623 research outputs found
A Fine-Grained Approach for Automated Conversion of JUnit Assertions to English
Converting source or unit test code to English has been shown to improve the
maintainability, understandability, and analysis of software and tests. Code
summarizers identify important statements in the source/tests and convert them
to easily understood English sentences using static analysis and NLP
techniques. However, current test summarization approaches handle only a subset
of the variation and customization allowed in the JUnit assert API (a critical
component of test cases) which may affect the accuracy of conversions. In this
paper, we present our work towards improving JUnit test summarization with a
detailed process for converting a total of 45 unique JUnit assertions to
English, including 37 previously-unhandled variations of the assertThat method.
This process has also been implemented and released as the AssertConvert tool.
Initial evaluations have shown that this tool generates English conversions
that accurately represent a wide variety of assertion statements which could be
used for code summarization or other NLP analyses.Comment: In Proceedings of the 4th ACM SIGSOFT International Workshop on NLP
for Software Engineering (NL4SE 18), November 4, 2018, Lake Buena Vista, FL,
USA. ACM, New York, NY, USA, 4 page
The State of Practice for Security Unit Testing: Towards Data Driven Strategies to Shift Security into Developer\u27s Automated Testing Workflows
The pressing need to “shift security left” in the software development lifecycle has motivated efforts to adapt the iterative and continuous process models used in practice today. Security unit testing is praised by practitioners and recommended by expert groups, usually in the context of DevSecOps and achieving “continuous security”. In addition to vulnerability testing and standards adherence, this technique can help developers verify that security controls are implemented correctly, i.e. functional security testing. Further, the means by which security unit testing can be integrated into developer workflows is unique from other standalone tools as it is an adaptation of practices and infrastructure developers are already familiar with. Yet, software engineering researchers have so far failed to include this technique in their empirical studies on secure development and little is known about the state of practice for security unit testing. This dissertation is motivated by the disconnect between promotion of security unit testing and the lack of empirical evidence on how it is and can be applied. The goal of this work was to address the disconnect towards identifying actionable strategies to promote wider adoption and mitigate observed challenges. Three mixed-method empirical studies were conducted wherein practitioner-authored unit test code, Q&A posts, and grey literature were analyzed through three lenses: Practices (what they do), Perspectives and Guidelines (what and how they think it should be done), and Pain Points (what challenges they face) to incorporate both technical and human factors of this phenomena. Accordingly, this work contributes novel and important insights into how developers write functional unit tests for at least nine security controls, including a taxonomy of 53 authentication unit test cases derived from real code and a detailed analysis of seven unique pain points that developers seek help with from peers on Q&A sites. Recommendations given herein for conducting and adopting security unit testing, including mitigating challenges and addressing gaps between available and needed support, are grounded in the guidelines and perspectives on the benefits, limitations, use cases, and integration strategies shared in grey literature authored by practitioners
Groundwater nutrient availability controls on nearshore benthic community structure in Biscayne Bay, Florida
Most studies have focused on nutrient inputs from rivers, atmosphere, and nonpoint runoff. One often overlooked source of nutrient loading is submarine groundwater discharge. For this reason, a 207 site survey and four transects were established to document spatial distribution of macrophytes, quantify potential groundwater discharge and associated nutrient concentrations, estimate water column nutrient concentrations, and relate nutrient availability to seagrass stoichiometry. A significant decline in Thalassia testudinum and an associated increase in Halodule wrightii were significantly correlated with decreased salinity and increased ammonium and total phosphorus concentrations from surface and groundwater. Total phosphorus loading from groundwater was estimated to be 2.55 metric tons y-1 in the Black Point area, almost half the phosphorus load to all of southern Biscayne Bay from the canals. These findings indicate that nutrients in groundwater are important in determining seagrass community structure and spatial distribution in the shallow waters of Biscayne Bay
Did You Remember to Test Your Tokens?
Authentication is a critical security feature for confirming the identity of
a system's users, typically implemented with help from frameworks like Spring
Security. It is a complex feature which should be robustly tested at all stages
of development. Unit testing is an effective technique for fine-grained
verification of feature behaviors that is not widely-used to test
authentication. Part of the problem is that resources to help developers unit
test security features are limited. Most security testing guides recommend test
cases in a "black box" or penetration testing perspective. These resources are
not easily applicable to developers writing new unit tests, or who want a
security-focused perspective on coverage.
In this paper, we address these issues by applying a grounded theory-based
approach to identify common (unit) test cases for token authentication through
analysis of 481 JUnit tests exercising Spring Security-based authentication
implementations from 53 open source Java projects. The outcome of this study is
a developer-friendly unit testing guide organized as a catalog of 53 test cases
for token authentication, representing unique combinations of 17 scenarios, 40
conditions, and 30 expected outcomes learned from the data set in our analysis.
We supplement the test guide with common test smells to avoid. To verify the
accuracy and usefulness of our testing guide, we sought feedback from selected
developers, some of whom authored unit tests in our dataset.Comment: In 17th International Conference on Mining Software Repositories
(MSR) 2020, Technical Track, Virtual. 11 page
Using forced alignment for sociophonetic research on a minority language
Until recently, large-scale phonetic analyses have been out of reach for under-documented languages, but with the advent of methodologies such as forced alignment, they have now become possible. This paper describes a methodology for applying forced alignment (using the Montreal Forced Aligner) to a speech corpus of Matukar Panau, a minority language spoken in Papua New Guinea. We obtained measurements for 68,785 vowel tokens, produced in both narrative and conversational data by 34 speakers. We examined the social conditioning on a subset of these vowels according to traditional sociolinguistic categories of age and gender, and also consider the impact of clan as a major axis of organization in this community. We show that there is a role for clan as a sociolinguistic factor in conditioning the variation observed
- …