38 research outputs found
Directed Test Program Generation for JIT Compiler Bug Localization
Bug localization techniques for Just-in-Time (JIT) compilers are based on
analyzing the execution behaviors of the target JIT compiler on a set of test
programs generated for this purpose; characteristics of these test inputs can
significantly impact the accuracy of bug localization. However, current
approaches for automatic test program generation do not work well for bug
localization in JIT compilers. This paper proposes a novel technique for
automatic test program generation for JIT compiler bug localization that is
based on two key insights: (1) the generated test programs should contain both
passing inputs (which do not trigger the bug) and failing inputs (which trigger
the bug); and (2) the passing inputs should be as similar as possible to the
initial seed input, while the failing programs should be as different as
possible from it. We use a structural analysis of the seed program to determine
which parts of the code should be mutated for each of the passing and failing
cases. Experiments using a prototype implementation indicate that test inputs
generated using our approach result in significantly improved bug localization
results than existing approaches
An empirical evaluation of the âcognitive complexityâ measure as a predictor of code understandability
Background: Code that is difficult to understand is also difficult to inspect and maintain and ultimately causes increased costs. Therefore, it would be greatly beneficial to have source code measures that are related to code understandability. Many ââtraditionalââ source code measures, including for instance Lines of Code and McCabeâs Cyclomatic Complexity, have been used to identify hard-to-understand code. In addition, the ââCognitive Complexityââ measure was introduced in 2018 with the specific goal of improving the ability to evaluate code understandability.
Aims: The goals of this paper are to assess whether (1) ââCognitive Complexityââ is better correlated with code understandability than traditional measures, and (2) the availability of the ââCognitive Complexityââ measure improves the performance (i.e., the accuracy) of code understandability prediction models.
Method: We carried out an empirical study, in which we reused code understandability measures used in several previous studies. We first built Support Vector Regression models of understandability vs. code measures, and we then compared the performance of models that use ââCognitive Complexityââ against the performance of models that do not.
Results: ââCognitive Complexityââ appears to be correlated to code understandability approximately as much as traditional measures, and the performance of models that use ââCognitive Complexityââ is extremely close to the performance of models that use only traditional measures.
Conclusions: The ââCognitive Complexityââ measure does not appear to fulfill the promise of being a significant improvement over previously proposed measures, as far as code understandability prediction is concerned
Automated android malware detection using user feedback
The widespread usage of mobile devices and their seamless adaptation to each userâs needs through useful applications (apps) makes them a prime target for malware developers. Malware is software built to harm the user, e.g., to access sensitive user data, such as banking details, or to hold data hostage and block user access. These apps are distributed in marketplaces that host millions and therefore have their forms of automated malware detection in place to deter malware developers and keep their app store (and reputation) trustworthy. Nevertheless, a non-negligible number of apps can bypass these detectors and remain available in the marketplace for any user to download and install on their device. Current malware detection strategies rely on using static or dynamic app extracted features (or a combination of both) to scale the detection and cover the growing number of apps submitted to the marketplace. In this paper, the main focus is on the apps that bypass the malware detectors and stay in the marketplace long enough to receive user feedback. This paper uses real-world data provided by an app store. The quantitative ratings and potential alert flags assigned to the apps by the users were used as features to train machine learning classifiers that successfully classify malware that evaded previous detection attempts. These results present reasonable accuracy and thus work to help to maintain a user-safe environment.info:eu-repo/semantics/publishedVersio
Towards Providing Automated Supports to Developers on Making Logging Decisions and Log Analysis
Due to the lack of practical guidelines on how to write logging statements and large volume of logs routinely generated by software products, how to make proper logging decisions and efficiently analyze the logs are challenging in practice. In this thesis, we focus on these two main challenges and propose a series of approaches to address the problem and help developers on logging practices in two aspects: (1) assist in making logging decisions and (2) assist in log analysis.
For logging decisions, we tackle the challenge by providing suggestions on writing logging statements. We first provide suggestions for logging locations. We find that our models are effective in suggesting logging locations at the block level. We then study the verbosity levels in the logging statements. We propose a deep learning based approach that can leverage the ordinal nature of log levels to make suggestions on choosing log levels. Our approach outperforms the baseline approaches and are effective at suggesting log levels. Finally, we investigate practitioners' expectation on the readability of log messages by conducting a series of semi-structured interviews with industrial practitioners. We derive three aspects that are related to the readability of log messages. We also explore the potential of automatically classifying the readability of log messages and find that both deep learning and machine learning approaches is effective at such classifications.
For log analysis, we focus on studying log abstraction, which is a crucial step for automated log analysis. We find that different categories of dynamic variables in logs record valuable information that can be important for different tasks, such information is abstracted by prior log abstraction techniques. We propose a deep learning based log abstraction approach, which can identify different categories of dynamic variables and abstract specified categories. Our approach outperforms state-of-the-art log abstraction techniques on general log abstraction and also achieves promising results on variable-aware log abstraction. We also find that variable-aware log abstraction can help improve the performance of log-based anomaly detection
Cyber Security of Critical Infrastructures
Critical infrastructures are vital assets for public safety, economic welfare, and the national security of countries. The vulnerabilities of critical infrastructures have increased with the widespread use of information technologies. As Critical National Infrastructures are becoming more vulnerable to cyber-attacks, their protection becomes a significant issue for organizations as well as nations. The risks to continued operations, from failing to upgrade aging infrastructure or not meeting mandated regulatory regimes, are considered highly significant, given the demonstrable impact of such circumstances. Due to the rapid increase of sophisticated cyber threats targeting critical infrastructures with significant destructive effects, the cybersecurity of critical infrastructures has become an agenda item for academics, practitioners, and policy makers. A holistic view which covers technical, policy, human, and behavioural aspects is essential to handle cyber security of critical infrastructures effectively. Moreover, the ability to attribute crimes to criminals is a vital element of avoiding impunity in cyberspace. In this book, both research and practical aspects of cyber security considerations in critical infrastructures are presented. Aligned with the interdisciplinary nature of cyber security, authors from academia, government, and industry have contributed 13 chapters. The issues that are discussed and analysed include cybersecurity training, maturity assessment frameworks, malware analysis techniques, ransomware attacks, security solutions for industrial control systems, and privacy preservation methods
Data-Driven Analysis towards Monitoring Software Evolution by Continuously Understanding Changes in Usersâ Needs
Ohjelmistot eivÀt usein vastaa kÀyttÀjiensÀ odotuksia siitÀ huolimatta, ettÀ niiden odotetaan tarjoavan riittÀvÀ toiminnallisuus ja olevan virheettömiÀ. TÀstÀ syystÀ ohjelmiston yllÀpito on vÀistÀmÀtöntÀ ja tÀrkeÀÀ jokaiselle ohjelmistoyritykselle, joka haluaa pitÀÀ tuotteensa tai palvelunsa kannattavana. Koska kilpailu nykyajan ohjelmistomarkkinoilla on tiukkaa ja kÀyttÀjien on helppo lopettaa tuotteen kÀyttö, yritysten on erityisen tÀrkeÀÀ tarkkailla ja yllÀpitÀÀ kÀyttÀjÀtyytyvÀisyyttÀ pitkÀaikaisen menestyksen turvaamiseksi. TÀmÀn saavuttamiseksi tÀrkeÀÀ on jatkuvasti ymmÀrtÀÀ ja kohdata kÀyttÀjien tarpeet ja odotukset, sillÀ on tehokkaampaa kohdentaa yllÀpito kÀyttÀjien esittÀmien ongelmien perusteella.
Toisaalta internet-teknologiat ovat kehittyneet nopeasti samalla, kun kÀyttÀjien luoman sisÀllön mÀÀrÀ on kasvanut rÀjÀhdysmÀisesti. KÀyttÀjien antama palaute (numeerinen arvostelu, ehdotus tai tekstuaalinen arvio) on esimerkki tÀllaisesta kÀyttÀjien luomasta sisÀllöstÀ ja sen merkitys tuotteiden kehittÀmisessÀ asiakkaiden tarpeiden pohjalta kasvaa jatkuvasti. KÀyttÀjien tarpeiden ymmÀrtÀminen on erityisen tÀrkeÀÀ jatkuvaa yllÀpitoa ja kehitystystÀ vaativissa ohjelmistoissa. TÀllöin on myös oleellista ymmÀrtÀÀ, miten asiakkaiden mielipiteet muuttuvat ajan kuluessa. TÀmÀn lisÀksi datan louhimisen ja koneoppimisen kehitys vÀhentÀvÀt vaivaa, joka kÀyttÀjÀn tuottaman datan analysointiin ja erityisesti heidÀn kÀyttymisensÀ ymmÀrtÀmiseen tarvitaan.
Vaikka useat tutkimukset ehdottavat tietokeskeistĂ€ lĂ€hestymistĂ€ palautteen arvioin- tiin, ohjelmiston yllĂ€pitoa ja kehitystĂ€ hyödyntĂ€viĂ€ lĂ€hestymistapoja on vĂ€hĂ€n. Monet menetelmĂ€t keskittyvĂ€t arvostelujen analysoinnissa tekstinlouhintaan paljastaakseen kĂ€yttĂ€jien mielipiteet. Useat menetelmĂ€t keskittyvĂ€t myös tunnistamaan ja luokit- telemaan palautetyyppejĂ€ kuten ominaisuuspyyntöjĂ€, virheilmoituksia ja tunteenilmauksia. Jotta ohjelmiston yllĂ€pidosta saataisiin tehokkaampaa, tarvitaankin tehokas lĂ€hestymistapa ohjelmiston havaitun kĂ€yttĂ€jĂ€kokemuksen ja sen muutosten tarkkailuun ohjelmiston kehittyessĂ€.Software products, though always being expected to provide satisfactory functionalities and be bug-free, somehow fail to meet the expectations of their users. Thus, software maintenance is inevitable and critical for any software companies who want their products or services to continue proïŹting. On the other hand, due to the ïŹerce competitiveness in the contemporary software market, as well as the ease of user churns, monitoring and sustaining the satisfaction of the users is a critical criterion for the long-term success of any software products within their evolution stage. To such an end, continuously understanding and meeting the usersâ needs and expectations is the key, as it is more efïŹcient and effective to allocate maintenance effort accordingly to address the issues raised by users.
On the other hand, accompanied by the rapid development of internet technologies, the volume of user-generated content has been increasing exponentially. Among such user-generated content, feedback from the customers, either numeric rating, recommendation, or textual reviews, have been playing an increasingly critical role in product designs in terms of understanding customersâ needs. Especially for software products that require constant maintenance and are continuously evolving, understanding of usersâ needs and complaints, as well as the changes in their opinions through time, is of great importance. Additionally, supported by the advance of data mining and machine learning techniques, the effort of knowledge discovery from analyzing such data and specially understanding the behavior of the users shall be largely reduced.
However, though many studies propose data-driven approaches for feedback analysis, the ones speciïŹcally on applying such methods supporting software maintenance and evolution are limited. Many studies focus on the text mining perspective of review analysis towards eliciting usersâ opinions. Many others focus on the detection and classiïŹcation of feedback types, e.g., feature requests, bug reports, and emotion expression, etc. For the purpose of enhancing the effectiveness in soft ware maintenance and evolution practice, an effective approach on the softwareâs perceived user experience and the monitoring of its changes during evolution is re- quired.
To support the practice of software maintenance and evolution targeting enhancing user satisfaction, we propose a data-driven user review analysis approach. The contribution of this research aims to answer the following research questions: RQ1. How to analyze usersâ collective expectation and perceived quality in use with data- driven approaches by exploiting sentiment and topics? RQ2. How to monitor user satisfaction over software updates during software evolution using reviewsâ topics and sentiments? RQ3. How to analyze usersâ proïŹles, software types and situational contexts as contexts of use that supports the analysis of user satisfaction? Towards answering RQ1, the thesis proposes a data-driven approach of user perceived quality evaluation and usersâ needs extraction via sentiment analysis and topic modeling on large volume of user review data. Based on such outcome, the answer to RQ2 encompasses of 1) the approach to monitor user opinion changes through software evolution by detecting similar topic pairs and 2) the approach to identify the problematic updates based on anomalies in review sentiment distribution. Towards the answer to RQ3, a three-fold analysis is proposed: 1) situational contexts and ways of interaction analysis, 2) user proïŹle and preference analysis and 3) software type and related features analysis. All the above approaches are validated by case studies.
This thesis contributes to the examination of applying data-driven end user re- view analysis methods supporting software maintenance and evolution. The main implication is to enrich the existing domain knowledge of software maintenance and evolution in terms of taking advantage of the collective intelligence of end users. In addition, it conveys unique contribution to the research on software evolution con- texts in terms of various meaningful aspects and leads to a potential interdisciplinary contribution as well. On the other hand, this thesis also contributes to software maintenance and evolution practice even in the larger scope of the software industry by proposing an effective series of approaches that address critical issues within. It helps the developers ease their effort in release planning and other decision-making activities
Opinion Mining for Software Development: A Systematic Literature Review
Opinion mining, sometimes referred to as sentiment analysis, has gained increasing attention in software engineering (SE) studies.
SE researchers have applied opinion mining techniques in various contexts, such as identifying developersâ emotions expressed in
code comments and extracting usersâ critics toward mobile apps. Given the large amount of relevant studies available, it can take
considerable time for researchers and developers to figure out which approaches they can adopt in their own studies and what perils
these approaches entail.
We conducted a systematic literature review involving 185 papers. More specifically, we present 1) well-defined categories of opinion
mining-related software development activities, 2) available opinion mining approaches, whether they are evaluated when adopted in
other studies, and how their performance is compared, 3) available datasets for performance evaluation and tool customization, and 4)
concerns or limitations SE researchers might need to take into account when applying/customizing these opinion mining techniques.
The results of our study serve as references to choose suitable opinion mining tools for software development activities, and provide
critical insights for the further development of opinion mining techniques in the SE domain