925 research outputs found
Is It Safe to Uplift This Patch? An Empirical Study on Mozilla Firefox
In rapid release development processes, patches that fix critical issues, or
implement high-value features are often promoted directly from the development
channel to a stabilization channel, potentially skipping one or more
stabilization channels. This practice is called patch uplift. Patch uplift is
risky, because patches that are rushed through the stabilization phase can end
up introducing regressions in the code. This paper examines patch uplift
operations at Mozilla, with the aim to identify the characteristics of uplifted
patches that introduce regressions. Through statistical and manual analyses, we
quantitatively and qualitatively investigate the reasons behind patch uplift
decisions and the characteristics of uplifted patches that introduced
regressions. Additionally, we interviewed three Mozilla release managers to
understand organizational factors that affect patch uplift decisions and
outcomes. Results show that most patches are uplifted because of a wrong
functionality or a crash. Uplifted patches that lead to faults tend to have
larger patch size, and most of the faults are due to semantic or memory errors
in the patches. Also, release managers are more inclined to accept patch uplift
requests that concern certain specific components, and-or that are submitted by
certain specific developers.Comment: In proceedings of the 33rd International Conference on Software
Maintenance and Evolution (ICSME 2017
Improving software engineering processes using machine learning and data mining techniques
The availability of large amounts of data from software development has created an area of research called mining software repositories. Researchers mine data from software repositories both to improve understanding of software development and evolution, and to empirically validate novel ideas and techniques.
The large amount of data collected from software processes can then be leveraged for machine learning applications. Indeed, machine learning can have a large impact in software engineering, just like it has had in other fields, supporting developers, and other actors involved in the software development process, in automating or improving parts of their work. The automation can not only make some phases of the development process less tedious or cheaper, but also more efficient and less prone to errors. Moreover, employing machine learning can reduce the complexity of difficult problems, enabling engineers to focus on more interesting problems rather than the basics of development.
The aim of this dissertation is to show how the development and the use of machine learning and data mining techniques can support several software engineering phases, ranging from crash handling, to code review, to patch uplifting, to software ecosystem management.
To validate our thesis we conducted several studies tackling different problems in an industrial open-source context, focusing on the case of Mozilla
An Empirical Study of Security Issues Posted in Open Source Projects
When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixed-methods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features
GAINDroid: General Automated Incompatibility Notifier for Android Applications
With the ever-increasing popularity of mobile devices over the last decade, mobile apps and the frameworks upon which they are built frequently change. This rapid evolution leads to a confusing jumble of devices and applications utilizing differing features even within the same framework. For Android apps and devices, representing over 80% of the market share, mismatches between the version of the Android operating system installed on a device and the version of the app installed, can lead to several run-time crashes, providing a poor user experience.
This thesis presents GAINDroid, an analysis approach, backed with a classloader based program analyzer, that automatically detects three types of mismatches to which an app may be vulnerable across versions of the Android API it supports. Unlike all prior techniques that focus on identifying a particular problem, such as callback APIs issues, GAINDroid has the potential to greatly increase the scope of the analysis by automatically and effectively analyzing various sources of incompatibilities that may lead an app to crash at run-time. We applied GAINDroid to 3,590 real-world apps and compared the results of our analysis against state-of-the-art tools. The experimental results demonstrate its ability to outperform the existing analysis techniques in terms of both the number and type of mismatches correctly identified as well as run-time performance of the analysis.
