[技術・研究報告] Eclipse上で動作する効率の良いオンラインおよびオフライン動的解析プラットフォーム

ソフトウェア工学のさまざまな分野において動的解析技術が用いられている．動的解析とは，プログラムの実行時の情報を収集し解析を行うプログラム解析技術で，解析対象となるプログラムの実行終了後に解析を行うオフライン解析と，実行の途中でそれまでに収集された情報の解析を行うオンライン解析に分類することができる．本論文では，オンラインおよびオフライン解析ツールの開発を支援するため，Eclipse上で動作する動的解析プラットフォームを開発したので報告する．具体的には，これまで，特にオンライン解析においてツール毎に個別に実装されてきた実行時情報の収集処理を共通化し，さらに収集された実行時情報を解析するための共通基盤をEclipse上で提供することによって開発の効率化を図る．本プラットフォームが提供する収集処理は，幅広い動的解析手法で利用できるよう詳細な実行時情報を効率よく収集できるという特長を持つ．またオンライン解析の共通基盤としては，解析アルゴリズムをオンライン化することによって生じるオーバーヘッドをできる限り抑えるよう設計上の工夫を行っている．本論文ではその設計を採用した場合と採用しない場合の解析速度の比較を行い，設計の妥当性について評価を行ったので報告する

Are Code Examples on an Online Q&A Forum Reliable?

Programmers often consult an online Q&A forum such as Stack Overflow to learn new APIs. This paper presents an empirical study on the prevalence and severity of API misuse on Stack Overflow. To reduce manual assessment effort, we design ExampleCheck, an API usage mining framework that extracts patterns from over 380K Java repositories on GitHub and subsequently reports potential API usage violations in Stack Overflow posts. We analyze 217,818 Stack Overflow posts using ExampleCheck and find that 31% may have potential API usage violations that could produce unexpected behavior such as program crashes and resource leaks. Such API misuse is caused by three main reasons---missing control constructs, missing or incorrect order of API calls, and incorrect guard conditions. Even the posts that are accepted as correct answers or upvoted by other programmers are not necessarily more reliable than other posts in terms of API misuse. This study result calls for a new approach to augment Stack Overflow with alternative API usage details that are not typically shown in curated examples

Automated Change Rule Inference for Distance-Based API Misuse Detection

Developers build on Application Programming Interfaces (APIs) to reuse existing functionalities of code libraries. Despite the benefits of reusing established libraries (e.g., time savings, high quality), developers may diverge from the API's intended usage; potentially causing bugs or, more specifically, API misuses. Recent research focuses on developing techniques to automatically detect API misuses, but many suffer from a high false-positive rate. In this article, we improve on this situation by proposing ChaRLI (Change RuLe Inference), a technique for automatically inferring change rules from developers' fixes of API misuses based on API Usage Graphs (AUGs). By subsequently applying graph-distance algorithms, we use change rules to discriminate API misuses from correct usages. This allows developers to reuse others' fixes of an API misuse at other code locations in the same or another project. We evaluated the ability of change rules to detect API misuses based on three datasets and found that the best mean relative precision (i.e., for testable usages) ranges from 77.1 % to 96.1 % while the mean recall ranges from 0.007 % to 17.7 % for individual change rules. These results underpin that ChaRLI and our misuse detection are helpful complements to existing API misuse detectors

Automata-based pattern mining from imperfect traces

ABSTRACT This paper considers automata-based pattern mining techniques for extracting specifications from runtime traces and suggests a novel extension that allows these techniques to work with so-called imperfect traces i.e. traces that do not exactly satisfy the intended specification of the system that produced them. We show that by taking a so-called edit-distance between an input trace and the language of a pattern we can extract specifications from imperfect traces and identify the parts of an input trace that do not satisfy the mined specification, thus aiding the identification and location of errors in programs

Statistical Software Properties: Definition, Inference and Monitoring

Software properties define how software systems should operate. Specifying correct properties, however, can be difficult and expensive as it requires deep knowledge of the system\u27s expected behavior and the environment in which it operates. Automated analysis techniques to infer properties from code or code executions can mitigate that cost, but are still unable to go beyond state properties and the simplest patterns of temporal properties. This limitation renders properties that sacrifice fault detection power. To address this problem, we introduce a new type of software properties called \textit{statistical properties}, which characterize significant statistical relationships among the values of variables across program states. We define an approach to infer these relationships automatically and support their monitoring while controlling the trade-offs between overhead and the precision and recall of the inferred properties. We perform several experiments to assess the approach in the context of distributed robotics applications. Our findings indicate that the inferred statistical properties can be use to generate precise and cost-effective models capable of detecting faults in software systems while keeping the number of false positives close to zero and previous knowledge of the software system design and behavior unnecessary. Adviser: Sebastian Elbau

Mining Branching-Time Scenarios

Specification mining extracts candidate specification from existing systems, to be used for downstream tasks such as testing and verification. Specifically, we are interested in the extraction of behavior models from execution traces