937 results on '"Redundant code"'
Search Results
202. Automatic error elimination by horizontal code transfer across multiple applications
- Author
-
Fan Long, Martin Rinard, Eric Lahtinen, Stelios Sidiroglou-Douskos, Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory, Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science, Sidiroglou, Stylianos, Lahtinen, Eric, Long, Fan, and Rinard, Martin C.
- Subjects
Systematic code ,Source code ,Dead code ,Duplicate code ,Computer science ,media_common.quotation_subject ,Code (cryptography) ,Integer overflow ,Unreachable code ,Redundant code ,Algorithm ,media_common - Abstract
We present Code Phage (CP), a system for automatically transferring correct code from donor applications into recipient applications that process the same inputs to successfully eliminate errors in the recipient. Experimental results using seven donor applications to eliminate ten errors in seven recipient applications highlight the ability of CP to transfer code across applications to eliminate out of bounds access, integer overflow, and divide by zero errors. Because CP works with binary donors with no need for source code or symbolic information, it supports a wide range of use cases. To the best of our knowledge, CP is the first system to automatically transfer code across multiple applications., United States. Defense Advanced Research Projects Agency (Grant FA8650-11-C-7192)
- Published
- 2015
203. Parallax: Implicit Code Integrity Verification Using Return-Oriented Programming
- Author
-
Dennis Andriesse, Asia Slowinska, and Herbert Bos
- Subjects
Source code ,Dead code ,business.industry ,Computer science ,media_common.quotation_subject ,Code bloat ,computer.software_genre ,Self-modifying code ,Threaded code ,Embedded system ,Operating system ,Code generation ,Unreachable code ,business ,Redundant code ,computer ,media_common - Abstract
Parallax is a novel self-contained code integrity verification approach, that protects instructions by overlapping Return-Oriented Programming (ROP) gadgets with them. Our technique implicitly verifies integrity by translating selected code (verification code) into ROP code which uses gadgets scattered over the binary. Tampering with the protected instructions destroys the gadgets they contain, so that the verification code fails, thereby preventing the adversary from using the modified binary. Unlike prior solutions, Parallax does not rely on code checksumming, so it is not vulnerable to instruction cache modification attacks which affect checksumming techniques. Further, unlike previous algorithms which withstand such attacks, Parallax does not compute hashes of the execution state, and can thus protect code with non-deterministic state. Parallax limits performance overhead to the verification code, while the protected code executes at its normal speed. This allows us to protect performance-critical code, and confine the slowdown to other code regions. Our experiments show that Parallax can protect up to 90% of code bytes, including most control flow instructions, with a performance overhead of under 4%.
- Published
- 2015
204. Countermeasures Mitigation for Designing Rich Shell Code in Java Card
- Author
-
Noreddine El Janati El Idrissi, Said El Hajji, Jean-Louis Lanet, Laboratoire Mathématiques informatique et applications [Rabat] (LabMIA), Université Mohammed V de Rabat [Agdal] (UM5), Threat Analysis and Mitigation for Information Security (TAMIS), Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-LANGAGE ET GÉNIE LOGICIEL (IRISA-D4), Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS), Said El Hajji, Abderrahmane Nitaj, Claude Carlet, El Mamoun Souidi, University of Mohammed V, LANGAGE ET GÉNIE LOGICIEL (IRISA-D4), CentraleSupélec-Télécom Bretagne-Université de Rennes 1 (UR1), Université de Rennes (UNIV-RENNES)-Université de Rennes (UNIV-RENNES)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Rennes (ENS Rennes)-Université de Bretagne Sud (UBS)-Centre National de la Recherche Scientifique (CNRS)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-CentraleSupélec-Télécom Bretagne-Université de Rennes 1 (UR1), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Inria Rennes – Bretagne Atlantique, and Institut National de Recherche en Informatique et en Automatique (Inria)
- Subjects
Java ,Computer science ,0211 other engineering and technologies ,02 engineering and technology ,Smart Card ,Computer security ,computer.software_genre ,[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] ,Self Modifying Code ,Code segment ,0202 electrical engineering, electronic engineering, information engineering ,Shell Code ,Redundant code ,computer.programming_language ,021110 strategic, defence & security studies ,OpenPGP card ,business.industry ,020206 networking & telecommunications ,Self-modifying code ,Embedded system ,[INFO.INFO-ES]Computer Science [cs]/Embedded Systems ,Unreachable code ,Smart card ,Java Card ,business ,computer - Abstract
Recently, it has been published that Java based smart cards are still exposed to logical attacks. These attacks take advantage of the lack of a full verification and dynamically use a type of confusion. Countermeasures have been introduced on recent smart card to avoid executing rich shell code and particulary dynamic bound checking of the code segment. We propose here a new attack path for performing a type confusion that leads to a Java based self modifying code. Then, to mitigate this new attack an improvement to the previous countermeasure is proposed.
- Published
- 2015
205. Readactor: Practical Code Randomization Resilient to Memory Disclosure
- Author
-
Stefan Brunthaler, Michael Franz, Christopher Liebchen, Andrei Homescu, Lucas Davi, Stephen Crane, Ahmad-Reza Sadeghi, and Per Larsen
- Subjects
Source code ,Address space layout randomization ,Dead code ,business.industry ,Computer science ,media_common.quotation_subject ,computer.software_genre ,Computer security ,Code bloat ,Dead code elimination ,Software ,Object code ,Just-in-time compilation ,Threaded code ,Pointer (computer programming) ,Code generation ,Compiler ,Unreachable code ,business ,Redundant code ,computer ,Return-oriented programming ,media_common - Abstract
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software. Designing practical and effective defenses against code-reuse attacks is highly challenging. One line of defense builds upon fine-grained code diversification to prevent the adversary from constructing a reliable code-reuse attack. However, all solutions proposed so far are either vulnerable to memory disclosure or are impractical for deployment on commodity systems. In this paper, we address the deficiencies of existing solutions and present the first practical, fine-grained code randomization defense, called Read actor, resilient to both static and dynamic ROP attacks. We distinguish between direct memory disclosure, where the attacker reads code pages, and indirect memory disclosure, where attackers use code pointers on data pages to infer the code layout without reading code pages. Unlike previous work, Read actor resists both types of memory disclosure. Moreover, our technique protects both statically and dynamically generated code. We use a new compiler-based code generation paradigm that uses hardware features provided by modern CPUs to enable execute-only memory and hide code pointers from leakage to the adversary. Finally, our extensive evaluation shows that our approach is practical -- we protect the entire Google Chromium browser and its V8 JIT compiler -- and efficient with an average SPEC CPU2006 performance overhead of only 6.4%.
- Published
- 2015
206. A test automation language framework for behavioral models
- Author
-
Jeff Offutt and Nan Li
- Subjects
Empirical comparison ,Computer science ,business.industry ,Programming language ,computer.software_genre ,Automation ,Zero (linguistics) ,Test (assessment) ,Open source ,business ,Redundant code ,computer ,Dynamic testing ,Agile software development - Abstract
Model-based testers design tests in terms of models, such as paths in graphs. This results in abstract tests, which have to be converted to concrete tests because the abstract tests use names and events that exist in the model, but not the implementation. Model elements often appear in many abstract tests, so testers write the same redundant code many times. However, many existing model-based testing techniques are very complicated to use in practice, especially in agile software development. Thus, testers usually have to transform abstract tests to concrete tests by hand. This is time-consuming, laborintensive, and error-prone. This paper presents a language to automate the creation of mappings from abstract tests to concrete tests. Three issues are addressed: (1) creating mappings and generating test values, (2) transforming graphs and using coverage criteria to generate test paths, and (3) solving constraints and generating concrete tests. Based on the language, we developed a test automation language framework. The paper also presents results from an empirical comparison of testers using the framework with manual mapping on 11 open source and 6 example programs. We found that the automated test generation method took 29.6% of the time the manual method took on average, and the manual tests contained 48 errors in which concrete tests did not match their abstract tests while the automatic tests had zero errors.
- Published
- 2015
207. Junk code elimination based on idle object set
- Author
-
Jin-long Fei, Wei Lin, and Rui-jie Cai
- Subjects
Source code ,Dead code ,Computer science ,Programming language ,media_common.quotation_subject ,computer.file_format ,Parallel computing ,computer.software_genre ,Code bloat ,Code (cryptography) ,Code generation ,Executable ,Unreachable code ,Redundant code ,computer ,media_common - Abstract
Junk code increase manual analysis difficulty in reverse engineering, and seriously disturb the automatic analysis process of ant code obfuscating, so find a junk code removing method has a great significance in the field of reverse engineering. Based on this, aiming at the problem that the executable context-dependent junk code is difficult to remove automatically, this paper proposes a junk code removing method based on idle register slicing, through analyzing data dependencies between instructions, get all the idle register of all instruction in code block, slice the code block by idle registers respectively, remove all the junk code in the slice instruction. Experiments show that, this method can remove embedded executable junk code rapidly and accurately, improve the efficiency of reverse engineering.
- Published
- 2015
208. A Generator for Time-Predictable Code
- Author
-
Peter Puschner, Daniel Prokesch, and Stefan Hepp
- Subjects
Systematic code ,Source code ,Dead code ,Object code ,Computer science ,media_common.quotation_subject ,Code generation ,Parallel computing ,Unreachable code ,Redundant code ,Dead code elimination ,media_common - Abstract
Time-predictability is an essential property of software components of safety-critical hard real-time systems. Single-path code generation produces code that forces every execution to follow the same trace of instructions, thus making the execution time of code independent of its input data. This supports the time predictability of components and simplifies their worst-case execution-time analysis. In this paper we present the implementation of a single-path code generator in a compiler for a time-predictable processor. The evaluation on a real-world application shows that single-path code generation is a practicable strategy for the construction of time-predictable software components.
- Published
- 2015
209. Improving pattern tracking with a language-aware tree differencing algorithm
- Author
-
Julia Lawall, Nicolas Palix, Jean-Rémy Falleri, Efficient and Robust Distributed Systems (ERODS), Laboratoire d'Informatique de Grenoble (LIG), Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS), Laboratoire Bordelais de Recherche en Informatique (LaBRI), Université de Bordeaux (UB)-École Nationale Supérieure d'Électronique, Informatique et Radiocommunications de Bordeaux (ENSEIRB)-Centre National de la Recherche Scientifique (CNRS), Well Honed Infrastructure Software for Programming Environments and Runtimes (Whisper), Laboratoire d'Informatique de Paris 6 (LIP6), Université Pierre et Marie Curie - Paris 6 (UPMC)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre et Marie Curie - Paris 6 (UPMC)-Centre National de la Recherche Scientifique (CNRS)-Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF), Université de Bordeaux (UB)-Centre National de la Recherche Scientifique (CNRS)-École Nationale Supérieure d'Électronique, Informatique et Radiocommunications de Bordeaux (ENSEIRB), Well Honed Infrastructure Software for Programming Environments and Runtimes ( Whisper), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-LIP6, and Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS)-Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS)
- Subjects
Theoretical computer science ,Source code ,Dead code ,Computer science ,tree-matching ,code metrics ,media_common.quotation_subject ,Code coverage ,020207 software engineering ,Static program analysis ,code tracking ,02 engineering and technology ,[INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE] ,Longest common subsequence problem ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,Code generation ,Unreachable code ,[INFO.INFO-OS]Computer Science [cs]/Operating Systems [cs.OS] ,Redundant code ,Algorithm ,media_common - Abstract
International audience; Tracking code fragments of interest is important in monitoring a software project over multiple versions. Various approaches, including our previous work on Herodotos, exploit the notion of Longest Common Subsequence, as computed by readily available tools such as GNU Diff, to map corresponding code fragments. Nevertheless, the efficient code differencing algorithms are typically line-based or word-based, and thus do not report changes at the level of language constructs. Furthermore, they identify only additions and removals, but not the moving of a block of code from one part of a file to another. Code fragments of interest that fall within the added and removed regions of code have to be manually correlated across versions, which is tedious and error-prone. When studying a very large code base over a long time, the number of manual correlations can become an obstacle to the success of a study. In this paper, we investigate the effect of replacing the current line-based algorithm used by Herodotos by tree-matching, as provided by the algorithm of the differencing tool GumTree. In contrast to the line-based approach, the tree-based approach does not generate any manual correlations, but it incurs a high execution time. To address the problem, we propose a hybrid strategy that gives the best of both approaches.
- Published
- 2015
210. On the level of code suggestion for reuse
- Author
-
Akio Ohtani, Yoshiki Higo, Tomoya Ishihara, and Shinji Kusumoto
- Subjects
Source code ,Dead code ,Programming language ,Computer science ,media_common.quotation_subject ,computer.software_genre ,Code bloat ,Object code ,Code generation ,KPI-driven code analysis ,Unreachable code ,Redundant code ,computer ,media_common - Abstract
Code search techniques are well-known as one of the techniques that helps code reuse. If developers input queries that represent functionality that they want, the techniques suggest code fragments that are related to the query. Generally, code search techniques suggest code at the component level of programming language such as class or file. Due to this, developers occasionally need to search necessary code in the suggested area. As a countermeasure, there is a code search technique where code is suggested based on the past reuse. The technique ignores structural code blocks, so that developers need to add some code to the pasted code or remove some code from it. That is, the advantages and disadvantages of the former technique are disadvantages and advantages of the latter one, respectively. In this research, we have conducted a comparative study to reveal which level of code suggestion is more useful for code reuse. In the study, we also compared a hybrid technique of the two techniques with them. As a result, we revealed that component-level suggestions were able to provide reusable code more precisely. On the other hand, reuse-level suggestions were more helpful to reuse larger code.
- Published
- 2015
211. CloCom: Mining existing source code for automatic comment generation
- Author
-
Taiyue Liu, Lin Tan, and Edmund Wong
- Subjects
Code review ,Source code ,business.industry ,Computer science ,Programming language ,media_common.quotation_subject ,Static program analysis ,computer.software_genre ,Internal documentation ,KPI-driven code analysis ,Code generation ,Docstring ,Software engineering ,business ,Redundant code ,computer ,media_common - Abstract
Code comments are an integral part of software development. They improve program comprehension and software maintainability. The lack of code comments is a common problem in the software industry. Therefore, it is beneficial to generate code comments automatically. In this paper, we propose a general approach to generate code comments automatically by analyzing existing software repositories. We apply code clone detection techniques to discover similar code segments and use the comments from some code segments to describe the other similar code segments. We leverage natural language processing techniques to select relevant comment sentences. In our evaluation, we analyze 42 million lines of code from 1,005 open source projects from GitHub, and use them to generate 359 code comments for 21 Java projects. We manually evaluate the generated code comments and find that only 23.7% of the generated code comments are good. We report to the developers the good code comments, whose code segments do not have an existing code comment. Amongst the reported code comments, seven have been confirmed by the developers as good and committable to the software repository while the rest await for developers' confirmation. Although our approach can generate good and committable comments, we still have to improve the yield and accuracy of the proposed approach before it can be used in practice with full automation.
- Published
- 2015
212. Efficient approach to detect logical equivalence in the paradigm of software plagiarism
- Author
-
Rupayan Dutta
- Subjects
Theoretical computer science ,Code review ,Source code ,Logical equivalence ,Computer science ,media_common.quotation_subject ,Code word ,Static program analysis ,computer.software_genre ,Code (cryptography) ,Software system ,Redundant code ,computer ,media_common - Abstract
Software plagiarism is one of the major obstacles which complicates the development and deployment of software systems. Legal complications related to use of copyright protected code has a far reaching effect. The challenge is to detect the existence of logical equivalence in an otherwise seemingly unmatched code. In this paper, a novel approach has been described which detects plagiarism only in logical statements of the code i.e. it does not detect copy-pasting in inclusion statements (e.g. #include in C/C++, import in JAVA), macro definitions (e.g. #define in C/C++), declaration statements and inside commented code. It also takes into account possible cosmetic changes of the code e.g. variable renaming, data type alterations, code snippets insertions or minor modifications. The method does comparison in an efficient minimalistic way, thus making it scalable to large code bases.
