理子系统4个模块组成,对于4个模块分别给出了界面集成策略、代码集成策略、数据集成策略、数据库和数据库管理子系统的建立策略。     

代码自然性及其应用研究进展

代码自然性(code naturalness)研究是自然语言处理领域和软件工程领域共同的研究热点之一,旨在通过构建基于自然语言处理技术的代码自然性模型,以解决各种软件工程任务.近年来,随着开源软件社区中源代码和数据规模的不断扩大,越来越多的研究人员注重钻研源代码中蕴藏的信息,并且取得了一系列研究成果.但与此同时,代码自然性研究在代码语料库构建、模型构建和任务应用等环节面临许多挑战.鉴于此,从代码自然性技术的代码语料库构建、模型构建和任务应用等方面对近年来代码自然性研究及应用进展进行梳理和总结.主要内容包括:(1)介绍了代码自然性的基本概念及其研究概况;(2)归纳目前代码自然性研究的语料库,并对代码自然性模型建模方法进行分类与总结;(3)总结代码自然性模型的实验验证方法和模型评价指标;(4)总结并归类了目前代码自然性的应用现状;(5)归纳代码自然性技术的关键问题;(6)展望代码自然性技术的未来发展.     

VR-Rides: An object-oriented application framework for immersive virtual reality exergames

Exercise can improve health and well-being. With this in mind, immersive virtual reality (VR) games are being developed to promote physical activity, and are generally evaluated through user studies. However, building such applications is time consuming and expensive. This paper introduces VR-Rides, an object-oriented application framework focused on the development of experiment-oriented VR exergames. Following the modular programming pattern, this framework facilitates the integration of different hardware (such as VR devices, sensors, and physical activity devices) within immersive VR experiences that overlay game narratives on Google Street View panoramas. Combining software engineering and interaction patterns, modules of VR-Rides can be easily added and managed in the Unity game engine. We evaluate the code efficiency and development effort across our VR exergames developed using VR-Rides. The reliability, maintainability, and usability of our framework are also demonstrated via code metrics analysis and user studies. The results show that investing in a systematic approach to reusing code and design can be a worthwhile effort for researchers beyond software engineering.     

Experiment with control code obfuscation

Control code obfuscation is intended to prevent malicious reverse engineering of software by masking the program control flow. The idea for further advancing the state of the art was presented in 2000 by WANG C. An obfuscating system for Java based on the ideas of WANG C is implemented and experimented. The experiment results show that obfuscation can be done efficiently with moderate increases in code size, execution times, while making the obfuscated code resilient to a variety of reverse engineering attacks.     

Using component metadata to regression test component‐based software

Increasingly, modern‐day software systems are being built by combining externally‐developed software components with application‐specific code. For such systems, existing program‐analysis‐based software engineering techniques may not directly apply, due to lack of information about components. To address this problem, the use of component metadata has been proposed. Component metadata are metadata and metamethods provided with components, that retrieve or calculate information about those components. In particular, two component‐metadata‐based approaches for regression test selection are described: one using code‐based component metadata and the other using specification‐based component metadata. The results of empirical studies that illustrate the potential of these techniques to provide savings in re‐testing effort are provided. Copyright © 2006 John Wiley & Sons, Ltd.     

基于Java代码重用性的研究

尽管代码重用性受到了垢病,但在Java应用开发中,代码重用技术还是得到了越来越多的软件工程师的重视,因为对于某些代码的重用不仅能够使得程序变得更加简练、清晰和易于维护,而且更重要的是可以节约软件开发的成本。提高软件生产的效率,同时还能够增加代码的可靠性和增强被重用代码与系统函数的其他部分的一致性。文章就这一问题对在Java应用开发中代码重用的优劣进行了深入分析,并提出了几个相关的重用代码的解决策略。