Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

XIAO: Tuning Code Clones at Hands of Engineers in Practice

During software development, engineers often reuse a code fragment via copy-and-paste with or without modifications or adaptations. Such practices lead to a number of the same or similar code fragments spreading within one or many large code bases. Detecting code clones has been shown to be useful towards security such as detection of similar security defects and, more generally, quality improvement such as refactoring of code clones. A large number of academic research projects have been carried out on empirical studies or tool supports for detecting code clones. In this paper, we report our experiences of carrying out successful technology transfer of our new approach of code-clone detection. It has been integrated into the upcoming new release of Microsoft Visual Studio, to be benefiting a huge number of engineers in industry. The main success factors of our approach include its high tunability, scalability, compatibility, and explorability. Based on substantial industrial experiences, we present our approach with emphasis on these success factors. We also present empirical results on in-practice scenarios of applying our approach within Microsoft for the tasks of security-defect detection and refactoring.

Author(s):

Yingnong Dang    
Microsoft Research Asia
China

Dongmei Zhang    
Microsoft Research Asia
China

Song Ge    
Microsoft Research Asia
China

Chengyun Chu    
Microsoft Corporation
China

Yingjun Qiu    
Alibaba
China

Tao Xie    
North Carolina State University
United States

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC