Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

XIAO: Tuning Code Clones at Hands of Engineers in Practice

View File

Yingnong Dang
Microsoft Research Asia

Dongmei Zhang
Microsoft Research Asia

Song Ge
Microsoft Research Asia

Chengyun Chu
Microsoft Corporation

Yingjun Qiu

Tao Xie
North Carolina State University
United States

During software development, engineers often reuse a code fragment via copy-and-paste with or without modifications or adaptations. Such practices lead to a number of the same or similar code fragments spreading within one or many large code bases. Detecting code clones has been shown to be useful towards security such as detection of similar security defects and, more generally, quality improvement such as refactoring of code clones. A large number of academic research projects have been carried out on empirical studies or tool supports for detecting code clones. In this paper, we report our experiences of carrying out successful technology transfer of our new approach of code-clone detection. It has been integrated into the upcoming new release of Microsoft Visual Studio, to be benefiting a huge number of engineers in industry. The main success factors of our approach include its high tunability, scalability, compatibility, and explorability. Based on substantial industrial experiences, we present our approach with emphasis on these success factors. We also present empirical results on in-practice scenarios of applying our approach within Microsoft for the tasks of security-defect detection and refactoring.


Powered by OpenConf®
Copyright ©2002-2012 Zakon Group LLC