ICSME 2024
Sun 6 - Fri 11 October 2024
Wed 9 Oct 2024 10:45 - 11:00 at Abineau - Session 1: Code Understanding and Optimization Chair(s): Rosalia Tufano

Java applications include third-party dependencies as bytecode. To keep these applications secure, researchers have proposed tools to re-identify dependencies that contain known vulnerabilities. Yet, to allow such re-identification, one must obtain, for each vulnerability patch, the bytecode fixing the respective vulnerability at first. Such patches for dependencies are curated in databases in the form of fix-commits. But fixcommits are in source code, and automatically compiling whole Java projects to bytecode is notoriously hard, particularly for non-current versions of the code. In this paper, we thus propose JESS, an approach that largely avoids this problem by compiling solely the relevant code that was modified within a given commit. JESS reduces the code, retaining only those parts that the committed change references. To avoid name-resolution errors, JESS automatically infers stubs for references to entities that are unavailable to the compiler. A challenge is here that, to facilitate the above mentioned reidentification, JESS must seek to produce bytecode that is almost identical to the bytecode which one would obtain by a successful compilation of the full project. An evaluation on 347 GitHub projects shows that JESS is able to compile, in isolation, 72% of methods and constructors, of which 89% have bytecode equal to the original one. Furthermore, on the Project KB database of fix-commits, in which only 8% of files modified within the commits can be compiled with the provided build scripts, JESS is able to compile 73% of all files that these commits modify.

Wed 9 Oct

Displayed time zone: Arizona change

10:30 - 12:00
Session 1: Code Understanding and OptimizationResearch Track / New Ideas and Emerging Results Track at Abineau
Chair(s): Rosalia Tufano Università della Svizzera Italiana
10:30
15m
Optimizing Decompiler Output by Eliminating Redundant Data Flow in Self-Recursive InliningResearch Track Paper
Research Track
Runze Zhang , Ying Cao Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Ruigang Liang Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Peiwei Hu , Kai Chen Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences
10:45
15m
Compilation of Commit Changes within Java Source Code RepositoriesOpen Research ObjectResearch Track Paper
Research Track
Stefan Schott Heinz Nixdorf Institut, Paderborn University, Wolfram Fischer SAP Security Research, Serena Elisa Ponta SAP Security Research, Jonas Klauke Heinz Nixdorf Institut, Paderborn University, Eric Bodden
Pre-print
11:00
15m
Understanding Code Change with Micro-ChangesResearch Track Paper
Research Track
Lei Chen Tokyo Institute of Technology, Michele Lanza Software Institute - USI, Lugano, Shinpei Hayashi Tokyo Institute of Technology
DOI Pre-print Media Attached
11:15
10m
What You Need is What You Get: Theory of Mind for an LLM-Based Code Understanding AssistantNIER Paper
New Ideas and Emerging Results Track
Jonan Richards Radboud University, Mairieli Wessel Radboud University
Pre-print
11:25
15m
Decomposing God Header File via Multi-View Graph ClusteringResearch Track Paper
Research Track
Yue Wang , Wenhui Chang , Yanzhen Zou Peking University, Tongwei Deng , Bing Xie Peking University
Pre-print
11:40
10m
How Far Have We Gone in Binary Code Understanding Using Large Language ModelsVideo presentationResearch Track Paper
Research Track
Xiuwei Shang University of Science and Technology of China, Shaoyin Cheng University of Science and Technology of China, Guoqiang Chen University of Science and Technology of China, Yanming Zhang , Li Hu , Xiao Yu , Gangyang Li , Weiming Zhang University of Science and Technology of China, Nenghai Yu
Pre-print
Hide past events