Refactoring detection algorithms have been crucial to a variety of applications: (i) empirical studies about the evolution of code, tests, and faults, (ii) tools for library API migration, (iii) improving the comprehension of changes and code reviews, etc. However, recent research has questioned the accuracy of the state-of-the-art refactoring detection tools, which poses threats to the reliability of their application. Moreover, previous refactoring detection tools are very sensitive to user-provided similarity thresholds, which further reduces their practical accuracy. In addition, their requirement to build the project versions/revisions under analysis makes them inapplicable in many real-world scenarios. To reinvigorate a previously fruitful line of research that has stifled, we designed, implemented, and evaluated RefactoringMiner, a technique that overcomes the above limitations. At the heart of RefactoringMiner is an AST-based statement matching algorithm that determines refactoring candidates without requiring user-defined thresholds. To empirically evaluate RefactoringMiner, we created the most comprehensive oracle to date that uses triangulation to create a dataset with considerably reduced bias, representing 3,188 refactorings from 185 open-source projects. Using this oracle, we found that RefactoringMiner has a precision of 98% and recall of 87%, which is a significant improvement over the previous state-of-the-art.
Good Secure Development Practices Presented By: Bil Corry lasso.pro Education Project. It recommends validating all user input, distrusting even your own requests, and taking a layered approach to validation, enforcement of business rules, and authentication. Some specific best practices include implementing positive authentication, principle of least privilege, centralized authorization routines, separating admin and user access, and ensuring error handling fails safely.
Better Embedded 2013 - Detecting Memory Leaks with ValgrindRigels Gordani
Valgrind is a tool for detecting memory leaks and errors. It works with existing executables without needing to recompile. Valgrind's MemCheck tool can detect issues like memory leaks, out of bounds access, and use of undefined values. It provides details on errors, including the line of code that causes the issue. Valgrind can be run from the command line or integrated into IDEs like QtCreator and Eclipse to help debug memory problems.
Hamcrest is a library for creating matchers for usage in unit tests, mocks and UI validation. This talk gives a brief introduction to using and writing Hamcrest matchers.
The topics covered:
* Basic introduction to Hamcrest
* Using Matchers in assertions
* Using Matchers with Mockito
* Writing custom matchers
* Ad-hoc matchers
Gareth hayes. non alphanumeric javascript-php and shared fuzzingYury Chemerkin
- Non-alphanumeric code was first posted on an online message board and amazed people by executing code without letters or numbers
- JavaScript allows loose typing and string indexing to access characters from objects and other values converted to strings
- Various tricks are used like incrementing array values, generating false, true and other strings to build the "sort" string and call functions needed to execute code without letters or numbers
Palestra ministrada na Trilha DevTest do The Developers Conference 2019 em Florianópolis sobre automação de testes de API com RestAssured e virtualização de serviços com Wiremock
With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code.
In this tutorial, you will learn how to write a secure API with future proof security utilizing JOSE. JOSE is a collection of complimentary standards: JWT, JWE, JWS, JWA, and JWK. JOSE is used by OAuth, OpenID, and others to secure communications between APIs and consumers. Now you can use it to secure your API.
Good Secure Development Practices Presented By: Bil Corry lasso.pro Education Project. It recommends validating all user input, distrusting even your own requests, and taking a layered approach to validation, enforcement of business rules, and authentication. Some specific best practices include implementing positive authentication, principle of least privilege, centralized authorization routines, separating admin and user access, and ensuring error handling fails safely.
Better Embedded 2013 - Detecting Memory Leaks with ValgrindRigels Gordani
Valgrind is a tool for detecting memory leaks and errors. It works with existing executables without needing to recompile. Valgrind's MemCheck tool can detect issues like memory leaks, out of bounds access, and use of undefined values. It provides details on errors, including the line of code that causes the issue. Valgrind can be run from the command line or integrated into IDEs like QtCreator and Eclipse to help debug memory problems.
Hamcrest is a library for creating matchers for usage in unit tests, mocks and UI validation. This talk gives a brief introduction to using and writing Hamcrest matchers.
The topics covered:
* Basic introduction to Hamcrest
* Using Matchers in assertions
* Using Matchers with Mockito
* Writing custom matchers
* Ad-hoc matchers
Gareth hayes. non alphanumeric javascript-php and shared fuzzingYury Chemerkin
- Non-alphanumeric code was first posted on an online message board and amazed people by executing code without letters or numbers
- JavaScript allows loose typing and string indexing to access characters from objects and other values converted to strings
- Various tricks are used like incrementing array values, generating false, true and other strings to build the "sort" string and call functions needed to execute code without letters or numbers
Palestra ministrada na Trilha DevTest do The Developers Conference 2019 em Florianópolis sobre automação de testes de API com RestAssured e virtualização de serviços com Wiremock
With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code.
In this tutorial, you will learn how to write a secure API with future proof security utilizing JOSE. JOSE is a collection of complimentary standards: JWT, JWE, JWS, JWA, and JWK. JOSE is used by OAuth, OpenID, and others to secure communications between APIs and consumers. Now you can use it to secure your API.
Visualizing a Database Structure with SchemaSpyGuo Albert
SchemaSpy is a tool that can automatically generate documentation of a database schema from the actual database. It produces HTML documents and diagrams that provide an up-to-date view of the database structure with very little setup or maintenance costs. SchemaSpy supports documentation generation for various database types either from the command line by specifying parameters, or by integrating the command line into an Ant build script.
The document discusses using JSON in MySQL. It begins by introducing the speaker and outlining topics to be covered, including why JSON is useful, loading JSON data into MySQL, performance considerations when querying JSON data, using generated columns with JSON, and searching multi-valued attributes in JSON. The document then dives into examples demonstrating loading sample data from XML to JSON in MySQL, issues that can arise, and techniques for optimizing JSON queries using generated columns and indexes.
Finally, easy integration testing with TestcontainersRudy De Busscher
Integration testing is always a difficult area. You need to make sure that all system are connected, data is correctly initialised for each run and test runs do not interfere with each other.
You can do integration testing today, but sometimes these tests are flaky for various reasons or they cannot cover all the cases that you would like to test.
With the Testcontainers project, this issue can be a thing of the past. It allows you to create reliable integration tests covering a wide range of scenarios like database usages, micro services interaction and GUI testing. One of the important factors for the success of this framework is the usage of Docker containers to create a reproducible environment for the test.
AngularJS uses a compile function to parse HTML into DOM elements and compile directives. The compile function sorts directives by priority and executes their compile and link functions to connect the scope to the DOM. It recursively compiles child elements. This allows directives to manipulate DOM elements and register behavior.
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...CODE BLUE
The very best attackers often use PowerShell to hide their scripts from A/V and application whitelisting technologies using encoded commands and memory-only payloads to evade detection. These techniques thwart Blue Teams from determining what was executed on a target system. However, defenders are catching on, and state-of-the-art detection tools now monitor the command line arguments for powershell.exe either in real-time or from event logs.
