Title | ||
---|---|---|
A Qualitative Analysis of Variability Weaknesses in Configurable Systems with #ifdefs. |
Abstract | ||
---|---|---|
A number of critical configurable systems are implemented using #ifdefs, such as Linux. Some tools and strategies are proposed to avoid these directives. However, these systems still have weaknesses, leading to vulnerable code, and may impact millions of users. There is a lack of studies regarding the perception of developers of configurable systems with #ifdefs related to weaknesses, and the strategies and tools they use to identify and remove them. Moreover, few works study the characteristics of weaknesses. To better understand the problem, we conduct two studies. In the first one, we qualitatively analyze 27 variability weaknesses of Apache HTTPD, Linux and OpenSSL reported on their bug trackers. In the second study, we conduct a survey with 110 developers of the previous configurable systems. Overall, our results show evidences that, although developers care about weaknesses, they may not detect some weaknesses reported in the bug trackers, and do not use proper tools to deal with them. They take on median 15 days and 4 discussion messages to solve them. Some weaknesses occur due to two feature interactions, and most of them can be detected by the all macros enabled sampling approach. |
Year | DOI | Venue |
---|---|---|
2018 | 10.1145/3168365.3168382 | VaMoS |
Keywords | Field | DocType |
Variability Weaknesses,Security,Configurable Systems,Preprocessor,#ifdefs,Survey | BitTorrent tracker,Data mining,Software engineering,Computer science,Configurable systems,Preprocessor,Sampling (statistics),Macro,Perception | Conference |
Citations | PageRank | References |
0 | 0.34 | 18 |
Authors | ||
6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Raphael Muniz | 1 | 0 | 0.34 |
Larissa Braz | 2 | 4 | 2.10 |
Rohit Gheyi | 3 | 618 | 40.66 |
Wilkerson L. Andrade | 4 | 81 | 13.96 |
Baldoino Fonseca | 5 | 103 | 16.57 |
Márcio Ribeiro | 6 | 363 | 32.81 |