- Published
- 2015
213. Exploiting and Protecting Dynamic Code Generation
- Author
-
Tielei Wang, David Melski, Chao Zhang, Chengyu Song, and Wenke Lee
- Subjects
Source code ,Dead code ,Computer science ,media_common.quotation_subject ,computer.software_genre ,Code bloat ,Self-modifying code ,Threaded code ,Operating system ,Code generation ,Unreachable code ,Redundant code ,computer ,media_common - Abstract
—Many mechanisms have been proposed and de-ployed to prevent exploits against software vulnerabilities. Amongthem, W X is one of the most effective and efficient. W Xprevents memory pages from being simultaneously writableand executable, rendering the decades old shellcode injectiontechnique infeasible.In this paper, we demonstrate that the traditional shellcodeinjection attack can be revived through a code cache injectiontechnique. Specifically, dynamic code generation, a techniquewidely used in just-in-time (JIT) compilation and dynamic binarytranslation (DBT), generates and modifies code on the fly in orderto promote performance or security. The dynamically generatedcode fragments are stored in a code cache, which is writableand executable either at the same time or alternately, resultingin an opportunity for exploitation. This threat is especiallyrealistic when the generated code is multi-threaded, becauseswitching between writable and executable leaves a time windowfor exploitation. To illustrate this threat, we have crafted a proof-of-concept exploit against modern browsers that support WebWorkers.To mitigate this code cache injection threat, we propose anew dynamic code generation architecture. This new architecturerelocates the dynamic code generator to a separate process,in which the code cache is writable. In the original processwhere the generated code executes, the code cache remains read-only. The code cache is synchronized across the writing processand the execution process through shared memory. Interactionbetween the code generator and the generated code is handledtransparently through remote procedure calls (RPC). We haveported the Google V8 JavaScript engine and the Strata DBTto this new architecture. Our implementation experience showedthat the engineering effort for porting to this new architectureis minimal. Evaluation of our prototype implementation showedthat this new architecture can defeat the code cache injectionattack with small performance overhead.
- Published
- 2015
214. LLVM-Based Code Generation for B
- Author
-
Valério Augusto Soares de Medeiros, David Déharbe, Thierry Lecomte, and Richard Bonichon
- Subjects
Source code ,Programming language ,Computer science ,media_common.quotation_subject ,Code word ,computer.software_genre ,Object code ,Threaded code ,Code generation ,Compiler ,Unreachable code ,Redundant code ,computer ,media_common - Abstract
We present b2llvm, a multi-platform code generator for the B-method. The b2llvm code generator currently handles the following elements of the B language: simple data types, imperative instructions and component compositions. In particular, this paper describes a translation for essential implementation constructs of the B language into LLVM source code, implemented into the b2llvm compiler. We use an example-based approach for this description.
- Published
- 2015
215. An effective approach using dissimilarity measures to estimate software code clone
- Author
-
Sachin V. Shinde, Shashank Joshi, Ritesh V. Patil, and V. Khanna
- Subjects
Source code ,Dead code ,Computer science ,media_common.quotation_subject ,Static program analysis ,computer.software_genre ,Object code ,Code generation ,KPI-driven code analysis ,Data mining ,Unreachable code ,Redundant code ,computer ,media_common - Abstract
Software based clone detection is in hype as industries demand to such product has risen. Due to code replication means the copy and paste activities, such pattern is recurrent thereby developers can reduce effort and time of rewriting similar code fragment from scratch. In the industrial software system, code replication is found a serious trouble because it may affect on quality, consistency, maintainability and comprehensibility. Thus, efficient approach is needed to detect such replication in distributed environment. The trial here is variety of syntax, compiler dependent language, and various coding styles to solve a single problem. As per the related survey, researchers are finding difficult to evolve code copies, even on regressive benchmarking. The existing software tools have some restrictions to detect perfect code clone. Each software developer may think in different way for the implementation of the same problem. The methodology explained here is to specify an efficient way to detect code clone which is a hybrid model that covers maximum coding behavior and classes of clones. Along with similarity check, the paper describes the importance of dissimilarity detection. Detecting dissimilarity is due to operator or function overloading. Since this is essential feature of a good Object oriented Language. It also discusses key techniques that save time in retrieval and comparison of data, by extracting and arranging code that is mined from code document. The proposed system eliminates efforts of comparing the code line by line between two files, which was followed in traditional algorithm. It defines a reduction technique and code complexity based analysis which increases the probability of success. The concluding mark is that no single scheme defines procedure for all types of clone's detection. In this paper, we introduce a multi-model learning technique to detect various types of code clone, which has been taken up as problem statement in this research work.
- Published
- 2015
216. Identifying Code Generation Candidates Using Software Categories
- Author
-
Bernhard Rumpe and Pedram Mir Seyed Nazari
- Subjects
Source code ,Code review ,Programming language ,Computer science ,media_common.quotation_subject ,Static program analysis ,computer.file_format ,computer.software_genre ,Object code ,Code generation ,KPI-driven code analysis ,Executable ,Data mining ,Redundant code ,computer ,media_common - Abstract
Code generators are a crucial part of the model-driven development (MDD) approach. They systematically transform abstract models to concrete executable source code. Typically, a generator developer determines the code parts that should be generated and separates them from handwritten code. Since performed manually, this task often is time-consuming, labor-intensive, difficult to maintain and may produce more code than necessary. This paper presents an iterative approach for identifying candidates for generated code by analyzing the dependencies of categorized code parts. Dependency rules are automatically derived from a predefined software category graph and serve as basis for the categorization process. Generator developers can use this approach to systematically identify code generation candidates. The ideas and concepts of this paper were introduced at the MODELSWARD conference [1] and are extended in this contribution.
- Published
- 2015
217. Intrinsic Code Attestation by Instruction Chaining for Embedded Devices
- Author
-
Peter Langendörfer, Oliver Stecklina, Frank Vater, Gregor Leander, and Thorsten Kranz
- Subjects
Cipher ,Dead code ,business.industry ,Computer science ,Cycles per instruction ,Embedded system ,Cryptography ,Unreachable code ,business ,Encryption ,Redundant code ,Block cipher - Abstract
In this paper we present a novel approach to ensure that no malicious code can be executed on resource constraint devices such as sensor nodes or embedded devices. The core idea is to encrypt the code and to decrypt it after reading it from the memory. Thus, if the code is not encrypted with the correct key it cannot be executed due the incorrect result of the decryption operation. A side effect of this is that the code is protected from being copied. In addition we propose to bind instructions to their predecessors by cryptographic approaches. This helps us to prevent attacks that reorder authorized code such as return-oriented programming attacks. We present a thorough security analysis of our approach as well as simulation results that prove the feasibility of our approach. The performance penalty as well as the area penalty depend mainly on the cipher algorithm used. The former can be as small as a single clock cycle if Prince a latency optimized block cipher is used, while the area overhead is 45 per cent for a commodity micro controller unit (MCU).
- Published
- 2015
218. Two Messages out of One 2D Matrix Bar Code
- Author
-
Mario Osvin Pavčević, Jesenka Pibernik, and Filip Cvitić
- Subjects
Self-synchronizing code ,Theoretical computer science ,Source code ,Computer Networks and Communications ,Computer science ,media_common.quotation_subject ,Code word ,Multidimensional parity-check code ,Parity-check matrix ,Systematic code ,Bar code design ,information display ,masks ,multimedia content understanding ,parity-check matrix ,QR code ,Computer engineering ,Constant-weight code ,Redundant code ,Information Systems ,media_common - Abstract
With the proposed principle of two-dimensional matrix bar code design based on masks, the whole surface of a 2D bar code is used for creating graphic patterns. Masks are a method of overlaying certain information with complete preservation of encoded information. In order to ensure suitable mask performance, it is essential to create a set of masks (mask folder) which are similar to each other. This ultimately allows additional error correction on the whole code level which is proven mathematically through an academic example of a QR code with a matrix of size 9 × 9. In order to create a mask folder, this article will investigate parameters based on Weber’s law. With the parameters founded in the research, this principle shows how QR codes, or any other 2D bar code, can be designed to display two different messages. This ultimately enables a better description of a 2D bar code, which will improve users’ visual recognition of 2D bar code purpose, and therefore users’ greater enjoyment and involvement.