We need new avenues to remain stealthy in a target environment. So, this talk will highlight a dozen never-before-seen techniques for obfuscating PowerShell command line arguments. As an incident responder at Mandiant, I have seen attackers use a handful of these methods to evade basic command line detection mechanisms. I will share these techniques already being used in the wild so you can understand the value each technique provides the attacker.
Updated PowerShell event logging mitigates many of the detection challenges that obfuscation introduces. However, many organizations do not enable this PowerShell logging. Therefore, I will provide techniques that the Blue Team can use to detect the presence of these obfuscation methods in command line arguments. I will conclude this talk by highlighting the public release of Invoke-Obfuscation. This tool applies the aforementioned obfuscation techniques to user-provided commands and scripts to evade command line argument detection mechanisms.
--- Daniel Bohannon
Daniel Bohannon is an Incident Response Consultant at MANDIANT with over six years of operations and information security experience. His particular areas of expertise include enterprise-wide incident response investigations, host-based security monitoring, data aggregation and anomaly detection, and PowerShell-based attack research and detection techniques. As an incident response consultant, Mr. Bohannon provides emergency services to clients when security breach occur. He also develops new methods for detecting malicious PowerShell usage at both the host- and network-level while researching obfuscation techniques for PowerShell- based attacks that are being used by numerous threat groups. Prior to joining MANDIANT, Mr. Bohannon spent five years working in both IT operations and information security roles in the private retail industry. There he developed operational processes for the automated aggregation and detection of host- and network-based anomalies in a large PCI environment. Mr. Bohannon also programmed numerous tools for host-based hunting while leading the organization’s incident response team. Mr. Bohannon received a Master of Science in Information Security from the Georgia Institute of Technology and a Bachelor of Science in Computer Science from The University of Georgia.
This document provides an overview of how to use Mockito to create mock objects and define their behavior in tests.
It explains how to create mocks with mock(ClassToMock.class), define return values and exceptions with when(method()).thenReturn()/thenThrow(), and verify mock interactions with verify(mock).method(). It also covers using @Mock annotation and initMocks() to initialize mocks, and matchers like eq() to verify argument matching. The document concludes with some Eclipse IDE tips to help with Mockito development.
Garbage collection has largely removed the need to think about memory management when you write Java code, but there is still a benefit to understanding and minimizing the memory usage of your applications, particularly with the growing number of deployments of Java on embedded devices. This session gives you insight into the memory used as you write Java code and provides you with guidance on steps you can take to minimize your memory usage and write more-memory-efficient code. It shows you how to
• Understand the memory usage of Java code
• Minimize the creation of new Java objects
• Use the right Java collections in your application
• Identify inefficiencies in your code and remove them
Video available from Parleys.com:
https://www.parleys.com/talk/how-write-memory-efficient-java-code
Malli is a new Clojure/Script library for elegant data-driven data modelling. It is born from the real world needs of dynamic, distributed and multi-tenant systems: Schemas to describe the data should be first-class data. They should drive the runtime value transformations, web forms, rules and processes. Configuration should be explicit – no magic, macros or mutability. We should be able to infer, create and modify the models at runtime, persist and load them back from database and share over the wire, for both Clojure and ClojureScript. Like JSON Schema, but for EDN & Clojure/Script.
In this talk, I’ll walk through the core concepts, features and the lessons learned on creating Malli. I’ll also demonstrate some cool new things we can do with literal data schemas and compare it to prior art, including clojure.spec, plumatic schema and JSON Schema.
This document provides an overview of Spring Boot and some of its key features. It discusses the origins and modules of Spring, how Spring Boot simplifies configuration and dependency management. It then covers examples of building Spring Boot applications that connect to a SQL database, use RabbitMQ for messaging, and schedule and run asynchronous tasks.
This document provides an overview of Hibernate Envers, a Hibernate module that enables easy auditing of persistent classes. It discusses how to activate Envers for an entity class, the different annotations used to configure the audit process, and how to query the audit information stored in revision tables. Envers allows tracking changes to entities and retrieving past versions through an AuditReader interface, with support for filtering, ordering and paging results. It provides an out-of-the-box solution for auditing entity data with Hibernate.
Attacker's Perspective of Active DirectorySunny Neo
This document provides an overview of attack methodologies from an attacker's perspective when targeting Active Directory environments. It discusses initial access techniques, privilege escalation to domain admin rights, maintaining situational awareness through techniques like password spraying and Kerberoasting, and lateral movement tactics like pass the hash and pass the ticket. It also provides mitigation strategies and detection opportunities for defenders.
This document provides an introduction and overview of Node.js and MongoDB. It discusses that Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine that uses an event-driven, non-blocking I/O model. It can be used for real-time applications and is well-suited for I/O-intensive applications. MongoDB is also introduced as a popular JSON-based NoSQL database that can be easily used with Node.js applications. Examples are given for connecting to MongoDB from Node.js code.
This document discusses role-based access controls (RBAC) in Neo4j. It provides an overview of the different privilege and role hierarchies in Neo4j including database management privileges, graph privileges, and separation of duties for roles like DBAs, operations staff, security staff, developers and more. It also discusses concepts like impersonation and provides examples of creating roles and assigning privileges to implement separation of duties.
What are the Key drivers for automation? What are the Challenges in Agile automation and How to deal with them? How to automate? Who will automate? Which tool to select? Commercial or open source? What to automate? Which features? Here is what our experience says
Problem-Solving using Graph Traversals: Searching, Scoring, Ranking, and Reco...Marko Rodriguez
A graph is a data structure that links a set of vertices by a set of edges. Modern graph databases support multi-relational graph structures, where there exist different types of vertices (e.g. people, places, items) and different types of edges (e.g. friend, lives at, purchased). By means of index-free adjacency, graph databases are optimized for graph traversals and are interacted with through a graph traversal engine. A graph traversal is defined as an abstract path whose instance is realized on a graph dataset. Graph databases and traversals can be used for searching, scoring, ranking, and in concert, recommendation. This presentation will explore graph structures, algorithms, traversal algebras, graph-related software suites, and a host of examples demonstrating how to solve real-world problems, in real-time, with graphs. This is a whirlwind tour of the theory and application of graphs.
De a máxima cobertura nos seus testes de APIElias Nogueira
Palestra ministrada no Reginonal Scrum Gathering Rio 2019 no dia 27/06/2019 sobre como dar uma cobertura de testes para uma API além do teste unitário e de integração, com um foco totalmente prático e com execução em pipeline.
Next.js helps address some shortcomings of React like initial load time and SEO support. It introduces features like server-side rendering, static generation, and incremental static regeneration that improve performance. The new App Router in Next.js 13.4 introduces shared layouts and nested routing to provide a more structured approach to building apps. React Server Components in Next.js also improve performance by enabling server-centric routing and caching of component trees.
