Code defects can lead to software vulnerability and even produce vulnerability risks.Existing research shows that the code detection technology with text analysis can judge whether object-oriented code files are defec...Code defects can lead to software vulnerability and even produce vulnerability risks.Existing research shows that the code detection technology with text analysis can judge whether object-oriented code files are defective to some extent.However,these detection techniques are mainly based on text features and have weak detection capabilities across programs.Compared with the uncertainty of the code and text caused by the developer’s personalization,the programming language has a stricter logical specification,which reflects the rules and requirements of the language itself and the developer’s potential way of thinking.This article replaces text analysis with programming logic modeling,breaks through the limitation of code text analysis solely relying on the probability of sentence/word occurrence in the code,and proposes an object-oriented language programming logic construction method based on method constraint relationships,selecting features through hypothesis testing ideas,and construct support vector machine classifier to detect class files with defects and reduce the impact of personalized programming on detection methods.In the experiment,some representative Android applications were selected to test and compare the proposed methods.In terms of the accuracy of code defect detection,through cross validation,the proposed method and the existing leading methods all reach an average of more than 90%.In the aspect of cross program detection,the method proposed in this paper is superior to the other two leading methods in accuracy,recall and F1 value.展开更多
This paper presents the findings of a study on the helpful approaches to write essentially defectfree code among senior students majored in software engineering.In the first phase of the lab study,we prepared 9 coding...This paper presents the findings of a study on the helpful approaches to write essentially defectfree code among senior students majored in software engineering.In the first phase of the lab study,we prepared 9 coding projects for students which will help them to find their own best practices or principles to write essentially defect-free code before unit test.These students were interviewed regarding the use of their own best practices,their principles,and problems arising from the coding projects.We present qualitative and quantitative findings as well as our plans for second study phase including an industry field study.展开更多
基金This work was supported by National Key RD Program of China under Grant 2017YFB0802901.
文摘Code defects can lead to software vulnerability and even produce vulnerability risks.Existing research shows that the code detection technology with text analysis can judge whether object-oriented code files are defective to some extent.However,these detection techniques are mainly based on text features and have weak detection capabilities across programs.Compared with the uncertainty of the code and text caused by the developer’s personalization,the programming language has a stricter logical specification,which reflects the rules and requirements of the language itself and the developer’s potential way of thinking.This article replaces text analysis with programming logic modeling,breaks through the limitation of code text analysis solely relying on the probability of sentence/word occurrence in the code,and proposes an object-oriented language programming logic construction method based on method constraint relationships,selecting features through hypothesis testing ideas,and construct support vector machine classifier to detect class files with defects and reduce the impact of personalized programming on detection methods.In the experiment,some representative Android applications were selected to test and compare the proposed methods.In terms of the accuracy of code defect detection,through cross validation,the proposed method and the existing leading methods all reach an average of more than 90%.In the aspect of cross program detection,the method proposed in this paper is superior to the other two leading methods in accuracy,recall and F1 value.
文摘This paper presents the findings of a study on the helpful approaches to write essentially defectfree code among senior students majored in software engineering.In the first phase of the lab study,we prepared 9 coding projects for students which will help them to find their own best practices or principles to write essentially defect-free code before unit test.These students were interviewed regarding the use of their own best practices,their principles,and problems arising from the coding projects.We present qualitative and quantitative findings as well as our plans for second study phase including an industry field study.
文摘针对现有基于深度神经网络的代码缺陷检测方法无法分析缺陷特征并输出相关评审建议的问题,提出一种基于大感知域LSTM-Seq2Seq模型的代码缺陷检测方法。首先,使用长短期记忆网络(LSTM,long short-term memory)学习缺陷代码的编码特征,建立缺陷判别模型。其次,针对模型与数据集不匹配的问题,向序列到序列模型(Seq2Seq,sequence to sequence)引入代码段长度系数,提升模型对代码评审任务的适用度;通过建立代码缺陷特征与评审建议特征间的映射关系建立了代码分析模型,实现评审输出功能。最后,利用公开数据集SARD对该方法进行了验证,该方法在准确率、召回率、F1值方面的测试结果分别为92.50%、87.20%、87.60%,典型代码缺陷输出的评审文本与专家评审的文本相似度为85.99%,可有效减少评审过程对专家经验的依赖。