{"id":"https://openalex.org/W3116427025","doi":"https://doi.org/10.1145/3422392.3422420","title":"Understanding and Detecting Harmful Code","display_name":"Understanding and Detecting Harmful Code","publication_year":2020,"publication_date":"2020-10-21","ids":{"openalex":"https://openalex.org/W3116427025","doi":"https://doi.org/10.1145/3422392.3422420","mag":"3116427025"},"language":"en","primary_location":{"id":"doi:10.1145/3422392.3422420","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3422392.3422420","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the XXXIV Brazilian Symposium on Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5077916202","display_name":"Rodrigo Aires Corr\u00eaa Lima","orcid":"https://orcid.org/0000-0002-8103-7723"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Rodrigo Lima","raw_affiliation_strings":["UFPE, Brazil"],"affiliations":[{"raw_affiliation_string":"UFPE, Brazil","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103257898","display_name":"Jairo Souza","orcid":"https://orcid.org/0000-0001-9361-0665"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jairo Souza","raw_affiliation_strings":["UFPE, Brazil"],"affiliations":[{"raw_affiliation_string":"UFPE, Brazil","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090231856","display_name":"Baldo\u00edno Fonseca","orcid":"https://orcid.org/0000-0002-0730-0319"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Baldoino Fonseca","raw_affiliation_strings":["UFAL, Brazil"],"affiliations":[{"raw_affiliation_string":"UFAL, Brazil","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061752509","display_name":"Leopoldo Teixeira","orcid":"https://orcid.org/0000-0002-6154-1666"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Leopoldo Teixeira","raw_affiliation_strings":["UFPE, Brazil"],"affiliations":[{"raw_affiliation_string":"UFPE, Brazil","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075988425","display_name":"Rohit Gheyi","orcid":"https://orcid.org/0000-0002-5562-4449"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rohit Gheyi","raw_affiliation_strings":["UFCG, Brazil"],"affiliations":[{"raw_affiliation_string":"UFCG, Brazil","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051287042","display_name":"M\u00e1rcio Ribeiro","orcid":"https://orcid.org/0000-0002-4293-4261"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"M\u00e1rcio Ribeiro","raw_affiliation_strings":["UFAL, Brazil"],"affiliations":[{"raw_affiliation_string":"UFAL, Brazil","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007792821","display_name":"Alessandro Garcia","orcid":"https://orcid.org/0000-0001-5788-5215"},"institutions":[{"id":"https://openalex.org/I2699952","display_name":"Pontifical Catholic University of Rio de Janeiro","ror":"https://ror.org/01dg47b60","country_code":"BR","type":"education","lineage":["https://openalex.org/I2699952"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Alessandro Garcia","raw_affiliation_strings":["PUC-Rio, Brazil"],"affiliations":[{"raw_affiliation_string":"PUC-Rio, Brazil","institution_ids":["https://openalex.org/I2699952"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5036209534","display_name":"Rafael de Mello","orcid":"https://orcid.org/0000-0002-9877-3946"},"institutions":[{"id":"https://openalex.org/I158509141","display_name":"Federal Center for Technological Education Celso Suckow da Fonseca","ror":"https://ror.org/03j8tnm47","country_code":"BR","type":"education","lineage":["https://openalex.org/I1293487690","https://openalex.org/I158509141","https://openalex.org/I2801200668"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Rafael de Mello","raw_affiliation_strings":["CEFET/RJ, Brazil"],"affiliations":[{"raw_affiliation_string":"CEFET/RJ, Brazil","institution_ids":["https://openalex.org/I158509141"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5077916202"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.3345,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.86792517,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"108","issue":null,"first_page":"223","last_page":"232"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9818000197410583,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/code-smell","display_name":"Code smell","score":0.9822472929954529},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7509300112724304},{"id":"https://openalex.org/keywords/code-review","display_name":"Code review","score":0.7144640684127808},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5809339880943298},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5631201267242432},{"id":"https://openalex.org/keywords/kpi-driven-code-analysis","display_name":"KPI-driven code analysis","score":0.5549726486206055},{"id":"https://openalex.org/keywords/software-quality","display_name":"Software quality","score":0.5482445955276489},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.5229864120483398},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.482148140668869},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.47371309995651245},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.46338900923728943},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.4370333254337311},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34247103333473206},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.288290798664093},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.23639985918998718}],"concepts":[{"id":"https://openalex.org/C133237599","wikidata":"https://www.wikidata.org/wiki/Q2295111","display_name":"Code smell","level":5,"score":0.9822472929954529},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7509300112724304},{"id":"https://openalex.org/C150292731","wikidata":"https://www.wikidata.org/wiki/Q1342704","display_name":"Code review","level":5,"score":0.7144640684127808},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5809339880943298},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5631201267242432},{"id":"https://openalex.org/C121957198","wikidata":"https://www.wikidata.org/wiki/Q14365593","display_name":"KPI-driven code analysis","level":5,"score":0.5549726486206055},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.5482445955276489},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.5229864120483398},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.482148140668869},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.47371309995651245},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.46338900923728943},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.4370333254337311},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34247103333473206},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.288290798664093},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.23639985918998718},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3422392.3422420","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3422392.3422420","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the XXXIV Brazilian Symposium on Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W1342665","https://openalex.org/W649920412","https://openalex.org/W1606330600","https://openalex.org/W1930624869","https://openalex.org/W1986136726","https://openalex.org/W1988997230","https://openalex.org/W2015418718","https://openalex.org/W2032026767","https://openalex.org/W2044556410","https://openalex.org/W2060561050","https://openalex.org/W2097998348","https://openalex.org/W2100925270","https://openalex.org/W2101234009","https://openalex.org/W2108086273","https://openalex.org/W2110654099","https://openalex.org/W2112364454","https://openalex.org/W2113207845","https://openalex.org/W2113322762","https://openalex.org/W2140504739","https://openalex.org/W2149963636","https://openalex.org/W2153887189","https://openalex.org/W2158864412","https://openalex.org/W2245188050","https://openalex.org/W2608628736","https://openalex.org/W2727592710","https://openalex.org/W2742512005","https://openalex.org/W2753082974","https://openalex.org/W2767269440","https://openalex.org/W2894054974","https://openalex.org/W2899407111","https://openalex.org/W2908058835","https://openalex.org/W2927339784","https://openalex.org/W2946009226","https://openalex.org/W2962862931","https://openalex.org/W6674385629"],"related_works":["https://openalex.org/W3153702491","https://openalex.org/W2896744621","https://openalex.org/W2466744397","https://openalex.org/W3116427025","https://openalex.org/W3008981372","https://openalex.org/W4382562158","https://openalex.org/W4384026574","https://openalex.org/W1982871693","https://openalex.org/W2150625980","https://openalex.org/W2338725043"],"abstract_inverted_index":{"Code":[0],"smells":[1,38,179,215,228],"typically":[2],"indicate":[3],"poor":[4,24],"design":[5,136],"implementation":[6],"and":[7,81,94,157,220,281,300],"choices":[8],"that":[9,67,164,226,242,297],"may":[10,114,126],"degrade":[11],"software":[12,41,72,299],"quality.":[13,73],"Hence,":[14],"they":[15,259],"need":[16],"to":[17,21,32,51,71,79,194,217,245,255,267,305],"be":[18],"carefully":[19],"detected":[20],"avoid":[22],"such":[23],"design.":[25],"In":[26],"this":[27],"context,":[28],"some":[29],"studies":[30,59],"try":[31],"understand":[33,80],"the":[34,40,121,189,218,261,272,284,289],"impact":[35],"of":[36,57,90,123,131,151,172,177,210,222,263],"code":[37,53,65,83,104,159,173,214,227,257],"on":[39,63],"quality,":[42],"while":[43],"others":[44],"propose":[45],"rules":[46],"or":[47,60,108,118],"machine":[48,252],"learning-based":[49],"techniques":[50,61,254],"detect":[52,246],"smells.":[54,160],"However,":[55],"none":[56],"those":[58,178,223,234],"focus":[62],"analyzing":[64],"snippets":[66],"are":[68,180,231,236,243,303],"really":[69],"harmful":[70,216],"This":[74],"paper":[75],"presents":[76],"a":[77,102,128,169,204],"study":[78,144],"classify":[82,256,268,306],"harmfulness.":[84],"We":[85,141,249],"analyze":[86],"harmfulness":[87],"in":[88,277],"terms":[89],"CLEAN,":[91],"SMELLY,":[92],"BUGGY,":[93],"HARMFUL":[95,98,124,195,247,269,282,307],"code.":[96],"By":[97],"CODE,":[99,283],"we":[100,167,201],"define":[101],"SMELLY":[103,280],"element":[105],"having":[106],"one":[107],"more":[109,192],"bugs":[110,113,156],"reported.":[111],"These":[112],"have":[115,168],"been":[116],"fixed":[117],"not.":[119],"Thus,":[120],"incidence":[122],"CODE":[125],"represent":[127],"increased":[129],"risk":[130],"introducing":[132],"new":[133],"defects":[134],"and/or":[135],"problems":[137],"during":[138],"its":[139],"fixing.":[140],"perform":[142,203],"our":[143,199],"with":[145,206],"22":[146],"smell":[147,190],"types,":[148],"803":[149],"versions":[150],"13":[152],"open-source":[153],"projects,":[154],"40,340":[155],"132,219":[158],"The":[161,182],"results":[162,294],"show":[163],"even":[165],"though":[166],"high":[170],"number":[171],"smells,":[174],"only":[175],"0.07%":[176],"harmful.":[181],"Abstract":[183],"Function":[184],"Call":[185],"From":[186],"Constructor":[187],"is":[188,275,288],"type":[191],"related":[193],"CODE.":[196,248,270,308],"To":[197],"cross-validate":[198],"results,":[200],"also":[202,250,295],"survey":[205],"60":[207],"developers.":[208],"Most":[209],"them":[211],"(98%)":[212],"consider":[213],"software,":[219],"85%":[221],"developers":[224,235],"believe":[225],"detection":[229],"tools":[230,241],"important.":[232],"But,":[233],"not":[237],"concerned":[238],"about":[239],"selecting":[240],"able":[244],"evaluate":[251],"learning":[253],"harmfulness:":[258],"reach":[260],"effectiveness":[262],"at":[264],"least":[265],"97%":[266],"While":[271],"Random":[273],"Forest":[274],"effective":[276,291],"classifying":[278],"both":[279,298],"Gaussian":[285],"Naive":[286],"Bayes":[287],"less":[290],"technique.":[292],"Our":[293],"suggest":[296],"developers'":[301],"metrics":[302],"important":[304]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}