Guangtai Liang, Lingjing Wu, Qian Wu, Qianxiang Wang, Tao Xie, Hong Mei
{"title":"Automatic construction of an effective training set for prioritizing static analysis warnings","authors":"Guangtai Liang, Lingjing Wu, Qian Wu, Qianxiang Wang, Tao Xie, Hong Mei","doi":"10.1145/1858996.1859013","DOIUrl":"https://doi.org/10.1145/1858996.1859013","url":null,"abstract":"In order to improve ineffective warning prioritization of static analysis tools, various approaches have been proposed to compute a ranking score for each warning. In these approaches, an effective training set is vital in exploring which factors impact the ranking score and how. While manual approaches to build a training set can achieve high effectiveness but suffer from low efficiency (i.e., high cost), existing automatic approaches suffer from low effectiveness. In this paper, we propose an automatic approach for constructing an effective training set. In our approach, we select three categories of impact factors as input attributes of the training set, and propose a new heuristic for identifying actionable warnings to automatically label the training set. Our empirical evaluations show that the precision of the top 22 warnings for Lucene, 20 for ANT, and 6 for Spring can achieve 100% with the help of our constructed training set.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125387169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"RuMoR: monitoring and recovery for BPEL applications","authors":"J. Simmonds, M. Chechik","doi":"10.1145/1858996.1859068","DOIUrl":"https://doi.org/10.1145/1858996.1859068","url":null,"abstract":"We describe a RUntime MOnitoring and Recovery framework (RuMoR) for BPEL applications. Our tool checks for behavioral conformance with respect to a set of user-specified properties. When runtime violations are discovered, RuMoR automatically proposes and ranks recovery plans which users can then select for execution. These plans are generated using an adaptation of a SAT-based planning technique.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125887591","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"PlayGo: towards a comprehensive tool for scenario based programming","authors":"D. Harel, S. Maoz, Smadar Szekely, Daniel Barkan","doi":"10.1145/1858996.1859075","DOIUrl":"https://doi.org/10.1145/1858996.1859075","url":null,"abstract":"We present PlayGo, a comprehensive tool for scenario-based programming, built around the language of live sequence charts and the play-in/play-out approach [7], which includes a compiler into AspectJ code and means for debugging the execution. PlayGo is intended to be a full IDE that addresses major parts of the vision of Liberating Programming [3]. This paper presents the first version of PlayGo, which already includes several of the intended capabilities.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124775718","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Quentin Boucher, Andreas Classen, P. Heymans, Arnaud Bourdoux, L. Demonceau
{"title":"Tag and prune: a pragmatic approach to software product line implementation","authors":"Quentin Boucher, Andreas Classen, P. Heymans, Arnaud Bourdoux, L. Demonceau","doi":"10.1145/1858996.1859064","DOIUrl":"https://doi.org/10.1145/1858996.1859064","url":null,"abstract":"To realise variability at the code level, product line methods classically advocate usage of inheritance, components, frameworks, aspects or generative techniques. However, these might require unaffordable paradigm shifts for the developers if the software was not thought at the outset as a product line. Furthermore, these techniques can be conflicting with a company's coding practices or external regulations. These concerns were the motivation for the industry-university collaboration described in this paper where we develop a minimally intrusive coding technique based on tags. It is supported by a toolchain and is now in use in the partner company for the development of flight grade satellite communication software libraries.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131520700","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
T. Berger, S. She, R. Lotufo, A. Wąsowski, K. Czarnecki
{"title":"Variability modeling in the real: a perspective from the operating systems domain","authors":"T. Berger, S. She, R. Lotufo, A. Wąsowski, K. Czarnecki","doi":"10.1145/1858996.1859010","DOIUrl":"https://doi.org/10.1145/1858996.1859010","url":null,"abstract":"Variability models represent the common and variable features of products in a product line. Several variability modeling languages have been proposed in academia and industry; however, little is known about the practical use of such languages. We study and compare the constructs, semantics, usage and tools of two variability modeling languages, Kconfig and CDL. We provide empirical evidence for the real-world use of the concepts known from variability modeling research. Since variability models provide basis for automated tools (feature dependency checkers and product configurators), we believe that our findings will be of interest to variability modeling language and tool designers.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"534 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123098049","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kunal Taneja, Nuo Li, Madhuri R. Marri, Tao Xie, N. Tillmann
{"title":"MiTV: multiple-implementation testing of user-input validators for web applications","authors":"Kunal Taneja, Nuo Li, Madhuri R. Marri, Tao Xie, N. Tillmann","doi":"10.1145/1858996.1859019","DOIUrl":"https://doi.org/10.1145/1858996.1859019","url":null,"abstract":"User-input validators play an essential role in guarding a web application against application-level attacks. Hence, the security of the web application can be compromised by defective validators. To detect defects in validators, testing is one of the most commonly used methodologies. Testing can be performed by manually writing test inputs and oracles, but this manual process is often labor-intensive and ineffective. On the other hand, automated test generators cannot generate test oracles in the absence of specifications, which are often not available in practice. To address this issue in testing validators, we propose a novel approach, called MiTV, that applies Multiple-implementation Testing for Validators, i.e., comparin gthe behavior of a validator under test with other validators of the same type. These other validators of the same type can be collected from either open or proprietary source code repositories. To show the effectiveness of MiTV, we applied MiTV on 53 different validators (of 6 common types) for web applications. Our results show that MiTV detected real defects in 70% of the validators.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129679924","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Verification-driven slicing of UML/OCL models","authors":"Asadullah Shaikh, R. Clarisó, U. Wiil, N. Memon","doi":"10.1145/1858996.1859038","DOIUrl":"https://doi.org/10.1145/1858996.1859038","url":null,"abstract":"Model defects are a significant concern in the Model-Driven Development (MDD) paradigm, as model transformations and code generation may propagate errors to other notations where they are harder to detect and trace. Formal verification techniques can check the correctness of a model, but their high computational complexity can limit their scalability. In this paper, we consider a specific static model (UML class diagrams annotated with unrestricted OCL constraints) and a specific property to verify (satisfiability, i.e., \"is it possible to create objects without violating any constraint?\"). Current approaches to this problem have an exponential worst-case runtime. We propose a technique to improve their scalability by partitioning the original model into submodels (slices) which can be verified independently and where irrelevant information has been abstracted. The definition of the slicing procedure ensures that the property under verification is preserved after partitioning.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115058652","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Checking roundoff errors using counterexample-guided narrowing","authors":"Do Thi Bich Ngoc, Mizuhito Ogawa","doi":"10.1145/1858996.1859056","DOIUrl":"https://doi.org/10.1145/1858996.1859056","url":null,"abstract":"This paper proposes a counterexample-guided narrowing approach, which mutually refines analyses and testing if (possibly spurious) counterexamples are found. A prototype tool CANAT for checking roundoff errors between floating point and fixed point numbers is reported with preliminary experiments.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125165519","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Deviance from perfection is a better criterion than closeness to evil when identifying risky code","authors":"M. Kessentini, S. Vaucher, H. Sahraoui","doi":"10.1145/1858996.1859015","DOIUrl":"https://doi.org/10.1145/1858996.1859015","url":null,"abstract":"We propose an approach for the automatic detection of potential design defects in code. The detection is based on the notion that the more code deviates from good practices, the more likely it is bad. Taking inspiration from artificial immune systems, we generated a set of detectors that characterize different ways that a code can diverge from good practices. We then used these detectors to measure how far code in assessed systems deviates from normality. We evaluated our approach by finding potential defects in two open-source systems (Xerces-J and Gantt). We used the library JHotDraw as the code base representing good design/programming practices. In both systems, we found that 90% of the riskiest classes were defects, a precision far superiour to state of the art rule-based approaches.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128065600","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Symbolic PathFinder: symbolic execution of Java bytecode","authors":"C. Pasareanu, Neha Rungta","doi":"10.1145/1858996.1859035","DOIUrl":"https://doi.org/10.1145/1858996.1859035","url":null,"abstract":"Symbolic Pathfinder (SPF) combines symbolic execution with model checking and constraint solving for automated test case generation and error detection in Java programs with unspecified inputs. In this tool, programs are executed on symbolic inputs representing multiple concrete inputs. Values of variables are represented as constraints generated from the analysis of Java bytecode. The constraints are solved using off-the shelf solvers to generate test inputs guaranteed to achieve complex coverage criteria. SPF has been used successfully at NASA, in academia, and in industry.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115405427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}