CHIEv

Researchers and practitioners in the fields of testing, security assessment and web development seeking to evaluate a given web application often have to rely on the existence of a model of the respective system, which is then used as input to task-specific tools. Such models may include information on HTTP endpoints and their parameters, available user actions/event listeners and required assets. Unfortunately, this data is often unavailable in practice, as only rigorous development practices or manual analysis guarantee their existence and correctness. Crawlers based on static analysis have traditionally been used to extract required information from existing sites. Regrettably, these tools can not accurately account for the dynamic behavior introduced by technologies such as JavaScript that are prevalent on modern sites. While methods based on dynamic analysis exist, they are often not fully capable of identifying event listeners and their effects. In an earlier work, we presented XIEv, an approach for dynamic analysis of web applications that produces an execution trace usable for the extraction of navigation graphs, identification of bugs at runtime and enumeration of resources. It offers improved recognition and selection of event listeners as well as a greater range of observed effects compared to existing approaches. While the evaluation of our research prototype implementation confirmed the capabilities of XIEv, it was generally out-performed by static crawlers in terms of speed. This work introduces CHIEv, an approach that augments XIEv by enabling concurrent processing as well as incorporating the results of a static crawler in real-time. Our results indicate a significant increase in performance, particularly when applied to larger sites.

Polymorphism and consistency: Complex network based on execution trace of system calls in Linux kernels

Linux operating system (LOS) represents one of the most complex human-made systems, and it acts as an important function between software and hardware. In recent years, a large number of related works treat Linux operating system as a complex network and explore some of the unique characteristics of the network. However, there is little research on the execution process of LOS in terms of networks. In this paper, the run-time behaviors of execution process are traced by system calls of LOS kernel, and the run-time behaviors networks (RTBNs) are constructed, in which the nodes of RTBN represent the functions, and the edges of RTBN represent the function call relations. On this basis, the statistical characteristics of the RTBNs are investigated, and some features of the RTBNs are revealed. The result shows that some of the network characteristics remain relatively stable without obvious changes, showing the characteristics of consistency. However, some of the network characteristics tend to be random and uncertain, showing the feature of polymorphism.

A new technique for understanding large-scale software systems

Comprehending a huge execution trace is not a straightforward task due to the size of data to be processed. Detecting and removing utilities are useful to facilitate the understanding of software and decrease the complexity and size of the execution trace. The goal of this study is to develop a novel technique to minimize the complexity and the size of traces by detecting and removing utilities from the execution trace of object-oriented software. Two novel utility detection class metrics were suggested to decide the degree that a specific class can be counted as a utility class. Dynamic coupling analysis forms the basis for the proposed technique to address object-oriented features. The technique presented in this study has been tested by two case studies to evaluate the effectiveness of the proposed technique. The results from the case studies show the usefulness and effectiveness of our technique.