scholarly journals A case study comparing static analysis tools for evaluating SwiftUI projects

2021 ◽  
Vol 2134 (1) ◽  
pp. 012022
Author(s):  
Gerald Birgen Imbugwa ◽  
Luiz Jonatã Pires de Araújo ◽  
Mansur Khazeev ◽  
Ewane Enombe ◽  
Harrif Saliu ◽  
...  
Keyword(s):  
User Interface ◽  
Programming Languages ◽  
Static Analysis ◽  
Real World ◽  
Mobile Applications ◽  
Declarative Programming ◽  
Analysis Tools

Abstract Declarative programming languages such as SwiftUI have gained increasing relevance for user interface implementation in mobile applications. A tool for evaluating and improving the quality of such projects is static analysis (SA). This study compares the usefulness of two of the most popular SA tools (SonarQube and Codacy) for evaluating real-world SwiftUI projects. Moreover, it recommends setup and adjustments to promote SA tools for SwiftUI projects that can be extended to other languages.

Scholarly Rigor

2020 ◽  
pp. 262-280
Author(s):  
Robert Hallis
Keyword(s):  
Instructional Practices ◽  
Information Management ◽  
Real World ◽  
Domain Knowledge ◽  
Teaching And Learning ◽  
Research Question ◽  
Management Skills ◽  
Opinion Piece

The Scholarship of Teaching and Learning nurtures an academic discussion of best instructional practices. This case study examines the role domain knowledge plays in determining extent to which students can effectively analyze an opinion piece from a major news organization, locate a relevant source to support their view of the issue, and reflect on the quality of their work. The goal of analyzing an opinion piece is twofold: it fosters critical thinking in analyzing the strength of an argument and it promotes information management skills in locating and incorporating relevant sources in a real-world scenario. Students, however, exhibited difficulties in accurately completing the assignment and usually overestimated their expertise. This chapter traces how each step in the process of making this study public clarifies the issues encountered. The focus here, however, centers on the context within which the study was formulated, those issues that contributed to framing the research question, and how the context of inquiry served to deepen insights in interpreting the results.

A case study of the static analysis of the quality of novice student programs

1999 ◽  
Vol 31 (1) ◽  
pp. 78-82 ◽  
Author(s):  
Susan A. Mengel ◽  
Vinay Yerramilli
Keyword(s):  
Static Analysis

scholarly journals Evaluating Case Study and Action Research Reports: Real-world Research in Cybersecurity

2020 ◽  
Vol 26 (7) ◽  
pp. 827-853
Author(s):  
Simon Vrhovec ◽  
Damjan Fujs ◽  
Luka Jelovčan ◽  
Anže Mihelič
Keyword(s):  
Data Analysis ◽  
Action Research ◽  
Data Collection ◽  
Real World ◽  
Citation Count ◽  
Research Report ◽  
Positive Trend ◽  
Collection Data

There is a growing number of scientific papers reporting on case studies and action research published each year. Consequently, evaluating the quality of pilling up research reports is becoming increasingly challenging. Several approaches for evaluation of quality of the scientific outputs exist however they appear to be fairly time-consuming and/or adapted for other research designs. In this paper, we propose a reasonably light-weight structure-based approach for evaluating case study and action research reports (SAE-CSAR) based on eight key parts of a real-world research report: research question, case description, data collection, data analysis, ethical considerations, results, discussion and limitations. To evaluate the feasibility of the proposed approach, we conducted a systematic literature survey of papers reporting on real-world cybersecurity research. A total of N = 102 research papers were evaluated. Results suggest that SAE-CSAR is useful and relatively efficient, and may offer a thought-provoking insight into the studied field. Although there is a positive trend for the inclusion of data collection, data analysis and research questions in papers, there is still room for improvement suggesting that the field of real-world cybersecurity research did not mature yet. The presence of a discussion in a paper appears to affect most its citation count. However, it seems that it is not uniformly accepted what a discussion should include. This paper explores this and other issues related to paper structure and provides guidance on how to improve the quality of research reports.

Combining Static Code Analysis and Machine Learning for Automatic Detection of Security Vulnerabilities in Mobile Apps

2018 ◽  
pp. 1121-1147
Author(s):  
Marco Pistoia ◽  
Omer Tripp ◽  
David Lubensky
Keyword(s):  
Machine Learning ◽  
Static Analysis ◽  
Private Information ◽  
Program Analysis ◽  
Mobile Applications ◽  
Mobile Apps ◽  
Security Vulnerabilities ◽  
Code Analysis ◽  
Analysis Tools ◽  
Static Code Analysis

Mobile devices have revolutionized many aspects of our lives. Without realizing it, we often run on them programs that access and transmit private information over the network. Integrity concerns arise when mobile applications use untrusted data as input to security-sensitive computations. Program-analysis tools for integrity and confidentiality enforcement have become a necessity. Static-analysis tools are particularly attractive because they do not require installing and executing the program, and have the potential of never missing any vulnerability. Nevertheless, such tools often have high false-positive rates. In order to reduce the number of false positives, static analysis has to be very precise, but this is in conflict with the analysis' performance and scalability, requiring a more refined model of the application. This chapter proposes Phoenix, a novel solution that combines static analysis with machine learning to identify programs exhibiting suspicious operations. This approach has been widely applied to mobile applications obtaining impressive results.

