Logo des Repositoriums

Auflistung nach Autor:in "Mezini, Mira"

1 - 10 von 12
  • Konferenzbeitrag
    Call Graph Construction for Java Libraries
    (Software Engineering und Software Management 2018, 2018) Reif, Michael; Eichberg, Michael; Mezini, Mira
    Proceeding FSE 2016 Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering. Today, every application uses software libraries. Yet, while a lot of research exists w.r.t. analyzing applications, research that targets the analysis of extensible libraries and frameworks as such is scarce. This is unfortunate because developers of libraries (e.g. the Java Development Kit) want to ensure that the library behaves as intended regardless of how it is used. To fill this gap, we discuss the construction of call graphs that abstract over all potential usages of the respective library. Additionally, we show that the current practice of using call graph algorithms designed for applications leads to call graphs that, at the same time, lack relevant call edges and contain unnecessary edges when used for libraries. Unlike algorithms for applications, call graph construction algorithms for libraries must also take the goals of subsequent analyses into consideration. We will discuss the differences between an analysis for vulnerabilities vs. one for general software quality attributes, e.g., dead methods. This distinction affects the decision about what constitutes the library-private implementation, which, therefore, needs special treatment.
  • Konferenzbeitrag
    CiFi: Versatile Analysis of Class and Field Immutability
    (Software Engineering 2022, 2022) Roth, Tobias; Helm, Dominik; Reif, Michael; Mezini, Mira
    This paper was accepted in 2021 at the 36th IEEE/ACM International Conference on Automated Software Engineering and proposes a model for immutability analysis. Reasoning about immutability is important for preventing bugs, e.g., in multi-threaded software. Static analysis to infer immutability properties has mostly focused on individual objects and references. Reasoning about fields and entire classes, while significantly simpler, has gained less attention. A consistently used terminology is missing, which makes it difficult to implement analyses that rely on immutability information. We propose a model for class and field immutability that unifies terminology for immutability flavors considered by previous work and covers new levels of immutability to handle lazy initialization and immutability dependent on generic type parameters. Using the OPAL static analysis framework, we implement CiFi, a set of modular, collaborating analyses for different flavors of immutability, inferring the properties defined in our model. We propose a benchmark of representative test cases for class and field immutability. We use the benchmark to showcase CiFi's precision and recall in comparison to state of the art and use CiFi to study the prevalence of immutability in real-world libraries, showcasing the practical quality and relevance of our model.
  • Konferenzbeitrag
    CodeMatch
    (Software Engineering und Software Management 2018, 2018) Glanz, Leonid; Amann, Sven; Eichberg, Michael; Reif, Michael; Mezini, Mira
    ESEC/FSE 2017 Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. Popular mobile apps are regularly installed by millions of users. This fact attracts malicious actors to create altered, repackaged versions of those apps to steal the original owner’s revenue or to trick users to infect their devices with malware. Detecting such repackaged apps is, therefore, necessary for a secure and viable app market but is challenging due to the use of code obfuscation and the widespread usage of libraries. Due to the recent fact, non-repackaged, legitimate apps often share a majority of their code base and are classified as repackaged by state-of-the-art detectors. We, therefore, propose a new library filtering approach that relies on code representations at five different abstraction levels to achieve resilience against code obfuscation. Additionally, we propose to use the most abstract representation in combination with fuzzy-hashing to detect repackaged apps. Our evaluation shows that the overall approach leads to a better detection rate up to 50%.
  • Konferenzbeitrag
    An empirical study on program comprehension with reactive programming
    (Software Engineering 2016, 2016) Salvaneschi, Guido; Amann, Sven; Proksch, Sebastian; Mezini, Mira
    Starting from the first investigations with strictly functional languages, reactive programming has been proposed as the programming paradigm for reactive applications. The advantages of designs based on this style over designs based on the Observer design pattern have been studied for a long time. Over the years, researchers have enriched reactive languages with more powerful abstractions, embedded these abstractions into mainstream languages - including object-oriented languages - and applied reactive programming to several domains, like GUIs, animations, Web applications, robotics, and sensor networks. However, an important assumption behind this line of research - that, beside other advantages, reactive programming makes a wide class of otherwise cumbersome applications more comprehensible - has never been evaluated. In this paper, we present the design and the results of the first empirical study that evaluates the effect of reactive programming on comprehensibility compared to the traditional object-oriented style with the Observer design pattern. Results confirm the conjecture that comprehensibility is enhanced by reactive programming. In the experiment, the reactive programming group significantly outperforms the other group.
