Workshop WRT 2011 – Author Index |
Contents -
Abstracts -
Authors
|
Abadi, Aharon |
WRT '11: "Code-Motion for API Migration: ..."
Code-Motion for API Migration: Fixing SQL Injection Vulnerabilities in Java
Aharon Abadi, Yishai A. Feldman, and Mati Shomrat (IBM Research Haifa, Israel; Tel Aviv University, Israel) Refactoring often requires the reordering of code fragments; such is the case when migrating from one API to another. Performing such reordering manually is complex and error-prone. A specific example in the security domain involves database query execution, in which some of the parameters come from untrusted sources. In Java, the Statement API provides opportunities for SQL injection attacks. The recommended remedy is to replace it with the secure PreparedStatement API; however, that sometimes requires changing the order in which the query is built. We present an algorithm that performs this migration, moving code as necessary to preserve functionality while changing the structure of the original code as little as possible. @InProceedings{WRT11p1, author = {Aharon Abadi and Yishai A. Feldman and Mati Shomrat}, title = {Code-Motion for API Migration: Fixing SQL Injection Vulnerabilities in Java}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {1--7}, doi = {}, year = {2011}, } |
|
Arcoverde, Roberta |
WRT '11: "Understanding the Longevity ..."
Understanding the Longevity of Code Smells: Preliminary Results of an Explanatory Survey
Roberta Arcoverde, Alessandro Garcia, and Eduardo Figueiredo (PUC-Rio, Brazil; UFMG, Brazil) There is growing empirical evidence that some (patterns of) code smells seem to be, either deliberately or not, ignored. More importantly, there is little knowledge about the factors that are likely to influence the longevity of smell occurrences in software projects. Some of them might be related to limitations of tool support, while others do not. This paper presents the preliminary results of an explanatory survey aimed at understanding better the longevity of code smells in software projects. A questionnaire was elaborated and distributed to developers, and 33 answers were collected up to now. Our initial observations reveal, for instance, that smell removal with refactoring tools is often avoided when maintaining frameworks or product lines. @InProceedings{WRT11p5, author = {Roberta Arcoverde and Alessandro Garcia and Eduardo Figueiredo}, title = {Understanding the Longevity of Code Smells: Preliminary Results of an Explanatory Survey}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {5--8}, doi = {}, year = {2011}, } |
|
Borg, Rodrick |
WRT '11: "Automated Acceptance Test ..."
Automated Acceptance Test Refactoring
Rodrick Borg and Martin Kropp (UAS Northwestern Switzerland) With the increasing popularity of agile software development and Test-Driven-Development, also maintenance of acceptance test has become an important issue. In this paper, we describe a concept and a tool for automated acceptance test maintenance using a refactoring approach. Acceptance tests are user tests which are used to determine if a system satisfies acceptance criteria and to enable a customer to determine whether or not to accept the system. In agile development acceptance test are also used as a mean for specification, i.e. acceptance tests are written in advance to the production code (called Behavior-Driven-Development – BDD). In an agile project this poses three major challenges with respect to maintenance of acceptance tests: new requirements may cause changes in the acceptance criteria, which require the system under test to be adapted; when the system under test undergoes a major restructuring, even the acceptance test might have to be adapted; with the increasing acceptance test suite in an agile project the tests themselves may undergo a major reorganization. Having a large acceptance test base, doing these refactorings manually is error prone and causes a lot of effort. In this paper we present a concept and tool for executing automated refactoring for Fit acceptance tests, which significantly reduces the effort for test maintenance and makes them much less error prone @InProceedings{WRT11p15, author = {Rodrick Borg and Martin Kropp}, title = {Automated Acceptance Test Refactoring}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {15--21}, doi = {}, year = {2011}, } |
|
Cinnéide, Mel Ó |
WRT '11: "Code-Imp: A Tool for Automated ..."
Code-Imp: A Tool for Automated Search-Based Refactoring
Iman Hemati Moghadam and Mel Ó Cinnéide (University College Dublin, Ireland) Manual refactoring is tedious and error-prone, so it is natural to try to automate this process as much as possible. Fully automated refactoring usually involves using metaheuristic search to determine which refactorings should be applied to improve the program according to some fitness function, expressed in terms of standard software quality metrics. Code-Imp (Combinatorial Optimisation for Design Improvement) is such an automated refactoring platform for the Java language. It can apply a range of refactorings, supports several search types, and implements over 25 software quality metrics which can be combined in various ways to form a fitness function. The original goal of the Code-Imp project was to investigate the use of automated refactoring to improve software quality as expressed by a contemporary metrics suite. In this paper we present a technical overview of the Code-Imp implementation, and summarise three active research strands involving Code-Imp: refactoring for testability, metrics exploration, and multi-level design improvement. @InProceedings{WRT11p13, author = {Iman Hemati Moghadam and Mel Ó Cinnéide}, title = {Code-Imp: A Tool for Automated Search-Based Refactoring}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {13--16}, doi = {}, year = {2011}, } |
|
Damevski, Kostadin |
WRT '11: "A Refactoring Tool to Extract ..."
A Refactoring Tool to Extract GPU Kernels
Kostadin Damevski and Madhan Muralimanohar (Virginia State University, USA) Significant performance gains can be achieved by using hardware architectures that integrate GPUs with conventional CPUs to form a hybrid and highly parallel computational engine. However, programming these novel architectures is tedious and error prone, reducing their ease of acceptance in an even wider range of computationally intensive applications. In this paper we discuss a refactoring technique, called Extract Kernel that transforms a loop written in C into a parallel function that uses NVIDIA’s CUDA framework to execute on a GPU. The selected approach and the challenges encountered are described, as well as some early results that demonstrate the potential of this refactoring. @InProceedings{WRT11p1, author = {Kostadin Damevski and Madhan Muralimanohar}, title = {A Refactoring Tool to Extract GPU Kernels}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {1--4}, doi = {}, year = {2011}, } |
|
Feldman, Yishai A. |
WRT '11: "Code-Motion for API Migration: ..."
Code-Motion for API Migration: Fixing SQL Injection Vulnerabilities in Java
Aharon Abadi, Yishai A. Feldman, and Mati Shomrat (IBM Research Haifa, Israel; Tel Aviv University, Israel) Refactoring often requires the reordering of code fragments; such is the case when migrating from one API to another. Performing such reordering manually is complex and error-prone. A specific example in the security domain involves database query execution, in which some of the parameters come from untrusted sources. In Java, the Statement API provides opportunities for SQL injection attacks. The recommended remedy is to replace it with the secure PreparedStatement API; however, that sometimes requires changing the order in which the query is built. We present an algorithm that performs this migration, moving code as necessary to preserve functionality while changing the structure of the original code as little as possible. @InProceedings{WRT11p1, author = {Aharon Abadi and Yishai A. Feldman and Mati Shomrat}, title = {Code-Motion for API Migration: Fixing SQL Injection Vulnerabilities in Java}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {1--7}, doi = {}, year = {2011}, } |
|
Figueiredo, Eduardo |
WRT '11: "Understanding the Longevity ..."
Understanding the Longevity of Code Smells: Preliminary Results of an Explanatory Survey
Roberta Arcoverde, Alessandro Garcia, and Eduardo Figueiredo (PUC-Rio, Brazil; UFMG, Brazil) There is growing empirical evidence that some (patterns of) code smells seem to be, either deliberately or not, ignored. More importantly, there is little knowledge about the factors that are likely to influence the longevity of smell occurrences in software projects. Some of them might be related to limitations of tool support, while others do not. This paper presents the preliminary results of an explanatory survey aimed at understanding better the longevity of code smells in software projects. A questionnaire was elaborated and distributed to developers, and 33 answers were collected up to now. Our initial observations reveal, for instance, that smell removal with refactoring tools is often avoided when maintaining frameworks or product lines. @InProceedings{WRT11p5, author = {Roberta Arcoverde and Alessandro Garcia and Eduardo Figueiredo}, title = {Understanding the Longevity of Code Smells: Preliminary Results of an Explanatory Survey}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {5--8}, doi = {}, year = {2011}, } |
|
Fontana, Francesca Arcelli |
WRT '11: "Impact of Refactoring on Quality ..."
Impact of Refactoring on Quality Code Evaluation
Francesca Arcelli Fontana and Stefano Spinelli (University of Milano Bicocca, Italy) Code smells are characteristics of the software that may indicate a code or design problem that can make software hard to understand, to evolve and maintain. Detecting code smells in the code and consequently applying the right refactoring steps, when necessary, is very important for improving the quality of the code. In this paper, according to well known metrics proposed to evaluate the code and design quality of a system, we analyze the impact of refactoring, applied to remove code smells, on the quality evaluation of the system. @InProceedings{WRT11p9, author = {Francesca Arcelli Fontana and Stefano Spinelli}, title = {Impact of Refactoring on Quality Code Evaluation}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {9--12}, doi = {}, year = {2011}, } |
|
Garcia, Alessandro |
WRT '11: "Understanding the Longevity ..."
