发布求助
文献互助 智能选刊 最新文献

2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)最新文献

筛选
英文 中文
What Happens When We Fuzz? Investigating OSS-Fuzz Bug History
2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR) Pub Date : 2023-05-01 DOI: 10.1109/MSR59073.2023.00038
Brandon N. Keller, Andrew Meneely, Benjamin S. Meyers
{"title":"What Happens When We Fuzz? Investigating OSS-Fuzz Bug History","authors":"Brandon N. Keller, Andrew Meneely, Benjamin S. Meyers","doi":"10.1109/MSR59073.2023.00038","DOIUrl":"https://doi.org/10.1109/MSR59073.2023.00038","url":null,"abstract":"BACKGROUND: Software engineers must be vigilant in preventing and correcting vulnerabilities and other critical bugs. In servicing this need, numerous tools and techniques have been developed to assist developers. Fuzzers, by autonomously generating inputs to test programs, promise to save time by detecting memory corruption, input handling, exception cases, and other issues.AIMS: The goal of this work is to empower developers to prioritize their quality assurance by analyzing the history of bugs generated by OSS-Fuzz. Specifically, we examined what has happened when a project adopts fuzzing as a quality assurance practice by measuring bug lifespans, learning opportunities, and bug types.METHOD: We analyzed 44,102 reported issues made public by OSS-Fuzz prior to March 12, 2022. We traced the Git commit ranges reported by repeated fuzz testing to the source code repositories to identify how long fuzzing bugs remained in the system, who fixes these bugs, and what types of problems fuzzers historically have found. We identified the bug-contributing commits to estimate when the bug containing code was introduced, and measure the timeline from introduction to detection to fix.RESULTS: We found that bugs detected in OSS-Fuzz have a median lifespan of 324 days, but that bugs, once detected, only remain unaddressed for a median of 2 days. Further, we found that of the 8,099 issues for which a source committing author can be identified, less than half (45.9%) of issues were fixed by the same author that introduced the bug.CONCLUSIONS: The results show that fuzzing can be used to makes a positive impact on a project that takes advantage in terms of their ability to address bugs in a time frame conducive to fixing mistakes prior to a product release. However, the rate at which we find authors are not correcting their own errors suggests that not all developers are benefiting from the learning opportunities provided by fuzzing feedback.","PeriodicalId":317960,"journal":{"name":"2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127771669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Message from the MSR 2023 General and Program Co-Chairs 来自MSR 2023总主席和项目联合主席的信息
2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR) Pub Date : 2023-05-01 DOI: 10.1109/msr59073.2023.00005
{"title":"Message from the MSR 2023 General and Program Co-Chairs","authors":"","doi":"10.1109/msr59073.2023.00005","DOIUrl":"https://doi.org/10.1109/msr59073.2023.00005","url":null,"abstract":"","PeriodicalId":317960,"journal":{"name":"2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131045538","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Phylogenetic Analysis of Reticulate Software Evolution 网状软件进化的系统发育分析
2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR) Pub Date : 2023-05-01 DOI: 10.1109/MSR59073.2023.00074
A. Mori, M. Hashimoto
{"title":"Phylogenetic Analysis of Reticulate Software Evolution","authors":"A. Mori, M. Hashimoto","doi":"10.1109/MSR59073.2023.00074","DOIUrl":"https://doi.org/10.1109/MSR59073.2023.00074","url":null,"abstract":"In this paper, we apply techniques from phylogenetics for uncovering evolutionary dependencies among software versions. Phylogenetics is a part of computational molecular biology that addresses the inference of evolution among organisms based on differences/similarities in DNA sequences and morphology. We apply a tree differencing technique to abstract syntax trees to calculate a distance matrix, which is then used by a distance-based phylogenetic algorithm to infer an evolution network. Such a network allows us to identify merging and branching among versions without manually looking into the details of the source code. Experiments on ancient versions of the Emacs editor and the open source 3D printer firmware show that we can reproduce the evolution of the software and identify code import/merging across different lineages. We also discuss how the techniques identify the feature models among software variations. To the best of our knowledge, this paper is the first to report on a reticulate phylogenetic analysis of the software. It may offer a helpful method for gaining information on the evolution of the software.","PeriodicalId":317960,"journal":{"name":"2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133885436","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Message from the MSR 2023 Tutorials Co-Chairs 来自MSR 2023教程联合主席的信息
