Automatic Software Repair: a Bibliography

This article presents a survey on automatic software repair. Automatic software repair consists of automatically finding a solution to software bugs without human intervention. This article considers all kinds of repairs. First, it discusses behavioral repair where test suites, contracts, models, and crashing inputs are taken as oracle. Second, it discusses state repair, also known as runtime repair or runtime recovery, with techniques such as checkpoint and restart, reconfiguration, and invariant restoration. The uniqueness of this article is that it spans the research communities that contribute to this body of knowledge: software engineering, dependability, operating systems, programming languages, and security. It provides a novel and structured overview of the diversity of bug oracles and repair operators used in the literature

Optimization Techniques for Algorithmic Debugging

[EN] Nowadays, undetected programming bugs produce a waste of billions of dollars per year to private and public companies and institutions. In spite of this, no significant advances in the debugging area that help developers along the software development process have been achieved yet. In fact, the same debugging techniques that were used 20 years ago are still being used now. Along the time, some alternatives have appeared, but there still is a long way for them to be useful enough to get into the software development process. One of them is algorithmic debugging, which abstracts the information the user has to investigate to debug the program, allowing them to focus on what is happening instead of how it is happening. This abstraction comes at a price: the granularity level of the bugs that can be detected allows for isolating wrongly implemented functions, but which part of them contains the bug cannot be found out yet. This thesis focusses on improving algorithmic debugging in many aspects. Concretely, the main aims of this thesis are to reduce the time the user needs to detect a programming bug as well as to provide the user with more detailed information about where the bug is located. To achieve these goals, some techniques have been developed to start the debugging sessions as soon as possible, to reduce the number of questions the user is going to be asked about, and to augment the granularity level of those bugs that algorithmic debugging can detect, allowing the debugger in this way to keep looking for bugs even inside functions. As a result of this thesis, three completely new techniques have been defined, an already existent technique has been improved, and two new algorithmic debugging search strategies have been defined that improve the already existent ones. Besides these theoretical results, a fully functional algorithmic debugger has been implemented that contains and supports all these techniques and strategies. This debugger is written in Java, and it debugs Java code. The election of this language is justified because it is currently one of the most widely extended and used languages. Also because it contains an interesting combination of unsolved challenges for algorithmic debugging. To further increase its usability, the debugger has been later adapted as an Eclipse plugin, so it could be used by a wider number of users. These two debuggers are publicly available, so any interested person can access them and continue with the research if they wish so.[ES] Hoy en día, los errores no detectados de programación suponen un gasto de miles de millones al año para las empresas e instituciones públicas y privadas. A pesar de esto, no ha habido ningún avance significativo en el área de la depuración que ayude a los desarrolladores durante la fase de desarrollo de software. De hecho, las mismas técnicas de depuración que se utilizaban hace 20 años se siguen utilizando ahora. A lo largo del tiempo, han surgido algunas alternativas, pero todavía queda un largo camino para que estas sean lo suficientemente útiles como para abrirse camino en el proceso de desarrollo de software. Una de ellas es la depuración algorítmica, la cual abstrae la información que el programador debe investigar para depurar el programa, permitiéndole de este modo centrarse en el qué está ocurriendo en vez de en el cómo. Esta abstracción tiene un coste: el nivel de granularidad de los errores que pueden detectarse nos permite como máximo aislar funciones mal implementadas, pero no averiguar qué parte de estas contiene el error. Esta tesis se centra en mejorar la depuración algorítmica en muchos aspectos. Concretamente, los principales objetivos de esta tesis son reducir el tiempo que el usuario necesita para detectar un error de programación así como proporcionar información más detallada de dónde se encuentra el error. Para conseguir estos objetivos, se han desarrollado técnicas para iniciar las sesiones de depuración lo antes posible, reducir el número de preguntas que se le van a realizar al usuario, y aumentar el nivel de granularidad de los errores que la depuración algorítmica puede detectar, permitiendo así seguir buscando el error incluso dentro de las funciones. Como resultado de esta tesis, se han definido tres técnicas completamente nuevas, se ha mejorado una técnica ya existente, y se han definido dos nuevas estrategias de depuración algorítmica que mejoran las previamente existentes. Además de los resultados teóricos, también se ha desarrollado un depurador algorítmico completamente funcional que contiene y respalda todas estas técnicas y estrategias. Este depurador está escrito en Java y depura código Java. La elección de este lenguaje se justifica debido a que es uno de los lenguajes más ampliamente extendidos y usados actualmente. También debido a que contiene una combinación interesante de retos todavía sin resolver para la depuración algorítmica. Para aumentar todavía más su usabilidad, el depurador ha sido posteriormente adaptado como un plugin de Eclipse, de tal manera que pudiese ser usado por un número más amplio de usuarios. Estos dos depuradores están públicamente disponibles para que cualquier persona interesada pueda acceder a ellos y continuar con la investigación si así lo deseara.[CA] Hui en dia, els errors no detectats de programació suposen una despesa de milers de milions a l'any per a les empreses i institucions públiques i privades. Tot i això, no hi ha hagut cap avanç significatiu en l'àrea de la depuració que ajude als desenvolupadors durant la fase de desenvolupament de programari. De fet, les mateixes tècniques de depuració que s'utilitzaven fa 20 anys es continuen utilitzant ara. Al llarg del temps, han sorgit algunes alternatives, però encara queda un llarg camí perquè estes siguen prou útils com per a obrir-se camí en el procés de desenvolupament de programari. Una d'elles és la depuració algorítmica, la qual abstrau la informació que el programador ha d'investigar per a depurar el programa, permetent-li d'esta manera centrar-se en el què està ocorrent en compte de en el com. Esta abstracció té un cost: el nivell de granularitat dels errors que poden detectar-se ens permet com a màxim aïllar funcions mal implementades, però no esbrinar quina part d'estes conté l'error. Esta tesi es centra a millorar la depuració algorítmica en molts aspectes. Concretament, els principals objectius d'esta tesi són reduir el temps que l'usuari necessita per a detectar un error de programació així com proporcionar informació més detallada d'on es troba l'error. Per a aconseguir estos objectius, s'han desenvolupat tècniques per a iniciar les sessions de depuració com més prompte millor, reduir el nombre de preguntes que se li formularan a l'usuari, i augmentar el nivell de granularitat dels errors que la depuració algorítmica pot detectar, permetent així continuar buscant l'error inclús dins de les funcions. Com resultat d'esta tesi, s'han definit tres tècniques completament noves, s'ha millorat una tècnica ja existent, i s'han definit dos noves estratègies de depuració algorítmica que milloren les prèviament existents. A més dels resultats teòrics, també s'ha desenvolupat un depurador algorítmic completament funcional que conté i protegix totes estes tècniques i estratègies. Este depurador està escrit en Java i depura codi Java. L'elecció d'este llenguatge es justifica pel fet que és un dels llenguatges més àmpliament estesos i usats actualment. També pel fet que conté una combinació interessant de reptes encara sense resoldre per a la depuració algorítmica. Per a augmentar encara més la seua usabilitat, el depurador ha sigut posteriorment adaptat com un plugin d'Eclipse, de tal manera que poguera ser usat per un nombre més ampli d'usuaris. Estos dos depuradors estan públicament disponibles perquè qualsevol persona interessada puga accedir a ells i continuar amb la investigació si així ho desitjara.Insa Cabrera, D. (2016). Optimization Techniques for Algorithmic Debugging [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/68506TESISPremios Extraordinarios de tesis doctorale