Adviser: Hamid Bagher
What people complain about drone apps? a large-scale empirical study of Google play store reviews
Within the past few years, there has been a tremendous increase in the number of UAVs (Unmanned Aerial Vehicle) or drones manufacture and purchase. It is expected to proliferate further, penetrating into every stream of life, thus making its usage inevitable. The UAVâs major components are its physical hardware and programming software, which controls its navigation or performs various tasks based on the field of concern. The drone manufacturers launch the controlling app for the drones in mobile app stores. A few drone manufacturers also release development kits to aid drone enthusiasts in developing customized or more creative apps. Thus, the app stores are also expected to be flooded with drone-related apps in the near future. With various active research and studies being carried out in UAVâs hardware field, no effort is dedicated to studying/researching the software side of UAV. Towards this end, a large-scale empirical study of UAV or drone-related apps of the Google Play Store Platform is conducted. The study consisted of 1,825 UAV mobile apps, across twenty-five categories, with 162,250 reviews. Some of the notable findings of the thesis are (a) There are 27 major types of issues the drone app users complain about, (b) The top four complaints observed are Functional Error (27.9%), Device Compatibility (16.8%), Cost (16.2%) and Connection/Sync (15.6%), (c) The top four issues for which the UAV manufactures or Drone app developers provide feedback to user complaints are Functional Error (40.9%), Cost (33.3%), Device Compatibility (23.1%) and ConnectionSync (16%), (d) Developers respond to the most frequently occurring complaints rather than the most negatively impacting ones
Automatic Repair of Real Bugs: An Experience Report on the Defects4J Dataset
Defects4J is a large, peer-reviewed, structured dataset of real-world Java
bugs. Each bug in Defects4J is provided with a test suite and at least one
failing test case that triggers the bug. In this paper, we report on an
experiment to explore the effectiveness of automatic repair on Defects4J. The
result of our experiment shows that 47 bugs of the Defects4J dataset can be
automatically repaired by state-of- the-art repair. This sets a baseline for
future research on automatic repair for Java. We have manually analyzed 84
different patches to assess their real correctness. In total, 9 real Java bugs
can be correctly fixed with test-suite based repair. This analysis shows that
test-suite based repair suffers from under-specified bugs, for which trivial
and incorrect patches still pass the test suite. With respect to practical
applicability, it takes in average 14.8 minutes to find a patch. The experiment
was done on a scientific grid, totaling 17.6 days of computation time. All
their systems and experimental results are publicly available on Github in
order to facilitate future research on automatic repair
Understanding the Impact of Release Processes and Practices on Software Quality
LâingĂ©nierie de production (release engineering) englobe toutes les activitĂ©s visant à «construire un pipeline qui transforme le code source en un produit intĂ©grĂ©, compilĂ©, empaquetĂ©, testĂ© et signĂ© prĂȘt Ă ĂȘtre publier». La stratĂ©gie des production et les pratiques de publication peuvent avoir un impact sur la qualitĂ© dâun produit logiciel. Bien que cet impact ait Ă©tĂ© longuement discutĂ© et Ă©tudiĂ© dans la communautĂ© du gĂ©nie logiciel, il reste encore plusieurs
problĂšmes Ă rĂ©soudre. Cette thĂšse sâattaque Ă quelque-uns de ces problĂšmes non rĂ©soulus de lâingĂ©nierie de production
en vue de proposer des solutions. En particulier, nous investigons : 1) pourquoi les activités de révision de code (code review) peuvent rater des erreurs de code susceptibles
de causer des plantages (crashs); (2) comment prĂ©venir les bogues lors de lâapprobation et lâintĂ©gration des patches urgents; 3) dans un Ă©cosystĂšme logiciel, comment attĂ©nuer le risque de bogues dus Ă des injections de DLL. Nous avons choisi dâĂ©tudier ces problĂšmes car ils correspondent
Ă trois phases importantes des processus de production de logiciels, câest-Ă -dire la rĂ©vision de code, les patches urgents, et la publication de logiciels dans un Ă©cosystĂšme. Les solutions Ă ces problĂšmes peuvent aider les entreprises de logiciels Ă amĂ©liorer leur stratĂ©gie de production et de publication. Ce qui augmentera leur productivitĂ© de dĂ©veloppement et la qualitĂ© gĂ©nĂ©rale de leurs produits logiciels.----------ABSTRACT: Release engineering encompasses all the activities aimed at âbuilding a pipeline that transforms source code into an integrated, compiled, packaged, tested, and signed product that is ready for releaseâ. The strategy of the release processes and practices can impact the quality of a software artefact. Although such impact has been extensively discussed and studied in the software engineering community, there are still many pending issues to resolve. The goal of this thesis is to study and solve some of these pending issues. More specifically, we examine 1) why code review practices can miss crash-prone code; 2) how urgent patches (also called patch uplift) are approved to release and how to prevent regressions due to urgent patches; 3) in a software ecosystem, how to mitigate the risk of defects due to DLL
injections. We chose to study these problems because they correspond to three important phases of software release processes, i.e., code review, patch uplift, and releasing software in an ecosystem. The solutions of these problems can help software organizations improve their release strategy; increasing their development productivity and the overall user-perceived quality of their products
- âŠ