Powered by
2017 IEEE 24th International Conference on Software Analysis, Evolution, and Reengineering (SANER),
February 20-24, 2017,
Klagenfurt, Austria
Tool Demonstrations
Static Analysis and Refactoring
Wed, Feb 22, 14:00 - 15:30
XCore: Support for Developing Program Analysis Tools
Alexandru Ștefănică and
Petru Florin Mihancea
(Politehnica University of Timișoara, Romania)
Building program analysis tools is hard. A recurring development task is the implementation of the meta-model around which a tool is usually constructed. The XCORE prototype supports this task by generating the implementation of the meta-model. For this purpose, developers will add directly into the source code of the tool under construction some meta-information describing the desired meta-model. Our demo presents some internal details of XCORE and emphasizes the advantages of our tool by describing the construction of a basic analysis instrument.
@InProceedings{SANER17p462,
author = {Alexandru Ștefănică and Petru Florin Mihancea},
title = {XCore: Support for Developing Program Analysis Tools},
booktitle = {Proc.\ SANER},
publisher = {IEEE},
pages = {462--466},
doi = {},
year = {2017},
}
srcQL: A Syntax-Aware Query Language for Source Code
Brian Bartman, Christian D. Newman,
Michael L. Collard, and
Jonathan I. Maletic
(Kent State University, USA; University of Akron, USA)
A tool and domain specific language for querying source code is introduced and demonstrated. The tool, srcQL, allows for the querying of source code using the syntax of the language to identify patterns within source code documents. srcQL is built upon srcML, a widely used XML representation of source code, to identify the syntactic contexts being queried. srcML inserts XML tags into the source code to mark syntactic constructs. srcQL uses a combination of XPath on srcML, regular expressions, and syntactic patterns within a query. The syntactic patterns are snippets of source code that supports the use of logical variables which are unified during the query process. This allows for very complex patterns to be easily formulated and queried. The tool is implemented (in C++) and a number of queries are presented to demonstrate the approach. srcQL currently supports C++ and scales to large systems.
@InProceedings{SANER17p467,
author = {Brian Bartman and Christian D. Newman and Michael L. Collard and Jonathan I. Maletic},
title = {srcQL: A Syntax-Aware Query Language for Source Code},
booktitle = {Proc.\ SANER},
publisher = {IEEE},
pages = {467--471},
doi = {},
year = {2017},
}
UAV: Warnings from Multiple Automated Static Analysis Tools at a Glance
Tim Buckers, Clinton Cao, Michiel Doesburg, Boning Gong, Sunwei Wang, Moritz Beller, and
Andy Zaidman
(Delft University of Technology, Netherlands)
Automated Static Analysis Tools (ASATs) are an integral part of today’s software quality assurance practices. At present, a plethora of ASATs exist, each with different strengths. However, there is little guidance for developers on which of these ASATs to choose and combine for a project. As a result, many projects still only employ one ASAT with practically no cus- tomization. With UAV, the Unified ASAT Visualizer, we created an intuitive visualization that enables developers, researchers, and tool creators to compare the complementary strengths and overlaps of different Java ASATs. UAV’s enriched treemap and source code views provide its users with a seamless exploration of the warning distribution from a high-level overview down to the source code. We have evaluated our UAV prototype in a user study with ten second-year Computer Science (CS) students, a visualization expert and tested it on large Java repositories with several thousands of PMD, FindBugs, and Checkstyle warnings.
Project Website: https://clintoncao.github.io/uav/
@InProceedings{SANER17p472,
author = {Tim Buckers and Clinton Cao and Michiel Doesburg and Boning Gong and Sunwei Wang and Moritz Beller and Andy Zaidman},
title = {UAV: Warnings from Multiple Automated Static Analysis Tools at a Glance},
booktitle = {Proc.\ SANER},
publisher = {IEEE},
pages = {472--476},
doi = {},
year = {2017},
}
Video
Info
The Spartanizer: Massive Automatic Refactoring
Yossi Gil
and Matteo Orrù
(Technion, Israel)
The Spartanizer is an eclipse plugin featuring over one
hundred and fifty refactoring techniques, all aimed at reducing various
size complexity of the code, without changing its design, i.e., inheritance
relations, modular structure, etc. Typical use case of the Spartanizer is
in an automatic mode: refactoring operations are successively selected
and applied by the tool, until the code is reshaped in spartan style
(a frugal coding style minimizing the use of characters, variables,
tokens, etc.). The Spartanizer demonstrates the potential of automatic
refactoring: tens of thousands of transformations are applied in matter
of seconds, chains of dependent applications of transformations with
tens of operations in them, significant impact on code size, and extent
reaching almost every line of code, even of professional libraries.
