发布求助
文献互助 智能选刊 最新文献

2015 IEEE International Conference on Software Quality, Reliability and Security最新文献

筛选
英文 中文
Fault Localization in the Light of Faulty User Input 基于用户输入错误的故障定位
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.47
Birgit Hofer, F. Wotawa
{"title":"Fault Localization in the Light of Faulty User Input","authors":"Birgit Hofer, F. Wotawa","doi":"10.1109/QRS.2015.47","DOIUrl":"https://doi.org/10.1109/QRS.2015.47","url":null,"abstract":"Spreadsheets may be large, containing several thousand formulas, and thus they may be hard to comprehend and analyze. Unfortunately, they are also prone to errors. Identifying the cells which are responsible for an observed error is time-consuming, tedious, and frustrating. Spectrum-based Fault Localization (SFL) helps users to faster identify those cells that have to be modified in order to eliminate any observed misbehavior. SFL requires information about the correctness of certain cell values, and users might wrongly classify such cell values. A misclassification may influence the outcome of SFL substantially. In this paper, we investigate the influence of incorrect user information on the quality of SFL. In particular, we present a theoretical analysis of the impact of a misclassification on the Ochiai similarity coefficient and an empirical evaluation based on 33 spreadsheets with 218 faulty versions.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132815000","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Abstracting Program Dependencies Using the Method Dependence Graph 使用方法依赖图抽象程序依赖
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.18
Haipeng Cai, Raúl A. Santelices
{"title":"Abstracting Program Dependencies Using the Method Dependence Graph","authors":"Haipeng Cai, Raúl A. Santelices","doi":"10.1109/QRS.2015.18","DOIUrl":"https://doi.org/10.1109/QRS.2015.18","url":null,"abstract":"While empowering a wide range of software engineering tasks, the traditional fine-grained software dependence (TSD) model can face great scalability challenges that hinder its applications. Many dependence abstraction approaches have been proposed, yet most of them either target very specific clients or model partial dependencies only, while others have not been fully evaluated for their accuracy with respect to the TSD model, especially in approximating forward dependencies on object-oriented programs. To fill this gap, we present a new dependence abstraction called the method dependence graph (MDG) that approximates the TSD model at method level, and compare it against a recent TSD abstraction, called the Static-Exectue-After (SEA), concerning forward-dependence approximation. We also evaluate the cost-effectiveness of both approaches in the application context of impact analysis. Our results show that the MDG can approximate TSD safely, for method-level forward dependence at least, with little loss of precision yet huge gain in efficiency, and for the same purpose, while both are safe, the MDG can achieve significantly higher precision than SEA at practical costs.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125003720","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Are Anti-patterns Coupled? An Empirical Study 反模式是否耦合?实证研究
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.43
Wanwangying Ma, Lin Chen, Yuming Zhou, Baowen Xu, Xiaoyu Zhou
{"title":"Are Anti-patterns Coupled? An Empirical Study","authors":"Wanwangying Ma, Lin Chen, Yuming Zhou, Baowen Xu, Xiaoyu Zhou","doi":"10.1109/QRS.2015.43","DOIUrl":"https://doi.org/10.1109/QRS.2015.43","url":null,"abstract":"The interactions between anti-patterns are claimed to affect maintenance. However, little work has been conducted to examine how anti-patterns interact. In this paper, we aim to investigate which pairs of anti-patterns tend to be coupled, i.e., interact with each other. We employ Fisher's exact test and Wilcoxon rank-sum test to identify coupled anti-patterns in the same class and coupled classes. Analyzing the relationships amongst 10 kinds of anti-patterns in five open-source projects, our results show that 1) several kinds of anti-patterns tend to be coupled, but some are conflicting, 2) the effect of anti-patterns on their dependent or co-changed ones are significant but small, 3) in ArgoUML, Xalan and Xerces-J, the classes infected with dependent anti-patterns are mostly (69.9% ~ 100%) modified in maintenance activities. Our findings offer empirical evidences for the existence of anti-pattern interactions, which provides valuable implications for practitioners and researchers.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128765699","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
On the Relationship between Model Coverage and Code Coverage Using MATLAB's Simulink 利用MATLAB的Simulink研究模型覆盖率与代码覆盖率的关系
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.39
Yunwei Dong, Zhe Li, D. Towey
{"title":"On the Relationship between Model Coverage and Code Coverage Using MATLAB's Simulink","authors":"Yunwei Dong, Zhe Li, D. Towey","doi":"10.1109/QRS.2015.39","DOIUrl":"https://doi.org/10.1109/QRS.2015.39","url":null,"abstract":"Software Testing is an approach to ensuring the quality of software systems. Testing of safety-critical systems often requires conformance to certain code coverage criteria, including for example, in aviation, Modified Condition/Decision Coverage (MC/DC). In some situations, however, access to the actual code may be restricted with black Box approaches, and testers may only be able to use models of the system, such as those in MATLAB's Simulink. Without access to the code, exact code coverage measurement may not be possible. This paper presents a method of identifying and using the Simulink model's constraints to generate test cases which can achieve high coverage of the actual source code. A case study confirming the relationship between the model's coverage and the code coverage is also presented.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130456912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Is Learning-to-Rank Cost-Effective in Recommending Relevant Files for Bug Localization? 学习排序在为Bug定位推荐相关文件时是否具有成本效益?
