SANER 2015 – Author Index |
Contents -
Abstracts -
Authors
|
Ammerlaan, Erik |
SANER '15-IND: "Old Habits Die Hard: Why Refactoring ..."
Old Habits Die Hard: Why Refactoring for Understandability Does Not Give Immediate Benefits
Erik Ammerlaan, Wim Veninga, and Andy Zaidman (Exact International Development, Netherlands; Delft University of Technology, Netherlands) Depending on the context, the benefits of clean code with respect to understandability might be less obvious in the short term than is often claimed. In this study we evaluate whether a software system with legacy code in an industrial environment benefits from a “clean code” refactoring in terms of developer productivity. We observed both increases as well as decreases in understandability, showing that immediate increases in understandability are not always obvious. Our study suggests that refactoring code could result in a productivity penalty in the short term if the coding style becomes different from the style developers have grown attached to. @InProceedings{SANER15p504, author = {Erik Ammerlaan and Wim Veninga and Andy Zaidman}, title = {Old Habits Die Hard: Why Refactoring for Understandability Does Not Give Immediate Benefits}, booktitle = {Proc.\ SANER}, publisher = {IEEE}, pages = {504--507}, doi = {}, year = {2015}, } |
|
Bokil, Prasad |
SANER '15-IND: "On Implementational Variations ..."
On Implementational Variations in Static Analysis Tools
Tukaram Muske and Prasad Bokil (Tata Consultancy Services, India) Static analysis tools are widely used in practice due to their ability to detect defects early in the software development life-cycle and that too while proving absence of defects of certain patterns. There exists a large number of such tools, and they are found to be varying depending on several tool characteristics like analysis techniques, programming languages supported, verification checks performed, scalability, and performance. Many studies about these tools and their variations, have been performed to improve the analysis results or figure out a better tool amongst a set of available static analysis tools. It is our observation that, in these studies only the aforementioned tool characteristics are considered and compared, and other implementational variations are usually ignored. In this paper, we study the implementational variations occurring among the static analysis tools, and experimentally demonstrate their impact on the tool characteristics and other analysis related attributes. The aim of this paper is twofold - a) to provide the studied implementational variations as choices, along with their pros and cons, to the designers or developers of static analysis tools, and b) to provide an educating material to the tool users so that the analysis results are better understood. @InProceedings{SANER15p512, author = {Tukaram Muske and Prasad Bokil}, title = {On Implementational Variations in Static Analysis Tools}, booktitle = {Proc.\ SANER}, publisher = {IEEE}, pages = {512--515}, doi = {}, year = {2015}, } |
|
Bouwers, Eric |
SANER '15-IND: "Tracking Known Security Vulnerabilities ..."
Tracking Known Security Vulnerabilities in Proprietary Software Systems
Mircea Cadariu, Eric Bouwers, Joost Visser, and Arie van Deursen (Software Improvement Group, Netherlands; Delft University of Technology, Netherlands; Radboud University Nijmegen, Netherlands) Known security vulnerabilities can be introduced in software systems as a result of being dependent upon third-party components. These documented software weaknesses are “hiding in plain sight” and represent low hanging fruit for attackers. In this paper we present the Vulnerability Alert Service (VAS), a tool-based process to track known vulnerabilities in software systems throughout their life cycle. We studied its usefulness in the context of external software product quality monitoring provided by the Software Improvement Group, a software ad- visory company based in Amsterdam, the Netherlands. Besides empirically assessing the usefulness of the VAS, we have also leveraged it to gain insight and report on the prevalence of third-party components with known security vulnerabilities in proprietary applications. @InProceedings{SANER15p516, author = {Mircea Cadariu and Eric Bouwers and Joost Visser and Arie van Deursen}, title = {Tracking Known Security Vulnerabilities in Proprietary Software Systems}, booktitle = {Proc.\ SANER}, publisher = {IEEE}, pages = {516--519}, doi = {}, year = {2015}, } |
|
Cadariu, Mircea |
SANER '15-IND: "Tracking Known Security Vulnerabilities ..."
Tracking Known Security Vulnerabilities in Proprietary Software Systems
Mircea Cadariu, Eric Bouwers, Joost Visser, and Arie van Deursen (Software Improvement Group, Netherlands; Delft University of Technology, Netherlands; Radboud University Nijmegen, Netherlands) Known security vulnerabilities can be introduced in software systems as a result of being dependent upon third-party components. These documented software weaknesses are “hiding in plain sight” and represent low hanging fruit for attackers. In this paper we present the Vulnerability Alert Service (VAS), a tool-based process to track known vulnerabilities in software systems throughout their life cycle. We studied its usefulness in the context of external software product quality monitoring provided by the Software Improvement Group, a software ad- visory company based in Amsterdam, the Netherlands. Besides empirically assessing the usefulness of the VAS, we have also leveraged it to gain insight and report on the prevalence of third-party components with known security vulnerabilities in proprietary applications. @InProceedings{SANER15p516, author = {Mircea Cadariu and Eric Bouwers and Joost Visser and Arie van Deursen}, title = {Tracking Known Security Vulnerabilities in Proprietary Software Systems}, booktitle = {Proc.\ SANER}, publisher = {IEEE}, pages = {516--519}, doi = {}, year = {2015}, } |
|
Davis, Ian J. |
SANER '15-IND: "Bash2py: A Bash to Python ..."
Bash2py: A Bash to Python Translator
Ian J. Davis, Mike Wexler, Cheng Zhang, Richard C. Holt, and Theresa Weber (University of Waterloo, Canada; Owl Computing Technologies, USA) Shell scripting is the primary way for programmers to interact at a high level with operating systems. For decades bash shell scripts have thus been used to accomplish various tasks. But Bash has a counter-intuitive syntax that is not well understood by modern programmers and is no longer adequately supported, making it now difficult to maintain. Bash also suffers from poor performance, memory leakage problems, and limited functionality which make continued dependence on it problematic. At the request of our industrial partner, we therefore developed a source-to-source translator, bash2py, which converts bash scripts into Python. Bash2py leverages the open source bash code, and the internal parser employed by Bash to parse any bash script. However, bash2py re-implements the variable expansion that occurs in Bash to better generate correct Python code. Bash2py correctly converts most Bash into Python, but does require human intervention to handle constructs that cannot easily be automatically translated. In our experiments on real-world open source bash scripts bash2py successfully translates 90% of the code. Feedback from our industrial partner confirms the usefulness of bash2py in practice. @InProceedings{SANER15p508, author = {Ian J. Davis and Mike Wexler and Cheng Zhang and Richard C. Holt and Theresa Weber}, title = {Bash2py: A Bash to Python Translator}, booktitle = {Proc.\ SANER}, publisher = {IEEE}, pages = {508--511}, doi = {}, year = {2015}, } |
|
Deursen, Arie van |
SANER '15-IND: "Tracking Known Security Vulnerabilities ..."
Tracking Known Security Vulnerabilities in Proprietary Software Systems
Mircea Cadariu, Eric Bouwers, Joost Visser, and Arie van Deursen (Software Improvement Group, Netherlands; Delft University of Technology, Netherlands; Radboud University Nijmegen, Netherlands) Known security vulnerabilities can be introduced in software systems as a result of being dependent upon third-party components. These documented software weaknesses are “hiding in plain sight” and represent low hanging fruit for attackers. In this paper we present the Vulnerability Alert Service (VAS), a tool-based process to track known vulnerabilities in software systems throughout their life cycle. We studied its usefulness in the context of external software product quality monitoring provided by the Software Improvement Group, a software ad- visory company based in Amsterdam, the Netherlands. Besides empirically assessing the usefulness of the VAS, we have also leveraged it to gain insight and report on the prevalence of third-party components with known security vulnerabilities in proprietary applications. @InProceedings{SANER15p516, author = {Mircea Cadariu and Eric Bouwers and Joost Visser and Arie van Deursen}, title = {Tracking Known Security Vulnerabilities in Proprietary Software Systems}, booktitle = {Proc.\ SANER}, publisher = {IEEE}, pages = {516--519}, doi = {}, year = {2015}, } |
|
Holt, Richard C. |
SANER '15-IND: "Bash2py: A Bash to Python ..."