Combining Static Code Analysis and Machine Learning for Automatic Detection of Security Vulnerabilities in Mobile Apps

2017 ◽  
pp. 68-94
Author(s):  
Marco Pistoia ◽  
Omer Tripp ◽  
David Lubensky
Keyword(s):  
Machine Learning ◽  
Static Analysis ◽  
Private Information ◽  
Program Analysis ◽  
Mobile Applications ◽  
Mobile Apps ◽  
Security Vulnerabilities ◽  
Code Analysis ◽  
Analysis Tools ◽  
Static Code Analysis

Mobile devices have revolutionized many aspects of our lives. Without realizing it, we often run on them programs that access and transmit private information over the network. Integrity concerns arise when mobile applications use untrusted data as input to security-sensitive computations. Program-analysis tools for integrity and confidentiality enforcement have become a necessity. Static-analysis tools are particularly attractive because they do not require installing and executing the program, and have the potential of never missing any vulnerability. Nevertheless, such tools often have high false-positive rates. In order to reduce the number of false positives, static analysis has to be very precise, but this is in conflict with the analysis' performance and scalability, requiring a more refined model of the application. This chapter proposes Phoenix, a novel solution that combines static analysis with machine learning to identify programs exhibiting suspicious operations. This approach has been widely applied to mobile applications obtaining impressive results.

Large-Scale Research via App Stores

2015 ◽  
pp. 269-292
Author(s):  
Matthias Kranz ◽  
Andreas Möller ◽  
Florian Michahelles
Keyword(s):  
Data Collection ◽  
Human Computer Interaction ◽  
Real World ◽  
Mobile Applications ◽  
Large Scale ◽  
Mobile App ◽  
Lessons Learned ◽  
Conducting Research ◽  
Collection Methods

Large-scale research has gained momentum in the context of Mobile Human-Computer Interaction (Mobile HCI), as many aspects of mobile app usage can only be evaluated in the real world. In this chapter, we present findings on the challenges of research in the large via app stores, in conjunction with selected data collection methods (logging, self-reporting) we identified and have proven as useful in our research. As a case study, we investigated the adoption of NFC technology, based on a gamification approach. We therefore describe the development of the game NFC Heroes involving two release cycles. We conclude with lessons learned and provide recommendations for conducting research in the large for mobile applications.

Digital Britannia

2019 ◽  
Vol 2 (1) ◽  
Author(s):  
John KNIGHT
Keyword(s):  
User Interface ◽  
Product Design ◽  
Real World ◽  
Digital Design ◽  
Evidence Based ◽  
Design Practice ◽  
Open Design ◽  
History Of ◽  
The Uk

Digital design practice is distinctive in its relationship to material and focus on fabricating that into interactive products and services. It’s a discipline that has evolved from significantly different disciplines: Product Design and Human-computer Interaction (HCI). The foundational role that HCI played in the growth of digital design is largely hidden, as is the secret world of design practice. These two shrouded phenomena have evolved from early user interface research, through user experience, to today’s post-agile world and tomorrow’s open design. We report ten years of first-hand accounts to create a grounded, contextualised and evidence-based account of design in the real-world from the 1980s to today. This condensed history of digital design in the UK forms the basis of the concluding sections. The first traces the evolution of design practice over the last ten years. The concluding section presents a first-hand account of practice. This case study shows how design is now deeply permeated by business and development ideas and practices. The paper concludes with some ideas of how digital design practice might progress beyond this presently constrained condition.

scholarly journals Generation and Application of Constrained Interaction Test Suites Using Base Forbidden Tuples with a Mixed Neighborhood Tabu Search

2020 ◽  
Vol 30 (03) ◽  
pp. 363-398 ◽  
Author(s):  
Imad H. Hasan ◽  
Bestoun S. Ahmed ◽  
Moayad Y. Potrus ◽  
Kamal Z. Zamli
Keyword(s):  
Tabu Search ◽  
Real World ◽  
Interaction Strength ◽  
Software Systems ◽  
Generation Process ◽  
Competitive Strategies ◽  
Test Suites ◽  
Interaction Test

To ensure the quality of current highly configurable software systems, intensive testing is needed to test all the configuration combinations and detect all the possible faults. This task becomes more challenging for most modern software systems when constraints are given for the configurations. Here, intensive testing is almost impossible, especially considering the additional computation required to resolve the constraints during the test generation process. In addition, this testing process is exhaustive and time-consuming. Combinatorial interaction strategies can systematically reduce the number of test cases to construct a minimal test suite without affecting the effectiveness of the tests. This paper presents a new efficient search-based strategy to generate constrained interaction test suites to cover all possible combinations. The paper also shows a new application of constrained interaction testing in software fault searches. The proposed strategy initially generates the set of all possible [Formula: see text]-[Formula: see text] combinations; then, it filters out the set by removing the forbidden [Formula: see text]-[Formula: see text] using the Base Forbidden Tuple (BFT) approach. The strategy also utilizes a mixed neighborhood tabu search (TS) to construct optimal or near-optimal constrained test suites. The efficiency of the proposed method is evaluated through a comparison against two well-known state-of-the-art tools. The evaluation consists of three sets of experiments for 35 standard benchmarks. Additionally, the effectiveness and quality of the results are assessed using a real-world case study. Experimental results show that the proposed strategy outperforms one of the competitive strategies, ACTS, for approximately 83% of the benchmarks and achieves similar results to CASA for 65% of the benchmarks when the interaction strength is 2. For an interaction strength of 3, the proposed method outperforms other competitive strategies for approximately 60% and 42% of the benchmarks. The proposed strategy can also generate constrained interaction test suites for an interaction strength of 4, which is not possible for many strategies. The real-world case study shows that the generated test suites can effectively detect injected faults using mutation testing.

Sign in / Sign up

Export Citation Format

Share Document