@InProceedings{SANER17p477,
author = {Yossi Gil and Matteo Orrù},
title = {The Spartanizer: Massive Automatic Refactoring},
booktitle = {Proc.\ SANER},
publisher = {IEEE},
pages = {477--481},
doi = {},
year = {2017},
}
Video
Info
c-JRefRec: Change-Based Identification of Move Method Refactoring Opportunities
Naoya Ujihara,
Ali Ouni,
Takashi Ishio, and
Katsuro Inoue
(Osaka University, Japan; United Arab Emirates University, United Arab Emirates)
We propose, in this paper, a lightweight refactoring recommendation tool, namely c-JRefRec, to identify Move Method refactoring opportunities based on four heuristics using static and semantic program analysis. Our tool aims at identiying refactoring opportunities before a code change is committed to the codebase based on current code changes whenever the developer saves/compiles his code. We evaluate the efficiency of our approach in detecting Feature Envy smells and recommending Move Method refactorings to fix them on three Java open-source systems and 30 code changes. Results show that our approach achieves an average precision of 0.48 and 0.73 of recall and outperforms a state-of-the-art approach namely JDeodorant.
@InProceedings{SANER17p482,
author = {Naoya Ujihara and Ali Ouni and Takashi Ishio and Katsuro Inoue},
title = {c-JRefRec: Change-Based Identification of Move Method Refactoring Opportunities},
booktitle = {Proc.\ SANER},
publisher = {IEEE},
pages = {482--486},
doi = {},
year = {2017},
}
Lightweight Detection of Android-Specific Code Smells: The aDoctor Project
Fabio Palomba ,
Dario Di Nucci, Annibale Panichella,
Andy Zaidman, and
Andrea De Lucia
(Delft University of Technology, Netherlands; University of Salerno, Italy; University of Luxembourg, Luxembourg)
Code smells are symptoms of poor design solutions applied by programmers during the development of software systems. While the research community devoted a lot of effort to studying and devising approaches for detecting the traditional code smells defined by Fowler, little knowledge and support is available for an emerging category of Mobile app code smells. Recently, Reimann et al. proposed a new catalogue of Android-specific code smells that may be a threat for the maintainability and the efficiency of Android applications. However, current tools working in the context of Mobile apps provide limited support and, more importantly, are not available for developers interested in monitoring the quality of their apps. To overcome these limitations, we propose a fully automated tool, coined aDoctor, able to identify 15 Android-specific code smells from the catalogue by Reimann et al. An empirical study conducted on the source code of 18 Android applications reveals that the proposed tool reaches, on average, 98% of precision and 98% of recall. We made aDoctor publicly available.
@InProceedings{SANER17p487,
author = {Fabio Palomba and Dario Di Nucci and Annibale Panichella and Andy Zaidman and Andrea De Lucia},
title = {Lightweight Detection of Android-Specific Code Smells: The aDoctor Project},
booktitle = {Proc.\ SANER},
publisher = {IEEE},
pages = {487--491},
doi = {},
year = {2017},
}
Info
Binaries and Evolution
Thu, Feb 23, 11:00 - 12:30
scat: Learning from a Single Execution of a Binary
Franck de Goër, Christopher Ferreira, and Laurent Mounier
(LIG, France; University of Grenoble, France; VERIMAG, France)
Retrieving information from a binary code is required in several application domains such as system integration or security analysis. Providing tools to help engineers in this task is therefore an important need. We present in this paper scat, an open-source toolbox, relying on lightweight runtime instrumentation to infer source-level and behavioral information from a binary code, like function prototypes or data-flow relations. We explain the functioning principle of this toolbox, and we give some results obtained on real examples to show its effectiveness.
@InProceedings{SANER17p492,
author = {Franck de Goër and Christopher Ferreira and Laurent Mounier},
title = {scat: Learning from a Single Execution of a Binary},
booktitle = {Proc.\ SANER},
publisher = {IEEE},
pages = {492--496},
doi = {},
year = {2017},
}
Info
dynStruct: An Automatic Reverse Engineering Tool for Structure Recovery and Memory Use Analysis
Daniel Mercier, Aziem Chawdhary, and
Richard Jones
(University of Kent, UK)
dynStruct is an open source structure recovery tool for x86
binaries. It uses dynamic binary instrumentation to record
information about memory accesses, which is then processed off-line to
recover structures created and used by the binary. It provides
a powerful web interface which not only displays the raw data and the
recovered structures but also allows this information to be explored
and manually edited. dynStruct is an effective tool for analyzing
programs as complex as emacs. A demonstration video is available at: http://bit.ly/2gQu26e
@InProceedings{SANER17p497,
author = {Daniel Mercier and Aziem Chawdhary and Richard Jones},
title = {dynStruct: An Automatic Reverse Engineering Tool for Structure Recovery and Memory Use Analysis},
booktitle = {Proc.\ SANER},
publisher = {IEEE},
pages = {497--501},
doi = {},
year = {2017},
}
InsDal: A Safe and Extensible Instrumentation Tool on Dalvik Byte-Code for Android Applications
Jierui Liu, Tianyong Wu, Xi Deng, Jun Yan
, and
Jian Zhang
(Institute of Software at Chinese Academy of Sciences, China; University at Chinese Academy of Sciences, China)
Program instrumentation is a widely used technique in dynamic analysis and testing, which makes use of probe code inserted to the target program to monitor its behaviors, or log runtime information for off-line analysis. There are a number of automatic tools for instrumentation on the source or byte code of Java programs. However, few works address this issue on the register-based Dalvik byte-code of ever-increasing Android apps. This paper presents a lightweight tool, InsDal, for inserting instructions to specific points of the Dalvik byte-code according to the requirements of users. It carefully manages the registers to protect the behavior of original code from illegal manipulation, and optimizes the inserted code to avoid memory waste and unnecessary overhead. This tool is easy to use and has been applied to several scenarios (e.g. energy analysis, code coverage analysis). A demo video of our tool can be found at the website: https://www.youtube.com/watch?v=Fpw-aygZ3kE.
@InProceedings{SANER17p502,
author = {Jierui Liu and Tianyong Wu and Xi Deng and Jun Yan and Jian Zhang},
title = {InsDal: A Safe and Extensible Instrumentation Tool on Dalvik Byte-Code for Android Applications},
booktitle = {Proc.\ SANER},
publisher = {IEEE},
pages = {502--506},
doi = {},
year = {2017},
}
Video
Columbo: High Perfomance Unpacking
Jason Raber
(MalwareBytes, USA)
Columbo is a tool for unpacking malware. A key feature is the ability to uncompress and/or decrypt areas of memory quickly using algorithms focused on basic block compression and loop optimizations.
@InProceedings{SANER17p507,
author = {Jason Raber},
title = {Columbo: High Perfomance Unpacking},
booktitle = {Proc.\ SANER},
publisher = {IEEE},
pages = {507--510},
doi = {},
year = {2017},
}
Video
Hindsight: Revealing the Evolution of Dependencies to Developers
George Ganea
(Politehnica University of Timișoara, Romania)
Software systems are inherently complex and this is because of the interactions between their constituent entities. These affect refactoring efforts and therefore numerous tools that reveal dependencies between software artefacts have been proposed. However, existing tools only take into account the current version of a system, while the evolution of dependencies can hold clues that can help developers with their refactoring decisions.
This paper proposes Hindsight, a tool that shows how fine grained relations of a software entity change over time. It argues how the approach can be used to facilitate refactoring decisions and presents the tool, an Eclipse open source plugin that illustrates the approach through software visualizations.
The code and a quick start guide can be found at the following URL: https://github.com/georgeganea/hindsight
@InProceedings{SANER17p511,
author = {George Ganea},
title = {Hindsight: Revealing the Evolution of Dependencies to Developers},
booktitle = {Proc.\ SANER},
publisher = {IEEE},
pages = {511--515},
doi = {},
year = {2017},
}
Info
Replan: A Release Planning Tool
David Ameller,
Carles Farré,
Xavier Franch, Antonino Cassarino, Danilo Valerio, and Valentin Elvassore
(Universitat Politècnica de Catalunya, Spain; Siemens, Austria)
Software release planning is the activity of deciding what is to be implemented, when and by who. It can be divided into two tasks: strategic planning (i.e., the what) and operational (i.e., the when and the who). Replan, the tool that we present in this demo, handles both tasks in an integrated and flexible way, allowing its users (typically software product managers and developer team leaders) to (re)plan the releases dynamically by assigning new features and/or modifying the available resources allocated at each release. A recorded video demo of Replan is available at https://youtu.be/PNK5EUTdqEg.
@InProceedings{SANER17p516,
author = {David Ameller and Carles Farré and Xavier Franch and Antonino Cassarino and Danilo Valerio and Valentin Elvassore},
title = {Replan: A Release Planning Tool},
booktitle = {Proc.\ SANER},
publisher = {IEEE},
pages = {516--520},
doi = {},
year = {2017},
}
Video
proc time: 0.26