Yinxing Xue

Feature Location in a Collection of Product Variants

Companies often develop and maintain a collection of product variants that share some common features but also support different, customer-specific features. To reengineering such legacy product variants for systematic reuse, one must identify features and their implementing code units (e.g. functions, files) in different product variants. Information retrieval (IR) techniques may be applied for that purpose. In this paper, we discuss problems that hinder direct application of IR techniques to a collection of product variants. To counter these problems, we present an approach to support effective feature location in product variants. The novelty of our approach is that we exploit commonalities and differences of product variants by software differencing and FCA techniques so that IR technique can achieve satisfactory results for feature location in product variants. We have implemented our approach and conducted evaluation with a collection of nine Linux kernel product variants. Our evaluation shows that our approach always significantly outperforms a direct application of IR technique in the subject product variants.

Understanding Feature Evolution in a Family of Product Variants

Existing software product variants, developed by ad hoc reuse such as copy-paste-modify, are often a starting point for building Software Product Line (SPL). Understanding of how features evolved in product variants is a prerequisite to transition from ad hoc to systematic SPL reuse. We propose a method that assists analysts in detecting changes to product features during evolution. We first entail that features and their inter-dependencies for each product variant are documented as product feature model. We then apply model differencing algorithm to identify evolutionary changes that occurred to features of different product variants. We evaluate the effectiveness of our approach on a family of medium-size financial systems. We also investigate the scalability of our approach with synthetic data. The evaluation demonstrates that our approach yields good results and scales to large systems. Our approach enables the subsequent variability analysis and consolidation of product variants in the task of reengineering product variants into SPL.

Optimizing selection of competing features via feedback-directed evolutionary algorithms

Software that support various groups of customers usually require complicated configurations to attain different functionalities. To model the configuration options, feature model is proposed to capture the commonalities and competing variabilities of the product variants in software family or Software Product Line (SPL). A key challenge for deriving a new product is to find a set of features that do not have inconsistencies or conflicts, yet optimize multiple objectives (e.g., minimizing cost and maximizing number of features), which are often competing with each other. Existing works have attempted to make use of evolutionary algorithms (EAs) to address this problem. In this work, we incorporated a novel feedback-directed mechanism into existing EAs. Our empirical results have shown that our method has improved noticeably over all unguided version of EAs on the optimal feature selection. In particular, for case studies in SPLOT and LVAT repositories, the feedback-directed Indicator-Based EA (IBEA) has increased the number of correct solutions found by 72.33% and 75%, compared to unguided IBEA. In addition, by leveraging a pre-computed solution, we have found 34 sound solutions for Linux X86, which contains 6888 features, in less than 40 seconds.

Reengineering legacy software products into software product line based on automatic variability analysis

In order to deliver the various and short time-to-market software products to customers, the paradigm of Software Product Line (SPL) represents a new endeavor to the software development. To migrate a family of legacy software products into SPL for effective reuse, one has to understand commonality and variability among existing products variants. The existing techniques rely on manual identification and modeling of variability, and the analysis based on those techniques is performed at several mutually independent levels of abstraction. We propose a sandwich approach that consolidates feature knowledge from top-down domain analysis with bottom-up analysis of code similarities in subject software products. Our proposed method integrates model differencing, clone detection, and information retrieval techniques, which can provide a systematic means to reengineer the legacy software products into SPL based on automatic variability analysis.

A Case Study of Variation Mechanism in an Industrial Product Line

Fudan Wingsoft Ltd. developed a product Line of Wingsoft Financial Management Systems (WFMS-PL) providing web-based financial services for employees and students at universities in China. The company used a wide range of variation mechanisms such as conditional compilation and configuration files to manage WFMS variant features. We studied this existing product line and found that most variant features had fine-grained impact on product line components. Our study also showed that different variation mechanisms had different, often complementary, strengths and weaknesses, and their choice should be mainly driven by the granularity and scope of feature impact on product line components. We hope our report will help companies evaluate and select variation mechanisms when moving towards the product line approach.