- Published
- 2015
219. Tools and Techniques for Analyzing Product and Process Data
- Author
-
Diomidis Spinellis
- Subjects
Code review ,Source code ,Programming language ,Computer science ,media_common.quotation_subject ,Static program analysis ,computer.software_genre ,KPI-driven code analysis ,Code generation ,Software analysis pattern ,Redundant code ,computer ,Machine code ,media_common - Abstract
The analysis of data from software products and their development process is tempting, but often non-trivial. A flexible, extensible, scalable, and efficient way for performing this analysis is through the use of line-oriented textual data streams, which are the lowest useful common denominator for many software analysis tasks. Using this technique, Unix tool-chest programs are combined into a pipeline that forms the pattern: fetching, selecting, processing, and summarizing. Product artifacts that can be handled in this way include source code (using heuristics, lexical analysis, or full-blown parsing and semantic analysis) as well as compiled code, which spans assembly code, machine code, byte code, and libraries. On the process front, data that can be analyzed includes configuration management metadata, time series snapshots, and checked repositories. The resulting data can then be visualized as graphs, diagrams, charts, and maps.
- Published
- 2015
220. Code clone detection using decentralized architecture and code reduction
- Author
-
Ritesh V. Patil, Shashank Joshi, Digvijay A. Ajagekar, Sachin V. Shinde, and Shubham D. Bankar
- Subjects
Source code ,Dead code ,Computer science ,Programming language ,media_common.quotation_subject ,Static program analysis ,computer.software_genre ,Code refactoring ,Duplicate code ,Code generation ,Clone (computing) ,Redundant code ,computer ,media_common - Abstract
Code cloning is the code fragment similar to one another in the form of semantics and syntax. In the software development process, it is reuse approach of existing code. While developing a new software version, all the software modules may not be altered or redevelop. Some existing modules are copied with or without modification introducing to the generation of code clones. This is done for saving the developers efforts and time. But there is an issue, if a bug is discovered in some code fragment, then such contents must be discovered by means of clone detectors, to avoid inclusion of such errors or bugs. Clones are made due to reuse approach and programming approach. Reuse approach contain simple reuse by copy/paste activity of design, functionalities and logic. Programming approach involves merging of two similar systems, system development with generative programming approach and delay in restructuring. Code is developed on distributed system. It is difficult to find out code clones on these systems. We need an effective way to detect the clones. Earlier research and tools developed till now can find only Type-I, Type-II and some part of Type-III clones. Detection of Type-IV clone estimates a challenge in current scenario. Some tools are very slow and take lot of time for comparing codes and also their precision is low. Thus they are limited to Type-I and Type-II clones. The tools oriented on PDG are able to find Type-III clones. Time required to detect the clones by existing tools is high due to large number of comparisons. This sets the basis as a metaphor for our current research. The motive of our approach is to reduce comparisons and improve precision. Our proposed method detects duplicate code in efficient way by using Decentralized Computing and Code reduction. Significant efforts are applied to address Type-III and various other clones that set challenging aspects in the research.
- Published
- 2015
221. Source code analysation and optimalization
- Author
-
Eszterhazy Karoly and Roland Király
- Subjects
Systematic code ,Source code ,Theoretical computer science ,Dead code ,Computer science ,media_common.quotation_subject ,Code generation ,KPI-driven code analysis ,Redundant code ,Code bloat ,Dead code elimination ,media_common - Abstract
As code size and complexity grows, an ever increasing part of development costs [2, 3] is testing, and dealing with problems the arises during testing, and also proving that the changes made to the code will not alter its semantic meaning. The cost of code modification is not only dependent upon its size, but also significantly influenced by its level of sophistication. Static source analysis [5] could help to uncover code inconsistencies even in the early phases of program development, and to find and correct unmanageably complex code parts to lower the cost of code-testing. A complexity measure based analysis [1] includes finding unmanageably complex parts and pin-pointing bad coding style, ineective or unoptimized code snippets and algorithms. The characteristics of the source code is definable in every programming paradigm, and in most cases its attributes are determined based on dierent criteria. Besides code indentation and the amount of code lines it is also an important factor how many programming constructs are used and how deeply nested those are. There can be dierences in the scale of the measuring system, and the various values and the ratio between those during development so we should provide means to the program engineers and developers to be able to define the values and ratios they deemed appropriate. The various code transformation steps can cause measurable changes in the structural complexity of source codes, and by that one can decide upon which transformations are to be used to improve code quality. In this paper we would like to introduce an analyzing and optimizing algorithm based upon complexity measurement [6, 4, 7], with which one can automatically or semi-automatically use to correct during coding new, or already made (but awaiting transformation) source-codes written in Erlang [8, 9].
- Published
- 2015
222. Software Protection with Code Mobility
- Author
-
Paolo Falcarin, Bart Coppens, Bjorn De Sutter, Alessandro Cabutto, and Bert Abrath
- Subjects
Source code ,Dead code ,Computer science ,business.industry ,media_common.quotation_subject ,Code word ,Settore ING-IND/05 - Impianti e Sistemi Aerospaziali ,16. Peace & justice ,computer.software_genre ,Embedded system ,Operating system ,KPI-driven code analysis ,Code generation ,Unreachable code ,Code mobility ,business ,Redundant code ,computer ,media_common - Abstract
The analysis of binary code is a common step of Man-At-The-End attacks to identify code sections crucial to implement attacks, such as identifying private key hidden in the code, identifying sensitive algorithms or tamper with the code to disable protections (e.g. license checks or DRM) embedded in binary code, or use the software in an unauthorized manner. Code Mobility can be used to thwart code analysis and debugging by removing parts of the code from the deployed software program and installing it at run-time by downloading binary code blocks from a trusted server. The proposed architecture of the code mobility protection downloads mobile code blocks, which are allocated dynamically at addresses determined at run-time; control transfers into and out of mobile code blocks are rewritten using the Diablo binary-rewriter tool.
- Published
- 2015
223. Reseach on V Code for Virtual Assembly System
- Author
-
Hu Han and Huanfang Ma
- Subjects
Engineering drawing ,Source code ,Computer science ,media_common.quotation_subject ,Code coverage ,computer.software_genre ,Rendering (computer graphics) ,Threaded code ,KPI-driven code analysis ,Code generation ,Redundant code ,computer ,Interpreter ,media_common - Abstract
Based on NC Code, in this paper, a kind of virtual descriptive language—V Code is designed and achieved for VA simulation. It is divided into three parts: scene setting code, motion controlling code and environment rendering code. At the same time, V Code definition, function classification, V Code interpreter and V Code generator are given; the grammar structure of each V Code is designed. At last, the application example of solar PECVD equipment is listed to verify V Code's effectiveness. The results show that VA simulation based on V Code is easy to understand and promote the application in many enterprises. And, it is very easy to edit equipment simulation motion program, flexible to control the simulation process, and effective to enhance the structural simulation program and improve the efficiency of the implementation process. Keywords-V Code; Virtual simulation; VA; V Code In recent years, many researches on both the theories and the application of VA are conducted in many countries. Germany, United States and other developed countries lie in the leading position. Reference (1-6) mainly studied the assembly sequence planning and gave feasible algorithm. Paper (7) analyzes the human factors of the assembly process. Domestic scholars also carried out fruitful research for VA and related fields, and made many valuable new theories and new methods (8-10). All of the literature mentioned above, which is based on secondary development for business software, mainly study the assembly sequence planning, human-computer interaction, virtual scene design and other technologies to develop VA system. Most of these studies are still in the initial stages, it is difficult for assembly workers to understand, and hard to widely use in the manufacture enterprises and really have a real benefit. So, VA simulation based on V Code can easily set up virtual simulation environment and body structure of simulation equipment; easily edit equipment simulation motion program, very flexibly control the simulation process, effectively enhance the structural simulation program, simplify program, and improve the efficiency of the implementation process. The presentation of V Code lays a good foundation for the VA simulation in the promotion of all types of enterprises in the future.
