Integration of Static and Dynamic Code Analysis for Understanding Legacy Source Code

Kirchmayr, Wilhelm; Moser, M.; Nocke, Ludwig; Pichler, Josef; Tober, Rudolf

doi:10.1109/icsme.2016.70

Cited by 10 publications

(8 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…While the first is based directly on the source code, the second is based on its execution. Both techniques provide good results, as shown by previous studies of different authors [4, 5]. In this work, we focus on dynamic analysis of the source code.…”

Section: Introductionmentioning

confidence: 72%

Mutation‐inspired symbolic execution for software testing

et al. 2022

View full text Add to dashboard Cite

Software testing is a complex and costly stage during the software development lifecycle. Nowadays, there is a wide variety of solutions to reduce testing costs and improve test quality. Focussing on test case generation, Dynamic Symbolic Execution (DSE) is used to generate tests with good structural coverage. Regarding test suite evaluation, Mutation Testing (MT) assesses the detection capability of the test cases by introducing minor localised changes that resemble real faults. DSE is however known to produce tests that do not have good mutation detection capabilities: in this paper, the authors set out to solve this by combining DSE and MT into a new family of approaches that the authors call Mutation-Inspired Symbolic Execution (MISE). First, this known result on a set of open source programs is confirmed: DSE by itself is not good at killing mutants, detecting only 59.9% out of all mutants. The authors show that a direct combination of DSE and MT (naive MISE) can produce better results, detecting up to 16% more mutants depending on the programme, though at a high computational cost. To reduce these costs, the authors set out a roadmap for more efficient versions of MISE, gaining its advantages while avoiding a large part of its additional costs.

show abstract

Section: Introductionmentioning

confidence: 72%

Mutation‐inspired symbolic execution for software testing

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Statische Analyse wird auch eingesetzt, um Zusammenhänge in großen Softwaresystemen [12], [13] zu visualisieren (beispielsweise durch Extraktion architekturrelevanter Information) oder "verschollenes" Wissen aus verfahrenstechnischer Software zu extrahieren und in Form von Dokumentation aufzubereiten [9], [10], [11]. Statische Analyse dient auch als Basis für die symbolische Ausführung von Programmen, deren Zweck es ist, Information über die der Software zugrundeliegende Spezifikation zu gewinnen [14].…”

Section: Continuous Integration Im Software Engineeringunclassified

Software-Qualitätssicherung im Maschinen- und Anlagenbau: automatisierte Bewertung der technischen Qualität von SPS-Code

Dorninger

Ziebermayr

2021

Elektrotech. Inftech.