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.49
Fei Zhao, Yaming Tang, Yibiao Yang, Hongmin Lu, Yuming Zhou, Baowen Xu
{"title":"Is Learning-to-Rank Cost-Effective in Recommending Relevant Files for Bug Localization?","authors":"Fei Zhao, Yaming Tang, Yibiao Yang, Hongmin Lu, Yuming Zhou, Baowen Xu","doi":"10.1109/QRS.2015.49","DOIUrl":"https://doi.org/10.1109/QRS.2015.49","url":null,"abstract":"Software bug localization aiming to determine the locations needed to be fixed for a bug report is one of the most tedious and effort consuming activities in software debugging. Learning-to-rank (LR) is the state-of-the-art approach proposed by Ye et al. to recommending relevant files for bug localization. Ye et al.'s experimental results show that the LR approach significantly outperforms previous bug localization approaches in terms of \"precision\" and \"accuracy\". However, this evaluation does not take into account the influence of the size of the recommended files on the efficiency in detecting bugs. In practice, developers will generally spend more code inspection effort to detect bugs if larger files are recommended. In this paper, we use six large-scale open-source Java projects to evaluate the LR approach in the context of effort-aware bug localization. Our results, surprisingly, show that, when taking into account the code inspection effort to detect bugs, the LR approach is similar to or even worse than the standard VSM (Vector Space Model), a naïve IR-based bug localization approach.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132601162","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
On the Viability of Using SRGMs for IT Help Desk Incident Predictions 关于使用srgm进行IT帮助台事件预测的可行性
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.23
A. Andrews, Joseph Lucente
{"title":"On the Viability of Using SRGMs for IT Help Desk Incident Predictions","authors":"A. Andrews, Joseph Lucente","doi":"10.1109/QRS.2015.23","DOIUrl":"https://doi.org/10.1109/QRS.2015.23","url":null,"abstract":"In this case study we investigate software reliability models and their applicability to process improvement at an IT help desk. We propose a model selection framework and demonstrate its success using real help desk incident data from a portfolio of 156 desktop software applications. Incidents are predicted at five intervals and measured against actual numbers of submitted incidents. We analyze incident prediction accuracy, and report on the trend in accuracy based how far into the future incidents are predicted. Our results demonstrate a model selection framework can assist with predicting for a large portfolio of products. The level of accuracy reported in this industry-based case study establishes the proposed estimation technique and reliability model selection framework as novel research in software engineering. Additionally, its practical uses are applicable to help desk process improvement efforts.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"101 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131626642","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Known XML Vulnerabilities Are Still a Threat to Popular Parsers and Open Source Systems 已知的XML漏洞仍然是流行解析器和开源系统的威胁
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.42
S. Jan, Duy Cu Nguyen, L. Briand
{"title":"Known XML Vulnerabilities Are Still a Threat to Popular Parsers and Open Source Systems","authors":"S. Jan, Duy Cu Nguyen, L. Briand","doi":"10.1109/QRS.2015.42","DOIUrl":"https://doi.org/10.1109/QRS.2015.42","url":null,"abstract":"The Extensible Markup Language (XML) is extensively used in software systems and services. Various XML-based attacks, which may result in sensitive information leakage or denial of services, have been discovered and published. However, due to development time pressures and limited security expertise, such attacks are often overlooked in practice. In this paper, following a rigorous and extensive experimental process, we study the presence of two types of XML-based attacks: BIL and XXE in 13 popular XML parsers. Furthermore, we investigate whether open-source systems that adopt a vulnerable XML parser apply any mitigation to prevent such attacks. Our objective is to provide clear and solid scientific evidence about the extent of the threat associated with such XML-based attacks and to discuss the implications of the obtained results. Our conclusion is that most of the studied parsers are vulnerable and so are systems that use them. Such strong evidence can be used to raise awareness among software developers and is a strong motivation for developers to provide security measures to thwart BIL and XXE attacks before deployment when adopting existing XML parsers.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124980366","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Formalizing Semantic Differences between Combining Algorithms in XACML 3.0 Policies 形式化XACML 3.0策略中组合算法的语义差异
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.32
Dianxiang Xu, Yunpeng Zhang, Ning Shen
{"title":"Formalizing Semantic Differences between Combining Algorithms in XACML 3.0 Policies","authors":"Dianxiang Xu, Yunpeng Zhang, Ning Shen","doi":"10.1109/QRS.2015.32","DOIUrl":"https://doi.org/10.1109/QRS.2015.32","url":null,"abstract":"XACML is a standard language for specifying attribute-based access control policies of computer and software systems. It offers a variety of combining algorithms for flexible policy composition. While they are intended to be different, they also bear similarities. Some combining algorithms can be functionally equivalent with respect to the given policy or policies. To correctly use the combining algorithms, it is important to understand the subtle similarities and differences. This paper presents a formal treatment of the semantic differences between the commonly used combining algorithms in XACML 3.0. For each pair of the selected combining algorithms, we identify when they are functionally equivalent and when they are not equivalent. This rigorous understanding helps minimize incorrect uses of combining algorithms that may lead to unauthorized access and denial of service. It also provides a foundation for determining equivalent mutants of combining algorithms in mutation testing of XACML policies.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129565574","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
An Empirical Study of Highly Impactful Bugs in Mozilla Projects Mozilla项目中高影响bug的实证研究
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.45
Le An, Foutse Khomh
{"title":"An Empirical Study of Highly Impactful Bugs in Mozilla Projects","authors":"Le An, Foutse Khomh","doi":"10.1109/QRS.2015.45","DOIUrl":"https://doi.org/10.1109/QRS.2015.45","url":null,"abstract":"Bug triaging is the process that consists in screening and prioritising bugs to allow a software organisation to focus its limited resources on bugs with high impact on software quality. In a previous work, we proposed an entropy-based crash triaging approach that can help software organisations identify crash-types that affect a large user base with high frequency. We refer to bugs associated to these crash-types as highly-impactful bugs. The proposed triaging approach can identify highly-impactful bugs only after they have led to crashes in the field for a certain period of time. Therefore, to reduce the impact of highly-impactful bugs on user perceived quality, an early identification of these bugs is necessary. In this paper, we examine the characteristics of highly-impactful bugs in Mozilla Firefox and Fennec for Android, and propose statistical models to help software organisations predict them early on before they impact a large population of users. Results show that our proposed prediction models can achieve a precision up to 64.2% (in Firefox) and a recall up to 98.3% (in Fennec). We also evaluate the benefits of our proposed models and found that, on average, they could help reduce 23.0% of Firefox' crashes and 13.4% of Fennec's crashes, while reducing 28.6% of impacted machine profiles for Firefox and 49.4% for Fennec. Software organisations could use our prediction models to catch highly-impactful bugs early during the triaging process, preventing them from impacting a larger user base.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116152724","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
How Effective Are Code Coverage Criteria? 代码覆盖标准有多有效?
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.30
H. Hemmati
{"title":"How Effective Are Code Coverage Criteria?","authors":"H. Hemmati","doi":"10.1109/QRS.2015.30","DOIUrl":"https://doi.org/10.1109/QRS.2015.30","url":null,"abstract":"Code coverage is one of the main metrics to measure the adequacy of a test case/suite. It has been studied a lot in academia and used even more in industry. However, a test case may cover a piece of code (no matter what coverage metric is being used) but miss its faults. In this paper, we studied several existing and standard control and data flow coverage criteria on a set of developer-written fault-revealing test cases from several releases of five open source projects. We found that a) basic criteria such as statement coverage is very weak (detecting only 10% of the faults), b) combining several control-flow coverage together is better than the strongest criterion alone (28% vs. 19%), c) a basic data-flow coverage can detect many undetected faults (79% of the undetected faults by control-flow coverage can be detected by a basic def/use pair coverage), and d) on average 15% of the faults may not be detected by any of the standard control and data-flow coverage criteria. Classification of the undetected faults showed that they are mostly to do with specification (missing logic).","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"117 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134204601","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 61
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信