Browsing by Author "Aycock, John Daniel"
Now showing 1 - 8 of 8
Results Per Page
Sort Options
Item Open Access API Usage Templates via Structural Generalization(2023-05-03) Mahmoud, May Abdelrheem Sayed; Walker, Robert James; Denzinger, Jorg; Maurer, Frank O.; Aycock, John Daniel; Hindle, AbramApplication programming interfaces (APIs) are key in software development, but determining how to use one can be challenging. Developers often refer to a small set of API usage examples, analyzing the information in them to understand the API usage and adapting them to their own context. Generalization of these examples would aid in understanding their commonalities and differences, thereby reducing information overload. Work on API usage mining seeks recurrent information in usage examples. Some approaches seek frequent subsequences of method calls (e.g., Monperrus et al., 2010;Wasylkowski and Zeller, 2011; Fowkes and Sutton, 2016). Others use graph-based representations, applying frequent subgraph mining techniques (e.g., Nguyen et al., 2009; Amann et al., 2019). However, all such approaches focus on frequently occurring commonalities; this results in either excluding variations in the usage of the API elements in similar contexts or subdividing such variations across several patterns, forcing developers to manually determine variability in the API elements’ usage. Approaches that aim to select the best examples (e.g., Moreno et al., 2013) ignore variation. Approaches that generate examples (e.g., Barnaby et al., 2020) focus on producing maximally succinct examples rather than representing whatever commonality is present. In this thesis, we propose ASGard (for API usage templates via Structural Generalization), a novel approach that automatically generates API usage templates from usage examples based on the generalization of the examples’ syntactic structure and some semantic structure. API usage templates are a code-based representation generalizing similar API usage contexts, showing the commonality of the usage examples, where the varying aspects of the input examples are replaced with structural variables intended as placeholders. ASGard takes a set of API usage examples and a simple indication of the API of interest, as input. We proceed in two phases. (1) For the sake of improved performance, we cluster the examples based on the similarity of the API usage. (2) We then use an approximation of the formalism of E-generalization (Burghardt, 2005) to infer API usage templates from the examples. We start with matching the nodes of the ASTs of the examples, seeking to preserve common elements in the nodes while abstracting away the differences. The generalization proceeds iteratively, permitting increasing abstraction of the template as long as no API usage information is eliminated. The final templates are representations of the generalized ASTs. We perform a manual evaluation of the output templates from ASGard, which generalize a set of 231 usage examples across 5 different APIs, finding that our approach provides a mean 62% coverage of the API usage elements found in the usage examples as opposed to 48% coverage by the best alternative. Furthermore, we automatically evaluate the templates from our approach and the code representation of the patterns generated from PAM and MUDetect (two prominent API usage mining approaches), using a total of 1,954 API usage examples across 59 different APIs. We measure two aspects of the quality of the resulting templates: (1) how complete each template is relative to each concrete example; and (2) how well each template set compresses the set of API usage examples. We find that, compared to the output from PAM and MUDetect, ASGard provides templates that have superior completeness (51% vs. 12% for PAM and 25% for MUDetect) and far superior compression (81% vs. 54% for PAM and 26% for MUDetect). We perform a user study on ASGard with 12 participants to compare the use of these templates in solving programming tasks compared to MUDetect. We find that participants solved the programming tasks in significantly less time with ASGard: 48% for a coding task and 31% for a debugging task. Participants expressed a preference for using ASGard templates and perceived that the approach helped them better understand the API usage; they were more willing to use the approach again than the best alternative.Item Open Access Building Babel - Towards a Security System through Co-dependency and Diversity(2015-12-24) de Castro, Daniel Medeiros Nunes; Aycock, John Daniel; Williamson, Carey; Locasto, Michael; Far, Behrouz; Miller, JamesA common misconception in computer security is that a computer is able to evaluate whether or not it is compromised. However, if we consider a compromised system, the evaluation is not reliable, thus meaningless. By reducing the set of trusted software components to a minimum size, allowing feasible verification of security, and by having the evaluation of any other software happening physically apart from the computer in question, we could avoid contamination of the evaluation process. This research project called “Babel” consists of an innovative approach for computer security. We envision a system where, from the user’s viewpoint, everything seems exactly the same, but the computer is unable, by itself, to execute any installed software. Babel requires a third party to incrementally translate all or part of a program, thus allowing the program to be executed. We call this requirement for an external party “secure co-dependency”. Babel assumes that the computer and each program running on this computer speak a different language. We imagine these different languages as instructions for different processors, which can be implemented as virtual machines (VMs). The computer needs to communicate to an external interpreter to execute any program. This interpreter not only translates code instructions but it also performs security checks. Inspired by the idea of software diversity, we use different languages among processes to enforce co-dependency. Additionally, software diversity makes it harder for adversaries (malicious software or external attackers) to infect or disrupt program execution. Babel consists of two main, separate systems: a client with the operating system where users run their programs; and a server, responsible for translation and for security checks. Babel components consist basically of a flexible VM (where we can define different instruction sets and registers for each instance) and a communication module. On the server side, the main components of Babel are a translator (or interpreter), which initially provides a VM specification and later on translates the programs to that VM, and a security checker responsible for detecting malicious activity. This dissertation documents our experiences and successes developing a proof-of-concept of Babel.Item Open Access Fast and Scalable Change Propagation through Context-Insensitive Slicing(2018-12-17) Men, Hao; Walker, Robert J.; Denzinger, Jörg; Aycock, John Daniel; Ghaderi, Majid; Atlee, Joanne M.Change propagation (CP) is an activity to restore systems from inconsistent states caused by changes to their source code. Because where the inconsistencies happen is usually unknown, the current practice relies on code navigation facilities provided by integrated development environments (IDEs) to search every