Ernst Denert Award for Software Engineering 2020

This open access book provides an overview of the dissertations of the eleven nominees for the Ernst Denert Award for Software Engineering in 2020. The prize, kindly sponsored by the Gerlind & Ernst Denert Stiftung, is awarded for excellent work within the discipline of Software Engineering, which includes methods, tools and procedures for better and efficient development of high quality software. An essential requirement for the nominated work is its applicability and usability in industrial practice. The book contains eleven papers that describe the works by Jonathan Brachthäuser (EPFL Lausanne) entitled What You See Is What You Get: Practical Effect Handlers in Capability-Passing Style, Mojdeh Golagha’s (Fortiss, Munich) thesis How to Effectively Reduce Failure Analysis Time?, Nikolay Harutyunyan’s (FAU Erlangen-Nürnberg) work on Open Source Software Governance, Dominic Henze’s (TU Munich) research about Dynamically Scalable Fog Architectures, Anne Hess’s (Fraunhofer IESE, Kaiserslautern) work on Crossing Disciplinary Borders to Improve Requirements Communication, Istvan Koren’s (RWTH Aachen U) thesis DevOpsUse: A Community-Oriented Methodology for Societal Software Engineering, Yannic Noller’s (NU Singapore) work on Hybrid Differential Software Testing, Dominic Steinhofel’s (TU Darmstadt) thesis entitled Ever Change a Running System: Structured Software Reengineering Using Automatically Proven-Correct Transformation Rules, Peter Wägemann’s (FAU Erlangen-Nürnberg) work Static Worst-Case Analyses and Their Validation Techniques for Safety-Critical Systems, Michael von Wenckstern’s (RWTH Aachen U) research on Improving the Model-Based Systems Engineering Process, and Franz Zieris’s (FU Berlin) thesis on Understanding How Pair Programming Actually Works in Industry: Mechanisms, Patterns, and Dynamics – which actually won the award. The chapters describe key findings of the respective works, show their relevance and applicability to practice and industrial software engineering projects, and provide additional information and findings that have only been discovered afterwards, e.g. when applying the results in industry. This way, the book is not only interesting to other researchers, but also to industrial software professionals who would like to learn about the application of state-of-the-art methods in their daily work

