Powered by
2015 IEEE 15th International Working Conference on Source Code Analysis and Manipulation (SCAM),
September 27-28, 2015,
Bremen, Germany
Tool Demos
Sun, Sep 27, 13:30 - 15:30, GW2 B2890 (Chair: Felienne Hermans)
SimNav: Simulink Navigation of Model Clone Classes
Eric J. Rapos, Andrew Stevenson, Manar H. Alalfi, and
James R. Cordy
(Queen's University, Canada)
SimNav is a graphical user interface designed for displaying and navigating clone classes of Simulink models detected by the model clone detector Simone. As an embedded Simulink interface tool, SimNav allows model developers to explore detected clones directly in their own model development environment rather than a separate research tool interface. SimNav allows users to open selected models for side-by-side comparison, in order to visually explore clone classes and view the differences in the clone instances, as well as to explore the context in which the clones exist. This tool paper describes the motivation, implementation, and use cases for SimNav.
@InProceedings{SCAM15p241,
author = {Eric J. Rapos and Andrew Stevenson and Manar H. Alalfi and James R. Cordy},
title = {SimNav: Simulink Navigation of Model Clone Classes},
booktitle = {Proc.\ SCAM},
publisher = {IEEE},
pages = {241--246},
doi = {},
year = {2015},
}
Video
Info
A Translation Validation Framework for Symbolic Value Propagation Based Equivalence Checking of FSMDAs
Kunal Banerjee,
Chittaranjan Mandal, and Dipankar Sarkar
(IIT Kharagpur, India)
A compiler is a computer program which translates a source code into a target code, often with an objective to reduce the execution time and/or save critical resources. However, an error in the design or in the implementation of a compiler may result in software bugs in the target code obtained from that compiler. Translation validation is a formal verification approach for compilers whereby, each individual translation is followed by a validation phase which verifies that the target code produced correctly implements the source code. In this paper, we present a tool for translation validation of optimizing transformations of programs; the original and the transformed programs are modeled as Finite State Machines with Datapath having Arrays (FSMDAs) and a symbolic value propagation (SVP) based equivalence checking strategy is applied over this model to determine the correctness of the applied transformations. The tool has been demonstrated to handle uniform and non-uniform code motions, including code motions across loops, along with transformations which result in modification of control structures of programs. Moreover, arithmetic transformations such as, associative, commutative, distributive transformations, expression simplification, constant folding, etc., are also supported.
@InProceedings{SCAM15p247,
author = {Kunal Banerjee and Chittaranjan Mandal and Dipankar Sarkar},
title = {A Translation Validation Framework for Symbolic Value Propagation Based Equivalence Checking of FSMDAs},
booktitle = {Proc.\ SCAM},
publisher = {IEEE},
pages = {247--252},
doi = {},
year = {2015},
}
FaultBuster: An Automatic Code Smell Refactoring Toolset
Gábor Szőke,
Csaba Nagy, Lajos Jeno Fulop,
Rudolf Ferenc, and Tibor Gyimóthy
(University of Szeged, Hungary)
One solution to prevent the quality erosion of a software product is to maintain its quality by continuous refactoring. However, refactoring is not always easy. Developers need to identify the piece of code that should be improved and decide how to rewrite it. Furthermore, refactoring can also be risky; that is, the modified code needs to be re-tested, so developers can see if they broke something. Many IDEs offer a range of refactorings to support so-called automatic refactoring, but tools which are really able to automatically refactor code smells are still under research.
In this paper we introduce FaultBuster, a refactoring toolset which is able to support automatic refactoring: identifying the problematic code parts via static code analysis, running automatic algorithms to fix selected code smells, and executing integrated testing tools. In the heart of the toolset lies a refactoring framework to control the analysis and the execution of automatic algorithms. FaultBuster provides IDE plugins to interact with developers via popular IDEs (Eclipse, Netbeans and IntelliJ IDEA). All the tools were developed and tested in a 2-year project with 6 software development companies where thousands of code smells were identified and fixed in 5 systems having altogether over 5 million lines of code.
