Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
184 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Using Information Flow to estimate interference between developers same method contributions (2404.08619v1)

Published 12 Apr 2024 in cs.SE

Abstract: This work's main goal is to understand if Information Flow Control (IFC), a security technique used for discovering leaks in software, could be used to indicate the presence of dynamic semantic conflicts between developers contributions in merge scenarios. However, as defining if a dynamic semantic conflict exists involves understanding the expected behaviour of a system, and as such behavioural specifications are often hard to capture, formalize and reason about, we instead try to detect a code level adaptation of the notion of interference from Goguen and Meseguer. We limit our scope to interference caused by developers contributions on the same method. Therefore, we conduct an evaluation to understand if information flow may be used to estimate interference. In particular, we use Java Object-sensitive Analysis (JOANA) to do the IFC for Java programs. JOANA does the IFC of Java programs by using a System Dependence Graph (SDG), a directed graph representing the information flow through a program. Additionally, we bring evidence that information flow between developers same-method contributions occurred for around 64% of the scenarios we evaluated. Finally, we conducted a manual analysis, on 35 scenarios with information flow between developers same-method contributions, to understand the limitations of using information flow to estimate interference between same-method contributions. From the 35 analysed scenarios, for only 15 we considered that an interference in fact existed. We found three different major reasons for detecting information flow and no interference: cases related to the nature of changes, to excessive annotation from our strategy and to the conservativeness of the flows identified by JOANA. We conclude that information flow may be used to estimate interference, but, ideally, the number of false positives should be reduced.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (26)
  1. Paola Accioly. 2017. Understanding Collaboration Conflicts Characteristics. Ph. D. Dissertation. Universidade Federal de Pernambuco.
  2. Understanding semi-structured merge conflict characteristics in open-source Java projects. Empirical Software Engineering (21 Dec 2017). https://doi.org/10.1007/s10664-017-9586-1
  3. Semistructured merge: rethinking merge in revision control systems. Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering (2011), 190–200.
  4. Program integration for languages with procedure calls. ACM Transactions on Software Engineering and Methodology (TOSEM) 4, 1 (1995), 3–35.
  5. Regression tests to expose change interaction errors. Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering (2013), 334–344.
  6. Early detection of collaboration conflicts and risks. IEEE Transactions on Software Engineering 39, 10 (2013), 1358–1375.
  7. Guilherme José Carvalho CAVALCANTI. 2016. Comparing integration effort and correctness of Different merge approaches in version control systems. Master’s Dissertation (2016).
  8. Martin Fowler and Kent Beck. 1999. Refactoring: improving the design of existing code. Addison-Wesley Professional.
  9. Joseph A Goguen and José Meseguer. 1982. Security policies and security models. IEEE Symposium on Security and Privacy 11 (1982), 77.
  10. Using JOANA for Information Flow Control in Java Programs-A Practical Guide. Software Engineering (Workshops) 215 (2013), 123–138.
  11. Checking applications using security APIs with JOANA. 8th International Workshop on Analysis of Security APIs (2015).
  12. David Grove and Craig Chambers. 2001. A framework for call graph construction algorithms. ACM Transactions on Programming Languages and Systems (TOPLAS) 23, 6 (2001), 685–746.
  13. Christian Hammer and Gregor Snelting. 2009. Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. International Journal of Information Security 8, 6 (2009), 399–422.
  14. Integrating noninterfering versions of programs. ACM Transactions on Programming Languages and Systems (TOPLAS) 11, 3 (1989), 345–387.
  15. Daniel Jackson and David A Ladd. 1994. Semantic Diff: A Tool for Summarizing the Effects of Modifications. ICSM 94 (1994), 243–252.
  16. Bakhtiar Khan Kasi and Abhijit Sarma. 2013. Cassandra: Proactive conflict minimization through optimized task scheduling. 35th International Conference on Software Engineering (ICSE) (2013), 732–741.
  17. Tom Mens. 2002. A state-of-the-art survey on software merging. IEEE transactions on software engineering 28, 5 (2002), 449–462.
  18. Principles of program analysis. Springer.
  19. Barbara G Ryder. 1979. Constructing the call graph of a program. IEEE Transactions on Software Engineering 3, 3 (1979), 216–226.
  20. Evaluation of semantic interference detection in parallel changes: an exploratory experiment. IEEE International Conference on Software Maintenance (ICSM) (2007), 74–83.
  21. Samuel Sanford Shapiro and Martin B Wilk. 1965. An analysis of variance test for normality (complete samples). Biometrika 52, 3-4 (1965), 591–611.
  22. Pointer analysis. Foundations and Trends® in Programming Languages 2, 1 (2015), 1–69.
  23. Checking Probabilistic Noninterference Using JOANA. Information Technology (it) 56 (Nov. 2014), 280–287. https://doi.org/10.1515/itit-2014-1051
  24. Making program refactoring safer. IEEE software 27, 4 (2010), 52–57.
  25. Frank Wilcoxon. 1945. Individual comparisons by ranking methods. Biometrics bulletin 1, 6 (1945), 80–83.
  26. A program integration algorithm that accommodates semantics-preserving transformations. ACM Transactions on Software Engineering and Methodology (TOSEM) 1, 3 (1992), 310–354.
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets