Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering最新文献

筛选
英文 中文
Automatic construction of an effective training set for prioritizing static analysis warnings 静态分析警告优先级的有效训练集的自动构建
Guangtai Liang, Lingjing Wu, Qian Wu, Qianxiang Wang, Tao Xie, Hong Mei
{"title":"Automatic construction of an effective training set for prioritizing static analysis warnings","authors":"Guangtai Liang, Lingjing Wu, Qian Wu, Qianxiang Wang, Tao Xie, Hong Mei","doi":"10.1145/1858996.1859013","DOIUrl":"https://doi.org/10.1145/1858996.1859013","url":null,"abstract":"In order to improve ineffective warning prioritization of static analysis tools, various approaches have been proposed to compute a ranking score for each warning. In these approaches, an effective training set is vital in exploring which factors impact the ranking score and how. While manual approaches to build a training set can achieve high effectiveness but suffer from low efficiency (i.e., high cost), existing automatic approaches suffer from low effectiveness. In this paper, we propose an automatic approach for constructing an effective training set. In our approach, we select three categories of impact factors as input attributes of the training set, and propose a new heuristic for identifying actionable warnings to automatically label the training set. Our empirical evaluations show that the precision of the top 22 warnings for Lucene, 20 for ANT, and 6 for Spring can achieve 100% with the help of our constructed training set.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125387169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
RuMoR: monitoring and recovery for BPEL applications 谣言:BPEL应用程序的监控和恢复
J. Simmonds, M. Chechik
{"title":"RuMoR: monitoring and recovery for BPEL applications","authors":"J. Simmonds, M. Chechik","doi":"10.1145/1858996.1859068","DOIUrl":"https://doi.org/10.1145/1858996.1859068","url":null,"abstract":"We describe a RUntime MOnitoring and Recovery framework (RuMoR) for BPEL applications. Our tool checks for behavioral conformance with respect to a set of user-specified properties. When runtime violations are discovered, RuMoR automatically proposes and ranks recovery plans which users can then select for execution. These plans are generated using an adaptation of a SAT-based planning technique.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125887591","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
PlayGo: towards a comprehensive tool for scenario based programming PlayGo:面向基于场景的编程的综合工具
D. Harel, S. Maoz, Smadar Szekely, Daniel Barkan
{"title":"PlayGo: towards a comprehensive tool for scenario based programming","authors":"D. Harel, S. Maoz, Smadar Szekely, Daniel Barkan","doi":"10.1145/1858996.1859075","DOIUrl":"https://doi.org/10.1145/1858996.1859075","url":null,"abstract":"We present PlayGo, a comprehensive tool for scenario-based programming, built around the language of live sequence charts and the play-in/play-out approach [7], which includes a compiler into AspectJ code and means for debugging the execution. PlayGo is intended to be a full IDE that addresses major parts of the vision of Liberating Programming [3]. This paper presents the first version of PlayGo, which already includes several of the intended capabilities.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124775718","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 48
Tag and prune: a pragmatic approach to software product line implementation 标记和修剪:软件产品线实现的实用方法
Quentin Boucher, Andreas Classen, P. Heymans, Arnaud Bourdoux, L. Demonceau
{"title":"Tag and prune: a pragmatic approach to software product line implementation","authors":"Quentin Boucher, Andreas Classen, P. Heymans, Arnaud Bourdoux, L. Demonceau","doi":"10.1145/1858996.1859064","DOIUrl":"https://doi.org/10.1145/1858996.1859064","url":null,"abstract":"To realise variability at the code level, product line methods classically advocate usage of inheritance, components, frameworks, aspects or generative techniques. However, these might require unaffordable paradigm shifts for the developers if the software was not thought at the outset as a product line. Furthermore, these techniques can be conflicting with a company's coding practices or external regulations. These concerns were the motivation for the industry-university collaboration described in this paper where we develop a minimally intrusive coding technique based on tags. It is supported by a toolchain and is now in use in the partner company for the development of flight grade satellite communication software libraries.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131520700","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 37
Variability modeling in the real: a perspective from the operating systems domain 真实的可变性建模:来自操作系统领域的一个视角
T. Berger, S. She, R. Lotufo, A. Wąsowski, K. Czarnecki
{"title":"Variability modeling in the real: a perspective from the operating systems domain","authors":"T. Berger, S. She, R. Lotufo, A. Wąsowski, K. Czarnecki","doi":"10.1145/1858996.1859010","DOIUrl":"https://doi.org/10.1145/1858996.1859010","url":null,"abstract":"Variability models represent the common and variable features of products in a product line. Several variability modeling languages have been proposed in academia and industry; however, little is known about the practical use of such languages. We study and compare the constructs, semantics, usage and tools of two variability modeling languages, Kconfig and CDL. We provide empirical evidence for the real-world use of the concepts known from variability modeling research. Since variability models provide basis for automated tools (feature dependency checkers and product configurators), we believe that our findings will be of interest to variability modeling language and tool designers.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"534 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123098049","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 167
MiTV: multiple-implementation testing of user-input validators for web applications MiTV:对web应用程序的用户输入验证器进行多实现测试
Kunal Taneja, Nuo Li, Madhuri R. Marri, Tao Xie, N. Tillmann
