Semi-automated architectural abstraction specifications for supporting software evolution

In this paper we present an approach for supporting the semi-automated architectural abstraction of architectural models throughout the software life-cycle. It addresses the problem that the design and implementation of a software system often drift apart as software systems evolve, leading to architectural knowledge evaporation. Our approach provides concepts and tool support for the semi-automatic abstraction of architecture component and connector views from implemented systems and keeping the abstracted architecture models up-to-date during software evolution. In particular, we propose architecture abstraction concepts that are supported through a domain-specific language (DSL). Our main focus is on providing architectural abstraction specifications in the DSL that only need to be changed, if the architecture changes, but can tolerate non-architectural changes in the underlying source code. Once the software architect has defined an architectural abstraction in the DSL, we can automatically generate architectural component views from the source code using model-driven development (MDD) techniques and check whether architectural design constraints are fulfilled by these models. Our approach supports the automatic generation of traceability links between source code elements and architectural abstractions using MDD techniques to enable software architects to easily link between components and the source code elements that realize them. It enables software architects to compare different versions of the generated architectural component view with each other. We evaluate our research results by studying the evolution of architectural abstractions in different consecutive versions of five open source systems and by analyzing the performance of our approach in these cases.     

The accuracy of dependency analysis in static architecture compliance checking

Architecture compliance checking (ACC) is an approach to verify conformance of implemented program code to high‐level models of architectural design. Static ACC focuses on the modular software architecture and on the existence of rule violating dependencies between modules. Accurate tool support is essential for effective and efficient ACC. This paper presents a study on the accuracy of ACC tools regarding dependency analysis and violation reporting. Ten tools were tested and compared by means of a custom‐made benchmark. The Java code of the benchmark testware contains 34 different types of dependencies, which are based on an inventory of dependency types in object oriented program code. In a second test, the code of open source system FreeMind was used to compare the 10 tools on the number of reported rule violating dependencies and the exactness of the dependency and violation messages. On the average, 77% of the dependencies in our custom‐made test software were reported, while 72% of the dependencies within a module of FreeMind were reported. The results show that all tools in the test could improve the accuracy of the reported dependencies and violations, though large differences between the 10 tools were observed. We have identified 10 hard‐to‐detect types of dependencies and four challenges in dependency detection. The relevance of our findings is substantiated by means of a frequency analysis of the hard‐to‐detect types of dependencies in five open source systems. © 2016 The Authors. Software: Practice and Experience Published by John Wiley & Sons, Ltd.     

Knowledge based quality-driven architecture design and evaluation

Modelling and evaluating quality properties of software is of high importance, especially when our every day life depends on the quality of services produced by systems and devices embedded into our surroundings. This paper contributes to the body of research in quality and model driven software engineering. It does so by introducing; (1) a quality aware software architecting approach and (2) a supporting tool chain. The novel approach with supporting tools enables the systematic development of high quality software by merging benefits of knowledge modelling and management, and model driven architecture design enhanced with domain-specific quality attributes. The whole design flow of software engineering is semi-automatic; specifying quality requirements, transforming quality requirements to architecture design, representing quality properties in architectural models, predicting quality fulfilment from architectural models, and finally, measuring quality aspects from implemented source code. The semi-automatic design flow is exemplified by the ongoing development of a secure middleware for peer-to-peer embedded systems.     

Ada System Dependency Analyzer tool

A major thrust of modern software engineering methods, languages, and tools is to promote software visibility and to present information about the underlying software architecture. With large, complex software systems, automated tools are indispensable for identifying the architectural components, the structure that interconnects them, and other subtle dependencies. This article describes the construction of an Ada System Dependency Analyzer (SDA), a software architecture analysis tool that generates a quantitative snapshot of an Ada application's software architecture. The SDA can process thousands of Ada source files during a single run and report on them as a group of files comprising a single Ada system. Our SDA tool identifies Ada source code dependencies on COTS products such as operating systems, compilers, the X Window System, and on routines written in other languages, and can thus predict software portability and reliability problems. It rapidly and accurately processes 24,000 lines of code per minute (a time-consuming, if not impossible, operation if done manually) and has successfully processed more than seven million lines of code in eight complex systems. Although originally developed for Ada, our methods and the technology we adopted will let us construct analogous tools for other programming languages such as C, C++, Cobol; and PL/I     

A field study of how developers locate features in source code

Our current understanding of how programmers perform feature location during software maintenance is based on controlled studies or interviews, which are inherently limited in size, scope and realism. Replicating controlled studies in the field can both explore the findings of these studies in wider contexts and study new factors that have not been previously encountered in the laboratory setting. In this paper, we report on a field study about how software developers perform feature location within source code during their daily development activities. Our study is based on two complementary field data sets: one that reflects complete IDE activity of 67 professional developers over approximately one month, and the other that reflects usage of an IR-based code search tool by nearly 600 developers. Analyzing this data, we report results on how often developers use which type of code search tools, on the types of queries and retreival strategies used by developers, and on patterns of developer feature location behavior following code search. The results of the study suggest that there is (1) a need for helping developers to devise better code search queries; (2) a lack of adoption of niche code search tools; (3) a need for code search tool to handle both lookup and exploratory queries; and (4) a need for better integration between code search, structured navigation, and debugging tools in feature location tasks.     

JavaScript静态切片工具

程序切片是一种传统的程序分析方法：通过去掉无关代码,获取可能影响某行代码的子集。程序切片在程序理解、软件测试和程序调试等众多领域有着广泛的应用。随着互联网技术的发展,JavaScript语言得到广泛应用,但针对该语言的切片工具非常有限。本文针对JavaScript语言的特殊性,提出一种基于程序依赖图的JavaScript程序切片算法,并基于WALA程序分析框架实现了该切片算法。试验结果表明,本文的切片算法可以得到较为理想的切片结果。试验中切片平均大小约为原程序代码的70%,较手工切片仅有约19%冗余。     

基于多特征的静态软件胎记提取算法

针对使用现有软件胎记进行程序抄袭检测结果不准确的问题,提出一种新的静态软件胎记提取算法。该算法产生的程序胎记由软件的两个方面特征综合生成。算法对源程序和可疑程序进行预处理得到程序元信息,然后通过元信息获取程序的应用程序接口（API）调用集合和指令序列作为两个特征,综合这两项特征生成软件胎记;接着,计算源程序与可疑程序的软件胎记之间的相似度,通过相似度判定两程序之间是否存在抄袭行为。实验验证了该算法得到的软件胎记具有可信性和弹性,与传统的k-gram软件胎记相比更具有弹性。     

代码质量静态度量的研究与应用

代码质量度量是软件质量分析的一个重要研究方向。静态分析方法因其具有成本低、容易实现而且不依赖于程序特定的运行环境的优点,在当前软件网络化、服务化的趋势下倍受关注。针对Java代码质量度量进行研究,使用Ant工具整合各种开源的静态测试工具,并制定基于静态分析的Java代码质量综合评价方案,可支持包括代码规模、规范性、可维护性、可扩展性和潜在危险等方面的综合检测,为项目的开发者、管理者和使用者提供了实用的代码质量评价方法。     

How Software Developers Use Tagging to Support Reminding and Refinding

Developers frequently add annotations to source code to help them remember pertinent information and mark locations of interest for future investigation. Finding and refinding these notes is a form of navigation that is integral to software maintenance. Although there is some tool support in modern development environments for authoring and navigating these comments, we have observed that these annotations often fail to remind and are sometimes difficult to find by the programmer. To address these shortcomings, we have designed a new approach for software navigation called Tags for Software Engineering Activities (TagSEA). TagSEA combines the notion of waypointing (a mechanism for marking locations in spatial navigation) with social tagging to support programmers in defining semantically rich annotations to source code comments. The tool provides support for creating, editing, navigating, and managing these annotations. We present the results from two empirical studies, where we observed and then analyzed how professional programmers used source code annotations to support their development activities over 24 months. Our findings indicate that the addition of semantic information to annotations can improve their value. We also provide suggestions on how annotation tools in general may be improved.     

An Exploratory Study of How Developers Seek, Relate, and Collect Relevant Information during Software Maintenance Tasks

Much of software developers' time is spent understanding unfamiliar code. To better understand how developers gain this understanding and how software development environments might be involved, a study was performed in which developers were given an unfamiliar program and asked to work on two debugging tasks and three enhancement tasks for 70 minutes. The study found that developers interleaved three activities. They began by searching for relevant code both manually and using search tools; however, they based their searches on limited and misrepresentative cues in the code, environment, and executing program, often leading to failed searches. When developers found relevant code, they followed its incoming and outgoing dependencies, often returning to it and navigating its other dependencies; while doing so, however, Eclipse's navigational tools caused significant overhead. Developers collected code and other information that they believed would be necessary to edit, duplicate, or otherwise refer to later by encoding it in the interactive state of Eclipse's package explorer, file tabs, and scroll bars. However, developers lost track of relevant code as these interfaces were used for other tasks, and developers were forced to find it again. These issues caused developers to spend, on average, 35 percent of their time performing the mechanics of navigation within and between source files. These observations suggest a new model of program understanding grounded in theories of information foraging and suggest ideas for tools that help developers seek, relate, and collect information in a more effective and explicit manner     

