Commit 675e52f8 authored by Yonghwi Kwon's avatar Yonghwi Kwon
Browse files

b2 rewording

parent 5c5bdd24
......@@ -197,11 +197,11 @@ A possible reason may be that incorrect states often crash with fatal errors, re
\subsection{Measuring Code Coverage Improvement}
Table~\ref{table:coverage-table} shows code coverage results of scanning Wordpress and Joomla with dynamic analysis, multi-path exploration (our implementation) and counterfactual execution with cooperative isolated execution.
In this experiment, code coverage is measured via covered lines of code divided by total lines of code in the program. If there is dynamically generated code (e.g., via {\tt eval()}), code coverage can go beyond 100\%.
In this experiment, code coverage is measured via covered lines of code divided by total lines of code in the program. If there are dynamically generated code (e.g., via {\tt eval()}), we count them. Hence, code coverage can go beyond 100\%.
Observe that cooperative isolated execution is crucial in discovering more code. In particular, it achieves 25.6\% and 19\% more code coverage than multi-path exploration scheme without cooperative isolated execution for Wordpress and Joomla respectively.
Cooperative state isolation increases analysis time by about 10\% (57s and 40s for Wordpress and Joomla respectively). As it discovers more than 20\% of the code, we argue that the 10\% time overhead is reasonable.
%
Cooperative isolated execution increases analysis time by about 10\% (57s and 40s for Wordpress and Joomla respectively). We argue that 10\% time overhead is reasonable as it improves more than 20\% of code coverage.
%Observe that multi-path exploration scheme without cooperative isolated execution covers only 7\% more compared to the vanila dynamic analysis.
......@@ -220,7 +220,7 @@ Cooperative state isolation increases analysis time by about 10\% (57s and 40s f
Note that \sysname did not achieve full code coverage (i.e., 100\%).
Our manual inspection reveals that there are many unused code files in each copy of the application.
For example, the session handler scenario in Joomla mentioned above results in existence of 4 files, each representing one class for session handling, only one of which is realistically utilized in each copy of Joomla, leaving the other 3 files unused.
These unused files are counted towards total lines of code as they exist in the same program folder. However, as they are inactive code, they are not covered by dynamic analyses.
These unused files are counted towards total lines of code as they exist in the same program folder. %However, as they are inactive code, they are not covered by dynamic analyses.
%We manually inspect the cases and find out that there are unused code files used only during the installations of applications. Practically, they are not reachable from any of installed program files. However, these files are also counted towards total lines of code as they exist in the same program folder. Due to the unreachable code, we did not achieve full code coverage.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment