scholarly journals Enhanced Bug Prediction in JavaScript Programs with Hybrid Call-Graph Based Invocation Metrics

Technologies ◽  
2020 ◽  
Vol 9 (1) ◽  
pp. 3
Author(s):  
Gábor Antal ◽  
Zoltán Tóth ◽  
Péter Hegedűs ◽  
Rudolf Ferenc
Keyword(s):  
Software Maintenance ◽  
Positive Impact ◽  
Source Code ◽  
Code Analysis ◽  
Static Source ◽  
Static Code Analysis ◽  
Function Calls ◽  
Hybrid Code ◽  
Code Metrics ◽  
Scripting Language

Bug prediction aims at finding source code elements in a software system that are likely to contain defects. Being aware of the most error-prone parts of the program, one can efficiently allocate the limited amount of testing and code review resources. Therefore, bug prediction can support software maintenance and evolution to a great extent. In this paper, we propose a function level JavaScript bug prediction model based on static source code metrics with the addition of a hybrid (static and dynamic) code analysis based metric of the number of incoming and outgoing function calls (HNII and HNOI). Our motivation for this is that JavaScript is a highly dynamic scripting language for which static code analysis might be very imprecise; therefore, using a purely static source code features for bug prediction might not be enough. Based on a study where we extracted 824 buggy and 1943 non-buggy functions from the publicly available BugsJS dataset for the ESLint JavaScript project, we can confirm the positive impact of hybrid code metrics on the prediction performance of the ML models. Depending on the ML algorithm, applied hyper-parameters, and target measures we consider, hybrid invocation metrics bring a 2–10% increase in model performances (i.e., precision, recall, F-measure). Interestingly, replacing static NOI and NII metrics with their hybrid counterparts HNOI and HNII in itself improves model performances; however, using them all together yields the best results.

A Case Study on Testing for Software Security

2012 ◽  
pp. 89-112
Author(s):  
Natarajan Meghanathan ◽  
Alexander Roy Geoghegan
Keyword(s):  
Software Security ◽  
Denial Of Service ◽  
Source Code ◽  
Code Analysis ◽  
Software Vulnerabilities ◽  
Static Code Analysis ◽  
Software Program ◽  
Automated Tools ◽  
High Level

The high-level contribution of this book chapter is to illustrate how to conduct static code analysis of a software program and mitigate the vulnerabilities associated with the program. The automated tools used to test for software security are the Source Code Analyzer and Audit Workbench, developed by Fortify, Inc. The first two sections of the chapter are comprised of (i) An introduction to Static Code Analysis and its usefulness in testing for Software Security and (ii) An introduction to the Source Code Analyzer and the Audit Workbench tools and how to use them to conduct static code analysis. The authors then present a detailed case study of static code analysis conducted on a File Reader program (developed in Java) using these automated tools. The specific software vulnerabilities that are discovered, analyzed, and mitigated include: (i) Denial of Service, (ii) System Information Leak, (iii) Unreleased Resource (in the context of Streams), and (iv) Path Manipulation. The authors discuss the potential risk in having each of these vulnerabilities in a software program and provide the solutions (and the Java code) to mitigate these vulnerabilities. The proposed solutions for each of these four vulnerabilities are more generic and could be used to correct such vulnerabilities in software developed in any other programming language.

scholarly journals Atomicity Violation in Multithreaded Applications and Its Detection in Static Code Analysis Process

2020 ◽  
Vol 10 (22) ◽  
pp. 8005
Author(s):  
Damian Giebas ◽  
Rafał Wojszczyk
Keyword(s):  
Parallel Computing ◽  
Source Code ◽  
Code Analysis ◽  
Atomicity Violation ◽  
Code Model ◽  
Analysis Process ◽  
Static Code Analysis ◽  
Violation Detection ◽  
Definition Of

This paper is a contribution to the field of research dealing with the parallel computing, which is used in multithreaded applications. The paper discusses the characteristics of atomicity violation in multithreaded applications and develops a new definition of atomicity violation based on previously defined relationships between operations, that can be used to atomicity violation detection. A method of detection of conflicts causing atomicity violation was also developed using the source code model of multithreaded applications that predicts errors in the software.

scholarly journals A Conceptual Dependency Graph Based Keyword Extraction Model for Source Code to API Documentation Mapping

2019 ◽  
Vol 8 (2) ◽  
pp. 5888-5895
Keyword(s):  
Language Processing ◽  
Source Code ◽  
Dependency Graph ◽  
Software Systems ◽  
Code Analysis ◽  
Proposed Model ◽  
Context Similarity ◽  
Code Metrics ◽  
Api Documentation ◽  
Source Code Metrics