Understanding the Longevity of Code Smells: Preliminary Results of an Explanatory Survey
Roberta Arcoverde, Alessandro Garcia, and Eduardo Figueiredo (PUC-Rio, Brazil; UFMG, Brazil) There is growing empirical evidence that some (patterns of) code smells seem to be, either deliberately or not, ignored. More importantly, there is little knowledge about the factors that are likely to influence the longevity of smell occurrences in software projects. Some of them might be related to limitations of tool support, while others do not. This paper presents the preliminary results of an explanatory survey aimed at understanding better the longevity of code smells in software projects. A questionnaire was elaborated and distributed to developers, and 33 answers were collected up to now. Our initial observations reveal, for instance, that smell removal with refactoring tools is often avoided when maintaining frameworks or product lines. @InProceedings{WRT11p5, author = {Roberta Arcoverde and Alessandro Garcia and Eduardo Figueiredo}, title = {Understanding the Longevity of Code Smells: Preliminary Results of an Explanatory Survey}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {5--8}, doi = {}, year = {2011}, } |
|
Higo, Yoshiki |
WRT '11: "A Visualization Method of ..."
A Visualization Method of Program Dependency Graph for Identifying Extract Method Opportunity
Tomoko Kanemitsu, Yoshiki Higo, and Shinji Kusumoto (Osaka University, Japan) Refactoring is important for efficient software maintenance. However, tools supports are highly required for refactoring because manual operations of refactoring are troublesome and error prone. This paper proposes a technique that suggests Extract Method candidates automatically. Extract Method refactoring is to create a new method from a code fragment in an existing method. Previous research efforts showed that the Extract Method refactoring is often performed prior to other refactorings, so that it is important to support Extract Method refactoring. Previous studies have proposed methods that suggest Extract Method candidates based on linage or complexity. However it is originally desirable to divide methods based on their functionalities. This paper uses the strength of data connection between sentences in the source code. We deem that strongly-connected data expresses a single function. This paper proposes a technique that suggests Extract Method candidates based on strongly-connected data. @InProceedings{WRT11p8, author = {Tomoko Kanemitsu and Yoshiki Higo and Shinji Kusumoto}, title = {A Visualization Method of Program Dependency Graph for Identifying Extract Method Opportunity}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {8--14}, doi = {}, year = {2011}, } |
|
Kanemitsu, Tomoko |
WRT '11: "A Visualization Method of ..."
A Visualization Method of Program Dependency Graph for Identifying Extract Method Opportunity
Tomoko Kanemitsu, Yoshiki Higo, and Shinji Kusumoto (Osaka University, Japan) Refactoring is important for efficient software maintenance. However, tools supports are highly required for refactoring because manual operations of refactoring are troublesome and error prone. This paper proposes a technique that suggests Extract Method candidates automatically. Extract Method refactoring is to create a new method from a code fragment in an existing method. Previous research efforts showed that the Extract Method refactoring is often performed prior to other refactorings, so that it is important to support Extract Method refactoring. Previous studies have proposed methods that suggest Extract Method candidates based on linage or complexity. However it is originally desirable to divide methods based on their functionalities. This paper uses the strength of data connection between sentences in the source code. We deem that strongly-connected data expresses a single function. This paper proposes a technique that suggests Extract Method candidates based on strongly-connected data. @InProceedings{WRT11p8, author = {Tomoko Kanemitsu and Yoshiki Higo and Shinji Kusumoto}, title = {A Visualization Method of Program Dependency Graph for Identifying Extract Method Opportunity}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {8--14}, doi = {}, year = {2011}, } |
|
Kropp, Martin |
WRT '11: "Automated Acceptance Test ..."
Automated Acceptance Test Refactoring
Rodrick Borg and Martin Kropp (UAS Northwestern Switzerland) With the increasing popularity of agile software development and Test-Driven-Development, also maintenance of acceptance test has become an important issue. In this paper, we describe a concept and a tool for automated acceptance test maintenance using a refactoring approach. Acceptance tests are user tests which are used to determine if a system satisfies acceptance criteria and to enable a customer to determine whether or not to accept the system. In agile development acceptance test are also used as a mean for specification, i.e. acceptance tests are written in advance to the production code (called Behavior-Driven-Development – BDD). In an agile project this poses three major challenges with respect to maintenance of acceptance tests: new requirements may cause changes in the acceptance criteria, which require the system under test to be adapted; when the system under test undergoes a major restructuring, even the acceptance test might have to be adapted; with the increasing acceptance test suite in an agile project the tests themselves may undergo a major reorganization. Having a large acceptance test base, doing these refactorings manually is error prone and causes a lot of effort. In this paper we present a concept and tool for executing automated refactoring for Fit acceptance tests, which significantly reduces the effort for test maintenance and makes them much less error prone @InProceedings{WRT11p15, author = {Rodrick Borg and Martin Kropp}, title = {Automated Acceptance Test Refactoring}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {15--21}, doi = {}, year = {2011}, } |
|
Kusumoto, Shinji |
WRT '11: "A Visualization Method of ..."
A Visualization Method of Program Dependency Graph for Identifying Extract Method Opportunity
Tomoko Kanemitsu, Yoshiki Higo, and Shinji Kusumoto (Osaka University, Japan) Refactoring is important for efficient software maintenance. However, tools supports are highly required for refactoring because manual operations of refactoring are troublesome and error prone. This paper proposes a technique that suggests Extract Method candidates automatically. Extract Method refactoring is to create a new method from a code fragment in an existing method. Previous research efforts showed that the Extract Method refactoring is often performed prior to other refactorings, so that it is important to support Extract Method refactoring. Previous studies have proposed methods that suggest Extract Method candidates based on linage or complexity. However it is originally desirable to divide methods based on their functionalities. This paper uses the strength of data connection between sentences in the source code. We deem that strongly-connected data expresses a single function. This paper proposes a technique that suggests Extract Method candidates based on strongly-connected data. @InProceedings{WRT11p8, author = {Tomoko Kanemitsu and Yoshiki Higo and Shinji Kusumoto}, title = {A Visualization Method of Program Dependency Graph for Identifying Extract Method Opportunity}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {8--14}, doi = {}, year = {2011}, } |
|
Maruyama, Katsuhisa |
WRT '11: "A Security-Aware Refactoring ..."
A Security-Aware Refactoring Tool for Java Programs
Katsuhisa Maruyama and Takayuki Omori (Ritsumeikan University, Japan) Refactoring is a useful practice in developing and maintaining software since it improves the design of existing code without changing its external behavior. Therefore, contemporary integrated development environments tend to include refactoring tools that support automatic transformations of source code. Unfortunately, some of the popular refactoring transformations make existing code vulnerable although they improve its maintainability. The existence of vulnerable code is still a serious issue for many software systems. This paper describes a tool with support for a new class of refactoring concerning software security, which is built as an Eclipse plug-in. It helps programmers to easily know the adverse impact of code changes on security vulnerabilities in the application of refactoring, and provides them with a chance to determine if they could accept or should cancel the applied refactoring. Consequently, they feel safe to improve the maintainability of existing code without missing security vulnerabilities newly inserted into the code. To evaluate the capability of this tool, we made an experiment with it. The experimental results show the usefulness of the tool and also reveal several remaining issues to be tackled. @InProceedings{WRT11p22, author = {Katsuhisa Maruyama and Takayuki Omori}, title = {A Security-Aware Refactoring Tool for Java Programs}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {22--28}, doi = {}, year = {2011}, } |
|
Moghadam, Iman Hemati |
WRT '11: "Code-Imp: A Tool for Automated ..."
Code-Imp: A Tool for Automated Search-Based Refactoring
Iman Hemati Moghadam and Mel Ó Cinnéide (University College Dublin, Ireland) Manual refactoring is tedious and error-prone, so it is natural to try to automate this process as much as possible. Fully automated refactoring usually involves using metaheuristic search to determine which refactorings should be applied to improve the program according to some fitness function, expressed in terms of standard software quality metrics. Code-Imp (Combinatorial Optimisation for Design Improvement) is such an automated refactoring platform for the Java language. It can apply a range of refactorings, supports several search types, and implements over 25 software quality metrics which can be combined in various ways to form a fitness function. The original goal of the Code-Imp project was to investigate the use of automated refactoring to improve software quality as expressed by a contemporary metrics suite. In this paper we present a technical overview of the Code-Imp implementation, and summarise three active research strands involving Code-Imp: refactoring for testability, metrics exploration, and multi-level design improvement. @InProceedings{WRT11p13, author = {Iman Hemati Moghadam and Mel Ó Cinnéide}, title = {Code-Imp: A Tool for Automated Search-Based Refactoring}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {13--16}, doi = {}, year = {2011}, } |
|
Muralimanohar, Madhan |
WRT '11: "A Refactoring Tool to Extract ..."
A Refactoring Tool to Extract GPU Kernels
Kostadin Damevski and Madhan Muralimanohar (Virginia State University, USA) Significant performance gains can be achieved by using hardware architectures that integrate GPUs with conventional CPUs to form a hybrid and highly parallel computational engine. However, programming these novel architectures is tedious and error prone, reducing their ease of acceptance in an even wider range of computationally intensive applications. In this paper we discuss a refactoring technique, called Extract Kernel that transforms a loop written in C into a parallel function that uses NVIDIA’s CUDA framework to execute on a GPU. The selected approach and the challenges encountered are described, as well as some early results that demonstrate the potential of this refactoring. @InProceedings{WRT11p1, author = {Kostadin Damevski and Madhan Muralimanohar}, title = {A Refactoring Tool to Extract GPU Kernels}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {1--4}, doi = {}, year = {2011}, } |
|
Omori, Takayuki |
WRT '11: "A Security-Aware Refactoring ..."
A Security-Aware Refactoring Tool for Java Programs
Katsuhisa Maruyama and Takayuki Omori (Ritsumeikan University, Japan) Refactoring is a useful practice in developing and maintaining software since it improves the design of existing code without changing its external behavior. Therefore, contemporary integrated development environments tend to include refactoring tools that support automatic transformations of source code. Unfortunately, some of the popular refactoring transformations make existing code vulnerable although they improve its maintainability. The existence of vulnerable code is still a serious issue for many software systems. This paper describes a tool with support for a new class of refactoring concerning software security, which is built as an Eclipse plug-in. It helps programmers to easily know the adverse impact of code changes on security vulnerabilities in the application of refactoring, and provides them with a chance to determine if they could accept or should cancel the applied refactoring. Consequently, they feel safe to improve the maintainability of existing code without missing security vulnerabilities newly inserted into the code. To evaluate the capability of this tool, we made an experiment with it. The experimental results show the usefulness of the tool and also reveal several remaining issues to be tackled. @InProceedings{WRT11p22, author = {Katsuhisa Maruyama and Takayuki Omori}, title = {A Security-Aware Refactoring Tool for Java Programs}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {22--28}, doi = {}, year = {2011}, } |
|
Shomrat, Mati |
WRT '11: "Code-Motion for API Migration: ..."
Code-Motion for API Migration: Fixing SQL Injection Vulnerabilities in Java
Aharon Abadi, Yishai A. Feldman, and Mati Shomrat (IBM Research Haifa, Israel; Tel Aviv University, Israel) Refactoring often requires the reordering of code fragments; such is the case when migrating from one API to another. Performing such reordering manually is complex and error-prone. A specific example in the security domain involves database query execution, in which some of the parameters come from untrusted sources. In Java, the Statement API provides opportunities for SQL injection attacks. The recommended remedy is to replace it with the secure PreparedStatement API; however, that sometimes requires changing the order in which the query is built. We present an algorithm that performs this migration, moving code as necessary to preserve functionality while changing the structure of the original code as little as possible. @InProceedings{WRT11p1, author = {Aharon Abadi and Yishai A. Feldman and Mati Shomrat}, title = {Code-Motion for API Migration: Fixing SQL Injection Vulnerabilities in Java}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {1--7}, doi = {}, year = {2011}, } |
|
Spinelli, Stefano |
WRT '11: "Impact of Refactoring on Quality ..."
Impact of Refactoring on Quality Code Evaluation
Francesca Arcelli Fontana and Stefano Spinelli (University of Milano Bicocca, Italy) Code smells are characteristics of the software that may indicate a code or design problem that can make software hard to understand, to evolve and maintain. Detecting code smells in the code and consequently applying the right refactoring steps, when necessary, is very important for improving the quality of the code. In this paper, according to well known metrics proposed to evaluate the code and design quality of a system, we analyze the impact of refactoring, applied to remove code smells, on the quality evaluation of the system. @InProceedings{WRT11p9, author = {Francesca Arcelli Fontana and Stefano Spinelli}, title = {Impact of Refactoring on Quality Code Evaluation}, booktitle = {Proc.\ WRT}, publisher = {ACM}, pages = {9--12}, doi = {}, year = {2011}, } |
19 authors
proc time: 0.66