开源软件库中文件修改的统计特性:案例分析

开源软件的开放合作模式有望改变传统的软件开发方式,挖掘SVN(Subversion)代码库中文件的版本变化规律,有助于发现潜在缺陷,从而改善软件质量。以两个面向对象开源软件为例,发现其中的类文件修改次数大致服从幂率分布,并且修改次数多的类,其相邻版本间内容的修改量也大致服从幂率分布;此外,类的修改次数与代码行数和导入类的个数呈明显的正相关性,表明类的功能和结构倾向于变得更复杂。案例分析的发现有望为研究开源软件的演化规律、重构时间点的选择以及维护任务的分配等提供新的思路。     

Exploring the relationship of a file’s history and its fault-proneness: An empirical method and its application to open source programs

ContextThe knowledge about particular characteristics of software that are indicators for defects is very valuable for testers because it helps them to focus the testing effort and to allocate their limited resources appropriately.ObjectiveIn this paper, we explore the relationship between several historical characteristics of files and their defect count.MethodFor this purpose, we propose an empirical approach that uses statistical procedures and visual representations of the data in order to determine indicators for a file’s defect count. We apply this approach to nine open source Java projects across different versions.ResultsOnly 4 of 9 programs show moderate correlations between a file’s defects in previous and in current releases in more than half of the analysed releases. In contrast to our expectations, the oldest files represent the most fault-prone files. Additionally, late changes correlate with a file’s defect count only partly. The number of changes, the number of distinct authors performing changes to a file as well as the file’s age are good indicators for a file’s defect count in all projects.ConclusionOur results show that a software’s history is a good indicator for ist quality. We did not find one indicator that persists across all projects in an equal manner. Nevertheless, there are several indicators that show significant strong correlations in nearly all projects: DA (number of distinct authors) and FC (frequency of change). In practice, for each software, statistical analyses have to be performed in order to evaluate the best indicator(s) for a file’s defect count.     

USB移动存储器备份工具的设计与实现

为了自动地完成USB移动存储器上备份文件的更新,介绍了一种USB移动存储器备份工具的设计与实现,给出了USB接口监测的源代码和备份文件的更新算法。该方法克服了人工方式更新移动存储器上过时的副本,费时费力,可能会遗漏某些文件的更新之缺点,简化了文件备份过程,提高了文件备份的效率。     

利用Wireshark软件进行信令分析

Wireshark软件是开源软件中应用最广的一种信令分析软件,支持众多的信令协议。PCAP文件格式是一种通用的封包存储格式,这个格式的文件可以被Wireshark软件直接读取。在分析PCAP文件格式的基础上,通过构建数据文件,可以利用Wireshark软件对已有的信令数据进行信令分析。分析结果可以用于科学研究和工程实践,避免了手工分解信令数据时的低效率,提高了工作的时效性。     

The limited impact of individual developer data on software defect prediction

Previous research has provided evidence that a combination of static code metrics and software history metrics can be used to predict with surprising success which files in the next release of a large system will have the largest numbers of defects. In contrast, very little research exists to indicate whether information about individual developers can profitably be used to improve predictions. We investigate whether files in a large system that are modified by an individual developer consistently contain either more or fewer faults than the average of all files in the system. The goal of the investigation is to determine whether information about which particular developer modified a file is able to improve defect predictions. We also extend earlier research evaluating use of counts of the number of developers who modified a file as predictors of the file’s future faultiness. We analyze change reports filed for three large systems, each containing 18 releases, with a combined total of nearly 4 million LOC and over 11,000 files. A buggy file ratio is defined for programmers, measuring the proportion of faulty files in Release R out of all files modified by the programmer in Release R-1. We assess the consistency of the buggy file ratio across releases for individual programmers both visually and within the context of a fault prediction model. Buggy file ratios for individual programmers often varied widely across all the releases that they participated in. A prediction model that takes account of the history of faulty files that were changed by individual developers shows improvement over the standard negative binomial model of less than 0.13% according to one measure, and no improvement at all according to another measure. In contrast, augmenting a standard model with counts of cumulative developers changing files in prior releases produced up to a 2% improvement in the percentage of faults detected in the top 20% of predicted faulty files. The cumulative number of developers interacting with a file can be a useful variable for defect prediction. However, the study indicates that adding information to a model about which particular developer modified a file is not likely to improve defect predictions.     

The impact of tangled code changes on defect prediction models

When interacting with source control management system, developers often commit unrelated or loosely related code changes in a single transaction. When analyzing version histories, such tangled changes will make all changes to all modules appear related, possibly compromising the resulting analyses through noise and bias. In an investigation of five open-source Java projects, we found between 7 % and 20 % of all bug fixes to consist of multiple tangled changes. Using a multi-predictor approach to untangle changes, we show that on average at least 16.6 % of all source files are incorrectly associated with bug reports. These incorrect bug file associations seem to not significantly impact models classifying source files to have at least one bug or no bugs. But our experiments show that untangling tangled code changes can result in more accurate regression bug prediction models when compared to models trained and tested on tangled bug datasets—in our experiments, the statistically significant accuracy improvements lies between 5 % and 200 %. We recommend better change organization to limit the impact of tangled changes.     

方法级别的细粒度软件缺陷定位方法

当软件缺陷报告在跟踪系统中被指派给开发人员进行缺陷修复之后,缺陷修复人员就需要根据提交的缺陷报告来进行软件缺陷定位,并做出相应的代码变更,以修复该软件缺陷.在缺陷修复的整个过程中,软件缺陷定位占用了开发人员大量的时间.提出了一种方法级别的细粒度软件缺陷定位方法MethodLocator,以提高软件修复人员的工作效率.MethodLocator首先对缺陷报告和源代码方法体利用词向量（word2vec）和TF-IDF结合的方法进行向量表示;然后,根据源代码文件中方法体之间的相似度对方法体进行扩充;最后,通过对扩充后的方法体和缺陷报告计算其余弦距离并排序,来定位为修复软件缺陷所需做出变更的方法.在4个开源软件项目ArgoUML、Ant、Maven和Kylin上的实验结果表明,MethodLocator方法优于现有的缺陷定位方法,它能够有效地将软件缺陷定位到源代码的方法级别上.     

基于有序哈希链的文件数据同步方法

针对现有文件数据同步传输方法效率低、局部更新困难的问题,提出一种哈希链构建及文件数据同步方法。将C/S架构中服务器端文件或目录的变化作为一系列哈希节点,根据时间先后顺序,通过哈希函数迭代文件或目录的哈希值,形成能够记录文件库所有操作状态的有序哈希链。客户端只需根据哈希链节点执行相同文件操作并进行同步更新,而不需要对每个文件数据进行同步认证,确保文件库的完整性、不可抵赖性、可溯源性和防篡改性。采用有序哈希链的同步方法对不同终端进行文件数据差异监视和一致性检测,以快速获取文件变化并进行逻辑同步。实验结果表明,该方法在文件库未变动模式下的平均同步加速比为94.85%,在文件库变动的模式下,相较于“quick check”策略和常规策略的Rsync算法,平均同步加速比分别为6.5%和69.99%。有效地减少了同步过程中时间和资源的消耗。     

Identifying and understanding header file hotspots in C/C++ build processes

Software developers rely on a fast build system to incrementally compile their source code changes and produce modified deliverables for testing and deployment. Header files, which tend to trigger slow rebuild processes, are most problematic if they also change frequently during the development process, and hence, need to be rebuilt often. In this paper, we propose an approach that analyzes the build dependency graph (i.e., the data structure used to determine the minimal list of commands that must be executed when a source code file is modified), and the change history of a software system to pinpoint header file hotspots—header files that change frequently and trigger long rebuild processes. Through a case study on the GLib, PostgreSQL, Qt, and Ruby systems, we show that our approach identifies header file hotspots that, if improved, will provide greater improvement to the total future build cost of a system than just focusing on the files that trigger the slowest rebuild processes, change the most frequently, or are used the most throughout the codebase. Furthermore, regression models built using architectural and code properties of source files can explain 32–57 % of these hotspots, identifying subsystems that are particularly hotspot-prone and would benefit the most from architectural refinement.     

Dynamic analysis of Java program concepts for visualization and profiling

Concept assignment identifies units of source code that are functionally related, even if this is not apparent from a syntactic point of view. Until now, the results of concept assignment have only been used for static analysis, mostly of program source code. This paper investigates the possibility of using concept information within a framework for dynamic analysis of programs. The paper presents two case studies involving a small Java program used in a previous research exercise, and a large Java virtual machine (the popular Jikes RVM system). These studies investigate two applications of dynamic concept information: visualization and profiling. The paper demonstrates two different styles of concept visualization, which show the proportion of overall time spent in each concept and the sequence of concept execution, respectively. The profiling study concerns the interaction between runtime compilation and garbage collection in Jikes RVM. For some benchmark cases, we are able to obtain a significant reduction in garbage collection time. We discuss how this phenomenon might be harnessed to optimize the scheduling of garbage collection in Jikes RVM.     

Analysis of file usage in personal computer environments

This paper discusses collection, analysis and interpretation of data pertaining to files in personal computer (PC) environments. We developed programs to collect and analyze data from PCs running the OS/2¹ operating system and using the High Performance File System (HPFS). The data collection program gathers the information about file sizes, the times and dates of file creation, the last file access, and the last file update by scanning the contents of disk storage devices. The gathered information is used to analyze the distributions of file sizes, functional file lifetimes, and functional lifetimes of file's data. The analysis shows that: most files are small (more than 60% of files on a system are smaller than 8 Kbytes), about 60% of files on a system have never been accessed again after being created and very few files are ever modified. Recommended by: N. Boudriga     

Comparing the effectiveness of several modeling methods for fault prediction

We compare the effectiveness of four modeling methods—negative binomial regression, recursive partitioning, random forests and Bayesian additive regression trees—for predicting the files likely to contain the most faults for 28 to 35 releases of three large industrial software systems. Predictor variables included lines of code, file age, faults in the previous release, changes in the previous two releases, and programming language. To compare the effectiveness of the different models, we use two metrics—the percent of faults contained in the top 20% of files identified by the model, and a new, more general metric, the fault-percentile-average. The negative binomial regression and random forests models performed significantly better than recursive partitioning and Bayesian additive regression trees, as assessed by either of the metrics. For each of the three systems, the negative binomial and random forests models identified 20% of the files in each release that contained an average of 76% to 94% of the faults.     