Refactoring Mining - The key to unlock software evolutionNikolaos Tsantalis
Keynote at the International Workshop on Refactoring
co-located with the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE '21)
November 14, 2021
This document discusses socket programming in Java. It begins by explaining the key classes for socket programming - InetAddress, Socket, ServerSocket, DatagramSocket, DatagramPacket, and MulticastSocket. It then provides examples of TCP client-server applications using Sockets and ServerSockets, UDP client-server applications using DatagramSockets and DatagramPackets, and multicast applications using MulticastSockets. The examples demonstrate how to send and receive data over sockets in both text and binary formats.
Visualizing a Database Structure with SchemaSpyGuo Albert
SchemaSpy is a tool that can automatically generate documentation of a database schema from the actual database. It produces HTML documents and diagrams that provide an up-to-date view of the database structure with very little setup or maintenance costs. SchemaSpy supports documentation generation for various database types either from the command line by specifying parameters, or by integrating the command line into an Ant build script.
The document discusses using JSON in MySQL. It begins by introducing the speaker and outlining topics to be covered, including why JSON is useful, loading JSON data into MySQL, performance considerations when querying JSON data, using generated columns with JSON, and searching multi-valued attributes in JSON. The document then dives into examples demonstrating loading sample data from XML to JSON in MySQL, issues that can arise, and techniques for optimizing JSON queries using generated columns and indexes.
Finally, easy integration testing with TestcontainersRudy De Busscher
Integration testing is always a difficult area. You need to make sure that all system are connected, data is correctly initialised for each run and test runs do not interfere with each other.
You can do integration testing today, but sometimes these tests are flaky for various reasons or they cannot cover all the cases that you would like to test.
With the Testcontainers project, this issue can be a thing of the past. It allows you to create reliable integration tests covering a wide range of scenarios like database usages, micro services interaction and GUI testing. One of the important factors for the success of this framework is the usage of Docker containers to create a reproducible environment for the test.
AngularJS uses a compile function to parse HTML into DOM elements and compile directives. The compile function sorts directives by priority and executes their compile and link functions to connect the scope to the DOM. It recursively compiles child elements. This allows directives to manipulate DOM elements and register behavior.
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...CODE BLUE
The very best attackers often use PowerShell to hide their scripts from A/V and application whitelisting technologies using encoded commands and memory-only payloads to evade detection. These techniques thwart Blue Teams from determining what was executed on a target system. However, defenders are catching on, and state-of-the-art detection tools now monitor the command line arguments for powershell.exe either in real-time or from event logs.
We need new avenues to remain stealthy in a target environment. So, this talk will highlight a dozen never-before-seen techniques for obfuscating PowerShell command line arguments. As an incident responder at Mandiant, I have seen attackers use a handful of these methods to evade basic command line detection mechanisms. I will share these techniques already being used in the wild so you can understand the value each technique provides the attacker.
Updated PowerShell event logging mitigates many of the detection challenges that obfuscation introduces. However, many organizations do not enable this PowerShell logging. Therefore, I will provide techniques that the Blue Team can use to detect the presence of these obfuscation methods in command line arguments. I will conclude this talk by highlighting the public release of Invoke-Obfuscation. This tool applies the aforementioned obfuscation techniques to user-provided commands and scripts to evade command line argument detection mechanisms.
--- Daniel Bohannon
Daniel Bohannon is an Incident Response Consultant at MANDIANT with over six years of operations and information security experience. His particular areas of expertise include enterprise-wide incident response investigations, host-based security monitoring, data aggregation and anomaly detection, and PowerShell-based attack research and detection techniques. As an incident response consultant, Mr. Bohannon provides emergency services to clients when security breach occur. He also develops new methods for detecting malicious PowerShell usage at both the host- and network-level while researching obfuscation techniques for PowerShell- based attacks that are being used by numerous threat groups. Prior to joining MANDIANT, Mr. Bohannon spent five years working in both IT operations and information security roles in the private retail industry. There he developed operational processes for the automated aggregation and detection of host- and network-based anomalies in a large PCI environment. Mr. Bohannon also programmed numerous tools for host-based hunting while leading the organization’s incident response team. Mr. Bohannon received a Master of Science in Information Security from the Georgia Institute of Technology and a Bachelor of Science in Computer Science from The University of Georgia.
This document provides an overview of how to use Mockito to create mock objects and define their behavior in tests.
It explains how to create mocks with mock(ClassToMock.class), define return values and exceptions with when(method()).thenReturn()/thenThrow(), and verify mock interactions with verify(mock).method(). It also covers using @Mock annotation and initMocks() to initialize mocks, and matchers like eq() to verify argument matching. The document concludes with some Eclipse IDE tips to help with Mockito development.
Garbage collection has largely removed the need to think about memory management when you write Java code, but there is still a benefit to understanding and minimizing the memory usage of your applications, particularly with the growing number of deployments of Java on embedded devices. This session gives you insight into the memory used as you write Java code and provides you with guidance on steps you can take to minimize your memory usage and write more-memory-efficient code. It shows you how to
• Understand the memory usage of Java code
• Minimize the creation of new Java objects
• Use the right Java collections in your application
• Identify inefficiencies in your code and remove them
Video available from Parleys.com:
https://www.parleys.com/talk/how-write-memory-efficient-java-code
Malli is a new Clojure/Script library for elegant data-driven data modelling. It is born from the real world needs of dynamic, distributed and multi-tenant systems: Schemas to describe the data should be first-class data. They should drive the runtime value transformations, web forms, rules and processes. Configuration should be explicit – no magic, macros or mutability. We should be able to infer, create and modify the models at runtime, persist and load them back from database and share over the wire, for both Clojure and ClojureScript. Like JSON Schema, but for EDN & Clojure/Script.
In this talk, I’ll walk through the core concepts, features and the lessons learned on creating Malli. I’ll also demonstrate some cool new things we can do with literal data schemas and compare it to prior art, including clojure.spec, plumatic schema and JSON Schema.
This document provides an overview of Spring Boot and some of its key features. It discusses the origins and modules of Spring, how Spring Boot simplifies configuration and dependency management. It then covers examples of building Spring Boot applications that connect to a SQL database, use RabbitMQ for messaging, and schedule and run asynchronous tasks.
This document provides an overview of Hibernate Envers, a Hibernate module that enables easy auditing of persistent classes. It discusses how to activate Envers for an entity class, the different annotations used to configure the audit process, and how to query the audit information stored in revision tables. Envers allows tracking changes to entities and retrieving past versions through an AuditReader interface, with support for filtering, ordering and paging results. It provides an out-of-the-box solution for auditing entity data with Hibernate.