@InProceedings{SCAM15p253,
author = {Gábor Szőke and Csaba Nagy and Lajos Jeno Fulop and Rudolf Ferenc and Tibor Gyimóthy},
title = {FaultBuster: An Automatic Code Smell Refactoring Toolset},
booktitle = {Proc.\ SCAM},
publisher = {IEEE},
pages = {253--258},
doi = {},
year = {2015},
}
Video
Info
Improving Prioritization of Software Weaknesses using Security Models with AVUS
Stephan Renatus, Corrie Bartelheimer, and
Jörn Eichler
(Fraunhofer AISEC, Germany)
Testing tools for application security have become an integral part of secure development life-cycles. Despite their ability to spot important software weaknesses, the high number of findings require rigorous prioritization. Most testing tools provide generic ratings to support prioritization. Unfortunately, ratings from established tools lack context information especially with regard to the security requirements of respective components or source code. Thus experts often spend a great deal of time re-assessing the prioritization provided by these tools. This paper introduces our lightweight tool AVUS that adjusts context-free ratings of software weaknesses according to a user-defined security model. We also present a first evaluation applying AVUS to a well-known open source project and the findings of a popular, commercially available application security testing tool.
@InProceedings{SCAM15p259,
author = {Stephan Renatus and Corrie Bartelheimer and Jörn Eichler},
title = {Improving Prioritization of Software Weaknesses using Security Models with AVUS},
booktitle = {Proc.\ SCAM},
publisher = {IEEE},
pages = {259--264},
doi = {},
year = {2015},
}
Info
A Static Microcode Analysis Tool for Programmable Load Drivers
Luca Dariz, Massimiliano Ruggeri, and Michele Selvatici
(IMAMOTER - CNR, Italy)
The advances in control electronics, with the introduction of programmable load drivers, have changed the way in which actuators, both resistive and inductive, such as electrical motors, injectors, valves, are controlled. However, usually the only programming language available for these drivers is the native assembly-like microcode that, allowing for unstructured programing constructs, exposes to the risk of dangerous control flow paths, like infinite loops or jumps to non-existent locations. In this paper an automatic static analyzer is presented, which reconstruct the control flow graph of an application from the microcode source file and checks for infinite loops and undefined jumps caused by the corresponding jump register not being set for a particular path.
@InProceedings{SCAM15p265,
author = {Luca Dariz and Massimiliano Ruggeri and Michele Selvatici},
title = {A Static Microcode Analysis Tool for Programmable Load Drivers},
booktitle = {Proc.\ SCAM},
publisher = {IEEE},
pages = {265--270},
doi = {},
year = {2015},
}
Video
CodeMetropolis: Eclipse over the City of Source Code
Gergő Balogh
, Attila Szabolics, and
Árpád Beszédes
(University of Szeged, Hungary)
The graphical representations of software (code visualization in particular) may provide both professional programmers and students learning only the basics with support in program comprehension. Among the numerous proposed approaches, our research applies the city metaphor for the visualisation of such code elements as classes, functions, or attributes by the tool CodeMetropolis. It uses the game engine of Minecraft for the graphics, and is able to visualize various properties of the code based on structural metrics. In this work, we present our approach to integrate our visualization tool into the Eclipse IDE environment. Previously, only standalone usage was possible, but with this new version the users can invoke the visualization directly from the IDE, and all the analysis is performed in the background. The new version of the tool now includes an Eclipse plug-in and a Minecraft modification in addition to the analysis and visualization modules which have also been extended with some new features. Possible use cases and a detailed scenario are presented.
@InProceedings{SCAM15p271,
author = {Gergő Balogh and Attila Szabolics and Árpád Beszédes},
title = {CodeMetropolis: Eclipse over the City of Source Code},
booktitle = {Proc.\ SCAM},
publisher = {IEEE},
pages = {271--276},
doi = {},
year = {2015},
}
Video
Info
proc time: 0.26