Logo des Repositoriums

Auflistung nach Autor:in "Narasimhan, Krishna"

1 - 2 von 2
  • Konferenzbeitrag
    Copy and paste redeemed
    (Software Engineering 2016, 2016) Narasimhan, Krishna; Reichenbach, Christoph
    Software evolves continuously. As software evolves, it's code bases require implementations of new features. These new functionalities are sometimes mere extensions of existing functionalities with minor changes. A commonly used method of extending an existing feature into a similar new feature is to copy the existing feature and modify it. This method of extending feature is called “Copy-paste-modify”. Another method of achieving the same goal of extending existing feature into similar feature is abstracting the multiple similar features into one common feature with appropriate selectors that enable choosing between the features. The advantages of the “Copy-paste-modify” technique range from speed of development to reduced possibility of breaking existing feature. The advantages of abstraction vary from user preference to have abstracted code to long term maintenance benefits. In our paper, we describe an informal poll and discuss related work to confirm our beliefs about the advantages of each method of extending features. We observe a potential compromise while developers extend features which are near-clones of existing features. We propose to address this dilemma by coming up with a novel approach that can semi-automatically abstract nearclone features and evaluate our approach by building a prototype in C++ and abstracting near-clone methods in popular open source repositories.
  • Konferenzbeitrag
    Introducing FUM: A Framework for API Usage Constraint and Misuse Classification
    (Software Engineering 2023, 2023) Schlichtig, Michael; Sassalla, Steffen; Narasimhan, Krishna; Bodden, Eric
    Application Programming Interfaces (APIs) are the primary mechanism developers use to obtain access to third-party algorithms and services. Unfortunately, APIs can be misused, which can have catastrophic consequences, especially if the APIs provide security-critical functionalities like cryptography. Understanding what API misuses are, and how they are caused, is important to prevent them, e.g., with API misuse detectors. However, definitions for API misuses and related terms in literature vary. This paper presents a systematic literature review to clarify these terms and introduces FUM, a novel Framework for API Usage constraint and Misuse classification. The literature review revealed that API misuses are violations of API usage constraints. To address this, we provide unified definitions and use them to derive FUM. To assess the extent to which FUM aids in determining and guiding the improvement of an API misuses detector’s capabilities, we performed a case study on the state-of the-art misuse detection tool CogniCrypt. The study showed that FUM can be used to properly assess CogniCrypt’s capabilities, identify weaknesses and assist in deriving mitigations and improvements.