Attacker's Perspective of Active DirectorySunny Neo
This document provides an overview of attack methodologies from an attacker's perspective when targeting Active Directory environments. It discusses initial access techniques, privilege escalation to domain admin rights, maintaining situational awareness through techniques like password spraying and Kerberoasting, and lateral movement tactics like pass the hash and pass the ticket. It also provides mitigation strategies and detection opportunities for defenders.
This document provides an introduction and overview of Node.js and MongoDB. It discusses that Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine that uses an event-driven, non-blocking I/O model. It can be used for real-time applications and is well-suited for I/O-intensive applications. MongoDB is also introduced as a popular JSON-based NoSQL database that can be easily used with Node.js applications. Examples are given for connecting to MongoDB from Node.js code.
This document discusses role-based access controls (RBAC) in Neo4j. It provides an overview of the different privilege and role hierarchies in Neo4j including database management privileges, graph privileges, and separation of duties for roles like DBAs, operations staff, security staff, developers and more. It also discusses concepts like impersonation and provides examples of creating roles and assigning privileges to implement separation of duties.
What are the Key drivers for automation? What are the Challenges in Agile automation and How to deal with them? How to automate? Who will automate? Which tool to select? Commercial or open source? What to automate? Which features? Here is what our experience says
Problem-Solving using Graph Traversals: Searching, Scoring, Ranking, and Reco...Marko Rodriguez
A graph is a data structure that links a set of vertices by a set of edges. Modern graph databases support multi-relational graph structures, where there exist different types of vertices (e.g. people, places, items) and different types of edges (e.g. friend, lives at, purchased). By means of index-free adjacency, graph databases are optimized for graph traversals and are interacted with through a graph traversal engine. A graph traversal is defined as an abstract path whose instance is realized on a graph dataset. Graph databases and traversals can be used for searching, scoring, ranking, and in concert, recommendation. This presentation will explore graph structures, algorithms, traversal algebras, graph-related software suites, and a host of examples demonstrating how to solve real-world problems, in real-time, with graphs. This is a whirlwind tour of the theory and application of graphs.
De a máxima cobertura nos seus testes de APIElias Nogueira
Palestra ministrada no Reginonal Scrum Gathering Rio 2019 no dia 27/06/2019 sobre como dar uma cobertura de testes para uma API além do teste unitário e de integração, com um foco totalmente prático e com execução em pipeline.
Next.js helps address some shortcomings of React like initial load time and SEO support. It introduces features like server-side rendering, static generation, and incremental static regeneration that improve performance. The new App Router in Next.js 13.4 introduces shared layouts and nested routing to provide a more structured approach to building apps. React Server Components in Next.js also improve performance by enabling server-centric routing and caching of component trees.
Refactoring Mining - The key to unlock software evolutionNikolaos Tsantalis
Keynote at the International Workshop on Refactoring
co-located with the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE '21)
November 14, 2021
This document discusses socket programming in Java. It begins by explaining the key classes for socket programming - InetAddress, Socket, ServerSocket, DatagramSocket, DatagramPacket, and MulticastSocket. It then provides examples of TCP client-server applications using Sockets and ServerSockets, UDP client-server applications using DatagramSockets and DatagramPackets, and multicast applications using MulticastSockets. The examples demonstrate how to send and receive data over sockets in both text and binary formats.
Rx.NET, from the inside-out - Stas Rivkin - Codemotion Rome 2018Codemotion
Writing a truly non-blocking, maintainable code shouldn’t be a giant headache. As developers we strive to write features bundled up into a single, readable and testable block of code and today’s technologies greatly help us. From .NET events to Task Parallel Library, we can craft complex features. But, unfortunately, having that many different technologies, we lack the possibility of composing (easily) between them. In this session, you will learn about the core fundamentals which construct the Rx API and how it provides a single, uniform language that abstracts away all sources of events.
This document contains code snippets for 12 common C++ programs: 1) checking if a number is even or odd, 2) swapping two numbers, 3) checking if a year is a leap year, 4) sorting words in dictionary order, 5) calculating a factorial, 6) generating a Fibonacci series, 7) transposing a matrix, 8) using constructors and destructors, 9) demonstrating multiple inheritance, 10) using static members and functions, 11) exception handling, and 12) file input/output. Each code snippet is followed by sample input/output to demonstrate the program's functionality.
GreenDAO is an ORM (Object Relational Mapping) library that uses code generation to provide a faster alternative to reflection-based ORMs for Android. It works by mapping Java objects to SQLite database tables to allow for CRUD (create, read, update, delete) operations on the data. The library includes a schema definition and code generator that automatically generates DAO classes to manage database access and queries. This avoids the performance overhead of reflection and allows for compiler checks of the database schema.
Java 8 Stream API. A different way to process collections.David Gómez García
A look on one of the features of Java 8 hidden behind the lambdas. A different way to iterate Collections. You'll never see the Collecions the same way.
These are the slides I used on my talk at the "Tech Thursday" by Oracle in June in Madrid.
The document discusses using C++ Accelerated Massive Parallelism (AMP) to improve performance by offloading work to the GPU. It shows how to wrap array data in an array_view to make it accessible to the GPU, then use parallel_for_each to execute a lambda function that increments each element in parallel on the GPU. By leveraging the massive parallelism of the GPU, this operation can see significant performance gains over executing it solely on the CPU.
This document summarizes new syntactic features introduced in recent versions of C#, including C# 6.0, 7.0, and 7.1. It provides examples of properties with auto-properties and initializers, lambda expressions used in properties and methods, inline variables, null expressions with null-coalescing and null-conditional operators, throw expressions, local functions, value tuples, and pattern matching. It also briefly mentions features planned for future versions like C# 7.2, 8, and beyond such as read-only references, nullable reference types, and default interface methods.
(Rx).NET' way of async programming (.NET summit 2017 Belarus)Stas Rivkin
The document discusses Rx.NET's approach to asynchronous programming using observables and operators. It begins with an introduction to Rx and observables, explaining how they allow pushing data rather than pulling it. It then demonstrates building observables from scratch by implementing the observer pattern directly. Finally, it shows how common Rx operators like Where and Select can be implemented to transform and filter observable sequences. The overall summary is that the document introduces the key concepts of Rx.NET through examples of building observables and operators from first principles in a push-based reactive style.
This document provides an overview of pointers and arrays in C++. It begins by explaining what pointers are, how they store memory addresses, and how to declare and assign values to pointer variables. It then covers arrays, including how they allow storing multiple values in contiguous memory locations that can be indexed. The document also discusses different types of arrays, such as one-dimensional, two-dimensional, and arrays of objects. Finally, it briefly introduces dynamic memory allocation using new operator at runtime.
The document discusses collections in C# programming. It shows examples of using List and Dictionary collections to store and retrieve data. A List is used to store integer values and later iterate through them. A Dictionary is used to store Customer objects mapped by ID. The document also demonstrates converting between collection types using ConvertAll and a custom converter.
The document describes the objectives of a C++ lab course. It includes:
1. Designing classes with static members, methods with default arguments, and friend functions like a matrix and vector class.
