HBSniff: A static analysis tool for Java Hibernate object-relational mapping code smell detection

Huang, Zijie; Shao, Zhiqing; Fan, Guisheng; Yu, Huiqun; Yang, Kang; Zhou, Ziyi

doi:10.1016/j.scico.2022.102778

Cited by 13 publications

(7 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…With the maturity of Android technology, researchers started to put more effort into detecting Android code smells. Huang et al 38 proposed four mapping metrics and implemented a static detection tool, HBSniff, to detect 14 code smells in object‐oriented programming. Mario et al 39 implemented DECOR to detect several object‐oriented code smells in apps.…”

Section: Related Workmentioning

confidence: 99%

Security‐based code smell definition, detection, and impact quantification in Android

Zhong,

Shi,

et al. 2023

Softw Pract Exp

View full text Add to dashboard Cite

Android's high market share and extensive functionality make its security a significant concern. Research reveals that many security issues are caused by insecure coding practices. As a poor design indicator, code smell threatens the safety and quality assurance of Android applications (apps). Although previous works revealed specific problems associated with code smells, the field still lacks research reflecting Android features. Moreover, the cost and time limit developers to repairing numerous smells timely. We conducted a study, including Definition, Detection, and Impact Quantification for Android code smell (DefDIQ): (1) define 15 novel code smells in Android from a security programming perspective and provide suggestions on how to eliminate or mitigate them; (2) implement DACS (Detect Android Code Smell) to automatically detect the custom code smells based on ASTs; (3) investigate the correlation between individual smells with DACS detection results, select suitable code smells to construct fault counting models, then quantify their impact on quality, and thereby generating code smell repair priorities. We conducted experiments on 4575 open‐source apps, and the findings are: (i) Lin's CCC between DACS and manual detection results reaches 0.9994, verifying the validity; (ii) the fault counting model constructed by zero‐inflated negative binomial is superior to negative binomial (AIC = 517.32, BIC = 522.12); some smells do indicate fault‐proneness, and we identify such avoidable poor designs; (iii) different code smells have different levels of importance and the repair priorities constructed provide a practical guideline for researchers and inexperienced developers.

show abstract

Section: Related Workmentioning

confidence: 99%

Security‐based code smell definition, detection, and impact quantification in Android

Zhong,

Shi,

et al. 2023

Softw Pract Exp

View full text Add to dashboard Cite

show abstract

“…Code clone, or repetitive code, is a code smell that can arise when a developer copies and pastes a piece of code from one place to another [27]. This code clone method may lead to software quality problems [28]- [30], and there are some works in previous research committed to detect and solve these odors through various methods [5], [6], [16], [31].…”

Section: B Code Smells and Anti-patternsmentioning

confidence: 99%

“…Rahman et al reported that 76 of 77 projects don't follow the rule recommendations of Hibernate architecture [5]. Rahman et al's latest study identified and defined a greater number of code smells within the field of ORM [6]. However, previous approaches are still coarse-grained and only consider the appropriateness of ORM statement only, while operations involving ORM persistent objects, such as querying, saving, modifying, and deleting, all entail contextual information [3].…”

Section: Introductionmentioning

confidence: 99%

Mining the Relationship between Object-Relational Mapping Performance Anti-patterns and Code Clones

Xu,

Zhu,

Yang

et al. 2023

International Conferences on Software Engineering and Knowledge Engineering

View full text Add to dashboard Cite

The use of Object-Relational Mapping (ORM) in software development has become increasingly popular due to its superiority to simplify database interactions. Despite the prosperous development of ORM code smells detection tools for general code smell problems related to coupling and cohesion, these tools do not capture issues that are specific to ORM code statement context. In this work, we fill the gap wit h the potential performance anti-patterns of repetitive ORM code by heuristic analysis and code clone analysis on 6 open source ORM systems in Java and Python (Saler, Wagtail, Zulip, Taiga, Protal, and Roller). For each occurrence of this code smell, we distinguished problematic instances that potentially require further fixes among justifiable ones. Through our research, we identified four antipatterns associated with repetitive ORM code and proposed fix strategy for each of these anti-patterns. Additionally, our study delves into the relationship between repetitive ORM code anti-patterns and code clone, which reveals that a substantial proportion of repetitive ORM statements can be found in cloned code. Experiments show that repetitive ORM code can lead to a waste of system performance. This research highlights the impact of ORM code context on the proper use of ORM frameworks and emphasizes that copying ORM code without context evaluation can be detrimental to system performance.

show abstract

“…Static analysis checks the system code for appropriate coding convention and compliance with industry standards. FindBugs, developed by Huang, Shao, Fan, Yu, Yang and Zhou [14], is a well-known Java static analysis tool. Security testing and code review follow static analysis as an additional step.…”

Section: Requirement Evaluationmentioning

confidence: 99%

A Capability Maturity Model for STP aware Software Development

Sllian

Mazur

2022

JMC

View full text Add to dashboard Cite

There has been an increase in the importance of software Security, Trust, and Privacy (STP). Product systems must be designed with trustworthy STP protection methods while still rendering the required benefits of applications to its consumers. As a result of this large skill gap, colleges and the software sector have found themselves in a state of supply- and-demand conflict. STP-aware software development requires a new practice Capability Maturity Model (CMM) to address this issue. In order to help colleges progressively increase their students' capacity to apply what they have learned in the classroom, this contribution provides a model that consists of 4 levels: Awareness, Curriculum, Project, and Enterprise, for STP-aware software development. Software development that is STP-aware has been shown to be quite beneficial in the development of programming talent's practice capabilities for learners.

show abstract

HBSniff: A static analysis tool for Java Hibernate object-relational mapping code smell detection

Cited by 13 publications

References 29 publications

Security‐based code smell definition, detection, and impact quantification in Android

Security‐based code smell definition, detection, and impact quantification in Android

Mining the Relationship between Object-Relational Mapping Performance Anti-patterns and Code Clones

A Capability Maturity Model for STP aware Software Development

Contact Info

Product

Resources

About