Detecting differences across multiple instances of code clones

Clone detectors find similar code fragments (i.e., instances of code clones) and report large numbers of them for industrial systems. To maintain or manage code clones, developers often have to investigate differences of multiple cloned code fragments. However,existing program differencing techniques compare only two code fragments at a time. Developers then have to manually combine several pairwise differencing results. In this paper, we present an approach to automatically detecting differences across multiple clone instances. We have implemented our approach as an Eclipse plugin and evaluated its accuracy with three Java software systems. Our evaluation shows that our algorithm has precision over 97.66% and recall over 95.63% in three open source Java projects. We also conducted a user study of 18 developers to evaluate the usefulness of our approach for eight clone-related refactoring tasks. Our study shows that our approach can significantly improve developers’performance in refactoring decisions, refactoring details, and task completion time on clone-related refactoring tasks. Automatically detecting differences across multiple clone instances also opens opportunities for building practical applications of code clones in software maintenance, such as auto-generation of application skeleton, intelligent simultaneous code editing.

BinGo: cross-architecture cross-OS binary search

Binary code search has received much attention recently due to its impactful applications, e.g., plagiarism detection, malware detection and software vulnerability auditing. However, developing an effective binary code search tool is challenging due to the gigantic syntax and structural differences in binaries resulted from different compilers, architectures and OSs. In this paper, we propose BINGO — a scalable and robust binary search engine supporting various architectures and OSs. The key contribution is a selective inlining technique to capture the complete function semantics by inlining relevant library and user-defined functions. In addition, architecture and OS neutral function filtering is proposed to dramatically reduce the irrelevant target functions. Besides, we introduce length variant partial traces to model binary functions in a program structure agnostic fashion. The experimental results show that BINGO can find semantic similar functions across architecture and OS boundaries, even with the presence of program structure distortion, in a scalable manner. Using BINGO, we also discovered a zero-day vulnerability in Adobe PDF Reader, a COTS binary.

Are clones harmful for maintenance

We often find clones in semantically related programs parts. This semantic relationship, not clones, is a prime reason for maintenance problems, as semantically related program parts must be changed in sync no matter of clones. Only clones resulting from bad design hinder program maintainability. Long-lived essential clones that should not or cannot be eliminated are mostly neutral in respect to maintenance effort, and in some cases even help in maintenance. On the other hand, the presence of such clones signifies program parts that often are more difficult to maintain than clone-free parts.

Mystique: Evolving Android Malware for Auditing Anti-Malware Tools

In the arms race of attackers and defenders, the defense is usually more challenging than the attack due to the unpredicted vulnerabilities and newly emerging attacks every day. Currently, most of existing malware detection solutions are individually proposed to address certain types of attacks or certain evasion techniques. Thus, it is desired to conduct a systematic investigation and evaluation of anti-malware solutions and tools based on different attacks and evasion techniques. In this paper, we first propose a meta model for Android malware to capture the common attack features and evasion features in the malware. Based on this model, we develop a framework, MYSTIQUE, to automatically generate malware covering four attack features and two evasion features, by adopting the software product line engineering approach. With the help of MYSTIQUE, we conduct experiments to 1) understand Android malware and the associated attack features as well as evasion techniques; 2) evaluate and compare the 57 off-the-shelf anti-malware tools, 9 academic solutions and 4 App market vetting processes in terms of accuracy in detecting attack features and capability in addressing evasion. Last but not least, we provide a benchmark of Android malware with proper labeling of contained attack and evasion features.

Semantic modelling of Android malware for effective malware comprehension, detection, and classification

Malware has posed a major threat to the Android ecosystem. Existing malware detection tools mainly rely on signature- or feature- based approaches, failing to provide detailed information beyond the mere detection. In this work, we propose a precise semantic model of Android malware based on Deterministic Symbolic Automaton (DSA) for the purpose of malware comprehension, detection and classification. It shows that DSA can capture the common malicious behaviors of a malware family, as well as the malware variants. Based on DSA, we develop an automatic analysis framework, named SMART, which learns DSA by detecting and summarizing semantic clones from malware families, and then extracts semantic features from the learned DSA to classify malware according to the attack patterns. We conduct the experiments in both malware benchmark and 223,170 real-world apps. The results show that SMART builds meaningful semantic models and outperforms both state-of-the-art approaches and anti-virus tools in malware detection. SMART identifies 4583 new malware in real-world apps that are missed by most anti-virus tools. The classification step further identifies new malware variants and unknown families.