Bash2py: A Bash to Python Translator
Ian J. Davis, Mike Wexler, Cheng Zhang, Richard C. Holt, and Theresa Weber (University of Waterloo, Canada; Owl Computing Technologies, USA) Shell scripting is the primary way for programmers to interact at a high level with operating systems. For decades bash shell scripts have thus been used to accomplish various tasks. But Bash has a counter-intuitive syntax that is not well understood by modern programmers and is no longer adequately supported, making it now difficult to maintain. Bash also suffers from poor performance, memory leakage problems, and limited functionality which make continued dependence on it problematic. At the request of our industrial partner, we therefore developed a source-to-source translator, bash2py, which converts bash scripts into Python. Bash2py leverages the open source bash code, and the internal parser employed by Bash to parse any bash script. However, bash2py re-implements the variable expansion that occurs in Bash to better generate correct Python code. Bash2py correctly converts most Bash into Python, but does require human intervention to handle constructs that cannot easily be automatically translated. In our experiments on real-world open source bash scripts bash2py successfully translates 90% of the code. Feedback from our industrial partner confirms the usefulness of bash2py in practice. @InProceedings{SANER15p508, author = {Ian J. Davis and Mike Wexler and Cheng Zhang and Richard C. Holt and Theresa Weber}, title = {Bash2py: A Bash to Python Translator}, booktitle = {Proc.\ SANER}, publisher = {IEEE}, pages = {508--511}, doi = {}, year = {2015}, } |
|
Muske, Tukaram |
SANER '15-IND: "On Implementational Variations ..."
On Implementational Variations in Static Analysis Tools
Tukaram Muske and Prasad Bokil (Tata Consultancy Services, India) Static analysis tools are widely used in practice due to their ability to detect defects early in the software development life-cycle and that too while proving absence of defects of certain patterns. There exists a large number of such tools, and they are found to be varying depending on several tool characteristics like analysis techniques, programming languages supported, verification checks performed, scalability, and performance. Many studies about these tools and their variations, have been performed to improve the analysis results or figure out a better tool amongst a set of available static analysis tools. It is our observation that, in these studies only the aforementioned tool characteristics are considered and compared, and other implementational variations are usually ignored. In this paper, we study the implementational variations occurring among the static analysis tools, and experimentally demonstrate their impact on the tool characteristics and other analysis related attributes. The aim of this paper is twofold - a) to provide the studied implementational variations as choices, along with their pros and cons, to the designers or developers of static analysis tools, and b) to provide an educating material to the tool users so that the analysis results are better understood. @InProceedings{SANER15p512, author = {Tukaram Muske and Prasad Bokil}, title = {On Implementational Variations in Static Analysis Tools}, booktitle = {Proc.\ SANER}, publisher = {IEEE}, pages = {512--515}, doi = {}, year = {2015}, } |
|
Veninga, Wim |
SANER '15-IND: "Old Habits Die Hard: Why Refactoring ..."