基于Linux的CPLD在系统升级驱动程序设计

论述了通过微控制器实现CPLD在系统升级的方法。以AT91SAM9260CPU为硬件平台,以Linux2.6.30内核为系统软件平台,基于Xilinx官方JTAG状态机实现源码,编写了CPLD在系统升级的Linux驱动程序。并将驱动以模块加载的方式成功加载进了Linux内核。编写驱动测试程序并调试,结果表明,系统能正常执行xsvf文件,实现在系统升级CPLD。     

Multimedia file forensics system exploiting file similarity search

With the fast increase of multimedia contents, efficient forensics investigation methods for multimedia files have been required. In multimedia files, the similarity means that the identical media (audio and video) data are existing among multimedia files. This paper proposes an efficient multimedia file forensics system based on file similarity search of video contents. The proposed system needs two key techniques. First is a media-aware information detection technique. The first critical step for the similarity search is to find the meaningful keyframes or key sequences in the shots through a multimedia file, in order to recognize altered files from the same source file. Second is a video fingerprint-based technique (VFB) for file similarity search. The byte for byte comparison is an inefficient similarity searching method for large files such as multimedia. The VFB technique is an efficient method to extract video features from the large multimedia files. It also provides an independent media-aware identification method for detecting alterations to the source video file (e.g., frame rates, resolutions, and formats, etc.). In this paper, we focus on two key challenges: to generate robust video fingerprints by finding meaningful boundaries of a multimedia file, and to measure video similarity by using fingerprint-based matching. Our evaluation shows that the proposed system is possible to apply to realistic multimedia file forensics tools.

     

支持动态授权和文件评价的访问控制机制

针对传统的访问控制方法不支持动态授权和文件评价、且存在恶意再分享隐患,设计了一种支持动态授权和文件评价的访问控制机制(DAFE-AC)。DAFE-AC采用的动态授权机制能够对已授权用户进行实时监控,保证了用户之间的相互监督;采用的文件评价机制可以支持文件解锁阈值的动态更新。基于Hash/索引数据库,DAFE-AC确保了文件在系统中的唯一性。在DAFE-AC中,用户授权值会随着其他用户行为动态变化,且用户可以通过对文件进行评价以消除恶意再分享。     

基于多粒度语义分析的二进制漏洞搜索方法

二进制文件相似度检测旨在通过比较来自不同平台、编译器、优化配置甚至是不同软件版本的2个二进制文件的相似程度来判断二者是否高度相似,其中二进制漏洞搜索为其在信息安全领域的应用之一。二进制漏洞的产生为现代软件应用带来了诸多问题,如操作系统易受攻击、隐私信息易被窃取等。二进制漏洞产生的主要原因是软件开发过程中进行了代码复用却没有进行严格的监管。据此,提出了一种基于多粒度语义特征分析的二进制漏洞搜索方法Taurus,该方法通过3种粒度的语义特征来搜索跨平台的潜在二进制漏洞。给定待检测二进制文件和漏洞数据库,需要对其与漏洞数据库中的每个二进制漏洞进行逐一搜索。首先,分别对2个二进制文件进行语义提取,以获取二者在基本块、函数和模块3个粒度下的语义特征,并执行相似度计算;然后,整合3种粒度下语义特征的相似度,以计算3种文件的整体相似度得分;最后,将待检测二进制文件与漏洞数据库中所有漏洞的相似度得分结果进行降序排序,便获得了该二进制文件的搜索结果报告。经过合理配置下的实验对比,结果表明, Taurus方法在准确性方面要优于基线方法。     

基于ADVISOR的电动拖拉机仿真系统开发与应用

考虑到电动拖拉机样车研发的需要,针对由美国可再生能源试验室开发的ADVISOR仿真软件存在的不足,对该软件进行了二次开发.通过建立电动拖拉机整车模型以及变速箱控制模型,增加各模块的数据文件,修改相应配置文件,建立了电动拖拉机仿真系统.利用建立的电动拖拉机仿真系统,以某电动拖拉机为研究对象,对其在运输作业工况下的整车性能进行了仿真分析.结果表明,所建立的电动拖拉机仿真系统能够预测整车性能,为样车的研发提供技术支持.     

基于.NET的视频点播系统的设计与实现

介绍了一种新的基于.NET的视频点播系统的开发方法。采用Browser/Server模式、完整的三层结构设计，使用C#语言编写程序，提供了一套多用户并发访问的视频点播解决方案，支持文件分类、支持客户端的自动更新。介绍了大容量文件的上传方法、视频播放器的嵌入技术以及文件管理办法，实现了解码器主动下载更新和文件在不同磁盘或不同服务器间的分布式存储。不但支持目前主流的流媒体格式文件，而且还支持PPT、Flash等其它格式文件的上传和播放。