2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR) Pub Date : 2023-05-01 DOI: 10.1109/msr59073.2023.00011
{"title":"Message from the MSR 2023 Tutorials Co-Chairs","authors":"","doi":"10.1109/msr59073.2023.00011","DOIUrl":"https://doi.org/10.1109/msr59073.2023.00011","url":null,"abstract":"","PeriodicalId":317960,"journal":{"name":"2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122435819","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Evolution of the Practice of Software Testing in Java Projects Java项目中软件测试实践的演变
2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR) Pub Date : 2023-05-01 DOI: 10.1109/MSR59073.2023.00057
Anisha Islam, N. Hewage, A. A. Bangash, Abram Hindle
{"title":"Evolution of the Practice of Software Testing in Java Projects","authors":"Anisha Islam, N. Hewage, A. A. Bangash, Abram Hindle","doi":"10.1109/MSR59073.2023.00057","DOIUrl":"https://doi.org/10.1109/MSR59073.2023.00057","url":null,"abstract":"Software testing helps developers minimize bugs and errors in their code, improving the overall software quality. In 2013, Kochhar et al. analyzed 20,817 software projects in order to study how prevalent the practice of software testing is in open-source projects. They found that projects with more lines of code (LOC) and projects with more developers tend to have more test cases. Additionally, they found a weak positive correlation between the number of test cases and the number of bugs. Since the conclusions of a study might become irrelevant over time because of the latest practices in the relevant fields, in this paper, we investigate if these conclusions remain valid if we re-evaluate Kochhar et al.’s findings on the Java projects that were developed from 2012 to 2021. For evaluation, we use a random sample of 20,000 open-source Java projects each year. Our results show that Kochhar et al.’s conclusions regarding the projects with test cases having more LOC, the weak positive correlation between the number of test cases and authors, and the weak positive correlation between the number of test cases and bugs remain stable until 2021. Our study corroborates Kochhar et al.’s conclusions and helps developers refocus in light of the latest findings regarding the practice of software testing.","PeriodicalId":317960,"journal":{"name":"2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121792966","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The Atlassian Data Lake: consolidating enriched software development data in a single, queryable system Atlassian数据湖:将丰富的软件开发数据整合到一个可查询的系统中
2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR) Pub Date : 2023-05-01 DOI: 10.1109/MSR59073.2023.00045
A. Friedman, Rohan Dhupelia, Ben Jackson
{"title":"The Atlassian Data Lake: consolidating enriched software development data in a single, queryable system","authors":"A. Friedman, Rohan Dhupelia, Ben Jackson","doi":"10.1109/MSR59073.2023.00045","DOIUrl":"https://doi.org/10.1109/MSR59073.2023.00045","url":null,"abstract":"Software teams are under continuous pressure to work effectively and achieve a high bar of performance. The data contained within software development lifecycle tools presents the opportunity to obtain visibility into DevOps metrics [12] , Flow metrics [17] , and other signals that provide insights into team effectiveness [14] . Such tool-based data can complement other information sources, such as employee surveys, towards a comprehensive picture of organization and team health [13] . Moreover, managing work across multiple teams requires a high level of visibility into the work of those teams, to inform decisions on team velocity, resource allocation, and return on investment. Since much of the work is conducted in software development tools, they are an essential source for consolidating and presenting a clear picture of that work. As organizations strive to rip the benefits that location flexibility offers for employee outcomes [3] and shift to hybrid or remote work, the reliance on software development tools to obtain that level of visibility is likely to increase.","PeriodicalId":317960,"journal":{"name":"2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)","volume":"300 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131764229","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Tell Me Who Are You Talking to and I Will Tell You What Issues Need Your Skills 告诉我你在和谁说话,我会告诉你哪些问题需要你的技能
2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR) Pub Date : 2023-05-01 DOI: 10.1109/MSR59073.2023.00087
Fábio Santos, Jacob Penney, J. F. Pimentel, I. Wiese, Igor Steinmacher, M. Gerosa