A query algebra for program databases

Querying source code is an essential aspect of a variety of software engineering tasks such as program understanding, reverse engineering, program structure analysis and program flow analysis. In this paper, we present and demonstrate the use of an algebraic source code query technique that blends expressive power with query compactness. The query framework of Source Code Algebra (SCA) permits users to express complex source code queries and views as algebraic expressions. Queries are expressed on an extensible, object-oriented database that stores program source code. The SCA algebraic approach offers multiple benefits such as an applicative query language, high expressive power, seamless handling of structural and flow information, clean formalism and potential for query optimization. We present a case study where SCA expressions are used to query a program in terms of program organization, resource flow, control flow, metrics and syntactic structure. Our experience with an SCA-based prototype query processor indicates that an algebraic approach to source code queries combines the benefits of expressive power and compact query formulation     

A language-independent approach to the extraction of dependencies between source code entities

ContextSoftware networks are directed graphs of static dependencies between source code entities (functions, classes, modules, etc.). These structures can be used to investigate the complexity and evolution of large-scale software systems and to compute metrics associated with software design. The extraction of software networks is also the first step in reverse engineering activities.ObjectiveThe aim of this paper is to present SNEIPL, a novel approach to the extraction of software networks that is based on a language-independent, enriched concrete syntax tree representation of the source code.MethodThe applicability of the approach is demonstrated by the extraction of software networks representing real-world, medium to large software systems written in different languages which belong to different programming paradigms. To investigate the completeness and correctness of the approach, class collaboration networks (CCNs) extracted from real-world Java software systems are compared to CCNs obtained by other tools. Namely, we used Dependency Finder which extracts entity-level dependencies from Java bytecode, and Doxygen which realizes language-independent fuzzy parsing approach to dependency extraction. We also compared SNEIPL to fact extractors present in language-independent reverse engineering tools.ResultsOur approach to dependency extraction is validated on six real-world medium to large-scale software systems written in Java, Modula-2, and Delphi. The results of the comparative analysis involving ten Java software systems show that the networks formed by SNEIPL are highly similar to those formed by Dependency Finder and more precise than the comparable networks formed with the help of Doxygen. Regarding the comparison with language-independent reverse engineering tools, SNEIPL provides both language-independent extraction and representation of fact bases.ConclusionSNEIPL is a language-independent extractor of software networks and consequently enables language-independent network-based analysis of software systems, computation of design software metrics, and extraction of fact bases for reverse engineering activities.     

On the Automatic Recovery of Style-Specific Architectural Relations in Software Systems

The cost of maintaining a software system over a long period of time far exceeds its initial development cost. Much of the maintenance cost is attributed to the time required by new developers to understand legacy systems. High-level structural information helps maintainers navigate through the numerous low-level components and relations present in the source code. Modularization tools can be used to produce subsystem decompositions from the source code but do not typically produce high-level architectural relations between the newly found subsystems. Controlling subsystem interactions is one important way in which the overall complexity of software maintenance can be reduced.We have developed a tool, called ARIS (Architecture Relation Inference System), that enables software engineers to define rules and relations for regulating subsystem interactions. These rules and relations are called Interconnection Styles and are definedusing a visual notation. The style definition is used by our tool to infer subsystem-level relations in designs being reverse engineered from source code.In this paper we describe our tool and its underlying techniques and algorithms. Using a case study, we describe how ARIS is used to reverse engineer high-level structural information from a real application.     

基于代码属性图及注意力双向LSTM的漏洞挖掘方法

随着信息安全愈发严峻的趋势,软件漏洞已成为计算机安全的主要威胁之一.如何准确地挖掘程序中存在的漏洞,是信息安全领域的关键问题.然而,现有的静态漏洞挖掘方法在挖掘漏洞特征不明显的漏洞时准确率明显下降.一方面,基于规则的方法通过在目标源程序中匹配专家预先定义的漏洞模式挖掘漏洞,其预定义的漏洞模式较为刻板单一,无法覆盖到细节特征,导致其存在准确率低、误报率高等问题;另一方面,基于学习的方法无法充分地对程序源代码的特征信息进行建模,并且无法有效地捕捉关键特征信息,导致其在面对漏洞特征不明显的漏洞时,无法准确地进行挖掘.针对上述问题,提出了一种基于代码属性图及注意力双向LSTM的源码级漏洞挖掘方法.该方法首先将程序源代码转换为包含语义特征信息的代码属性图,并对其进行切片以剔除与敏感操作无关的冗余信息;其次,使用编码算法将代码属性图编码为特征张量;然后,利用大规模特征数据集训练基于双向LSTM和注意力机制的神经网络;最后,使用训练完毕的神经网络实现对目标程序中的漏洞进行挖掘.实验结果显示,在SARD缓冲区错误数据集、SARD资源管理错误数据集及它们两个C语言程序构成的子集上,该方法的F1分数分别达到了82.8%,77.4%,82.5%和78.0%,与基于规则的静态挖掘工具Flawfinder和RATS以及基于学习的程序分析模型TBCNN相比,有显著的提高.     