Natural language processing on software systems usually contain high dimensional noisy and irrelevant features which lead to inaccurate and poor contextual similarity between the project source code and its API documentation. Most of the traditional source code analysis models are independent of finding and extracting the relevant features for contextual similarity. As the size of the project source code and its related API documentation increases, these models incorporate the contextual similarity between the source code and API documentation for code analysis. One of the best solutions for this problem is finding the essential features using the source code dependency graph. In this paper, the dependency graph is used to compute the contextual similarity computation between the source code metrics and its API documents. A novel contextual similarity measure is used to find the relationship between the project source code metrics to the API documents. Proposed model is evaluated on different project source codes and API documents in terms of pre-processing, context similarity and runtime. Experimental results show that the proposed model has high computational efficiency compared to the existing models on the large size datasets

scholarly journals A public unified bug dataset for java and its assessment regarding metrics and bug prediction

2020 ◽  
Vol 28 (4) ◽  
pp. 1447-1506 ◽  
Author(s):  
Rudolf Ferenc ◽  
Zoltán Tóth ◽  
Gergely Ladányi ◽  
István Siket ◽  
Tibor Gyimóthy
Keyword(s):  
Prediction Models ◽  
Source Code ◽  
Decision Tree Algorithm ◽  
Large Dataset ◽  
Code Analysis ◽  
Project Learning ◽  
Code Metrics ◽  
Public Datasets ◽  
Source Code Metrics ◽  
Cross Project

AbstractBug datasets have been created and used by many researchers to build and validate novel bug prediction models. In this work, our aim is to collect existing public source code metric-based bug datasets and unify their contents. Furthermore, we wish to assess the plethora of collected metrics and the capabilities of the unified bug dataset in bug prediction. We considered 5 public datasets and we downloaded the corresponding source code for each system in the datasets and performed source code analysis to obtain a common set of source code metrics. This way, we produced a unified bug dataset at class and file level as well. We investigated the diversion of metric definitions and values of the different bug datasets. Finally, we used a decision tree algorithm to show the capabilities of the dataset in bug prediction. We found that there are statistically significant differences in the values of the original and the newly calculated metrics; furthermore, notations and definitions can severely differ. We compared the bug prediction capabilities of the original and the extended metric suites (within-project learning). Afterwards, we merged all classes (and files) into one large dataset which consists of 47,618 elements (43,744 for files) and we evaluated the bug prediction model build on this large dataset as well. Finally, we also investigated cross-project capabilities of the bug prediction models and datasets. We made the unified dataset publicly available for everyone. By using a public unified dataset as an input for different bug prediction related investigations, researchers can make their studies reproducible, thus able to be validated and verified.

Third-party source code compliance using early static code analysis

2015 ◽  
Author(s):  
Youness Takhma ◽  
Tajjeeddine Rachid ◽  
Hamid Harroud ◽  
Mohamed Riduan Abid ◽  
Nasser Assem
Keyword(s):  
Source Code ◽  
Third Party ◽  
Code Analysis ◽  
Static Code Analysis ◽  
Code Compliance

scholarly journals A tool to measure Fortran source code metrics using syntax analysis

2021 ◽  
pp. 026-035
Author(s):  
A.M. Pokrovskyi ◽  
◽  
Keyword(s):  
Rapid Development ◽  
Source Code ◽  
Quality Measurement ◽  
Fortran Program ◽  
Measurement Tool ◽  
Development Environment ◽  
Syntax Analysis ◽  
Code Analysis ◽  
Code Metrics ◽  
Source Code Metrics

The rapid development of software quality measurement methods, the need in efficient and versatile reengineering automatization tools becomes increasingly bigger. This becomes even more apparent when the programming language and respective coding practices slowly develop alongside each other for a long period of time, while the legacy code base grows bigger and remains highly relevant. In this paper, a source code metrics measurement tool for Fortran program quality evaluation is developed. It is implemented as a code module for Photran integrated development environment and based on a set of syntax tree walking algorithms. The module utilizes the built-in Photran syntax analysis engine and the tree data structure which it builds from the source code. The developed tool is also compared to existing source code analysis instruments. The results show that the developed tool is most effective when used in combination with Photran’s built-in refactoring system, and that Photran’s application programming interface facilitates easy scaling of the existing infrastructure by introducing other code analysis methods.

Sign in / Sign up

Export Citation Format

Share Document