TY - GEN
T1 - XIAO
T2 - 28th Annual Computer Security Applications Conference, ACSAC 2012
AU - Dang, Yingnong
AU - Zhang, Dongmei
AU - Ge, Song
AU - Chu, Chengyun
AU - Qiu, Yingjun
AU - Xie, Tao
PY - 2012
Y1 - 2012
N2 - During software development, engineers often reuse a code fragment via copy-and-paste with or without modifications or adaptations. Such practices lead to a number of the same or similar code fragments spreading within one or many large codebases. Detecting code clones has been shown to be useful towards security such as detection of similar security bugs and, more generally, quality improvement such as refactoring of code clones. A large number of academic research projects have been carried out on empirical studies or tool supports for detecting code clones. In this paper, we report our experiences of carrying out successful technology transfer of our new approach of code-clone detection, called XIAO. XIAO has been integrated into Microsoft Visual Studio 2012, to be benefiting a huge number of developers in industry. The main success factors of XIAO include its high tunability, scalability, compatibility, and explorability. Based on substantial industrial experiences, we present the XIAO approach with emphasis on these success factors of XIAO. We also present empirical results on applying XIAO on real scenarios within Microsoft for the tasks of security-bug detection and refactoring.
AB - During software development, engineers often reuse a code fragment via copy-and-paste with or without modifications or adaptations. Such practices lead to a number of the same or similar code fragments spreading within one or many large codebases. Detecting code clones has been shown to be useful towards security such as detection of similar security bugs and, more generally, quality improvement such as refactoring of code clones. A large number of academic research projects have been carried out on empirical studies or tool supports for detecting code clones. In this paper, we report our experiences of carrying out successful technology transfer of our new approach of code-clone detection, called XIAO. XIAO has been integrated into Microsoft Visual Studio 2012, to be benefiting a huge number of developers in industry. The main success factors of XIAO include its high tunability, scalability, compatibility, and explorability. Based on substantial industrial experiences, we present the XIAO approach with emphasis on these success factors of XIAO. We also present empirical results on applying XIAO on real scenarios within Microsoft for the tasks of security-bug detection and refactoring.
KW - Code clone
KW - Code duplication
KW - Code-clone detection
KW - Code-clone search
KW - Duplicated security vulnerability
UR - http://www.scopus.com/inward/record.url?scp=84872120272&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84872120272&partnerID=8YFLogxK
U2 - 10.1145/2420950.2421004
DO - 10.1145/2420950.2421004
M3 - Conference contribution
AN - SCOPUS:84872120272
SN - 9781450313124
T3 - ACM International Conference Proceeding Series
SP - 369
EP - 378
BT - Proceedings - 28th Annual Computer Security Applications Conference, ACSAC 2012
Y2 - 3 December 2012 through 7 December 2012
ER -