13,453 research outputs found
A Concurrency-Agnostic Protocol for Multi-Paradigm Concurrent Debugging Tools
Today's complex software systems combine high-level concurrency models. Each
model is used to solve a specific set of problems. Unfortunately, debuggers
support only the low-level notions of threads and shared memory, forcing
developers to reason about these notions instead of the high-level concurrency
models they chose.
This paper proposes a concurrency-agnostic debugger protocol that decouples
the debugger from the concurrency models employed by the target application. As
a result, the underlying language runtime can define custom breakpoints,
stepping operations, and execution events for each concurrency model it
supports, and a debugger can expose them without having to be specifically
adapted.
We evaluated the generality of the protocol by applying it to SOMns, a
Newspeak implementation, which supports a diversity of concurrency models
including communicating sequential processes, communicating event loops,
threads and locks, fork/join parallelism, and software transactional memory. We
implemented 21 breakpoints and 20 stepping operations for these concurrency
models. For none of these, the debugger needed to be changed. Furthermore, we
visualize all concurrent interactions independently of a specific concurrency
model. To show that tooling for a specific concurrency model is possible, we
visualize actor turns and message sends separately.Comment: International Symposium on Dynamic Language
Conceptual evidence collection and analysis methodology for Android devices
Android devices continue to grow in popularity and capability meaning the
need for a forensically sound evidence collection methodology for these devices
also increases. This chapter proposes a methodology for evidence collection and
analysis for Android devices that is, as far as practical, device agnostic.
Android devices may contain a significant amount of evidential data that could
be essential to a forensic practitioner in their investigations. However, the
retrieval of this data requires that the practitioner understand and utilize
techniques to analyze information collected from the device. The major
contribution of this research is an in-depth evidence collection and analysis
methodology for forensic practitioners.Comment: in Cloud Security Ecosystem (Syngress, an Imprint of Elsevier), 201
Ghera: A Repository of Android App Vulnerability Benchmarks
Security of mobile apps affects the security of their users. This has fueled
the development of techniques to automatically detect vulnerabilities in mobile
apps and help developers secure their apps; specifically, in the context of
Android platform due to openness and ubiquitousness of the platform. Despite a
slew of research efforts in this space, there is no comprehensive repository of
up-to-date and lean benchmarks that contain most of the known Android app
vulnerabilities and, consequently, can be used to rigorously evaluate both
existing and new vulnerability detection techniques and help developers learn
about Android app vulnerabilities. In this paper, we describe Ghera, an open
source repository of benchmarks that capture 25 known vulnerabilities in
Android apps (as pairs of exploited/benign and exploiting/malicious apps). We
also present desirable characteristics of vulnerability benchmarks and
repositories that we uncovered while creating Ghera.Comment: 10 pages. Accepted at PROMISE'1
Automatically Discovering, Reporting and Reproducing Android Application Crashes
Mobile developers face unique challenges when detecting and reporting crashes
in apps due to their prevailing GUI event-driven nature and additional sources
of inputs (e.g., sensor readings). To support developers in these tasks, we
introduce a novel, automated approach called CRASHSCOPE. This tool explores a
given Android app using systematic input generation, according to several
strategies informed by static and dynamic analyses, with the intrinsic goal of
triggering crashes. When a crash is detected, CRASHSCOPE generates an augmented
crash report containing screenshots, detailed crash reproduction steps, the
captured exception stack trace, and a fully replayable script that
automatically reproduces the crash on a target device(s). We evaluated
CRASHSCOPE's effectiveness in discovering crashes as compared to five
state-of-the-art Android input generation tools on 61 applications. The results
demonstrate that CRASHSCOPE performs about as well as current tools for
detecting crashes and provides more detailed fault information. Additionally,
in a study analyzing eight real-world Android app crashes, we found that
CRASHSCOPE's reports are easily readable and allow for reliable reproduction of
crashes by presenting more explicit information than human written reports.Comment: 12 pages, in Proceedings of 9th IEEE International Conference on
Software Testing, Verification and Validation (ICST'16), Chicago, IL, April
10-15, 2016, pp. 33-4
Middleware for Wireless Sensor Networks: An Outlook
In modern distributed computing, applications are rarely built directly atop operating system facilities, e.g., sockets. Higher-level middleware abstractions and systems are often employed to simplify the programmer’s chore or to achieve interoperability. In contrast, real-world wireless sensor network (WSN) applications are almost always developed by relying directly on the operating system.
Why is this the case? Does it make sense to include a middleware layer in the design of WSNs? And, if so, is it the same kind of software system as in traditional distributed computing? What are the fundamental concepts, reasonable assumptions, and key criteria guiding its design? What are the main open research challenges, and the potential pitfalls? Most importantly, is it worth pursuing research in this field?
This paper provides a (biased) answer to these and other research questions, preceded by a brief account on the state of the art in the field
Translating Video Recordings of Mobile App Usages into Replayable Scenarios
Screen recordings of mobile applications are easy to obtain and capture a
wealth of information pertinent to software developers (e.g., bugs or feature
requests), making them a popular mechanism for crowdsourced app feedback. Thus,
these videos are becoming a common artifact that developers must manage. In
light of unique mobile development constraints, including swift release cycles
and rapidly evolving platforms, automated techniques for analyzing all types of
rich software artifacts provide benefit to mobile developers. Unfortunately,
automatically analyzing screen recordings presents serious challenges, due to
their graphical nature, compared to other types of (textual) artifacts. To
address these challenges, this paper introduces V2S, a lightweight, automated
approach for translating video recordings of Android app usages into replayable
scenarios. V2S is based primarily on computer vision techniques and adapts
recent solutions for object detection and image classification to detect and
classify user actions captured in a video, and convert these into a replayable
test scenario. We performed an extensive evaluation of V2S involving 175 videos
depicting 3,534 GUI-based actions collected from users exercising features and
reproducing bugs from over 80 popular Android apps. Our results illustrate that
V2S can accurately replay scenarios from screen recordings, and is capable of
reproducing 89% of our collected videos with minimal overhead. A case
study with three industrial partners illustrates the potential usefulness of
V2S from the viewpoint of developers.Comment: In proceedings of the 42nd International Conference on Software
Engineering (ICSE'20), 13 page
Reducing the Barrier to Entry of Complex Robotic Software: a MoveIt! Case Study
Developing robot agnostic software frameworks involves synthesizing the
disparate fields of robotic theory and software engineering while
simultaneously accounting for a large variability in hardware designs and
control paradigms. As the capabilities of robotic software frameworks increase,
the setup difficulty and learning curve for new users also increase. If the
entry barriers for configuring and using the software on robots is too high,
even the most powerful of frameworks are useless. A growing need exists in
robotic software engineering to aid users in getting started with, and
customizing, the software framework as necessary for particular robotic
applications. In this paper a case study is presented for the best practices
found for lowering the barrier of entry in the MoveIt! framework, an
open-source tool for mobile manipulation in ROS, that allows users to 1)
quickly get basic motion planning functionality with minimal initial setup, 2)
automate its configuration and optimization, and 3) easily customize its
components. A graphical interface that assists the user in configuring MoveIt!
is the cornerstone of our approach, coupled with the use of an existing
standardized robot model for input, automatically generated robot-specific
configuration files, and a plugin-based architecture for extensibility. These
best practices are summarized into a set of barrier to entry design principles
applicable to other robotic software. The approaches for lowering the entry
barrier are evaluated by usage statistics, a user survey, and compared against
our design objectives for their effectiveness to users
Privacy Issues of the W3C Geolocation API
The W3C's Geolocation API may rapidly standardize the transmission of
location information on the Web, but, in dealing with such sensitive
information, it also raises serious privacy concerns. We analyze the manner and
extent to which the current W3C Geolocation API provides mechanisms to support
privacy. We propose a privacy framework for the consideration of location
information and use it to evaluate the W3C Geolocation API, both the
specification and its use in the wild, and recommend some modifications to the
API as a result of our analysis
- …