- Published
- 2015
224. Tutorons: Generating Context-Relevant, On-Demand Explanations and Demonstrations of Online Code
- Author
-
Björn Hartmann, Andrew Head, Marti A. Hearst, and Codanda Appachu
- Subjects
Unix ,Source code ,Syntax (programming languages) ,Programming language ,Computer science ,media_common.quotation_subject ,Parse tree ,computer.software_genre ,Web page ,Code generation ,Redundant code ,computer ,Natural language ,media_common - Abstract
Programmers frequently turn to the web to solve problems and find example code. For the sake of brevity, the snippets in online instructions often gloss over the syntax of languages like CSS selectors and Unix commands. Programmers must compensate by consulting external documentation. In this paper, we propose language-specific routines called Tutorons that automatically generate context-relevant, on-demand micro-explanations of code. A Tutoron detects explainable code in a web page, parses it, and generates in-situ natural language explanations and demonstrations of code. We build Tutorons for CSS selectors, regular expressions, and the Unix command “wget”. We demonstrate techniques for generating natural language explanations through template instantiation, synthesizing code demonstrations by parse tree traversal, and building compound explanations of co-occurring options. Through a qualitative study, we show that Tutoron-generated explanations can reduce the need for reference documentation in code modification tasks.
- Published
- 2015
225. The Mechanics of C++: from Source Code to a Running Program
- Author
-
Daniel J. Duffy
- Subjects
Source code ,Programming language ,Computer science ,media_common.quotation_subject ,Parallel computing ,Program optimization ,computer.software_genre ,Single Compilation Unit ,Template metaprogramming ,Code generation ,Compiler ,Redundant code ,computer ,Compile time ,media_common - Published
- 2006
226. Managing bounded code caches in dynamic binary optimization systems
- Author
-
Michael D. Smith and Kim Hazelwood
- Subjects
Hardware_MEMORYSTRUCTURES ,Dead code ,Computer science ,Parallel computing ,Dead code elimination ,Self-modifying code ,Threaded code ,Hardware and Architecture ,Code generation ,Unreachable code ,Cache ,Redundant code ,Software ,Information Systems - Abstract
Dynamic binary optimizers store altered copies of original program instructions in software-managed code caches in order to maximize reuse of transformed code. Code caches store code blocks that may vary in size, reference other code blocks, and carry a high replacement overhead. These unique constraints reduce the effectiveness of conventional cache management policies. Our work directly addresses these unique constraints and presents several contributions to the code-cache management problem. First, we show that evicting more than the minimum number of code blocks from the code cache results in less run-time overhead than the existing alternatives. Such granular evictions reduce overall execution time, as the fixed costs of invoking the eviction mechanism are amortized across multiple cache insertions. Second, a study of the ideal lifetimes of dynamically generated code blocks illustrates the benefit of a replacement algorithm based on a generational heuristic. We describe and evaluate a generational approach to code cache management that makes it easy to identify long-lived code blocks and simultaneously avoid any fragmentation because of the eviction of short-lived blocks. Finally, we present results from an implementation of our generational approach in the DynamoRIO framework and illustrate that, as dynamic optimization systems become more prevalent, effective code cache-management policies will be essential for reliable, scalable performance of modern applications.
- Published
- 2006
227. A bipolar-bipolar code for asynchronous wavelength-time optical CDMA
- Author
-
Cheng-Yuan Chang, Guu-Chang Yang, Wing C. Kwong, and Chun-Ping Hsieh
- Subjects
Prefix code ,Self-synchronizing code ,Dead code ,Polynomial code ,Computer science ,Code rate ,Locally testable code ,Dual code ,Systematic code ,Universal code ,Canonical Huffman code ,Ternary Golay code ,Cyclic code ,Electronic engineering ,Unreachable code ,Barker code ,Constant-weight code ,Electrical and Electronic Engineering ,Redundant code ,Algorithm - Abstract
We propose a modified bipolar-bipolar code for wavelength-time optical code-division multiple access. The new code uses Gold sequences for time spreading, in place of Barker sequences in our previously proposed bipolar-bipolar code. The new code has a cardinality of N+1 times greater than the original code, because there exist N+2 Gold sequences, but only one Barker sequence, for a given code length N. Since the new code is modified from the original code, there is no increase in hardware complexity. The average performance of the new code is analyzed and found very close to that of the original code. In other words, the new code can support greater cardinality without worsening average performance or increasing hardware complexity
- Published
- 2006
228. Static code analysis
- Author
-
Panos Louridas
- Subjects
Correctness ,Source code ,Shape analysis (program analysis) ,Dead code ,Java ,Programming language ,Computer science ,media_common.quotation_subject ,Static program analysis ,computer.software_genre ,Code bloat ,Dead code elimination ,Bytecode ,Debugging ,KPI-driven code analysis ,Software verification and validation ,Unreachable code ,Redundant code ,computer ,Software ,media_common ,computer.programming_language ,Data-flow analysis - Abstract
Programmers usually employ static checkers, it checks our programs for errors without executing them, in a process called static code analysis. In this way, it works with a program that has an initial indication of correctness (because it compiles) and try to avoid well-known traps and pitfalls before measuring it against its specifications (when it's tested). We use FindBugs, a popular open source static code checker for Java. Static code checkers in Java come in two flavors: those that work directly on the program source code and those that work on the compiled bytecode. Although each code checker works in its own way, most share some basic traits. They read the program and construct some model of it, a kind of abstract representation that they can use for matching the error patterns they recognize. They also perform some kind of data-flow analysis, trying to infer the possible values that variables might have at certain points in the program. Data-flow analysis is especially important for vulnerability checking, an increasingly important area for code checkers
- Published
- 2006
229. Efficient code generation from SHIM models
- Author
-
Olivier Tardieu and Stephen A. Edwards
- Subjects
Dead code ,Computer science ,business.industry ,Model of computation ,Concurrency ,Parallel computing ,Computer Graphics and Computer-Aided Design ,Concurrent object-oriented programming ,Software ,Code generation ,Unreachable code ,Isolation (database systems) ,Redundant code ,business - Abstract
Programming concurrent systems is substantially more difficult than programming sequential systems, yet most embedded systems need concurrency. We believe this should be addressed through higher-level models of concurrency that eliminate many of the usual challenges, such as nondeterminism arising from races.The shim model of computation provides deterministic concurrency, and there already exist ways of implementing it in hardware and software. In this work, we describe how to produce more efficient C code from shim systems.We propose two techniques: a largely mechanical one that produces tail-recursive code for simulating concurrency, and a more clever one that statically analyzes the communication pattern of multiple processes to produce code with far less overhead. Experimentally, we find our tail-recursive technique produces code that runs roughly twice as fast as a baseline; our statically-scheduled code can run up to twelve times faster.
- Published
- 2006
230. Code Analysis for Temporal Predictability
- Author
-
Raimund Kirner, Björn Lisper, Peter Puschner, and Jan Gustafsson
- Subjects
Control and Optimization ,Source code ,Code review ,Dead code ,Computer Networks and Communications ,Computer science ,Programming language ,media_common.quotation_subject ,Static program analysis ,computer.software_genre ,Code bloat ,Computer Science Applications ,Control and Systems Engineering ,Modeling and Simulation ,Code (cryptography) ,Code generation ,Electrical and Electronic Engineering ,Redundant code ,computer ,media_common - Abstract
The execution time of software for hard real-time systems must be predictable. Further, safe and not overly pessimistic bounds for the worst-case execution time (WCET) must be computable. We conceived a programming strategy called WCET-oriented programming and a code transformation strategy, the single-path conversion, that aid programmers in producing code that meets these requirements. These strategies avoid and eliminate input-data dependencies in the code. The paper describes the formal analysis, based on abstract interpretation, that identifies input-data dependencies in the code and thus forms the basis for the strategies provided for hard real-time code development.
- Published
- 2006
231. CP-Miner: finding copy-paste and related bugs in large-scale software code
- Author
-
Zhenmin Li, Suvda Myagmar, Yuanyuan Zhou, and Shan Lu
- Subjects
Source lines of code ,Dead code ,Computer science ,business.industry ,Code reuse ,Bebugging ,Code coverage ,Software performance testing ,Software maintenance ,computer.software_genre ,Software ,Software bug ,Code refactoring ,Duplicate code ,Operating system ,business ,Software analysis pattern ,Redundant code ,computer - Abstract
Recent studies have shown that large software suites contain significant amounts of replicated code. It is assumed that some of this replication is due to copy-and-paste activity and that a significant proportion of bugs in operating systems are due to copy-paste errors. Existing static code analyzers are either not scalable to large software suites or do not perform robustly where replicated code is modified with insertions and deletions. Furthermore, the existing tools do not detect copy-paste related bugs. In this paper, we propose a tool, CP-Miner, that uses data mining techniques to efficiently identify copy-pasted code in large software suites and detects copy-paste bugs. Specifically, it takes less than 20 minutes for CP-Miner to identify 190,000 copy-pasted segments in Linux and 150,000 in FreeBSD. Moreover, CP-Miner has detected many new bugs in popular operating systems, 49 in Linux and 31 in FreeBSD, most of which have since been confirmed by the corresponding developers and have been rectified in the following releases. In addition, we have found some interesting characteristics of copy-paste in operating system code. Specifically, we analyze the distribution of copy-pasted code by size (number lines of code), granularity (basic blocks and functions), and modification within copy-pasted code. We also analyze copy-paste across different modules and various software versions.
- Published
- 2006
232. Dynamically extending the Corral with native code for high-speed packet processing
- Author
-
Ilja Booij, Bart Samwel, Herbert Bos, Computer Systems, Systems and Network Security, and High Performance Distributed Computing
- Subjects
Source code ,Dead code ,Computer Networks and Communications ,business.industry ,Computer science ,media_common.quotation_subject ,Distributed computing ,Packet processing ,Software ,Programming paradigm ,Code generation ,Unreachable code ,business ,Redundant code ,Machine code ,media_common ,Active networking - Abstract
By combining the Open Kernel Environment, a Click-like software model known as Corral and basic concepts of active networking, we allow third-party code to control the code organisation of a network node at any level, including kernel and network card. We show how an active network environment was implemented and how this environment allows slow active code to control the code organisation of the fast path. The underlying code is structured much like components in a 'Click'-router that may be connected or disconnected at runtime. Not only are active packets permitted to reconfigure predefined native components in the networking code, by using the safe programming model of the open kernel environment they are also able to load and link their own native components at any place in the datapath and at any level in the processing hierarchy. © 2006 Elsevier B.V. All rights reserved.
- Published
- 2006
233. Object-Oriented Programming with Swift
- Author
-
Gary Bennett and Brad Lees
- Subjects
Swift ,Object-oriented programming ,Programming language ,Computer science ,Unify modeling language ,Tangible object ,Software_PROGRAMMINGTECHNIQUES ,Redundant code ,computer.software_genre ,computer ,computer.programming_language - Abstract
Over the past 15 years, the programming world focused on the development paradigm of object-oriented programming (OOP). Most modern development environments and languages implement OOP. Put simply, OOP forms the basis of everything you develop today.
- Published
- 2014
234. Predicting Next Changes at the Fine-Grained Level
- Author
-
Yoshiki Higo, Hiroaki Murakami, Keisuke Hotta, and Shinji Kusumoto
- Subjects
Source code ,Dead code ,Computer science ,media_common.quotation_subject ,Code coverage ,Static program analysis ,computer.software_genre ,Code refactoring ,Software bug ,Data mining ,Unreachable code ,Redundant code ,computer ,media_common - Abstract
Changing source code is not an easy task. Developers occasionally change source code incorrectly. Such mistakes entail additional cost in having to reedit the source code correctly, and repeated changes themselves can be a vulnerability to software quality. We are conducting research into realizing automated code changing as a countermeasure for human errors. As the first step of this research, we propose a technique to predict the types of program elements deleted and added in a next change to Java methods. This technique is designed to support developers in deciding how to change source code after they have identified a method to be changed. We evaluated predictions using the proposed technique with two thresholds, which are sizes of source code changes. For predictions with the smaller threshold where only a single type of program element was added or deleted, the accuracy of the proposed technique was 74% -- 85%. However, for the larger threshold, where 5 or fewer types of program elements were added or deleted, the accuracy was 44% -- 48%.
- Published
- 2014
235. Building call graphs for embedded client-side code in dynamic web applications
- Author
-
Hung Viet Nguyen, Tien N. Nguyen, and Christian Kästner
- Subjects
Source code ,Theoretical computer science ,Dead code ,Computer science ,Programming language ,media_common.quotation_subject ,Code word ,Code Access Security ,computer.software_genre ,Linear code sequence and jump ,Code generation ,Unreachable code ,Redundant code ,computer ,media_common - Abstract
When developing and maintaining a software system, programmers often rely on IDEs to provide editor services such as syntax highlighting, auto-completion, and "jump to declaration". In dynamic web applications, such tool support is currently limited to either the server-side code or to hand-written or generated client-side code. Our goal is to build a call graph for providing editor services on client-side code while it is still embedded as string literals within server-side code. First, we symbolically execute the server-side code to identify all possible client-side code variations. Subsequently, we parse the generated client-side code with all its variations into a VarDOM that compactly represents all DOM variations for further analysis. Based on the VarDOM, we build conditional call graphs for embedded HTML, CSS, and JS. Our empirical evaluation on real-world web applications show that our analysis achieves 100% precision in identifying call-graph edges. 62% of the edges cross PHP strings, and 17% of them cross files - in both situations, navigation without tool support is tedious and error prone.
- Published
- 2014
236. Model based code generation for medical cyber physical systems
- Author
-
Sandeep K. S. Gupta and Ayan Banerjee
- Subjects
Code review ,Dead code ,business.industry ,Computer science ,Real-time computing ,Code coverage ,Static program analysis ,computer.software_genre ,Dead code elimination ,Embedded system ,Code generation ,Unreachable code ,business ,Redundant code ,computer - Abstract
Deployment of medical devices on human body in unsupervised environment makes their operation safety critical. Software errors such as unbounded memory access or unreachable critical alarms can cause life threatening consequences in these medical cyber-physical systems (MCPSes), where software in medical devices monitor and control human physiology. Further, implementation of complex control strategy in inherently resource constrained medical devices require careful evaluation of runtime characteristics of the software. Such stringent requirements causes errors in manual implementation, which can be only detected by static analysis tools possibly inflicting high cost of redesigning. To avoid such inefficiencies this paper proposes an automatic code generator with assurance on safety from errors such as out-of-bound memory access, unreachable code, and race conditions. The proposed code generator was evaluated against manually written code of a software benchmark for sensors BSNBench in terms of possible optimizations using conditional X propagation. The generated code was found to be 9.3% more optimized than BSNBench code. The generated code was also tested using static analysis tool, Frama-c, and showed no errors.
- Published
- 2014
237. You Can Run but You Can't Read
- Author
-
Michael Backes, Benjamin Kollenda, Philipp Koppe, Jannik Pewny, Thorsten Holz, and Stefan Nürnberger
- Subjects
Address space layout randomization ,business.industry ,Computer science ,Code reuse ,computer.file_format ,Computer security ,computer.software_genre ,Code bloat ,Software ,Executable ,Unreachable code ,business ,Redundant code ,computer ,Return-oriented programming ,Buffer overflow - Abstract
Code reuse attacks allow an adversary to impose malicious behavior on an otherwise benign program. To mitigate such attacks, a common approach is to disguise the address or content of code snippets by means of randomization or rewriting, leaving the adversary with no choice but guessing. However, disclosure attacks allow an adversary to scan a process - even remotely - and enable her to read executable memory on-the-fly, thereby allowing the just-in time assembly of exploits on the target site. In this paper, we propose an approach that fundamentally thwarts the root cause of memory disclosure exploits by preventing the inadvertent reading of code while the code itself can still be executed. We introduce a new primitive we call Execute-no-Read (XnR) which ensures that code can still be executed by the processor, but at the same time code cannot be read as data. This ultimately forfeits the self-disassembly which is necessary for just-in-time code reuse attacks (JIT-ROP) to work. To the best of our knowledge, XnR is the first approach to prevent memory disclosure attacks of executable code and JIT-ROP attacks in general. Despite the lack of hardware support for XnR in contemporary Intel x86 and ARM processors, our software emulations for Linux and Windows have a run-time overhead of only 2.2% and 3.4%, respectively.
- Published
- 2014
238. Case study on semantic clone detection based on code behavior
- Author
-
Bayu Priyambadha and Siti Rochimah
- Subjects
Source code ,Theoretical computer science ,Dead code ,Computer science ,business.industry ,media_common.quotation_subject ,Static program analysis ,Software ,Program Dependence Graph ,Code generation ,Unreachable code ,business ,Redundant code ,Algorithm ,media_common - Abstract
The activities of copy and paste fragments of code from a source code into the other source code, with or without modification, are known as the code cloning. The process is often done by software developers because it's easier than generate code manually. In the other hand, this behavior leads to the increasing of effort to maintenance the code. Research on detecting the presence of cloning has been done. Detection of cloned semantically is a detection method that still needs a deepening. One of the detection methods of semantic cloning is based on the behavior of the code. The code behavior detected by looking at input, output and the effects of the method. Methods with the same input, output and effect will show that the function of the method is the same. However, the detection method based on input, output and effect could not be used in a void method and method without parameters. There is no explanations about input, output and effect in that kind of methods. In this case, the solution is needed to find the input, output and the effects of the method. This research is a concern on how to find an input, output and effect in void and non-parameterized method. Detection of input, output and effects done using PDG (Program Dependence Graph). The result is used to reconstruct void and non-parameterizes method. Trial is performed on each method (without exception) using random input data to get the behavior methods. Trial is done using small size source code from jDraw. From the result of the trial process, can be concluded that semantic clone detection using the methods behavior approach is sound very promising. This method can also detect type 1, type 2 and type 3 clone beside the semantic clone itself with an accuracy about 89%.
- Published
- 2014
239. Java archives search engine using byte code as information source
- Author
-
Rila Mandala and Oscar Karnalim
- Subjects
Source code ,Dead code ,Database ,Computer science ,media_common.quotation_subject ,computer.software_genre ,Internal documentation ,KPI-driven code analysis ,Code generation ,Unreachable code ,Redundant code ,Java annotation ,computer ,media_common - Abstract
Information from computer programs can be extracted from its source code, external documentation, and compiled code. Although compiled code is an assured information source which is always exists in published computer programs, it is seldom used by the existing search engines since some reverse engineering tasks are needed. In this research, a search engine for Java archives that uses byte code (compiled code for Java Archive) as its information source is developed. It enables user to search within a collection of Java Archives without relying with source code and external documentation. Compared with Penta and FindJar [2] [7], A novel term extraction process beyond the file and class name is proposed, which includes field name, method name, string literal used in program, program flow weighting, and method expansion. Exclusive tokenization, stopping, and stemming are also implemented to improve effectiveness. Based on evaluation, it has a fairly good effectiveness although it may vary based on terms stored on index. Its effectiveness is higher than FindJar main features reimplementation which indicates that detailed compiled code has positive influences in computer programs search engine. Efficiency depends on how many terms stored on index and how many process used at certain step.
- Published
- 2014
240. Automatic grader for programming assignment using source code analyzer
- Author
-
Inggriani Liem and Susilo Veri Yulianto
- Subjects
Source code ,Dead code ,business.industry ,Computer science ,Programming language ,media_common.quotation_subject ,Code coverage ,Static program analysis ,computer.software_genre ,KPI-driven code analysis ,Code generation ,Unreachable code ,Software engineering ,business ,Redundant code ,computer ,media_common - Abstract
Source code analyzer is a tool for analyzing source code that aim to improve the quality of programs in software development. This research enhanced the ability of source code analyzer for automatic grading of programming assignments. The automatic grading process runs in three phases: (a) source code analysis by source code analyzer, (b) analytical results unification, and (c) unification results assessments. Analysis unification use the XSLTtransformation process, while the assessment done by matching bugs/flaws found in the source code with a list of bugs/flaws that have been defined. This research deliver application called SCAGrader. SCAGrader consists of a Java engine application in the Java language and web-based user interface. The score obtained by giving a negative score to each bugs/flaws found in student's source code. Beside its independent capability, SCAGrader also integrated to existing blackbox autograding system by services. The other result of this study is a classification of bugs/flaws for teaching programming, based on five source code analyzers.
- Published
- 2014
241. Method for detecting the obfuscated malicious code based on behavior connection
- Author
-
Miyi Duan, Chao Li, and Wenwu Li
- Subjects
Dead code ,Computer science ,Feature extraction ,ComputingMilieux_LEGALASPECTSOFCOMPUTING ,Symbolic execution ,Computer security ,computer.software_genre ,Obfuscation (software) ,ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS ,Obfuscation ,Code (cryptography) ,Control flow graph ,Unreachable code ,Redundant code ,computer - Abstract
Authors of obfuscated malicious code generally use the code obfuscation counter technology to improve the difficulty of being reversely analyzed for programming and hide critical code, data and program logic. The detection for malicious code of code obfuscation has become one of the popular topics being researched both domestically and abroad. In this study, a method for detecting the obfuscated malicious code with behavior connection is proposed. In this method, malicious acts are described based on the extended control flow graph to improve the descriptive power of self-modifying and obfuscated code. Furthermore, interference from malicious code brought by shell adding and obfuscation is eliminated by combining the method of stain diffusion and symbolic execution. Then malicious codes are extracted and detected based on behavior connection feature. As a result, accuracy of detecting the obfuscated malicious code is enhanced.
- Published
- 2014
242. Dynamic detection of object capability violations through model checking
- Author
-
Tim Disney, Cormac Flanagan, and Dustin Rhodes
- Subjects
Model checking ,Source code ,Dead code ,Computer science ,Programming language ,media_common.quotation_subject ,JavaScript ,computer.software_genre ,Computer Graphics and Computer-Aided Design ,Object code ,Code (cryptography) ,Unreachable code ,Macro ,Redundant code ,computer ,Software ,media_common ,computer.programming_language - Abstract
In this paper we present a new tool called DOCaT (Dynamic Object Capability Tracer), a model checker for JavaScript that detects capability leaks in an object capability system. DOCaT includes an editor that highlights the sections of code that can be potentially transferred to untrusted third-party code along with a trace showing how the code could be leaked in an actual execution. This code highlighting provides a simple way of visualizing the references untrusted code potentially has access to and helps programmers to discover if their code is leaking more capabilities then required. DOCaT is implemented using a combination of source code rewriting (using Sweet.js, a JavaScript macro system), dynamic behavioral intercession (Proxies, introduced in ES6, the most recent version of JavaScript), and model checking. Together these methods are able to locate common ways for untrusted code to elevate its authority.
