Impacts on code quality when using Java decompilers as tools for reverse engineering
Korvala, Hannu (2024-11-14)
H. Korvala
14.11.2024
© 2024, Hannu Korvala. Tämä Kohde on tekijänoikeuden ja/tai lähioikeuksien suojaama. Voit käyttää Kohdetta käyttöösi sovellettavan tekijänoikeutta ja lähioikeuksia koskevan lainsäädännön sallimilla tavoilla. Muunlaista käyttöä varten tarvitset oikeudenhaltijoiden luvan.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:oulu-202411146743
https://urn.fi/URN:NBN:fi:oulu-202411146743
Tiivistelmä
Java is a widely used programming language and computing platform that was originally released in 1995 by Sun Microsystems. It can be used for building a variety of different software applications such as games, backend services, and embedded systems. As it stands, over 60 billion instances of the Java platform are running worldwide.
Java is a high-level language that is compiled into an intermediate language called Java bytecode, which is then interpreted by the Java Virtual Machine. The existence of the Java bytecode makes the language interesting to academia and people interested in decompilers, as it makes the process of decompiling Java bytecode into Java source code relatively easy when compared to languages that compile directly into machine code.
SonarQube is an automatic code review tool that helps developers and organizations to ensure clean code by integrating into existing workflows and pipelines. SonarQube works in a continuous manner by following the “Clean as You Code” -approach, which refers to a way of working where the code quality is maintained on the fly. As a static code analysis tool, it analyzes the source code without executing the program.
In this thesis, the focus is on studying the effect of the compile-decompile process on code quality. SonarQube reports are used as the basis for analysis. Two research questions are answered: (RQ1) How well do Java decompilers maintain code quality when analyzed using SonarQube? and (RQ2) Does the original source code quality predict the code quality of decompiled code when analyzed using SonarQube? To answer these questions, a theoretical framework is first presented, after which a quantitative study is described. The quantitative study consisted of targeting five different open-source Java projects with two different open-source Java decompilers. For each of the five projects, the original source code, and the outputs of the two decompilers were analyzed separately. This effectively resulted in five reference analyses, and 10 decompiler source code analyses.
The findings of the study suggest that the compile-decompile process has little effect on Java source code reliability, security, and cyclomatic complexity. However, the results indicate degrading effect on source code maintainability, duplication percentage, and cognitive complexity.
This thesis is aimed at anyone interested in the topics of Java, code quality, SonarQube, or decompilers. This thesis provides an extensive theoretical framework covering all these topics on a need-to-know basis. This thesis aims to proceed in a logical manner, with each chapter building on another, making it accessible for both newcomers and professionals.
Java is a high-level language that is compiled into an intermediate language called Java bytecode, which is then interpreted by the Java Virtual Machine. The existence of the Java bytecode makes the language interesting to academia and people interested in decompilers, as it makes the process of decompiling Java bytecode into Java source code relatively easy when compared to languages that compile directly into machine code.
SonarQube is an automatic code review tool that helps developers and organizations to ensure clean code by integrating into existing workflows and pipelines. SonarQube works in a continuous manner by following the “Clean as You Code” -approach, which refers to a way of working where the code quality is maintained on the fly. As a static code analysis tool, it analyzes the source code without executing the program.
In this thesis, the focus is on studying the effect of the compile-decompile process on code quality. SonarQube reports are used as the basis for analysis. Two research questions are answered: (RQ1) How well do Java decompilers maintain code quality when analyzed using SonarQube? and (RQ2) Does the original source code quality predict the code quality of decompiled code when analyzed using SonarQube? To answer these questions, a theoretical framework is first presented, after which a quantitative study is described. The quantitative study consisted of targeting five different open-source Java projects with two different open-source Java decompilers. For each of the five projects, the original source code, and the outputs of the two decompilers were analyzed separately. This effectively resulted in five reference analyses, and 10 decompiler source code analyses.
The findings of the study suggest that the compile-decompile process has little effect on Java source code reliability, security, and cyclomatic complexity. However, the results indicate degrading effect on source code maintainability, duplication percentage, and cognitive complexity.
This thesis is aimed at anyone interested in the topics of Java, code quality, SonarQube, or decompilers. This thesis provides an extensive theoretical framework covering all these topics on a need-to-know basis. This thesis aims to proceed in a logical manner, with each chapter building on another, making it accessible for both newcomers and professionals.
Kokoelmat
- Avoin saatavuus [38865]