Old Habits Die Hard: Why Refactoring for Understandability Does Not Give Immediate Benefits
Erik Ammerlaan, Wim Veninga, and Andy Zaidman (Exact International Development, Netherlands; Delft University of Technology, Netherlands) Depending on the context, the benefits of clean code with respect to understandability might be less obvious in the short term than is often claimed. In this study we evaluate whether a software system with legacy code in an industrial environment benefits from a “clean code” refactoring in terms of developer productivity. We observed both increases as well as decreases in understandability, showing that immediate increases in understandability are not always obvious. Our study suggests that refactoring code could result in a productivity penalty in the short term if the coding style becomes different from the style developers have grown attached to. @InProceedings{SANER15p504, author = {Erik Ammerlaan and Wim Veninga and Andy Zaidman}, title = {Old Habits Die Hard: Why Refactoring for Understandability Does Not Give Immediate Benefits}, booktitle = {Proc.\ SANER}, publisher = {IEEE}, pages = {504--507}, doi = {}, year = {2015}, } |
|
Visser, Joost |
SANER '15-IND: "Tracking Known Security Vulnerabilities ..."
Tracking Known Security Vulnerabilities in Proprietary Software Systems
Mircea Cadariu, Eric Bouwers, Joost Visser, and Arie van Deursen (Software Improvement Group, Netherlands; Delft University of Technology, Netherlands; Radboud University Nijmegen, Netherlands) Known security vulnerabilities can be introduced in software systems as a result of being dependent upon third-party components. These documented software weaknesses are “hiding in plain sight” and represent low hanging fruit for attackers. In this paper we present the Vulnerability Alert Service (VAS), a tool-based process to track known vulnerabilities in software systems throughout their life cycle. We studied its usefulness in the context of external software product quality monitoring provided by the Software Improvement Group, a software ad- visory company based in Amsterdam, the Netherlands. Besides empirically assessing the usefulness of the VAS, we have also leveraged it to gain insight and report on the prevalence of third-party components with known security vulnerabilities in proprietary applications. @InProceedings{SANER15p516, author = {Mircea Cadariu and Eric Bouwers and Joost Visser and Arie van Deursen}, title = {Tracking Known Security Vulnerabilities in Proprietary Software Systems}, booktitle = {Proc.\ SANER}, publisher = {IEEE}, pages = {516--519}, doi = {}, year = {2015}, } |
|
Weber, Theresa |
SANER '15-IND: "Bash2py: A Bash to Python ..."
Bash2py: A Bash to Python Translator
Ian J. Davis, Mike Wexler, Cheng Zhang, Richard C. Holt, and Theresa Weber (University of Waterloo, Canada; Owl Computing Technologies, USA) Shell scripting is the primary way for programmers to interact at a high level with operating systems. For decades bash shell scripts have thus been used to accomplish various tasks. But Bash has a counter-intuitive syntax that is not well understood by modern programmers and is no longer adequately supported, making it now difficult to maintain. Bash also suffers from poor performance, memory leakage problems, and limited functionality which make continued dependence on it problematic. At the request of our industrial partner, we therefore developed a source-to-source translator, bash2py, which converts bash scripts into Python. Bash2py leverages the open source bash code, and the internal parser employed by Bash to parse any bash script. However, bash2py re-implements the variable expansion that occurs in Bash to better generate correct Python code. Bash2py correctly converts most Bash into Python, but does require human intervention to handle constructs that cannot easily be automatically translated. In our experiments on real-world open source bash scripts bash2py successfully translates 90% of the code. Feedback from our industrial partner confirms the usefulness of bash2py in practice. @InProceedings{SANER15p508, author = {Ian J. Davis and Mike Wexler and Cheng Zhang and Richard C. Holt and Theresa Weber}, title = {Bash2py: A Bash to Python Translator}, booktitle = {Proc.\ SANER}, publisher = {IEEE}, pages = {508--511}, doi = {}, year = {2015}, } |
|
Wexler, Mike |
SANER '15-IND: "Bash2py: A Bash to Python ..."