View full text Add to dashboard Cite

In der klassischen Softwareentwicklung ist die institutionalisierte Qualitätssicherung bereits seit Jahrzehnten etabliert. Systematisches Testen mit möglichst hoher Abdeckung, Continuous Integration and Delivery (CI/CD) -also das periodische Zusammenführen von SW-Bausteinen zu Anwendungen, verknüpft mit einem automatisierten Release-Management -sind heute Standard. Unter dem Buzzword DevOps hat sich die Weiterentwicklung der (teil-)automatisierten SW-Wertschöpfungskette auch auf die Optimierung der Zusammenarbeit zwischen Entwicklern, den Fachbereichen und dem IT-Infrastrukturbereich ausgedehnt. Auch im Bereich des Engineering von Steuerungs-Software hat sich mit etwas Verzögerung sehr viel bewegt. Die verwendeten Programmiersprachen sind zwar stabil geblieben, aber mittlerweile sind die Entwicklung mithilfe von Anlagen-und/oder Prozess-Simulation oder die virtuelle Inbetriebnahme von Maschinen und Anlagen gängige Praxis. Und auch CI/CD halten immer mehr Einzug ins Engineering von Maschinen und Anlagen. Ein wesentlicher Aspekt der Qualitätssicherung in den Prozessen von CI/CD ist die automatisierte Beurteilung der technischen Qualität des Codes und dessen Konformität zu Standards oder individuellen Programmierrichtlinien. Diese kann schon früh in den von den Programmierern verwendeten Entwicklungswerkzeugen ansetzen, aber auch ergänzend beim automatisierten Zusammenbau von Anwendungen in der Build-und Delivery-Phase eines Projekts. In diesem Artikel beschreiben wir das Umfeld und den Einsatz dieser Systeme im Engineering und stellen ausgesuchte Werkzeuge zur Ergänzung und speziellen Unterstützung für automatisierte Qualitätsanalysen von SPS-Software vor. Mit technischen Einblicken und Erfahrungen, speziell bezüglich der notwendigen Art der Analysen und welche Fragestellungen in der Praxis entstehen, wollen wir die Relevanz dieser Methoden und Werkzeuge im Engineering von Maschinen und Anlagen zeigen. Schlüsselwörter: statische Analyse; Continous Integration; industrielle Automatisierung; IEC 61131 Software quality assurance in mechanical and plant engineering: automated assessment of the technical quality of PLC code.In classical software development, institutionalized quality assurance has been established for decades. Systematic testing with the highest possible coverage, continuous integration, and continuous delivery (CI/CD) -i.e., the periodic merging of software modules into applications linked with automated release management -are the norm today. Under the buzzword of DevOps, the further development of the (partially) automated software value chain has also extended to the optimization of cooperation between developers, departments, and the IT infrastructure sector.With some delay, a great deal has also been done in control software engineering. The programming languages used have remained stable, but, in the meantime, development with the help of plant and/or process simulation or the virtual commissioning of machines and plants have become common practice. Also, CI/CD are more and more employed for engi...

show abstract

“…Other times, business processes have been adapted over time to work efficiently with an existing system and the workforce is used to the established process. A lot of business knowledge is implemented in these mission critical systems, up to the point that certain aspects of processes are not documented elsewhere but in the source code [2,3]. Additionally, these systems are the foundations and building blocks for newer systems [4].…”

Section: Introductionmentioning

confidence: 99%

“…According to the law in many countries, the contracts have to be stored for several years [6,7]. The lifecycle of LIS, managing such contracts over the years, covers a lot of changes in the technology landscape, programming languages and paradigms and even staff turnover [3].…”

Section: Introductionmentioning

confidence: 99%

Mainframe Migration Based on Screen Scraping

Flores-Ruiz¹,

Pérez‐Castillo²,

Domann³

et al. 2018

2018 IEEE International Conference on Software Maintenance and Evolution (ICSME)

View full text Add to dashboard Cite

Companies possess a history and large array of legacy information systems that consume a great part of their IT budget in operations and maintenance. These systems are mission-critical, and they cannot be fully discarded since they retain business rules and provide information that is not available anywhere else. Unfortunately, decades-old legacy systems cannot easily withstand modification. Mainframes specifically conglomerate most of these legacy systems. Although there are some white-box solutions for migrating mainframe systems, such solutions lack systematicity and do not provide mechanisms for verifying business rules preservation. Hence, this paper presents a black-box solution (ignoring the internal structure of COBOL programs) which uses a screen scraping technique for migrating mainframe systems toward JavaFX and relational databases. Together with this solution, this paper provides an automatic verification technique to check if the recreated system reflects all the embedded business logic. This proposal has been designed and developed in the context of an industrial project, in which the solution has already migrated 43,000,000 mainframe screens from four systems. The main implication for researchers and practitioners is that screen scraping has proved to be feasible for migrating mainframe systems in large-scale projects within a manageable time-frame while preserving business.

show abstract

Integration of Static and Dynamic Code Analysis for Understanding Legacy Source Code

Cited by 10 publications

References 13 publications

Mutation‐inspired symbolic execution for software testing

Mutation‐inspired symbolic execution for software testing

Software-Qualitätssicherung im Maschinen- und Anlagenbau: automatisierte Bewertung der technischen Qualität von SPS-Code

Mainframe Migration Based on Screen Scraping

Contact Info

Product

Resources

About