  • Konferenzbeitrag
    Envelope-based weaving for faster aspect compilers
    (NODe 2005 – GSEM 2005, 2005) Bockisch, Christoph; Haupt, Michael; Mezini, Mira; Mitschke, Ralf
  • Konferenzbeitrag
    Getting to know you: towards a capability model for Java
    (Software Engineering 2016, 2016) Hermann, Ben; Reif, Michael; Eichberg, Michael; Mezini, Mira
    Developing software from reusable libraries lets developers face a security dilemma: Ei- ther be efficient and reuse libraries as they are or inspect them, know about their resource usage, but possibly miss deadlines as reviews are a time consuming process. In this paper, we propose a novel capability inference mechanism for libraries written in Java. It uses a coarse-grained capability model for system resources that can be presented to developers. We found that the capability inference agrees by 86 81\% on expectations towards capabilities that can be derived from project . documentation. Moreover, our approach can find capabilities that cannot be discovered using project documentation. It is thus a helpful tool for developers mitigating the aforementioned dilemma.
  • Konferenzbeitrag
    Hidden Truths in Dead Software Paths
    (Software Engineering 2016, 2016) Eichberg, Michael; Hermann, Ben; Mezini, Mira; Glanz, Leonid
    Approaches and techniques for statically finding a multitude of issues in source code have been developed in the past. A core property of these approaches is that they are usually targeted towards finding only a very specific kind of issue and that the effort to develop such an analysis is significant. This strictly limits the number of kinds of issues that can be detected. In this paper, we discuss a generic approach - based on the detection of infeasible paths in code - that can discover a wide range of code smells ranging from useless code that hinders comprehension to real bugs. The issues are identified by computing the difference between the control-flow graph that contains all technically possible edges and the corresponding graph recorded while performing a more precise analysis using abstract interpretation. The approach was evaluated using the Java Development Kit as well as the Qualitas Corpus (a collection of over 100 Java Applications) and enabled us to find thousands of issues.
  • Konferenzbeitrag
    Intelligent code completion with Bayesian networks
    (Software Engineering 2016, 2016) Proksch, Sebastian; Lerch, Johannes; Mezini, Mira
    Code completion is an integral part of modern Integrated Development Environments (IDEs). Intelligent code completion systems can reduce long lists of type-correct proposals to relevant items. In this work, we replace an existing code completion engine named Best-Matching Neighbor (BMN) by an approach using Bayesian Networks named Pattern-based Bayesian Network (PBN).We use additional context information for more precise recommendations and apply clustering techniques to improve model sizes and to increase speed. We compare the new approach with the existing algorithm and, in addition to prediction quality, we also evaluate model size and inference speed. Our results show that the additional context information we collect improves prediction quality, and that PBN can obtain comparable prediction quality to BMN, while model size and inference speed scale better with large input sizes.
  • Konferenzbeitrag
    Investigating Next Steps in Static API-Misuse Detection
    (Software Engineering 2020, 2020) Amann, Sven; Nguyen, Hoan Anh; Nadi, Sarah; Nguyen, Tien N.; Mezini, Mira
  • Konferenzbeitrag
    “Jumping Through Hoops”: Why do Java Developers Struggle With Cryptography APIs?
    (Software Engineering 2017, 2017) Nadi, Sarah; Krüger, Stefan; Mezini, Mira; Bodden, Eric
    To protect sensitive data processed by current applications, developers, whether security experts or not, have to rely on cryptography. While cryptography algorithms have become increasingly advanced, many data breaches occur because developers do not correctly use the corresponding APIs. To guide future research into practical solutions to this problem, we perform an empirical investigation into the obstacles developers face while using the Java cryptography APIs, the tasks they use the APIs for, and the kind of (tool) support they desire. We triangulate data from four separate studies that include the analysis of 100 StackOverflow posts, 100 GitHub repositories, and survey input from 48 developers. We find that while developers find it difficult to use certain crypto- graphic algorithms correctly, they feel surprisingly confident in selecting the relevant cryptography concepts (e.g., encryption vs. signatures). We also find that the APIs are generally perceived to be too low-level and that developers prefer more task-based solutions.