163 research outputs found
Learning representations for effective and explainable software bug detection and fixing
Software has an integral role in modern life; hence software bugs, which undermine software quality and reliability, have substantial societal and economic implications. The advent of machine learning and deep learning in software engineering has led to major advances in bug detection and fixing approaches, yet they fall short of desired precision and recall. This shortfall arises from the absence of a \u27bridge,\u27 known as learning code representations, that can transform information from source code into a suitable representation for effective processing via machine and deep learning.
This dissertation builds such a bridge. Specifically, it presents solutions for effectively learning code representations using four distinct methods?context-based, testing results-based, tree-based, and graph-based?thus improving bug detection and fixing approaches, as well as providing developers insight into the foundational reasoning. The experimental results demonstrate that using learning code representations can significantly enhance explainable bug detection and fixing, showcasing the practicability and meaningfulness of the approaches formulated in this dissertation toward improving software quality and reliability
Recommended from our members
Facilitating software evolution through natural language comments and dialogue
Software projects are continually evolving, as developers incorporate changes to refactor code, support new functionality, and fix bugs. To uphold software quality amidst constant changes and also facilitate prompt implementation of critical changes, it is desirable to have automated tools for supporting and driving software evolution. In this thesis, we explore tasks and data and design machine learning approaches which leverage natural language to serve this purpose.
When developers make code changes, they sometimes fail to update the accompanying natural language comments documenting various aspects of the code, which can lead to confusion and vulnerability to bugs. We present our work on alerting developers of inconsistent comments upon code changes and suggesting updates by learning to correlate comments and code.
When a bug is reported, developers engage in a dialogue to collaboratively understand it and ultimately resolve it. While the solution is likely formulated within the discussion, it is often buried in a large amount of text, making it difficult to comprehend, which delays its implementation through the necessary repository changes. To guide developers in more easily absorbing information relevant towards making these changes and consequently expedite bug resolution, we investigate generating a concise natural language description of the solution by synthesizing relevant content as it emerges in the discussion. We benchmark models for generating solution descriptions and design a classifier for determining when sufficient context for generating an informative description becomes available. We investigate approaches for real-time generation, entailing separately trained and jointly trained classification and generation models. Furthermore, we also study techniques for deriving natural language context from bug report discussions and generated solution descriptions to guide models in generating suggested bug-resolving code changes.Computer Science
Proceedings of the 8th Workshop on Detection and Classification of Acoustic Scenes and Events (DCASE 2023)
This volume gathers the papers presented at the Detection and Classification of Acoustic Scenes and Events 2023 Workshop (DCASE2023), Tampere, Finland, during 21â22 September 2023
Graph Neural Networks for Natural Language Processing
By constructing graph-structured data from the input data, Graph Neural Network (GNN) enhances the performance of numerous Natural Language Processing (NLP) tasks. In this thesis, we mainly focus on two aspects of NLP: text classification and knowledge graph completion.
TextGCN shows excellent performance in text classification by leveraging the graph structure of the entire corpus without using any external resources, especially under a limited labelled data setting. Two questions are explored: (1) Under the transductive semi-supervised setting, how to utilize the documents better and learn the complex relationship between nodes. (2) How to transform TextGCN into an inductive model and also reduce the time and space complexity?
In detail, firstly, a comprehensive analysis was conducted on TextGCN and its variants. Secondly, we propose ME-GCN, a novel method for text classification that utilizes multi-dimensional edge features in a graph neural network (GNN) for the first time. It uses the corpus-trained word and document-based edge features for semi-supervised classification and has been shown to be effective through experiments on benchmark datasets under the limited labelled data setting. Thirdly, InducT-GCN, an inductive framework for GCN-based text classification that does not require additional resources is introduced. The framework introduces a novel approach to make transductive GCN-based text classification models inductive, improving performance and reducing time and space complexity.
Most existing work for Temporal Knowledge Graph Completion (TKGC) overlooks the significance of explicit temporal information and fails to skip irrelevant snapshots based on the entity-related relation in the query. To address this, we introduced Re-Temp (Relation-Aware Temporal Representation Learning), a model that leverages explicit temporal embedding and a skip information flow after each timestamp to eliminate unnecessary information for prediction
LIPIcs, Volume 261, ICALP 2023, Complete Volume
LIPIcs, Volume 261, ICALP 2023, Complete Volum
Large Language Models for Software Engineering: A Systematic Literature Review
Large Language Models (LLMs) have significantly impacted numerous domains,
notably including Software Engineering (SE). Nevertheless, a well-rounded
understanding of the application, effects, and possible limitations of LLMs
within SE is still in its early stages. To bridge this gap, our systematic
literature review takes a deep dive into the intersection of LLMs and SE, with
a particular focus on understanding how LLMs can be exploited in SE to optimize
processes and outcomes. Through a comprehensive review approach, we collect and
analyze a total of 229 research papers from 2017 to 2023 to answer four key
research questions (RQs). In RQ1, we categorize and provide a comparative
analysis of different LLMs that have been employed in SE tasks, laying out
their distinctive features and uses. For RQ2, we detail the methods involved in
data collection, preprocessing, and application in this realm, shedding light
on the critical role of robust, well-curated datasets for successful LLM
implementation. RQ3 allows us to examine the specific SE tasks where LLMs have
shown remarkable success, illuminating their practical contributions to the
field. Finally, RQ4 investigates the strategies employed to optimize and
evaluate the performance of LLMs in SE, as well as the common techniques
related to prompt optimization. Armed with insights drawn from addressing the
aforementioned RQs, we sketch a picture of the current state-of-the-art,
pinpointing trends, identifying gaps in existing research, and flagging
promising areas for future study
A Survey on Malware Detection with Graph Representation Learning
Malware detection has become a major concern due to the increasing number and
complexity of malware. Traditional detection methods based on signatures and
heuristics are used for malware detection, but unfortunately, they suffer from
poor generalization to unknown attacks and can be easily circumvented using
obfuscation techniques. In recent years, Machine Learning (ML) and notably Deep
Learning (DL) achieved impressive results in malware detection by learning
useful representations from data and have become a solution preferred over
traditional methods. More recently, the application of such techniques on
graph-structured data has achieved state-of-the-art performance in various
domains and demonstrates promising results in learning more robust
representations from malware. Yet, no literature review focusing on graph-based
deep learning for malware detection exists. In this survey, we provide an
in-depth literature review to summarize and unify existing works under the
common approaches and architectures. We notably demonstrate that Graph Neural
Networks (GNNs) reach competitive results in learning robust embeddings from
malware represented as expressive graph structures, leading to an efficient
detection by downstream classifiers. This paper also reviews adversarial
attacks that are utilized to fool graph-based detection methods. Challenges and
future research directions are discussed at the end of the paper.Comment: Preprint, submitted to ACM Computing Surveys on March 2023. For any
suggestions or improvements, please contact me directly by e-mai
Split, Encode and Aggregate for Long Code Search
Code search with natural language plays a crucial role in reusing existing
code snippets and accelerating software development. Thanks to the
Transformer-based pretraining models, the performance of code search has been
improved significantly compared to traditional information retrieval (IR) based
models. However, due to the quadratic complexity of multi-head self-attention,
there is a limit on the input token length. For efficient training on standard
GPUs like V100, existing pretrained code models, including GraphCodeBERT,
CodeBERT, RoBERTa (code), take the first 256 tokens by default, which makes
them unable to represent the complete information of long code that is greater
than 256 tokens. Unlike long text paragraph that can be regarded as a whole
with complete semantics, the semantics of long code is discontinuous as a piece
of long code may contain different code modules. Therefore, it is unreasonable
to directly apply the long text processing methods to long code. To tackle the
long code problem, we propose SEA (Split, Encode and Aggregate for Long Code
Search), which splits long code into code blocks, encodes these blocks into
embeddings, and aggregates them to obtain a comprehensive long code
representation. With SEA, we could directly use Transformer-based pretraining
models to model long code without changing their internal structure and
repretraining. Leveraging abstract syntax tree (AST) based splitting and
attention-based aggregation methods, SEA achieves significant improvements in
long code search performance. We also compare SEA with two sparse Trasnformer
methods. With GraphCodeBERT as the encoder, SEA achieves an overall mean
reciprocal ranking score of 0.785, which is 10.1% higher than GraphCodeBERT on
the CodeSearchNet benchmark.Comment: 9 page
An Unbiased Transformer Source Code Learning with Semantic Vulnerability Graph
Over the years, open-source software systems have become prey to threat
actors. Even as open-source communities act quickly to patch the breach, code
vulnerability screening should be an integral part of agile software
development from the beginning. Unfortunately, current vulnerability screening
techniques are ineffective at identifying novel vulnerabilities or providing
developers with code vulnerability and classification. Furthermore, the
datasets used for vulnerability learning often exhibit distribution shifts from
the real-world testing distribution due to novel attack strategies deployed by
adversaries and as a result, the machine learning model's performance may be
hindered or biased. To address these issues, we propose a joint interpolated
multitasked unbiased vulnerability classifier comprising a transformer
"RoBERTa" and graph convolution neural network (GCN). We present a training
process utilizing a semantic vulnerability graph (SVG) representation from
source code, created by integrating edges from a sequential flow, control flow,
and data flow, as well as a novel flow dubbed Poacher Flow (PF). Poacher flow
edges reduce the gap between dynamic and static program analysis and handle
complex long-range dependencies. Moreover, our approach reduces biases of
classifiers regarding unbalanced datasets by integrating Focal Loss objective
function along with SVG. Remarkably, experimental results show that our
classifier outperforms state-of-the-art results on vulnerability detection with
fewer false negatives and false positives. After testing our model across
multiple datasets, it shows an improvement of at least 2.41% and 18.75% in the
best-case scenario. Evaluations using N-day program samples demonstrate that
our proposed approach achieves a 93% accuracy and was able to detect 4,
zero-day vulnerabilities from popular GitHub repositories
Intelligent Software Tooling For Improving Software Development
Software has eaten the world with many of the necessities and quality of life services people use requiring software. Therefore, tools that improve the software development experience can have a significant impact on the world such as generating code and test cases, detecting bugs, question and answering, etc. The success of Deep Learning (DL) over the past decade has shown huge advancements in automation across many domains, including Software Development processes. One of the main reasons behind this success is the availability of large datasets such as open-source code available through GitHub or image datasets of mobile Graphical User Interfaces (GUIs) with RICO and ReDRAW to be trained on. Therefore, the central research question my dissertation explores is: In what ways can the software development process be improved through leveraging DL techniques on the vast amounts of unstructured software engineering artifacts? We coin the approaches that leverage DL to automate or augment various software development task as Intelligent Software Tools. To guide our research of these intelligent software tools, we performed a systematic literature review to understand the current landscape of research on applying DL techniques to software tasks and any gaps that exist. From this literature review, we found code generation to be one of the most studied tasks with other tasks and artifacts such as impact analysis or tasks involving images and videos to be understudied. Therefore, we set out to explore the application of DL to these understudied tasks and artifacts as well as the limitations of DL models under the well studied task code completion, a subfield in code generation. Specifically, we developed a tool for automatically detecting duplicate mobile bug reports from user submitted videos. We used the popular Convolutional Neural Network (CNN) to learn important features from a large collection of mobile screenshots. Using this model, we could then compute similarity between a newly submitted bug report and existing ones to produce a ranked list of duplicate candidates that can be reviewed by a developer. Next, we explored impact analysis, a critical software maintenance task that identifies potential adverse effects of a given code change on the larger software system. To this end, we created Athena, a novel approach to impact analysis that integrates knowledge of a software system through its call-graph along with high-level representations of the code inside the system to improve impact analysis performance. Lastly, we explored the task of code completion, which has seen heavy interest from industry and academia. Specifically, we explored various methods that modify the positional encoding scheme of the Transformer architecture for allowing these models to incorporate longer sequences of tokens when predicting completions than seen during their training as this can significantly improve training times
- âŠ