{"title":"MiTV: multiple-implementation testing of user-input validators for web applications","authors":"Kunal Taneja, Nuo Li, Madhuri R. Marri, Tao Xie, N. Tillmann","doi":"10.1145/1858996.1859019","DOIUrl":"https://doi.org/10.1145/1858996.1859019","url":null,"abstract":"User-input validators play an essential role in guarding a web application against application-level attacks. Hence, the security of the web application can be compromised by defective validators. To detect defects in validators, testing is one of the most commonly used methodologies. Testing can be performed by manually writing test inputs and oracles, but this manual process is often labor-intensive and ineffective. On the other hand, automated test generators cannot generate test oracles in the absence of specifications, which are often not available in practice. To address this issue in testing validators, we propose a novel approach, called MiTV, that applies Multiple-implementation Testing for Validators, i.e., comparin gthe behavior of a validator under test with other validators of the same type. These other validators of the same type can be collected from either open or proprietary source code repositories. To show the effectiveness of MiTV, we applied MiTV on 53 different validators (of 6 common types) for web applications. Our results show that MiTV detected real defects in 70% of the validators.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129679924","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Verification-driven slicing of UML/OCL models UML/OCL模型的验证驱动切片
Asadullah Shaikh, R. Clarisó, U. Wiil, N. Memon
{"title":"Verification-driven slicing of UML/OCL models","authors":"Asadullah Shaikh, R. Clarisó, U. Wiil, N. Memon","doi":"10.1145/1858996.1859038","DOIUrl":"https://doi.org/10.1145/1858996.1859038","url":null,"abstract":"Model defects are a significant concern in the Model-Driven Development (MDD) paradigm, as model transformations and code generation may propagate errors to other notations where they are harder to detect and trace. Formal verification techniques can check the correctness of a model, but their high computational complexity can limit their scalability. In this paper, we consider a specific static model (UML class diagrams annotated with unrestricted OCL constraints) and a specific property to verify (satisfiability, i.e., \"is it possible to create objects without violating any constraint?\"). Current approaches to this problem have an exponential worst-case runtime. We propose a technique to improve their scalability by partitioning the original model into submodels (slices) which can be verified independently and where irrelevant information has been abstracted. The definition of the slicing procedure ensures that the property under verification is preserved after partitioning.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115058652","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 63
Checking roundoff errors using counterexample-guided narrowing 使用反例引导的窄化检查舍入错误
Do Thi Bich Ngoc, Mizuhito Ogawa
{"title":"Checking roundoff errors using counterexample-guided narrowing","authors":"Do Thi Bich Ngoc, Mizuhito Ogawa","doi":"10.1145/1858996.1859056","DOIUrl":"https://doi.org/10.1145/1858996.1859056","url":null,"abstract":"This paper proposes a counterexample-guided narrowing approach, which mutually refines analyses and testing if (possibly spurious) counterexamples are found. A prototype tool CANAT for checking roundoff errors between floating point and fixed point numbers is reported with preliminary experiments.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125165519","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Deviance from perfection is a better criterion than closeness to evil when identifying risky code 在识别有风险的代码时,偏离完美是比接近邪恶更好的标准
M. Kessentini, S. Vaucher, H. Sahraoui
{"title":"Deviance from perfection is a better criterion than closeness to evil when identifying risky code","authors":"M. Kessentini, S. Vaucher, H. Sahraoui","doi":"10.1145/1858996.1859015","DOIUrl":"https://doi.org/10.1145/1858996.1859015","url":null,"abstract":"We propose an approach for the automatic detection of potential design defects in code. The detection is based on the notion that the more code deviates from good practices, the more likely it is bad. Taking inspiration from artificial immune systems, we generated a set of detectors that characterize different ways that a code can diverge from good practices. We then used these detectors to measure how far code in assessed systems deviates from normality. We evaluated our approach by finding potential defects in two open-source systems (Xerces-J and Gantt). We used the library JHotDraw as the code base representing good design/programming practices. In both systems, we found that 90% of the riskiest classes were defects, a precision far superiour to state of the art rule-based approaches.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128065600","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 74
Symbolic PathFinder: symbolic execution of Java bytecode 符号寻径器:Java字节码的符号执行
C. Pasareanu, Neha Rungta
{"title":"Symbolic PathFinder: symbolic execution of Java bytecode","authors":"C. Pasareanu, Neha Rungta","doi":"10.1145/1858996.1859035","DOIUrl":"https://doi.org/10.1145/1858996.1859035","url":null,"abstract":"Symbolic Pathfinder (SPF) combines symbolic execution with model checking and constraint solving for automated test case generation and error detection in Java programs with unspecified inputs. In this tool, programs are executed on symbolic inputs representing multiple concrete inputs. Values of variables are represented as constraints generated from the analysis of Java bytecode. The constraints are solved using off-the shelf solvers to generate test inputs guaranteed to achieve complex coverage criteria. SPF has been used successfully at NASA, in academia, and in industry.","PeriodicalId":341489,"journal":{"name":"Proceedings of the 25th IEEE/ACM International Conference on Automated Software Engineering","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115405427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 275
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信