relevant piece of code. However, the work becomes difficult due to the increasing complexity and size of the code; inconsistencies are missed due to the lack of a systematic approach to the search and navigation. Current research approaches struggle between efficiency and effectiveness. Those working at fine-grained levels can produce very precise results, but they are hard to integrate into daily development practice for industrial developers due to a lack of scalability and maintainability; those working at coarse-grained levels are fast but generate lots of false positives, placing a heavy burden on developers. The thesis of this dissertation is that by combining the advantages of both fine- and coarse-grained approaches, we can support CP tasks for programmers efficiently in daily development. We propose a novel dependency model, providing algorithms to incrementally update the model and to produce results by tracing statement-level dependencies. Based on these, we implement a prototype tool called ModCP to support CP by an interactive workflow. We conduct several studies to evaluate our approach against current ones. We find that our model scales to large code bases, in terms of both space and time; that incremental maintenance can quickly synchronize the model with changes, saving over 96% of time on average for large systems compared to rebuilding the model; and that our approach consistently outperforms the alternatives in terms of F-score. Furthermore, we conduct an experiment to evaluate developer use of ModCP against a standard IDE-based CP methodology, showing that developers can complete these tasks faster by using our tool than by IDEs, with improved effectiveness; for complex tasks, the time savings (statistically significant) can reach approximately 50%.Item Open Access Flail: A Domain Specific Language for Drone Path Generation(2019-09-16) Cavalcanti, Flavia Roma; Aycock, John Daniel; Tang, Anthony Hoi Tin; Sharlin, Ehud; Boyd, Jeffrey EdwinThe main objective of this thesis was to design a domain specific language that would allow users to easily describe flight trajectories for drones. Conventional drone control schemes rely on handheld controllers and, sometimes, on model specific applications that allow users to pre-plan paths (e.g., FreeFlight Pro). The issue with these is that handheld controllers display a large learning curve for new users and flight plan applications rely on waypoint systems, which limits the complexity of the flight plan. Flail is an alternate control scheme for drones that is capable of programmatically pre-specifying complex flight patterns. Additionally, an HTC Vive was used to simplify Flail code generation by allowing users to use the Vive wand to draw out flight trajectories in 3D space. The viability of Flail was examined through RC drone flight tests and simulations.Item Open Access Interview with Mark Raintree re: DisCopyLabs(2020-07) Aycock, John DanielThis is an interview with Mark Raintree, conducted via email between July 14-July 19, 2020. He worked for DisCopyLabs, which provided software duplication services for game companies and others in the 1980s. DisCopyLabs is still in business today as DCL Logistics.Item Open Access Interview with Scott Cronce re: Disclone(2020-07) Aycock, John DanielThis is an interview with Scott Cronce, conducted via email between July 14-July 20, 2020, with follow-up questions via Zoom on July 21, 2020. He worked for Disclone, a service company that provided software duplication and copy protection for, among many others, the game company Electronic Arts.Item Open Access Library Migration: A Retrospective Analysis and Tool(2019-03-18) Zaidi, Syed Sajjad Hussain; Walker, Robert J.; Ruhe, Günther; Denzinger, Jörg; Aycock, John DanielModern software engineering practices advocate the principle of reuse through third-party software libraries. Software libraries offer application programming interfaces (APIs) for use by developers, thereby significantly reducing development cost and time. These libraries are however subject to deprecation, vulnerabilities, and instability. Furthermore, as the product matures, developers have to worry about upgrading and migrating to better alternatives in order to attract and retain clients. Refactoring a system to start using a new library can cause a domino effect resulting in serious damage to the software system. Little is currently known about library migration; the few existing studies are either too preliminary or too problematic to tell us much. We perform an empirical study of 114 open source Java-based software systems in which library migration had occurred. We find that library migration leads to significant compatibility issues and breakage of source code in practice: library migration broke 67% of the software projects in which it occurred, while 22% of the transitively dependent projects broke due to coupling of APIs with external dependencies. Developers do not effectively use available resources to notify their clients about such migrations, preferring to use internal GitHub threads in contrast to the release notes, and even then often failing to discuss or announce the fact that library migration is planned or has been performed. We also found that mitigating library migration requires substantial effort by developers: on average, transformations affected 9.3% of the total classes in the dependent system, while impacting 15% of the total lines of code. We propose a systematic recommendation tool to assist developers in migrating or upgrading to a new software library. Our prototype tool, named EDW (for External Dependency Watcher), can be utilized to estimate and predict impacts while mitigating migrations among third-party libraries. We evaluate EDW by detecting the impacts of migration across three granularities in ten distinct open source projects: our tool has perfect precision for all three granularities; for recall, it obtained over 0.99 for class- and field-granularity while achieving 0.86 for method-granularity. We conduct a controlled experiment on EDW: human participants were able to perform the tasks in significantly less time and with better precision/recall using EDW as compared to JRipples.Item Open Access Using Active Probing by a Game Management AI to Faster Classify Players in Online Video Games(2021-06) Eidelberg, Arkady; Jacob, Christian; Denzinger, Jorg; Aycock, John Daniel; Zhao, RichardA Game Management AI is a framework to classify players based on their interest of the game. It is different from other work in this area by the fact that it actively manipulates the game state. This encourages the players to act in a certain way (or not), indirectly providing data currently missing to achieve the classification. This is called “Active Probing". The Game Management AI uses two sets of rules. The first contains rules that are intended to represent the knowledge allowing a classification and the second contains rules that indicate which game events can contribute to triggering conditions used in the first rule set. The Game Management AI was evaluated on the role playing game “Realm of Dreams”, a game that was created for this purpose. The experimental evaluation showed that using the active probing by the Game Management AI allows dentification of players highly interested in the game four times faster than such players were identified without active probing.