A framework for source code search using program patterns

For maintainers involved in understanding and reengineering large software, locating source code fragments that match certain patterns is a critical task. Existing solutions to the problem are few, and they either involve manual, painstaking scans of the source code using tools based on regular expressions, or the use of large, integrated software engineering environments that include simple pattern-based query processors in their toolkits. We present a framework in which pattern languages are used to specify interesting code features. The pattern languages are derived by extending the source programming language with pattern-matching symbols. We describe SCRUPLE, a finite state machine-based source code search tool, that efficiently implements this framework. We also present experimental performance results obtained from a SCRUPLE prototype, and the user interface of a source code browser built on top of SCRUPLE     

An Approach for Recovering Distributed System Architectures

Reasoning about software systems at the architectural level is key to effective software development, management, evolution and reuse. All too often, though, the lack of appropriate documentation leads to a situation where architectural design information has to be recovered directly from implemented software artifacts. This is a very demanding process, particularly when involving recovery of runtime abstractions (clients, servers, interaction protocols, etc.) that are typical to the design of distributed software systems. This paper presents an exploratory reverse engineering approach, called X-ray, to aid programmers in recovering architectural runtime information from a distributed system's existing software artifacts. X-ray comprises three domain-based static analysis techniques, namely component module classification, syntactic pattern matching, and structural reachability analysis. These complementary techniques can facilitate the task of identifying a distributed system's implemented executable components and their potential runtime interconnections. The component module classification technique automatically distinguishes source code modules according to the executables components they implement. The syntactic pattern matching technique in turn helps to recognise specific code fragments that may implement typical component interaction features. Finally, the structural reachability analysis technique aids in the association of those features to the code specific for each executable component. The paper describes and illustrates the main concepts underlying each technique, reports on their implementation as a suit of new and off-the-shelf tools, and, to give evidence of the utility of the approach, provides a detailed account of a successful application of the three techniques to help recover a static approximation of the runtime architecture for Field, a publicly-available distributed programming environment.     

基于复杂网络分析的软件高危缺陷评估方法

为了评估软件缺陷的风险,提出了一种基于复杂网络分析的软件缺陷评估方法。该方法首先用一个网络模型表达程序实体之间的关系,将源代码中的方法抽象为节点,方法间的调用关系抽象为有向边,以此构造程序源代码网络;然后分别用介数算法和PageRank算法计算造成软件缺陷的方法节点在源代码全局网络中的地位,由此评估缺陷的风险高低。实验结果表明,该方法在评估内部高危缺陷时有较好的效果,有助于提高软件开发维护人员对一些隐蔽高危缺陷的关注度,进而为后续修复缺陷与软件演化提供有益的线索。     

χSuds-SDL: A Tool for Testing Software Architecture Specifications

Available statistical data shows that the cost of repairing software faults rises dramatically in later development stages. In particular, the new technology of generating implementation code from architectural specifications requires highly reliable designs. Much research has been done at this stage using verification and validation techniques to prove correctness in terms of certain properties. A prominent approach of this category is model checking (Atlee, J.M., and Gannon, J. 1993. State-based model checking of event-driven systems requirements. IEEE Trans. Software Eng., 19(1): 24–40.) Such approaches and the approach of software testing are complementary. Testing reveals some errors that cannot be easily identified through verification, and vice versa. This paper presents the technology and the accompanying tool suite to the testing of software architecture specifications. We apply our state-of-the-art technology in software coverage testing, program diagnosis and understanding to software architectural designs. Our technology is based on both the control flow and the data flow of the executable architectural specifications. It first generates a program flow diagram from the specification and then automatically analyses the coverage features of the diagram. It collects the corresponding flow data during the design simulation to be mapped to the flow diagram. The coverage information for the original specification is then obtained from the coverage information of the flow diagram. This technology has been used for C, C++, and Java, and has proven effective (Agrawal, H., Alberti, J., Li, J.J., et al. 1998. Mining system tests to aid software maintenance, IEEE Computer July, pp. 64–73.)