2. Implementing a complex number class with operator overloading.
3. Implementing a matrix class with dynamic memory allocation.
4. Overloading new and delete operators for custom memory allocation.
5. Developing linked list and sorting algorithm templates.
The document summarizes the output of labs 5, 6, and 7 from a computer engineering course. Lab 5 implements non-restoring division using a register-based algorithm. Lab 6 compares FIFO and LRU page replacement algorithms. Lab 7 implements Booth's multiplication algorithm for signed numbers using registers. Code snippets are provided for each lab along with sample inputs/outputs.
This document provides an overview of LINQ (Language Integrated Query) and its capabilities. It introduces LINQ to Objects, LINQ to SQL, and LINQ to XML. LINQ allows developers to query data structures using SQL-like syntax directly in code and integrates with various .NET languages and data sources.
C# 7.x What's new and what's coming with C# 8Christian Nagel
C# is extended in a fast pace – with new features allow to reduce the code you need to write, offer more safety, and gives better performance – and you still write safe code. In this session you are introduced to the new C# 7.0-7.3 features including tuples and pattern matching, and learn about the features planned with C# 8.0 such as nullable reference types, extensions for pattern matching, and the new switch expression.
This document provides an overview and introduction to Language Integrated Query (LINQ) in 3 sentences or less:
LINQ allows for a common syntax to query different types of data by enabling queries across objects, XML, SQL databases and other data sources using lambda expressions, extension methods, and other new C# 3.0 features. The document outlines the LINQ architecture and demonstrates LINQ to Objects, LINQ to SQL, and LINQ to XML, showing how LINQ provides a consistent query experience across .NET data sources. Key LINQ capabilities include IntelliSense support, deferred query execution, and strong typing checked by the compiler.
Similar to Accurate and Efficient Refactoring Detection in Commit History (20)
This document summarizes a study on refactoring activity that analyzed refactoring operations, developers responsible, timing relative to releases, relationships between production and test code refactoring, and purposes of refactorings. The study introduced the first refactoring detection tool to operate on Git commits and catalogued 44 motivations for refactoring types. It found that refactoring detection tools need to handle partial code and inspired future work improving precision, recall, oracles, and supported refactorings. The tools have been widely influential in empirical studies of refactoring.
This document describes research on identifying extract method refactoring opportunities through program analysis and tool support. It discusses limitations of early work, such as not supporting extraction of objects or composite variables. It presents techniques to address these limitations, including handling behavior preservation issues and ensuring the complete computation of extracted variables. Evaluation results of tools are provided, showing improvements in precision and recall over time. The document also discusses how the work influenced the researcher's career and other researchers.
Lambda expressions have been introduced in Java 8 to support functional programming and enable behavior parameterization by passing functions as parameters to methods. The majority of software clones (duplicated code) are known to have behavioral differences (i.e., Type-2 and Type-3 clones). However, to the best of our knowledge, there is no previous work to investigate the utility of Lambda expressions for parameterizing such behavioral differences in clones. In this paper, we propose a technique that examines the applicability of Lambda expressions for the refactoring of clones with behavioral differences. Moreover, we empirically investigate the applicability and characteristics of the Lambda expressions introduced to refactor a large dataset of clones. Our findings show that Lambda expressions enable the refactoring of a significant portion of clones that could not be refactored by any other means.
Refactoring is a widespread practice that helps developers
to improve the maintainability and readability of their code.
However, there is a limited number of studies empirically
investigating the actual motivations behind specific refactoring operations applied by developers. To fill this gap, we monitored Java projects hosted on GitHub to detect recently applied refactorings, and asked the developers to explain the reasons behind their decision to refactor the code.
By applying thematic analysis on the collected responses,
we compiled a catalogue of 44 distinct motivations for 12
well-known refactoring types. We found that refactoring activity is mainly driven by changes in the requirements and
much less by code smells. Extract Method is the most versatile refactoring operation serving 11 different purposes.
Finally, we found evidence that the IDE used by the developers affects the adoption of automated refactoring tools.
Cascading Style Sheets (CSS) is the standard language for
styling web documents and is extensively used in the industry. However, CSS lacks constructs that would allow code reuse (e.g., functions). Consequently, maintaining CSS code
is often a cumbersome and error-prone task. Preprocessors (e.g., Less and Sass) have been introduced to fill this gap,
by extending CSS with the missing constructs. Despite the
clear maintainability benefits coming from the use of preprocessors, there is currently no support for migrating legacy
CSS code to preprocessors. In this paper, we propose a
technique for automatically detecting duplicated style declarations in CSS code that can be migrated to preprocessor functions (i.e., mixins). Our technique can parameterize differences in the style values of duplicated declarations, and ensure that the migration will not change the presentation semantics of the web documents. The evaluation has shown that our technique is able to detect 98% of the
mixins that professional developers introduced in websites and
Style Sheet libraries, and can safely migrate real CSS code.
The document discusses a tool for refactoring clones in software. It aims to help developers explore clone groups, inspect differences between clones, and refactor clones safely. The tool detects clones using control structure matching and program dependence graphs. It visualizes clones and differences and automatically determines the best refactoring strategy, such as extract method or introduce utility method. Future work includes supporting more clones, lambda expressions, and testing refactorings. The tool is intended to improve on poor clone refactoring support in current tools.
This document summarizes an empirical study on the use of CSS preprocessor features like variables, nesting, mixins, and extending. The study analyzed over 1,200 preprocessor files from 50 websites using Sass, SCSS, and Less. The key findings are:
1) Developers primarily use global variables with color values, shallow nesting hierarchies, mixins that are reused and have few parameters/declarations, and no-parameter mixins instead of extending.
2) Migration tools should support these common patterns and also warn about extending which may break presentation semantics.
3) Future work includes developer surveys and studying how preprocessor code evolves over time.
Developers widely use CSS preprocessors and nesting is the most commonly used feature. Mixins are typically short with few parameters and often contain cross-browser declarations. While extends aim to reduce duplication, developers prefer mixins due to extends sometimes breaking presentation by changing selector order.
Improving the Unification of Software Clones Using Tree and Graph Matching Al...Nikolaos Tsantalis
This document presents an approach to improve the refactoring of software clones using tree and graph matching algorithms. The motivation is the limitations of current refactoring tools in optimally mapping clones with minimum differences and scaling to large code bases. The approach uses control and program dependence graphs to divide the matching problem into subproblems and find mappings that maximize matched statements while minimizing differences. An evaluation on 2342 clone groups from 7 projects found the approach could refactor 82% more groups than the state-of-the-art CeDAR tool, and 28% of groups involving clones in different files. Future work involves further empirical studies and handling more complex clone types.
This document discusses the history and future directions of code smell research. It covers the origins of refactoring and code smells, definitions of various code smells, methods for identifying code smells, prioritizing refactoring opportunities based on risk analysis, and the need to consider refactoring dependencies and conflicts. The goal is to improve software maintainability and quality through addressing code smells.
Preventive Software Maintenance: The Past, the Present, the FutureNikolaos Tsantalis
The document discusses preventive software maintenance and focuses on automatically detecting refactoring opportunities for common object-oriented design problems like duplicated code and inappropriate interfaces. It proposes treating design improvement as a search problem and applying search algorithms to find an optimal sequence of refactorings. Advantages of this approach include feasible behavior-preserving solutions to design issues and a more holistic way to prioritize preventive maintenance tasks.
An Empirical Study of Duplication in Cascading Style SheetsNikolaos Tsantalis
This document summarizes an empirical study on duplication in Cascading Style Sheets (CSS). It finds that about 60% of declarations are duplicated on average across CSS files from various websites. The study analyzes three types of duplication and detects duplication by parsing CSS into a model. It examines CSS files from open source projects and top websites, finding the largest duplications are typically between two selectors and involve five or more common declarations. While CSS size correlates with duplication, grouping adoption does not strongly correlate with reducing duplication. Future work is needed to refactor duplications and help migrate CSS to preprocessing languages.
Ranking Refactoring Suggestions based on Historical VolatilityNikolaos Tsantalis
This document discusses ranking refactoring suggestions based on historical code volatility. It proposes using the historical volatility of code elements, measured by changes across prior versions, to prioritize refactoring efforts. It evaluates four forecasting models - random walk, historical average, exponential smoothing, and exponentially weighted moving average - for predicting future volatility to rank suggestions. The historical average model achieved the lowest error and produced rankings most similar to actual volatility, especially for elements with frequent changes, making it a suitable strategy. The goal is to focus refactoring on code most likely to undergo future maintenance changes.
The document summarizes a research paper on automatically detecting features in Ajax-enabled web applications. It proposes clustering DOM states based on structural similarity and using different distance metrics, including a composite-change-aware tree-edit distance. An evaluation on three Ajax apps found this tree-edit distance performed best. Future work includes automatically labeling detected features using text analysis and emphasis tags.
A Multidimensional Empirical Study on Refactoring ActivityNikolaos Tsantalis
The document summarizes a multidimensional empirical study on refactoring activity in three open source projects. It aims to understand refactoring practices by developers through analyzing version control histories. The study seeks to answer five research questions related to the types of refactorings applied to test vs production code, individual contributions to refactoring, alignment with release dates, relationship between test and production refactoring, and motivations for applied refactorings. The methodology examines commit histories, detects refactorings, identifies test code, analyzes activity trends, and classifies sampled refactorings. Key findings include different refactoring focuses for test vs production code, alignment of refactoring and testing, increased refactoring before releases
The document discusses challenges and limitations with existing tools for refactoring code clones. It proposes a new approach to improve clone refactoring that involves three main phases:
1) Control structure matching to identify refactorable clones that have identical control flow.
2) PDG mapping to find the optimal mapping between clone statements that maximizes matches and minimizes differences.
3) Precondition examination to ensure refactoring preserves program behavior.
The goal is to parameterize more types of differences, find optimal matches, and add behavior preservation checks. This would allow safer and more effective refactoring of clones.
The technology uses reclaimed CO₂ as the dyeing medium in a closed loop process. When pressurized, CO₂ becomes supercritical (SC-CO₂). In this state CO₂ has a very high solvent power, allowing the dye to dissolve easily.
ESA/ACT Science Coffee: Diego Blas - Gravitational wave detection with orbita...Advanced-Concepts-Team
Presentation in the Science Coffee of the Advanced Concepts Team of the European Space Agency on the 07.06.2024.
Speaker: Diego Blas (IFAE/ICREA)
Title: Gravitational wave detection with orbital motion of Moon and artificial
Abstract:
In this talk I will describe some recent ideas to find gravitational waves from supermassive black holes or of primordial origin by studying their secular effect on the orbital motion of the Moon or satellites that are laser ranged.
(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...Scintica Instrumentation
Targeting Hsp90 and its pathogen Orthologs with Tethered Inhibitors as a Diagnostic and Therapeutic Strategy for cancer and infectious diseases with Dr. Timothy Haystead.
Mending Clothing to Support Sustainable Fashion_CIMaR 2024.pdfSelcen Ozturkcan
Ozturkcan, S., Berndt, A., & Angelakis, A. (2024). Mending clothing to support sustainable fashion. Presented at the 31st Annual Conference by the Consortium for International Marketing Research (CIMaR), 10-13 Jun 2024, University of Gävle, Sweden.
The binding of cosmological structures by massless topological defectsSérgio Sacani
Assuming spherical symmetry and weak field, it is shown that if one solves the Poisson equation or the Einstein field
equations sourced by a topological defect, i.e. a singularity of a very specific form, the result is a localized gravitational
field capable of driving flat rotation (i.e. Keplerian circular orbits at a constant speed for all radii) of test masses on a thin
spherical shell without any underlying mass. Moreover, a large-scale structure which exploits this solution by assembling
concentrically a number of such topological defects can establish a flat stellar or galactic rotation curve, and can also deflect
light in the same manner as an equipotential (isothermal) sphere. Thus, the need for dark matter or modified gravity theory is
mitigated, at least in part.
Immersive Learning That Works: Research Grounding and Paths ForwardLeonel Morgado
We will metaverse into the essence of immersive learning, into its three dimensions and conceptual models. This approach encompasses elements from teaching methodologies to social involvement, through organizational concerns and technologies. Challenging the perception of learning as knowledge transfer, we introduce a 'Uses, Practices & Strategies' model operationalized by the 'Immersive Learning Brain' and ‘Immersion Cube’ frameworks. This approach offers a comprehensive guide through the intricacies of immersive educational experiences and spotlighting research frontiers, along the immersion dimensions of system, narrative, and agency. Our discourse extends to stakeholders beyond the academic sphere, addressing the interests of technologists, instructional designers, and policymakers. We span various contexts, from formal education to organizational transformation to the new horizon of an AI-pervasive society. This keynote aims to unite the iLRN community in a collaborative journey towards a future where immersive learning research and practice coalesce, paving the way for innovative educational research and practice landscapes.
PPT on Direct Seeded Rice presented at the three-day 'Training and Validation Workshop on Modules of Climate Smart Agriculture (CSA) Technologies in South Asia' workshop on April 22, 2024.
