Automated Change Rule Inference for Distance-Based API Misuse Detection

Developers build on Application Programming Interfaces (APIs) to reuse existing functionalities of code libraries. Despite the benefits of reusing established libraries (e.g., time savings, high quality), developers may diverge from the API's intended usage; potentially causing bugs or, more specifically, API misuses. Recent research focuses on developing techniques to automatically detect API misuses, but many suffer from a high false-positive rate. In this article, we improve on this situation by proposing ChaRLI (Change RuLe Inference), a technique for automatically inferring change rules from developers' fixes of API misuses based on API Usage Graphs (AUGs). By subsequently applying graph-distance algorithms, we use change rules to discriminate API misuses from correct usages. This allows developers to reuse others' fixes of an API misuse at other code locations in the same or another project. We evaluated the ability of change rules to detect API misuses based on three datasets and found that the best mean relative precision (i.e., for testable usages) ranges from 77.1 % to 96.1 % while the mean recall ranges from 0.007 % to 17.7 % for individual change rules. These results underpin that ChaRLI and our misuse detection are helpful complements to existing API misuse detectors

Trajectory Description Conception for Industrial Robots

International audienceIn this paper we observe the difficulties one can face when using different MPLs (Motion Planning Library) in a single application, and propose a new conception and a language which goal is to solve these problems. The idea is to present an interface between robot programming instruments and MPLs. Our goal is to provide a powerful tool for developers of software approaches for programming industrial robots that would allow an easy combination of different MPLs in one application. In addition the proposed conception hides the inner structure of libraries and eliminates the need to investigate algorithms before applying. That would increase the speed and the quality of the newly developed software systems

Probabilistic Model-Based Safety Analysis

Model-based safety analysis approaches aim at finding critical failure combinations by analysis of models of the whole system (i.e. software, hardware, failure modes and environment). The advantage of these methods compared to traditional approaches is that the analysis of the whole system gives more precise results. Only few model-based approaches have been applied to answer quantitative questions in safety analysis, often limited to analysis of specific failure propagation models, limited types of failure modes or without system dynamics and behavior, as direct quantitative analysis is uses large amounts of computing resources. New achievements in the domain of (probabilistic) model-checking now allow for overcoming this problem. This paper shows how functional models based on synchronous parallel semantics, which can be used for system design, implementation and qualitative safety analysis, can be directly re-used for (model-based) quantitative safety analysis. Accurate modeling of different types of probabilistic failure occurrence is shown as well as accurate interpretation of the results of the analysis. This allows for reliable and expressive assessment of the safety of a system in early design stages

Formale Methoden und Sicherheitsanalyse

Sicherheitsanalysetechniken wurden in den Ingenieurwissenschaften schon in den 60iger Jahren für technische Systeme entwickelt. Inzwischen sind aber nicht nur Hardware-Komponenten für die Sicherheit technischer Systeme verantwortlich, sondern in zunehmenden Maße wird die steuernde Software zu einem sicherheitskritischen Faktor. Formale Methoden wurden für den Nachweis der Korrektheit von Softwarekomponenten entwickelt. Es wird eine durchgängige Methode für die sicherheitstechnische Analyse softwarebasierter Systeme gezeigt, die durch Integration von Sicherheitsanalysetechniken und formalen Methoden entsteht. Die resultierende formale Sicherheitsanalyse erlaubt zum Einen die Korrektheits- und Vollständigkeitsprüfung der Sicherheitsanalyse und zum Anderen die Beurteilung der Systemsicherheit bei Komponentenausfällen. Damit erhalten wir Systeme, für die sowohl korrektes Funktionieren als auch Sicherheit bei Komponentenausfällen garantiert ist

Failure-Sensitive Specification: A formal method for finding failure modes

We present a relational technique to write formal specifications which not only say what the system is intended to do but also in which ways it might misbehave because of damage or other failure. For this kind of specifications we use the term failure-sensitive. Specifications are given by sets of rules out of which a complete list of failure modes for the system can be constructed. Most classical specification techniques concentrate on the intended behavior only. Knowing a complete set of failure modes of a component is of major importance for many safety analysis techniques such as Fault Tree Analysis, Failure Modes and Effects Analysis etc. that are widely used in engineering sciences for the development of high assurance safety critical systems. The contribution of this paper is a method for systematically constructing the failure modes of a system hand-in-hand with its specification. Furthermore, if the intended behavior is given by a (non failure-sensitive) formal specification, we can even formally verify the completeness of the list of failure modes. We illustrate the method with three simple examples

Formal safety analysis in transportation control

Formal safety analysis in transportation control / A. Thums and F. Ortmeier. - In: International Workshop on Software Specification of Safety Relevant Transportation Control Tasks : International Workshop on Software Specification of Safety Relevant Transportation Control Tasks : 23 - 24 April 2002, Braunschweig / Eckehard Schnieder, (ed.). - Düsseldorf : VDI-Verl., 2003. - (Fortschrittberichte VDI : Reihe 12, Verkehrstechnik, Fahrzeugtechnik ; 535

Formale Sicherheitsanalyse

Formale Sicherheitsanalyse. - Berlin : Logos-Verl., 2006. - 180 S. - Zugl.: Augsburg, Univ., Diss., 200

Formal safety analysis in transportation control

Formal safety analysis in transportation control / A. Thums and F. Ortmeier. - In: International Workshop on Software Specification of Safety Relevant Transportation Control Tasks : International Workshop on Software Specification of Safety Relevant Transportation Control Tasks : 23 - 24 April 2002, Braunschweig / Eckehard Schnieder, (ed.). - Düsseldorf : VDI-Verl., 2003. - (Fortschrittberichte VDI : Reihe 12, Verkehrstechnik, Fahrzeugtechnik ; 535

Safety optimization: a combination of fault tree analysis and optimization techniques

We present a new form of quantitative safety analysis - safety optimization. This method is a combination of fault tree analysis (FTA) and mathematical optimization techniques. With the use of the results of FTA, statistics, and a quantification of the costs of hazards, it allows to find the optimal configuration of a given system with respect to opposed safety requirements. Furthermore, the system may not only be examined for safety, but usability as well. We illustrate this method on a real-world case study: the height control system of the Elbtunnel in Hamburg. Safety optimization showed some significant problems in trustworthiness of the system, yielded optimal values for configuration of free parameters and showed possible modifications to improve the system