@article{MTMT:34437958, title = {A Case Study on the Quality of Static Analysis Bug Reports}, url = {https://m2.mtmt.hu/api/publication/34437958}, author = {Umann, Kristóf and Porkoláb, Zoltán}, journal-iso = {CEUR WORKSHOP PROC}, journal = {CEUR WORKSHOP PROCEEDINGS}, volume = {3588}, unique-id = {34437958}, abstract = {Finding bugs in software using automated tools has enjoyed generous attention for as long as humans wrote software. With the increase in computing capacity and advancement in compiler theory, static analyzer tools like the Clang Static Analyzer have been an unexpandable part of several software development projects. The Clang Static Analyzer, like many other tools of its kind, employs heuristics, which may lead to reports on correct code – so-called false positives. The evaluation and the potential fixing of the reports cannot be automated, requiring valuable time from the most expensive and least available resource during development, a human expert. While the finding of bugs stands in the focus of academic research, the intelligible presentation of those findings to the user was less frequently discussed. In our paper, we survey several reports emitted by the Clang Static Analyzer to understand what makes a bug report hard to understand. Our study aims to pave the way for further research to fix the problems discussed here.}, keywords = {C++; Clang; static analysis; LLVM; bug report quality}, year = {2023}, eissn = {1613-0073}, pages = {74-79}, orcid-numbers = {Porkoláb, Zoltán/0000-0001-6819-0224} } @inproceedings{MTMT:34205378, title = {Towards Better Tool Support for Code Comprehension}, url = {https://m2.mtmt.hu/api/publication/34205378}, author = {Brunner, Tibor and Cserép, Máté and Fekete, Anett and Mészáros, Mónika and Porkoláb, Zoltán}, booktitle = {Composability, Comprehensibility and Correctness of Working Software}, doi = {10.1007/978-3-031-42833-3_6}, unique-id = {34205378}, abstract = {In software development, bug fixing and feature development requires a thorough understanding of all details and consequences of the planned changes. For long-existing large software systems, the code-base has been developed and maintained for decades by fluctuating teams, thus original intentions are lost, the documentation is untrustworthy or missing. Most times, the only reliable information is the code itself. Source code comprehension of such large software is an essential, but usually very challenging task. The comprehension process and approach of existing systems is fundamentally different from writing new software, and the usual development tools provide poor support in this area. Throughout the years, different tools have been developed with various complexity and feature set for code comprehension but none of them fulfilled all specific requirements yet. In this paper we discuss the most accepted models for code comprehension, the required feature set for tools supporting the comprehension process and the various approaches of existing solutions. We present CodeCompass – an open source LLVM/Clang based tool to help understanding large legacy software systems – in detail to analyse the required interface, possible design choices and implementation considerations. Based on the LLVM/Clang compiler infrastructure, CodeCompass gives exact information on complex C/C++ language elements such as inheritance, overloading, variable usage, possible function pointer and virtual function calls etc. These are all features for which various existing tools provide only partial support. Although CodeCompass supports mainly the C and C++ programming languages, it has a restricted support for Java and Python languages as well, therefore our investigation is language-independent.}, keywords = {Static analysis; Code comprehension; Clang}, year = {2023}, pages = {165-201}, orcid-numbers = {Cserép, Máté/0000-0002-3168-7736; Fekete, Anett/0000-0001-8466-7096; Mészáros, Mónika/0000-0002-6581-8263; Porkoláb, Zoltán/0000-0001-6819-0224} } @book{MTMT:34205374, title = {Composability, Comprehensibility and Correctness of Working Software. 8th Summer School, CEFP 2019, Budapest, Hungary, June 17–21, 2019, Revised Selected Papers}, url = {https://m2.mtmt.hu/api/publication/34205374}, isbn = {9783031428326}, doi = {10.1007/978-3-031-42833-3}, editor = {Porkoláb, Zoltán and Zsók, Viktória}, publisher = {Springer International Publishing}, unique-id = {34205374}, abstract = {This book constitutes the revised selected papers of the 8th Summer School, CEFP 2019, held in Budapest, Hungary, during June 2019. The 7 full papers and the 4 short papers included in this volume were carefully reviewed and selected. The lectures cover various programming subjects with a focus on composability, comprehensibility, and correctness of working software.