31 research outputs found
Automatically Discovering, Reporting and Reproducing Android Application Crashes
Mobile developers face unique challenges when detecting and reporting crashes
in apps due to their prevailing GUI event-driven nature and additional sources
of inputs (e.g., sensor readings). To support developers in these tasks, we
introduce a novel, automated approach called CRASHSCOPE. This tool explores a
given Android app using systematic input generation, according to several
strategies informed by static and dynamic analyses, with the intrinsic goal of
triggering crashes. When a crash is detected, CRASHSCOPE generates an augmented
crash report containing screenshots, detailed crash reproduction steps, the
captured exception stack trace, and a fully replayable script that
automatically reproduces the crash on a target device(s). We evaluated
CRASHSCOPE's effectiveness in discovering crashes as compared to five
state-of-the-art Android input generation tools on 61 applications. The results
demonstrate that CRASHSCOPE performs about as well as current tools for
detecting crashes and provides more detailed fault information. Additionally,
in a study analyzing eight real-world Android app crashes, we found that
CRASHSCOPE's reports are easily readable and allow for reliable reproduction of
crashes by presenting more explicit information than human written reports.Comment: 12 pages, in Proceedings of 9th IEEE International Conference on
Software Testing, Verification and Validation (ICST'16), Chicago, IL, April
10-15, 2016, pp. 33-4
An exploratory study of bug-introducing changes: what happens when bugs are introduced in open source software?
Context: Many studies consider the relation between individual aspects and
bug-introduction, e.g., software testing and code review. Due to the design of
the studies the results are usually only about correlations as interactions or
interventions are not considered.
Objective: Within this study, we want to narrow this gap and provide a broad
empirical view on aspects of software development and their relation to
bug-introducing changes.
Method: We consider the bugs, the type of work when the bug was introduced,
aspects of the build process, code review, software tests, and any other
discussion related to the bug that we can identify. We use a qualitative
approach that first describes variables of the development process and then
groups the variables based on their relations. From these groups, we can induce
how their (pair-wise) interactions affect bug-introducing changes.Comment: Registered Report with Continuity Acceptance (CA) for submission to
Empirical Software Engineering granted by RR-Committee of the MSR'2
Contravention of regulatory provisions in public procurement to the common rules of the Administrative General Procedure Law Single Ordered Text
El Texto Único Ordenado de la Ley del Procedimiento Administrativo General (TUO de la LPAG) es calificado, en la actualidad, como una norma común. Esto implica que los procedimientos administrativos especiales, regulados por ley o reglamento, no pueden apartarse de las reglas y principios establecidos en el mismo TUO de la LPAG. Es asà que, a partir de la premisa mencionada, el presente artÃculo tiene por objetivo poner en evidencia que existen disposiciones del régimen del procedimiento administrativo sancionador en la normativa de contrataciones del Estado que contravienen manifiestamente el referido régimen común
On Using Information Retrieval to Recommend Machine Learning Good Practices for Software Engineers
Machine learning (ML) is nowadays widely used for different purposes and in
several disciplines. From self-driving cars to automated medical diagnosis,
machine learning models extensively support users' daily activities, and
software engineering tasks are no exception. Not embracing good ML practices
may lead to pitfalls that hinder the performance of an ML system and
potentially lead to unexpected results. Despite the existence of documentation
and literature about ML best practices, many non-ML experts turn towards gray
literature like blogs and Q&A systems when looking for help and guidance when
implementing ML systems. To better aid users in distilling relevant knowledge
from such sources, we propose a recommender system that recommends ML practices
based on the user's context. As a first step in creating a recommender system
for machine learning practices, we implemented Idaka. A tool that provides two
different approaches for retrieving/generating ML best practices: i) an
information retrieval (IR) engine and ii) a large language model. The IR-engine
uses BM25 as the algorithm for retrieving the practices, and a large language
model, in our case Alpaca. The platform has been designed to allow comparative
studies of best practices retrieval tools. Idaka is publicly available at
GitHub: https://bit.ly/idaka. Video: https://youtu.be/cEb-AhIPxnM.Comment: Accepted for Publication at ESEC/FSE demonstrations trac
