2,105 research outputs found
Towards Automated Performance Bug Identification in Python
Context: Software performance is a critical non-functional requirement,
appearing in many fields such as mission critical applications, financial, and
real time systems. In this work we focused on early detection of performance
bugs; our software under study was a real time system used in the
advertisement/marketing domain.
Goal: Find a simple and easy to implement solution, predicting performance
bugs.
Method: We built several models using four machine learning methods, commonly
used for defect prediction: C4.5 Decision Trees, Na\"{\i}ve Bayes, Bayesian
Networks, and Logistic Regression.
Results: Our empirical results show that a C4.5 model, using lines of code
changed, file's age and size as explanatory variables, can be used to predict
performance bugs (recall=0.73, accuracy=0.85, and precision=0.96). We show that
reducing the number of changes delivered on a commit, can decrease the chance
of performance bug injection.
Conclusions: We believe that our approach can help practitioners to eliminate
performance bugs early in the development cycle. Our results are also of
interest to theoreticians, establishing a link between functional bugs and
(non-functional) performance bugs, and explicitly showing that attributes used
for prediction of functional bugs can be used for prediction of performance
bugs
Automatic bug triaging techniques using machine learning and stack traces
When a software system crashes, users have the option to report the crash using automated bug tracking systems. These tools capture software crash and failure data (e.g., stack traces, memory dumps, etc.) from end-users. These data are sent in the form of bug (crash) reports to the software development teams to uncover the causes of the crash and provide adequate fixes. The reports are first assessed (usually in a semi-automatic way) by a group of software analysts, known as triagers. Triagers assign priority to the bugs and redirect them to the software development teams in order to provide fixes.
The triaging process, however, is usually very challenging. The problem is that many of these reports are caused by similar faults. Studies have shown that one way to improve the bug triaging process is to detect automatically duplicate (or similar) reports. This way, triagers would not need to spend time on reports caused by faults that have already been handled. Another issue is related to the prioritization of bug reports. Triagers often rely on the information provided by the customers (the report submitters) to prioritize bug reports. However, this task can be quite tedious and requires tool support. Next, triagers route the bug report to the responsible development team based on the subsystem, which caused the crash. Since having knowledge of all the subsystems of an ever-evolving industrial system is impractical, having a tool to automatically identify defective subsystems can significantly reduce the manual bug triaging effort.
The main goal of this research is to investigate techniques and tools to help triagers process bug reports. We start by studying the effect of the presence of stack traces in analyzing bug reports. Next, we present a framework to help triagers in each step of the bug triaging process. We propose a new and scalable method to automatically detect duplicate bug reports using stack traces and bug report categorical features. We then propose a novel approach for predicting bug severity using stack traces and categorical features, and finally, we discuss a new method for predicting faulty product and component fields of bug reports.
We evaluate the effectiveness of our techniques using bug reports from two large open-source systems. Our results show that stack traces and machine learning methods can be used to automate the bug triaging process, and hence increase the productivity of bug triagers, while reducing costs and efforts associated with manual triaging of bug reports
Proposed Framework for Quality Assurance System with Duplicate Bug Detection
When project are having so cost. Many times the problem of bug will get occur. So, it becomes very important to have proper quality assurance system(QAS).Poorly designed quality assurance systems may exchange wrong information between developers. The purpose of this paper is to make understandings of different quality assurance systems and explain them, to find out problems present in them and give proper direction for improvement so as attract customers, raise customers satisfaction, to reduce downtime .This Paper proposes a framework to detect duplicate bug. detection, QAS, bugs
Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development
Fuzzing has been studied and applied ever since the 1990s. Automated and
continuous fuzzing has recently been applied also to open source software
projects, including the Linux and BSD kernels. This paper concentrates on the
practical aspects of continuous kernel fuzzing in four open source kernels.
According to the results, there are over 800 unresolved crashes reported for
the four kernels by the syzkaller/syzbot framework. Many of these have been
reported relatively long ago. Interestingly, fuzzing-induced bugs have been
resolved in the BSD kernels more rapidly. Furthermore, assertions and debug
checks, use-after-frees, and general protection faults account for the majority
of bug types in the Linux kernel. About 23% of the fixed bugs in the Linux
kernel have either went through code review or additional testing. Finally,
only code churn provides a weak statistical signal for explaining the
associated bug fixing times in the Linux kernel.Comment: The 4th IEEE International Workshop on Reliability and Security Data
Analysis (RSDA), 2019 IEEE International Symposium on Software Reliability
Engineering Workshops (ISSREW), Berlin, IEE
A layered approach to improving Blockchain systems security
During the past several years, blockchain systems have gained a lot of traction and adoption, with during peak periods, the total capitalisation of these systems exceeding 2 trillion.
Given the permissionless nature of blockchain systems and their large scope in terms of software - e.g. distributed consensus, untrusted program execution - numerous attack vectors need to be studied, understood and protected against for blockchain systems to be able to deliver their promises of a safer financial system.
In this thesis, we study and contribute to improving the security of various parts of the blockchain stack, from the execution to the application layer.
We start with one of the lowest layers of the Ethereum blockchain stack, the EVM, and study the resource metering mechanism that is used to limit the total amount of resources that can be consumed by a smart contract.
We discover inconsistencies in the metering mechanism and show and responsibly disclose that it would have been possible to execute transactions that would result in a denial of service attack on the Ethereum blockchain.
Our findings were part of the motivation of Ethereum for changing some of its gas metering mechanisms.
We then broaden our analysis to other blockchain systems and study how different fee mechanisms affect the transactional throughput as well as the usage of the blockchain.
We discover that low fees, which are in theory attractive to users, can lead to a lot of spam.
We find that for two of the blockchain we analyse, EOS and Ripple, this type of spam leads to system outages where the blockchain is unable to process transactions.
Finally, we find that a common motivation for spam transactions is to artificially inflate the activity of the application layer, through wash-trading for example.
In the last main chapter of this thesis, we move to the application layer and turn our focus on decentralised finance (DeFi) ecosystem, which is one of the most prevalent types of application implemented on top of blockchain systems.
We start by giving formal definitions of the different types of security, namely technical and economic security.
With that definition in mind, in the first part of this chapter, we study technical security exploits and develop an automated tool to detect on-chain exploits.
We find that the majority of the exploits found through techniques such as program analysis are not exploited in practice, either because of the lack of feasibility of the exploit or because of the lack of economic incentive to do so.
In the second part of this chapter, we focus on economic security and study the liquidation mechanism that is used to protect the users of DeFi lending protocols.
We highlight how the efficiency of the liquidations has increased over time, and how depegging events of stablecoin have caused very large amounts of liquidations because of the over-confidence in their stability.Open Acces
- …