Bash2py: A Bash to Python Translator
Ian J. Davis, Mike Wexler, Cheng Zhang, Richard C. Holt, and Theresa Weber (University of Waterloo, Canada; Owl Computing Technologies, USA) Shell scripting is the primary way for programmers to interact at a high level with operating systems. For decades bash shell scripts have thus been used to accomplish various tasks. But Bash has a counter-intuitive syntax that is not well understood by modern programmers and is no longer adequately supported, making it now difficult to maintain. Bash also suffers from poor performance, memory leakage problems, and limited functionality which make continued dependence on it problematic. At the request of our industrial partner, we therefore developed a source-to-source translator, bash2py, which converts bash scripts into Python. Bash2py leverages the open source bash code, and the internal parser employed by Bash to parse any bash script. However, bash2py re-implements the variable expansion that occurs in Bash to better generate correct Python code. Bash2py correctly converts most Bash into Python, but does require human intervention to handle constructs that cannot easily be automatically translated. In our experiments on real-world open source bash scripts bash2py successfully translates 90% of the code. Feedback from our industrial partner confirms the usefulness of bash2py in practice. @InProceedings{SANER15p508, author = {Ian J. Davis and Mike Wexler and Cheng Zhang and Richard C. Holt and Theresa Weber}, title = {Bash2py: A Bash to Python Translator}, booktitle = {Proc.\ SANER}, publisher = {IEEE}, pages = {508--511}, doi = {}, year = {2015}, } |
|
Zaidman, Andy |
SANER '15-IND: "Old Habits Die Hard: Why Refactoring ..."
Old Habits Die Hard: Why Refactoring for Understandability Does Not Give Immediate Benefits
Erik Ammerlaan, Wim Veninga, and Andy Zaidman (Exact International Development, Netherlands; Delft University of Technology, Netherlands) Depending on the context, the benefits of clean code with respect to understandability might be less obvious in the short term than is often claimed. In this study we evaluate whether a software system with legacy code in an industrial environment benefits from a “clean code” refactoring in terms of developer productivity. We observed both increases as well as decreases in understandability, showing that immediate increases in understandability are not always obvious. Our study suggests that refactoring code could result in a productivity penalty in the short term if the coding style becomes different from the style developers have grown attached to. @InProceedings{SANER15p504, author = {Erik Ammerlaan and Wim Veninga and Andy Zaidman}, title = {Old Habits Die Hard: Why Refactoring for Understandability Does Not Give Immediate Benefits}, booktitle = {Proc.\ SANER}, publisher = {IEEE}, pages = {504--507}, doi = {}, year = {2015}, } |
|
Zhang, Cheng |
SANER '15-IND: "Bash2py: A Bash to Python ..."
Bash2py: A Bash to Python Translator
Ian J. Davis, Mike Wexler, Cheng Zhang, Richard C. Holt, and Theresa Weber (University of Waterloo, Canada; Owl Computing Technologies, USA) Shell scripting is the primary way for programmers to interact at a high level with operating systems. For decades bash shell scripts have thus been used to accomplish various tasks. But Bash has a counter-intuitive syntax that is not well understood by modern programmers and is no longer adequately supported, making it now difficult to maintain. Bash also suffers from poor performance, memory leakage problems, and limited functionality which make continued dependence on it problematic. At the request of our industrial partner, we therefore developed a source-to-source translator, bash2py, which converts bash scripts into Python. Bash2py leverages the open source bash code, and the internal parser employed by Bash to parse any bash script. However, bash2py re-implements the variable expansion that occurs in Bash to better generate correct Python code. Bash2py correctly converts most Bash into Python, but does require human intervention to handle constructs that cannot easily be automatically translated. In our experiments on real-world open source bash scripts bash2py successfully translates 90% of the code. Feedback from our industrial partner confirms the usefulness of bash2py in practice. @InProceedings{SANER15p508, author = {Ian J. Davis and Mike Wexler and Cheng Zhang and Richard C. Holt and Theresa Weber}, title = {Bash2py: A Bash to Python Translator}, booktitle = {Proc.\ SANER}, publisher = {IEEE}, pages = {508--511}, doi = {}, year = {2015}, } |
14 authors
proc time: 0.29