Describing and Interpreting an Immersive Learning Case with the Immersion Cub...Leonel Morgado
Current descriptions of immersive learning cases are often difficult or impossible to compare. This is due to a myriad of different options on what details to include, which aspects are relevant, and on the descriptive approaches employed. Also, these aspects often combine very specific details with more general guidelines or indicate intents and rationales without clarifying their implementation. In this paper we provide a method to describe immersive learning cases that is structured to enable comparisons, yet flexible enough to allow researchers and practitioners to decide which aspects to include. This method leverages a taxonomy that classifies educational aspects at three levels (uses, practices, and strategies) and then utilizes two frameworks, the Immersive Learning Brain and the Immersion Cube, to enable a structured description and interpretation of immersive learning cases. The method is then demonstrated on a published immersive learning case on training for wind turbine maintenance using virtual reality. Applying the method results in a structured artifact, the Immersive Learning Case Sheet, that tags the case with its proximal uses, practices, and strategies, and refines the free text case description to ensure that matching details are included. This contribution is thus a case description method in support of future comparative research of immersive learning cases. We then discuss how the resulting description and interpretation can be leveraged to change immersion learning cases, by enriching them (considering low-effort changes or additions) or innovating (exploring more challenging avenues of transformation). The method holds significant promise to support better-grounded research in immersive learning.
Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...Travis Hills MN
By harnessing the power of High Flux Vacuum Membrane Distillation, Travis Hills from MN envisions a future where clean and safe drinking water is accessible to all, regardless of geographical location or economic status.
Current Ms word generated power point presentation covers major details about the micronuclei test. It's significance and assays to conduct it. It is used to detect the micronuclei formation inside the cells of nearly every multicellular organism. It's formation takes place during chromosomal sepration at metaphase.
Accurate and Efficient Refactoring Detection in Commit History
1. Accurate and Efficient Refactoring
Detection in Commit History
1May 31, 2018
Danny DigNikolaos Tsantalis Matin Mansouri Laleh Eshkevari Davood Mazinanian
2. Refactoring is noise in evolution analysis
• Bug-inducing analysis (SZZ): flag refactoring edits as bug-introducing
changes
• Tracing requirements to code: miss traceability links due to
refactoring
• Regression testing: unnecessary execution of tests for refactored
code with no behavioral changes
• Code review/merging: refactoring edits tangled with the actual
changes intended by developers
2
3. There are many refactoring detection tools
• Demeyer et al. [OOPSLA’00]
• UMLDiff + JDevAn [Xing & Stroulia ASE’05]
• RefactoringCrawler [Dig et al. ECOOP’06]
• Weißgerber and Diehl [ASE’06]
• Ref-Finder [Kim et al. ICSM’10, FSE’10]
• RefDiff [Silva & Valente, MSR’17]
3
4. Limitations of previous approaches
• Dependence on similarity thresholds
• thresholds need calibration for projects with different characteristics
• Dependence on built versions
• only 38% of the change history can be successfully compiled [Tufano et al., 2017]
• Unreliable oracles for evaluating precision/recall
• Incomplete (refactorings found in release notes or commit messages)
• Biased (applying a single tool with two different similarity thresholds)
• Artificial (seeded refactorings)
4
5. Why do we need better accuracy?
5
Empirical studies
Refactoring
detection
Library adaptation
Framework migration
poor
accuracy
7. Contributions
1. First refactoring detection algorithm operating without any
code similarity thresholds
2. RefactoringMiner open-source tool with an API
3. Oracle comprising 3,188 refactorings found in 538 commits
from 185 open-source projects
4. Evaluation of precision/recall and comparison with previous
state-of-the-art
5. Tool infrastructure for comparing multiple refactoring
detection tools
7
8. Approach in a nutshell
AST-based statement matching algorithm
• Input: code fragments T1 from parent commit and T2 from child commit
• Output:
• M set of matched statement pairs
• UT1 set of unmatched statements from T1
• UT2 set of unmatched statements from T2
• Code changes due to refactoring mechanics: abstraction, argumentization
• Code changes due to overlapping refactorings or bug fixes:
syntax-aware AST node replacements
8
9. 9
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
AfterBefore
10. 10
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
private static List<Address> createAddresses(int count) {
List<Address> addresses = new ArrayList<Address>(count);
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
AfterBefore
11. 11
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
AfterBefore
private static List<Address> createAddresses(AtomicInteger ports, int count){
List<Address> addresses = new ArrayList<Address>(count);
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", ports.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
12. 12
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
AfterBefore
private static List<Address> createAddresses(AtomicInteger ports, int count){
List<Address> addresses = new ArrayList<Address>(count);
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", ports.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
13. 13
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
private static List<Address> createAddresses(AtomicInteger ports, int count){
List<Address> addresses = new ArrayList<Address>(count);
for (int i = 0; i < count; i++) {
}
return addresses;
}
try {
addresses[i] =
new Address("127.0.0.1", ports.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
AfterBefore
14. 14
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
private static List<Address> createAddresses(AtomicInteger ports, int count){
List<Address> addresses = new ArrayList<Address>(count);
for (int i = 0; i < count; i++) {
addresses.add(createAddress("127.0.0.1", ports.incrementAndGet()));
}
return addresses;
}
protected static Address createAddress(String host, int port) {
try {
return new Address(host, port);
}
catch (UnknownHostException e) {
e.printStackTrace();
}
return null;
}
AfterBefore
15. 15
protected static Address createAddress(String host, int port) {
try {
return new Address(host, port);
}
catch (UnknownHostException e) {
e.printStackTrace();
}
return null;
}
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
private static List<Address> createAddresses(AtomicInteger ports, int count){
List<Address> addresses = new ArrayList<Address>(count);
for (int i = 0; i < count; i++) {
addresses.add(createAddress("127.0.0.1", ports.incrementAndGet()));
}
return addresses;
}
AfterBefore
textual similarity 30%
16. 16
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
private static List<Address> createAddresses(AtomicInteger ports, int count){
List<Address> addresses = new ArrayList<Address>(count);
for (int i = 0; i < count; i++) {
addresses.add(createAddress("127.0.0.1", ports.incrementAndGet()));
}
return addresses;
}
protected static Address createAddress(String host, int port) {
try {
return new Address(host, port);
}
catch (UnknownHostException e) {
e.printStackTrace();
}
return null;
}
AfterBefore
(1) Abstraction
17. 17
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
private static List<Address> createAddresses(AtomicInteger ports, int count){