{"title":"Tell Me Who Are You Talking to and I Will Tell You What Issues Need Your Skills","authors":"Fábio Santos, Jacob Penney, J. F. Pimentel, I. Wiese, Igor Steinmacher, M. Gerosa","doi":"10.1109/MSR59073.2023.00087","DOIUrl":"https://doi.org/10.1109/MSR59073.2023.00087","url":null,"abstract":"Selecting an appropriate task is challenging for newcomers to Open Source Software (OSS) projects. To facilitate task selection, researchers and OSS projects have leveraged machine learning techniques, historical information, and textual analysis to label tasks (a.k.a. issues) with information such as the issue type and domain. These approaches are still far from mainstream adoption, possibly because of a lack of good predictors. Inspired by previous research, we advocate that label prediction might benefit from leveraging metrics derived from communication data and social network analysis (SNA) for issues in which social interaction occurs. Thus, we study how these \"social metrics\" can improve the automatic labeling of open issues with API domains—categories of APIs used in the source code that solves the issue—which the literature shows that newcomers to the project consider relevant for task selection. We mined data from OSS projects’ repositories and organized it in periods to reflect the seasonality of the contributors’ project participation. We replicated metrics from previous work and added social metrics to the corpus to predict API-domain labels. Social metrics improved the performance of the classifiers compared to using only the issue description text in terms of precision, recall, and F-measure. Precision (0.922) increased by 15.82% and F-measure (0.942) by 15.89% for a project with high social activity. These results indicate that social metrics can help capture the patterns of social interactions in a software project and improve the labeling of issues in an issue tracker.","PeriodicalId":317960,"journal":{"name":"2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131780637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Determining Open Source Project Boundaries 确定开源项目的边界
2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR) Pub Date : 2023-05-01 DOI: 10.1109/msr59073.2023.00076
Sophia Vargas
{"title":"Determining Open Source Project Boundaries","authors":"Sophia Vargas","doi":"10.1109/msr59073.2023.00076","DOIUrl":"https://doi.org/10.1109/msr59073.2023.00076","url":null,"abstract":"While open source ecosystems have fluid membership by nature, explicit boundaries are necessary to conduct research and analysis around projects and their communities as these exercises require a set number of sources to count as part of this effort. The ideal solution to this problem would provide researchers and analysts with a common approach to identify what is part of or affiliated with a project community and ecosystem.","PeriodicalId":317960,"journal":{"name":"2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)","volume":"124 10","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120980244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Message from the MSR 2023 Data and Tool Showcase Track Co-Chairs 来自MSR 2023数据和工具展示轨道联合主席的讲话
2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR) Pub Date : 2023-05-01 DOI: 10.1109/msr59073.2023.00006
{"title":"Message from the MSR 2023 Data and Tool Showcase Track Co-Chairs","authors":"","doi":"10.1109/msr59073.2023.00006","DOIUrl":"https://doi.org/10.1109/msr59073.2023.00006","url":null,"abstract":"","PeriodicalId":317960,"journal":{"name":"2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)","volume":"112 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133774612","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
microSecEnD: A Dataset of Security-Enriched Dataflow Diagrams for Microservice Applications microSecEnD:用于微服务应用程序的安全增强数据流图数据集
2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR) Pub Date : 2023-05-01 DOI: 10.1109/MSR59073.2023.00030
S. Schneider, Tufan Özen, Michael Chen, R. Scandariato
{"title":"microSecEnD: A Dataset of Security-Enriched Dataflow Diagrams for Microservice Applications","authors":"S. Schneider, Tufan Özen, Michael Chen, R. Scandariato","doi":"10.1109/MSR59073.2023.00030","DOIUrl":"https://doi.org/10.1109/MSR59073.2023.00030","url":null,"abstract":"Dataflow diagrams (DFDs) are useful resources in securing applications since they show a software system’s architecture and allow assessing architectural security and weaknesses. Enriching them with annotations about implemented security features further strengthens this ability. This is especially true for microservice applications, as their most pressing security concerns stem from their separation into multiple services. Researchers need data to work on these issues and enhance microservices’ architectural security. In this work, we present microSecEnD, a dataset of 17 manually created DFDs that are extensively annotated with information on implemented security features. We provide traceability for all model items. Further, a mapping to a list of 17 architectural security best-practices is provided. Finally, for each best-practice that an application violates, we present a model variant that does adhere to it.","PeriodicalId":317960,"journal":{"name":"2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130715134","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信