Exploring the Security Awareness of the Python and JavaScript Open Source Communities
Software security is undoubtedly a major concern in today's software
engineering. Although the level of awareness of security issues is often high,
practical experiences show that neither preventive actions nor reactions to
possible issues are always addressed properly in reality. By analyzing large
quantities of commits in the open-source communities, we can categorize the
vulnerabilities mitigated by the developers and study their distribution,
resolution time, etc. to learn and improve security management processes and
practices. With the help of the Software Heritage Graph Dataset, we
investigated the commits of two of the most popular script languages -- Python
and JavaScript -- projects collected from public repositories and identified
those that mitigate a certain vulnerability in the code (i.e. vulnerability
resolution commits). On the one hand, we identified the types of
vulnerabilities (in terms of CWE groups) referred to in commit messages and
compared their numbers within the two communities. On the other hand, we
examined the average time elapsing between the publish date of a vulnerability
and the first reference to it in a commit. We found that there is a large
intersection in the vulnerability types mitigated by the two communities, but
most prevalent vulnerabilities are specific to language. Moreover, neither the
JavaScript nor the Python community reacts very fast to appearing security
vulnerabilities in general with only a couple of exceptions for certain CWE
groups.Comment: 17th International Conference on Mining Software Repositorie
El valor de las series de tiempo de acciones: un estado del arte de técnicas computacionales para la generación de expectativas en portafolios de inversión
El proceso de selección de portafolio ha dado origen a diferentes modelos, orientados a optimizar el conjunto de ti-tulos valor disponibles para un inversionista, con base en diferentes criterios de decisión tales como el riesgo, el re-torno esperado, horizonte de planeación, entre otros. El enfoque clásico de estos modelos cubre las dos fases del proceso de selección de portafolio, y está definido por disciplinas tales como la econometrÃa, el análisis técnico y las finanzas corporativas. Pero el nacimiento de la computación financiera define el uso de nuevas técnicas bajo la necesidad del procesamiento automático de grandes volúmenes de información. Este artÃculo es un estado del arte de esas nuevas técnicas, desde el punto de vista de la ingenierÃa de sistemas y sus modelos computacionales, apli-cados particularmente a la generación de expectativas de inversión en portafolios.Selecting an investment portfolio has inspired several models aimed at optimising the set of securities which an in-vesttor may select according to a number of specific decision criteria such as risk, expected return and planning hori-zon. The classical approach has been developed for supporting the two stages of portfolio selection and is supported by disciplines such as econometrics, technical analysis and corporative finance. However, with the emerging field of computational finance, new and interesting techniques have arisen in line with the need for the automatic processing of vast volumes of information. This paper surveys such new techniques which belong to the body of knowledge con-cerning computing and systems engineering, focusing on techniques particularly aimed at producing beliefs regar-ding investment portfolios
Efficiently Manifesting Asynchronous Programming Errors in Android Apps
Android, the #1 mobile app framework, enforces the single-GUI-thread model,
in which a single UI thread manages GUI rendering and event dispatching. Due to
this model, it is vital to avoid blocking the UI thread for responsiveness. One
common practice is to offload long-running tasks into async threads. To achieve
this, Android provides various async programming constructs, and leaves
developers themselves to obey the rules implied by the model. However, as our
study reveals, more than 25% apps violate these rules and introduce
hard-to-detect, fail-stop errors, which we term as aysnc programming errors
(APEs). To this end, this paper introduces APEChecker, a technique to
automatically and efficiently manifest APEs. The key idea is to characterize
APEs as specific fault patterns, and synergistically combine static analysis
and dynamic UI exploration to detect and verify such errors. Among the 40
real-world Android apps, APEChecker unveils and processes 61 APEs, of which 51
are confirmed (83.6% hit rate). Specifically, APEChecker detects 3X more APEs
than the state-of-art testing tools (Monkey, Sapienz and Stoat), and reduces
testing time from half an hour to a few minutes. On a specific type of APEs,
APEChecker confirms 5X more errors than the data race detection tool,
EventRacer, with very few false alarms