Software reverse engineering education

Software Reverse Engineering (SRE) is the practice of analyzing a software system, either in whole or in part, to extract design and implementation information. A typical SRE scenario would involve a software module that has worked for years and carries several rules of a business in its lines of code. Unfortunately the source code of the application has been lost; what remains is “native ” or “binary ” code. Reverse engineering skills are also used to detect and neutralize viruses and malware as well as to protect intellectual property. It became frighteningly apparent during the Y2K crisis that reverse engineering skills were not commonly held amongst programmers. Since that time, much research has been undertaken to formalize the types of activities that fall into the category of reverse engineering so that these skills can be taught to computer programmers and testers. To help address the lack of software reverse engineering education, several peer-reviewed articles on software reverse engineering, re-engineering, reuse, maintenance, evolution, and security were gathered with the objective of developing relevant, practical exercises for instructional purposes. The research revealed that SRE is fairly well described and most of the related activities fall into one of tw

Model Transformation Testing and Debugging: A Survey

Model transformations are the key technique in Model-Driven Engineering (MDE) to manipulate and construct models. As a consequence, the correctness of software systems built with MDE approaches relies mainly on the correctness of model transformations, and thus, detecting and locating bugs in model transformations have been popular research topics in recent years. This surge of work has led to a vast literature on model transformation testing and debugging, which makes it challenging to gain a comprehensive view of the current state of the art. This is an obstacle for newcomers to this topic and MDE practitioners to apply these approaches. This paper presents a survey on testing and debugging model transformations based on the analysis of \nPapers~papers on the topics. We explore the trends, advances, and evolution over the years, bringing together previously disparate streams of work and providing a comprehensive view of these thriving areas. In addition, we present a conceptual framework to understand and categorise the different proposals. Finally, we identify several open research challenges and propose specific action points for the model transformation community.This work is partially supported by the European Commission (FEDER) and Junta de Andalucia under projects APOLO (US-1264651) and EKIPMENT-PLUS (P18-FR-2895), by the Spanish Government (FEDER/Ministerio de Ciencia e Innovación – Agencia Estatal de Investigación) under projects HORATIO (RTI2018-101204-B-C21), COSCA (PGC2018-094905-B-I00) and LOCOSS (PID2020-114615RB-I00), by the Austrian Science Fund (P 28519-N31, P 30525-N31), and by the Austrian Federal Ministry for Digital and Economic Affairs and the National Foundation for Research, Technology and Development (CDG

Automated Analysis of ARM Binaries using the Low-Level Virtual Machine Compiler Framework

Binary program analysis is a critical capability for offensive and defensive operations in Cyberspace. However, many current techniques are ineffective or time-consuming and few tools can analyze code compiled for embedded processors such as those used in network interface cards, control systems and mobile phones. This research designs and implements a binary analysis system, called the Architecture-independent Binary Abstracting Code Analysis System (ABACAS), which reverses the normal program compilation process, lifting binary machine code to the Low-Level Virtual Machine (LLVM) compiler\u27s intermediate representation, thereby enabling existing security-related analyses to be applied to binary programs. The prototype targets ARM binaries but can be extended to support other architectures. Several programs are translated from ARM binaries and analyzed with existing analysis tools. Programs lifted from ARM binaries are an average of 3.73 times larger than the same programs compiled from a high-level language (HLL). Analysis results are equivalent regardless of whether the HLL source or ARM binary version of the program is submitted to the system, confirming the hypothesis that LLVM is effective for binary analysis