}, year = {2023}, orcid-numbers = {Porkoláb, Zoltán/0000-0001-6819-0224; Zsók, Viktória/0000-0003-4414-6813} } @CONFERENCE{MTMT:34189198, title = {Automatic Dependency Tracking in Microservice-based Systems Using Static Analysis in Helm Charts}, url = {https://m2.mtmt.hu/api/publication/34189198}, author = {Fekete, Anett and Kovács, Benedek and Porkoláb, Zoltán}, booktitle = {2023 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)}, doi = {10.23919/SoftCOM58365.2023.10271686}, unique-id = {34189198}, year = {2023}, pages = {1-7}, orcid-numbers = {Porkoláb, Zoltán/0000-0001-6819-0224} } @article{MTMT:34107990, title = {Field Experiment of the Memory Retention of Programmers Regarding Source Code}, url = {https://m2.mtmt.hu/api/publication/34107990}, author = {Fekete, Anett and Porkoláb, Zoltán}, doi = {10.24193/subbi.2023.1.05}, journal-iso = {STUD UNIV BABES-BOLYAI SER INFO}, journal = {STUDIA UNIVERSITATIS BABES-BOLYAI SERIES INFORMATICA}, volume = {68}, unique-id = {34107990}, issn = {1224-869X}, abstract = {"Program comprehension is a continuously important topic in computer science since the spread of personal computers, and several program comprehension models have been identified as possible directions of active code comprehension. There has been little research on how much programmers remember the code they have once written. We conducted two experiments with a group of Computer Science MSc students. In the first experiment, we examined the code comprehension strategies of the participants. The students were given a task to implement a minor feature in a relatively small C++ project. In the second experiment, we asked the students 2 months later to complete the same task again. Before starting the clock, we asked the students to fill a questionnaire which aimed to measure program code-related memory retention: we inquired about how much the students remembered the code, down to the smallest relevant details, e.g. the name of functions and variables they had to find to complete the task. After the second experiment, we could compare the solution times of those students who participated in both parts. As one result, we could see that these students could solve the task in shorter time than they did in the first experiment. We also looked at the results of the questionnaire: the vast majority of students could not precisely remember more than two or three identifiers from the original code. In this paper, we will show how this result compares to the forgetting curve. 2010 Mathematics Subject Classification. 68U99. 1998 CR Categories and Descriptors. I.m [Computing Methodologies]: Miscellaneous; J.m [Computer Applications]: Miscellaneous. Key words and phrases. code comprehension, memory retention, experiment."}, year = {2023}, eissn = {2065-9601}, pages = {71-82}, orcid-numbers = {Fekete, Anett/0000-0001-8466-7096; Porkoláb, Zoltán/0000-0001-6819-0224} } @article{MTMT:34090708, title = {A Tag-Based Solution for Safer Parallel STL Usage}, url = {https://m2.mtmt.hu/api/publication/34090708}, author = {Benjámin, Barth and Szalay, Richárd and Porkoláb, Zoltán}, doi = {10.2478/aei-2023-0008}, journal-iso = {ACTA ELECTROTECH INF}, journal = {ACTA ELECTROTECHNICA ET INFORMATICA}, volume = {23}, unique-id = {34090708}, issn = {1335-8243}, abstract = {The continuous evolution of programming languages creates a challenge not only for the compiler implementers but also for theregular developers. The C++17 standard introduced the Parallel STL library, a parallel extension of the original and fundamental Standard Template Library (STL) with the promise to achieve safe, efficient, and scalable parallel programming in an easy way. While the syntax remained familiar, the new parallel algorithms introduced additional requirements, which are often ignored even by experienced programmers. In this paper, we investigate the root cause of the misuse of the Parallel STL. We carried out a classroom experiment to measure the programmers’ behaviour when programming using the Parallel STL and found that the major issue is not that their code would be erroneous, but the lack of awareness of the semantic requirements of parallel functors. While a fully automatic detection of erroneous constructs is computationally infeasible to achieve, we introduce a framework with which the developer will be able to indicate – axiomatically, based on absolute trust – that an operation has “safe” properties required by the algorithms. We implemented a prototype of the proposed framework to demonstrate its usability and effectiveness.}, keywords = {Parallel programming; Standard template library; C++ (programming language); concurrent programming; type safety}, year = {2023}, eissn = {1338-3957}, pages = {19-27}, orcid-numbers = {Szalay, Richárd/0000-0001-5684-5158; Porkoláb, Zoltán/0000-0001-6819-0224} } @CONFERENCE{MTMT:34027987, title = {A Survey of Dataflow Analyses in Clang}, url = {https://m2.mtmt.hu/api/publication/34027987}, author = {Umann, Kristóf and Porkoláb, Zoltán}, booktitle = {12th International Conference on Applied Informatics (ICAI 2023)}, unique-id = {34027987}, abstract = {Despite Clang being one of the most popular compilers for the C family of languages, it once was surprisingly unfriendly towards dataflow analyses. As it turns out, there are infrastructural barriers from implementing them as easily as it is for its backend, LLVM. While this appears to be changing, the cumbersome implemenetation of the few dataflow algorithms that were in Clang present an interesting case study. This paper presents their struggles and clever solutions.}, year = {2023}, pages = {1-3}, orcid-numbers = {Porkoláb, Zoltán/0000-0001-6819-0224} } @misc{MTMT:33862397, title = {Lightweight wrappers for conscious std::transform_reduce operation safety}, url = {https://m2.mtmt.hu/api/publication/33862397}, author = {Benjámin, Barth and Szalay, Richárd and Porkoláb, Zoltán}, unique-id = {33862397}, abstract = {C++17 introduced Parallel STL: a set of overloaded functions taking an additional “execution policy” parameter. While the Standard defines the semantics of the individual algorithms, adherence to their abstract requirements is up to the developer. Experience shows that programmers frequently make mistakes and write erroneous code, which is hard to debug. While a fully automatic detection of erroneous constructs is yet computationally infeasible to do, I introduce a framework with which the user will be able to indicate – axiomatically, based on absolute trust – that an operation has “safe” properties, e.g. commutativity of certain functors. A lightweight prototype library shim, “pstl::algorithm” was developed to require such annotations.}, year = {2023}, orcid-numbers = {Szalay, Richárd/0000-0001-5684-5158; Porkoláb, Zoltán/0000-0001-6819-0224} } @CONFERENCE{MTMT:34148405, title = {Evaluation of the Traquest model}, url = {https://m2.mtmt.hu/api/publication/34148405}, author = {Rátai, Dániel Balázs and Horváth, Zoltán and Porkoláb, Zoltán and Tóth, Melinda}, booktitle = {Proceedings of the 14th Joint Conference on Mathematics and Computer Science}, unique-id = {34148405}, year = {2022}, pages = {1-3}, orcid-numbers = {Horváth, Zoltán/0000-0001-9213-2681; Porkoláb, Zoltán/0000-0001-6819-0224; Tóth, Melinda/0000-0001-6300-7945} } @misc{MTMT:34019576, title = {Uncovering Hidden Dependencies: Constructing Intelligible Path Witnesses Using Dataflow Analyses}, url = {https://m2.mtmt.hu/api/publication/34019576}, author = {Umann, Kristóf and Porkoláb, Zoltán and Horváth, Gábor}, unique-id = {34019576}, abstract = {The lack of sound, concise and comprehensive error reports emitted by a static analysis tool can cause increased fixing cost, bottleneck at the availability of experts and even may undermine the trust in static analysis as a method. This paper presents novel techniques to improve the quality of bug reports for static analysis tools that employ symbolic execution. With the combination of data and control dependency analysis, we can identify the relevance of particular code snippets that were previously missing from the report. We demonstrated the benefits of our approach by implementing an improved bug report generator algorithm for the Clang Static Analyzer. After being tested by the open source community our solution became enabled by default in the tool.}, keywords = {Clang; Symbolic execution; static analysis; Control dependency; reaching definitions analysis}, year = {2022}, orcid-numbers = {Porkoláb, Zoltán/0000-0001-6819-0224; Horváth, Gábor/0000-0002-0834-0996} }