List<Address> addresses = new ArrayList<Address>(count);
for (int i = 0; i < count; i++) {
addresses.add(createAddress("127.0.0.1", ports.incrementAndGet()));
}
return addresses;
}
protected static Address createAddress(String host, int port) {
try {
return new Address(host, port);
}
catch (UnknownHostException e) {
e.printStackTrace();
}
return null;
}
AfterBefore
(1) Abstraction
18. 18
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
private static List<Address> createAddresses(AtomicInteger ports, int count){
List<Address> addresses = new ArrayList<Address>(count);
for (int i = 0; i < count; i++) {
addresses.add(createAddress("127.0.0.1", ports.incrementAndGet()));
}
return addresses;
}
protected static Address createAddress(String host, int port) {
try {
return new Address(host, port);
}
catch (UnknownHostException e) {
e.printStackTrace();
}
return null;
}
AfterBefore
(2) Argumentization
19. 19
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
private static List<Address> createAddresses(AtomicInteger ports, int count){
List<Address> addresses = new ArrayList<Address>(count);
for (int i = 0; i < count; i++) {
addresses.add(createAddress("127.0.0.1", ports.incrementAndGet()));
}
return addresses;
}
protected static Address createAddress(String host, int port) {
try {
return new Address("127.0.0.1", ports.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
return null;
}
AfterBefore
(2) Argumentization
20. 20
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
private static List<Address> createAddresses(AtomicInteger ports, int count){
List<Address> addresses = new ArrayList<Address>(count);
for (int i = 0; i < count; i++) {
addresses.add(createAddress("127.0.0.1", ports.incrementAndGet()));
}
return addresses;
}
protected static Address createAddress(String host, int port) {
try {
return new Address("127.0.0.1", ports.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
return null;
}
AfterBefore
(3) AST Node Replacements
21. 21
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
private static List<Address> createAddresses(AtomicInteger ports, int count){
List<Address> addresses = new ArrayList<Address>(count);
for (int i = 0; i < count; i++) {
addresses.add(createAddress("127.0.0.1", ports.incrementAndGet()));
}
return addresses;
}
protected static Address createAddress(String host, int port) {
try {
return new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
return null;
}
AfterBefore
(3) AST Node Replacements
22. 22
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
private static List<Address> createAddresses(AtomicInteger ports, int count){
List<Address> addresses = new ArrayList<Address>(count);
for (int i = 0; i < count; i++) {
addresses.add(createAddress("127.0.0.1", ports.incrementAndGet()));
}
return addresses;
}
protected static Address createAddress(String host, int port) {
try {
return new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
return null;
}
AfterBefore
textual similarity = 100%
23. 23
private static Address[] createAddresses(int count) {
Address[] addresses = new Address[count];
for (int i = 0; i < count; i++) {
try {
addresses[i] =
new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
}
return addresses;
}
private static List<Address> createAddresses(AtomicInteger ports, int count){
List<Address> addresses = new ArrayList<Address>(count);
for (int i = 0; i < count; i++) {
addresses.add(createAddress("127.0.0.1", ports.incrementAndGet()));
}
return addresses;
}
protected static Address createAddress(String host, int port) {
try {
return new Address("127.0.0.1", PORTS.incrementAndGet());
}
catch (UnknownHostException e) {
e.printStackTrace();
}
return null;
}
AfterBefore
A
B
C
D
E
F
G
1
2
3
9
4
5
6
7
8
M = {(C, 4) (D, 5) (E, 6) (F, 7)}
UT1 = {A, B, G}
UT2 = {8}
24. Extract Method detection rule
(M, UT1, UT2) = statement-matching(createAddresses, createAddress)
M = {(C, 4) (D, 5) (E, 6) (F, 7)} UT1 ={A, B, G} UT2 = {8}
createAddress is a newly added method in child commit
createAddresses in parent commit does not call createAddress
createAddresses in child commit calls createAddress
|M| > |UT2|
createAddress has been extracted from createAddresses
24
25. Evaluation
RQ1: What is the accuracy of RefactoringMiner and how does it
compare to the state-of-the-art?
RQ2: What is the execution time of RefactoringMiner and how does
it compare to the state-of-the-art?
25
26. Oracle construction
• Public dataset with validated refactoring instances: 538 commits from
185 open-source projects [Silva et al., FSE’2016 Distinguished Artifact]
• We executed two tools:
RefactoringMiner and RefDiff [Silva & Valente, MSR’2017]
• We manually validated all 4,108 detected instances with 3 validators
for a period of 3 months
• 3,188 true positives and 920 false positives
26
27. Comparison with state-of-the-art
RefDiff [Silva & Valente, MSR’2017]
• Commit-based refactoring detection tool
• Evaluation on 448 seeded refactorings in 20 open-source projects
• RefDiff has much higher precision/recall than
Ref-Finder [Kim et al. 2010] and RefactoringCrawler [Dig et al. 2006]
• Ref-Finder and RefactoringCrawler need fully built Eclipse projects
as input
27
28. 28
• RMiner better precision
in all refactoring types
• In half of the types
RefDiff has better recall
• Overall RMiner has +22%
precision and +1.5% recall
29. Advantage of RefDiff
• Treats code fragments as bags of tokens and ignores the structure
29
- private void startScanner() throws Exception + public void startScanner() throws Exception
{ {
- // check if scanning is enabled + if (!isScanningEnabled())
- if (scanIntervalSeconds <= 0) return;
- if ( "manual".equalsIgnoreCase( reload ) )
return; return;
+ public boolean isScanningEnabled ()
+ {
+ if (scanIntervalSeconds <=0 || "manual".equalsIgnoreCase( reload ))
+ return false;
+ return true;
+ }
30. Disadvantage of RefDiff
• Inability to deal with changes in the tokens
30
- if (eventBus != null) { + onRemoteStatusChanged(lastRemoteInstanceStatus, currentRemoteInstanceStatus);
- StatusChangeEvent event = new
StatusChangeEvent(lastRemoteInstanceStatus,
- currentRemoteInstanceStatus);
- eventBus.publish(event);
- }
+ protected void onRemoteStatusChanged(InstanceInfo.InstanceStatus oldStatus,
InstanceInfo.InstanceStatus newStatus) {
+ if (eventBus != null) {
+ StatusChangeEvent event = new StatusChangeEvent(oldStatus, newStatus);
+ eventBus.publish(event);
+ }
+ }
31. Execution time per commit [ms]
• On median, RefactoringMiner is 7 times faster than RefDiff
31
ms
32. Limitations + Future work
• Missing context: Pull Up reported as Move, if a class between the
source and destination is unchanged.
• Nested refactorings: unable to detect Extract Method applied
within an extracted method
• Unsupported refactorings: refactoring types, such as Rename
Variable/Parameter/Field, Extract/Inline Variable can be supported
from the analysis of AST replacements.
• Oracle bias: plan to add more tools for constructing the oracle
(challenge: make tools work without binding information)
32
33. Conclusions
• RefactoringMiner: commit-based refactoring detection
• No similarity thresholds
• High accuracy: 98% precision, 87% recall
• Ultra-fast: 58ms on median per commit
• Better than competitive tools (RefDiff): +22% precision, 7 times faster
• Largest and least biased refactoring oracle up to date
• 3188 true refactoring instances
• 538 commits
• 185 open-source projects
• 3 validators over 3 months (9 person-months)
33
http://refactoring.encs.concordia.ca/oracle/
https://github.com/tsantalis/RefactoringMiner
Editor's Notes
My name is Nikolaos Tsantalis, associate professor at Concordia University, and I will present to you our work on Refactoring detection.The rest of co-authors are Matin (Master student in my group), Laleh (PDF in my group), Davood (PhD in my group), and Danny from Oregon State Univeristy.