- Published
- 2014
243. One pass preprocessing for token-based source code clone detection
- Author
-
Incheon Paik, Minghao Piao, Dingkun Li, Keun Ho Ryu, and Ho Sun Shon
- Subjects
Source code ,Dead code ,business.industry ,Computer science ,media_common.quotation_subject ,Real-time computing ,Pattern recognition ,Security token ,Clone (algebra) ,Code generation ,Unreachable code ,Artificial intelligence ,business ,Redundant code ,Codebase ,media_common - Published
- 2014
244. Full space-time network code
- Author
-
Xiang Cheng, Jian Yang, Liuqing Yang, and Xia Shen
- Subjects
Systematic code ,Dead code ,Computer science ,Space time ,Code generation ,Parallel computing ,Unreachable code ,Network code ,Redundant code - Published
- 2014
245. Practical analysis of stripped binary code
- Author
-
Barton P. Miller and Laune C. Harris
- Subjects
Binary analysis ,Profiling (computer programming) ,Source code ,Dead code ,Programming language ,Program animation ,Computer science ,media_common.quotation_subject ,Binary translation ,General Medicine ,computer.file_format ,computer.software_genre ,Debugging ,Binary code ,Compiler ,Unreachable code ,Executable ,Redundant code ,computer ,media_common - Abstract
Executable binary code is the authoritative source of information about program content and behavior. The compile, link, and optimize steps can cause a program's detailed execution behavior to differ substantially from its source code. Binary code analysis is used to provide information about a program's content and structure, and is therefore a foundation of many applications, including binary modification[3,12,22,31], binary translation[5,29], binary matching[30], performance profiling[13,16,18], debugging, extraction of parameters for performance modeling, computer security[7,8] and forensics[23,26]. Ideally, binary analysis should produce information about the content of the program's code (instructions, basic blocks, functions, and modules), structure (control and data flow), and data structures (global and stack variables). The quality and availability of this information affects applications that rely on binary analysis.
- Published
- 2005
246. Dynamic software updating
- Author
-
Michael Hicks and Scott M. Nettles
- Subjects
Web server ,Dead code ,Computer science ,business.industry ,Typed assembly language ,Programming language ,Dynamic software updating ,Software development ,computer.software_genre ,Data type ,Redundant code ,business ,Machine code ,computer ,Software - Abstract
Many important applications must run continuously and without interruption, and yet also must be changed to fix bugs or upgrade functionality. No prior general-purpose methodology for dynamic updating achieves a practical balance between flexibility, robustness, low overhead, ease of use, and low cost.We present an approach for C-like languages that provides type-safe dynamic updating of native code in an extremely flexible manner---code, data, and types may be updated, at programmer-determined times---and permits the use of automated tools to aid the programmer in the updating process. Our system is based on dynamic patches that contain both the updated code and the code needed to transition from the old version to the new. A novel aspect of our patches is that they consist of verifiable native code (e.g. Proof-Carrying Code or Typed Assembly Language), which is native code accompanied by annotations that allow online verification of the code's safety. We discuss how patches are generated mostly automatically, how they are applied using dynamic-linking technology, and how code is compiled to make it updateable.To concretely illustrate our system, we have implemented a dynamically updateable web server, FlashEd. We discuss our experience building and maintaining FlashEd, and generalize to present observations about updateable software development. Performance experiments show that for FlashEd, the overhead due to updating is low: typically less than 1 percent.
- Published
- 2005
247. Meta-programming through typeful code representation
- Author
-
Chiyan Chen and Hongwei Xi
- Subjects
Source code ,Theoretical computer science ,Program Efficiency ,Computer science ,Programming language ,media_common.quotation_subject ,computer.software_genre ,Metaprogramming ,Software construction ,Code (cryptography) ,Code generation ,Representation (mathematics) ,Redundant code ,Programmer ,computer ,Software ,media_common - Abstract
By allowing the programmer to write code that can generate code at run-time, meta-programming offers a powerful approach to program construction. For instance, meta-programming can often be employed to enhance program efficiency and facilitate the construction of generic programs. However, meta-programming, especially in an untyped setting, is notoriously error-prone. In this paper, we aim at making meta-programming less error-prone by providing a type system to facilitate the construction of correct meta-programs. We first introduce some code constructors for constructing typeful code representation in which program variables are represented in terms of deBruijn indexes, and then formally demonstrate how such typeful code representation can be used to support meta-programming. With our approach, a particular interesting feature is that code becomes first-class values, which can be inspected as well as executed at run-time. The main contribution of the paper lies in the recognition and then the formalization of a novel approach to typed meta-programming that is practical, general and flexible.
- Published
- 2005
248. Generic programming in Fortran with Forpedo
- Author
-
Drew A. McCormack
- Subjects
Source code ,Theoretical computer science ,Dead code ,Computer science ,Programming language ,media_common.quotation_subject ,List ,General Medicine ,computer.software_genre ,Code bloat ,Association list ,Code generation ,Unreachable code ,Redundant code ,computer ,media_common - Abstract
Generic programming is a paradigm in which a single piece of code can be used with multiple data types. For example, code for a linked list could be used to create lists of integers, reals, or even strings. The same source code is used to define each list; the compiler produces different instances of the code, substituting concrete data types (e.g., integer, real) as appropriate to generate a list capable of storing the required data. Without generic programming, a programmer would typically need to make virtually identical copies of the linked list source code for each data type used.
- Published
- 2005
249. Back to the source [automatic code generation]
- Author
-
Andy Gothard
- Subjects
Information Systems and Management ,Source code ,Dead code ,Programming language ,Computer science ,media_common.quotation_subject ,Library and Information Sciences ,computer.software_genre ,Code bloat ,Object code ,KPI-driven code analysis ,Code generation ,Unreachable code ,Redundant code ,computer ,Information Systems ,media_common - Abstract
The case for a less buggy development process is compelling. Organisations are looking to modeling languages such as the Unified Modeling Language (UML) to try to guarantee that requirements are written correctly and unambiguously. The concept leads towards a model-based design concept, and increasing opportunities to use automatic code generation techniques, which in general produce more 'compliant' code. Automated source code analysis tools can track down code problems but do they cause too much trouble by pointing at statements.
- Published
- 2005
250. The design, implementation, and evaluation of adaptive code unloading for resource-constrained devices
- Author
-
Chandra Krintz and Lingli Zhang
- Subjects
Source code ,Dead code ,Computer science ,media_common.quotation_subject ,computer.software_genre ,Dead code elimination ,Self-modifying code ,Threaded code ,Hardware and Architecture ,Memory footprint ,Operating system ,Unreachable code ,Redundant code ,computer ,Software ,Information Systems ,media_common - Abstract
Java Virtual Machines (JVMs) for resource-constrained devices, e.g., hand-helds and cell phones, commonly employ interpretation for program translation. However, compilers are able to produce significantly better code quality, and, hence, use device resources more efficiently than interpreters, since compilers can consider large sections of code concurrently and exploit optimization opportunities. Moreover, compilation-based systems store code for reuse by future invocations obviating the redundant computation required for reinterpretation of repeatedly executed code.However, code storage required for compilation can increase the memory footprint of the virtual machine (VM) significantly. As a result, for devices with limited memory resources, this additional code storage may preclude some programs from executing, significantly increase memory management overhead, and substantially reduce the amount of memory available for use by the application.To address the limitations of native code storage, we present the design, implementation, and empirical evaluation of a compiled-code management system that can be integrated into any compilation-based JVM. The system unloads compiled code to reduce the memory footprint of the VM. It does so by dynamically identifying and unloading dead or infrequently used code; if the code is later reused, it is recompiled by the system. As such, our system adaptively trades off memory footprint and its associated memory management costs, with recompilation overhead. Our empirical evaluation shows that our code management system significantly reduces the memory requirements of a compile-only JVM, while maintaining the performance benefits enabled by compilation.We investigate a number of implementation alternatives that use dynamic program behavior and system resource availability to determine when to unload as well as what code to unload. From our empirical evaluation of these alternatives, we identify a set of strategies that enable significant reductions in the memory overhead required for application code. Our system reduces code size by 36--62%, on average, which translates into significant execution-time benefits for the benchmarks and JVM configurations that we studied.
- Published
- 2005
Catalog
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.