Poojith U Rao

Ritu Kapur, Poojith U Rao, Agrim Dewan et al.

Software development comprises the use of multiple Third-Party Libraries (TPLs). However, the irrelevant libraries present in software application's distributable often lead to excessive consumption of resources such as CPU cycles, memory, and modile-devices' battery usage. Therefore, the identification and removal of unused TPLs present in an application are desirable. We present a rapid, storage-efficient, obfuscation-resilient method to detect the irrelevant-TPLs in Java and Python applications. Our approach's novel aspects are i) Computing a vector representation of a .class file using a model that we call Lib2Vec. The Lib2Vec model is trained using the Paragraph Vector Algorithm. ii) Before using it for training the Lib2Vec models, a .class file is converted to a normalized form via semantics-preserving transformations. iii) A eXtra Library Detector (XtraLibD) developed and tested with 27 different language-specific Lib2Vec models. These models were trained using different parameters and >30,000 .class and >478,000 .py files taken from >100 different Java libraries and 43,711 Python available at MavenCentral.com and Pypi.com, respectively. XtraLibD achieves an accuracy of 99.48% with an F1 score of 0.968 and outperforms the existing tools, viz., LibScout, LiteRadar, and LibD with an accuracy improvement of 74.5%, 30.33%, and 14.1%, respectively. Compared with LibD, XtraLibD achieves a response time improvement of 61.37% and a storage reduction of 87.93% (99.85% over JIngredient). Our program artifacts are available at https://www.doi.org/10.5281/zenodo.5179747.

Ritu Kapur, Balwinder Sodhi, Poojith U Rao et al.

Code reviews are one of the effective methods to estimate defectiveness in source code. However, the existing methods are dependent on experts or inefficient. In this paper, we improve the performance (in terms of speed and memory usage) of our existing code review assisting tool--CRUSO. The central idea of the approach is to estimate the defectiveness for an input source code by using the defectiveness score of similar code fragments present in various StackOverflow (SO) posts. The significant contributions of our paper are i) SOpostsDB: a dataset containing the PVA vectors and the SO posts information, ii) CRUSO-P: a code review assisting system based on PVA models trained on \emph{SOpostsDB}. For a given input source code, CRUSO-P labels it as {Likely to be defective, Unlikely to be defective, Unpredictable}. To develop CRUSO-P, we processed >3 million SO posts and 188200+ GitHub source files. CRUSO-P is designed to work with source code written in the popular programming languages {C, C#, Java, JavaScript, and Python}. CRUSO-P outperforms CRUSO with an improvement of 97.82% in response time and a storage reduction of 99.15%. CRUSO-P achieves the highest mean accuracy score of 99.6% when tested with the C programming language, thus achieving an improvement of 5.6% over the existing method.