发布求助
文献互助 智能选刊 最新文献

2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)最新文献

筛选
英文 中文
HistLock: Efficient and Sound Hybrid Detection of Hidden Predictive Data Races with Functional Contexts HistLock:具有功能上下文的隐藏预测数据竞争的有效和健全的混合检测
2016 IEEE International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2016-08-01 DOI: 10.1109/QRS.2016.12
Jialin Yang, Chunbai Yang, W. Chan
{"title":"HistLock: Efficient and Sound Hybrid Detection of Hidden Predictive Data Races with Functional Contexts","authors":"Jialin Yang, Chunbai Yang, W. Chan","doi":"10.1109/QRS.2016.12","DOIUrl":"https://doi.org/10.1109/QRS.2016.12","url":null,"abstract":"State-of-the-art hybrid data race detectors combine the happens-before relation and the locking discipline to alleviate the imprecision problem incurred by lockset-based detector and the thread interleaving problem incurred by happens-before detectors. However, they incur high runtime overheads. In this paper, we present HistLock, a novel and sound hybrid dynamic race detector, which attains high precision, low slowdown and memory overheads, and thread insensitivity. It formulates a novel context-based strategy to phrase out non-redundant memory access events and check races to conserve both time and memory computation. It ensures each race warning to be the one violating the locking discipline in the original event history. Our experiment compared HistLock to FastTrack, AccuLock, and MultiLock-HB, which were a precise happens-before race detector, an imprecise hybrid race detector, and a precise hybrid race detector, respectively, on 13 benchmark subjects. HistLock was found to be of higher precision, 156% faster and 33% more memory-efficient than MultiLock-HB. It detected 59 more race warnings than AccuLock, attaining higher effectiveness, but ran slower by 43%. In most cases, in a single run, HistLock reported all the races detected by FastTrack in 100 runs.","PeriodicalId":412973,"journal":{"name":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127712351","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Testing Security Requirements with Non-experts: Approaches and Empirical Investigations 用非专家测试安全需求:方法和实证调查
2016 IEEE International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2016-08-01 DOI: 10.1109/QRS.2016.37
B. Peischl, M. Felderer, Armin Beer
{"title":"Testing Security Requirements with Non-experts: Approaches and Empirical Investigations","authors":"B. Peischl, M. Felderer, Armin Beer","doi":"10.1109/QRS.2016.37","DOIUrl":"https://doi.org/10.1109/QRS.2016.37","url":null,"abstract":"Security testing has become a critical quality assurance technique to provide a sufficient degree of security. However, it is regarded to be too complex to be performed by system testers, who are non-experts in security. This paper provides two approaches to testing security requirements, one based on a Failure Modes, Vulnerabilities and Effect Analysis (FMVEA) and the other based on misuse cases, both suitable for testers who have domain knowledge but are not security experts. We perform a controlled experiment to empirically compare the two testing approaches based on the quality of the derived test cases. The results of the experiment show that the use of attack patterns in the misuse-case-based approach delivers test cases with a better alignment between requirements and security test cases as well as a higher amount of correct test cases.","PeriodicalId":412973,"journal":{"name":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129441573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
TLS Cipher Suites Recommendations: A Combinatorial Coverage Measurement Approach TLS密码套件推荐:组合覆盖度量方法
2016 IEEE International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2016-08-01 DOI: 10.1109/QRS.2016.18
D. Simos, Kristoffer Kleine, A. Voyiatzis, D. R. Kuhn, R. Kacker
{"title":"TLS Cipher Suites Recommendations: A Combinatorial Coverage Measurement Approach","authors":"D. Simos, Kristoffer Kleine, A. Voyiatzis, D. R. Kuhn, R. Kacker","doi":"10.1109/QRS.2016.18","DOIUrl":"https://doi.org/10.1109/QRS.2016.18","url":null,"abstract":"We present a coverage measurement for TLS cipher suites recommendations provided by various regulatory and intelligence organizations such as the IETF, Mozilla, ENISA, German BSI, and USA NSA. These cipher suites are measured and analyzed using a combinatorial approach, which was made feasible via developing the necessary input models. Besides shedding light on the coverage achieved by the proposed recommendations, we discuss implications towards aspects of test quality. One of them relates to the testing of a TLS implementation, where a system designer or tester should expand the TLS cipher suite registry and integrate the information back to the TLS implementation itself such that the (overall) testing effort is reduced.","PeriodicalId":412973,"journal":{"name":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116469235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
User-Perceived Source Code Quality Estimation Based on Static Analysis Metrics 基于静态分析度量的用户感知源代码质量评估
2016 IEEE International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2016-08-01 DOI: 10.1109/QRS.2016.22
Michail D. Papamichail, Themistoklis G. Diamantopoulos, A. Symeonidis
{"title":"User-Perceived Source Code Quality Estimation Based on Static Analysis Metrics","authors":"Michail D. Papamichail, Themistoklis G. Diamantopoulos, A. Symeonidis","doi":"10.1109/QRS.2016.22","DOIUrl":"https://doi.org/10.1109/QRS.2016.22","url":null,"abstract":"The popularity of open source software repositories and the highly adopted paradigm of software reuse have led to the development of several tools that aspire to assess the quality of source code. However, most software quality estimation tools, even the ones using adaptable models, depend on fixed metric thresholds for defining the ground truth. In this work we argue that the popularity of software components, as perceived by developers, can be considered as an indicator of software quality. We present a generic methodology that relates quality with source code metrics and estimates the quality of software components residing in popular GitHub repositories. Our methodology employs two models: a one-class classifier, used to rule out low quality code, and a neural network, that computes a quality score for each software component. Preliminary evaluation indicates that our approach can be effective for identifying high quality software components in the context of reuse.","PeriodicalId":412973,"journal":{"name":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129780909","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Test Effectiveness Evaluation of Prioritized Combinatorial Testing: A Case Study 优先组合测试的测试效果评价:一个案例研究
2016 IEEE International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2016-08-01 DOI: 10.1109/QRS.2016.17
Eun-Hye Choi, Shunya Kawabata, O. Mizuno, Cyrille Artho, Takashi Kitamura
{"title":"Test Effectiveness Evaluation of Prioritized Combinatorial Testing: A Case Study","authors":"Eun-Hye Choi, Shunya Kawabata, O. Mizuno, Cyrille Artho, Takashi Kitamura","doi":"10.1109/QRS.2016.17","DOIUrl":"https://doi.org/10.1109/QRS.2016.17","url":null,"abstract":"Combinatorial testing is a widely-used technique to detect system interaction failures. To improve test effectiveness with given priority weights of parameter values in a system under test, prioritized combinatorial testing constructs test suites where highly weighted parameter values appear earlier or more frequently. Such order-focused and frequency-focused combinatorial test generation algorithms have been evaluated using metrics called weight coverage and KL divergence but not sufficiently with fault detection effectiveness so far. We evaluate the fault detection effectiveness on a collection of open source utilities, applying prioritized combinatorial test generation and investigating its correlation with weight coverage and KL divergence.","PeriodicalId":412973,"journal":{"name":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128983777","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Using a Distributed Representation of Words in Localizing Relevant Files for Bug Reports 在Bug报告的相关文件本地化中使用分布式单词表示
2016 IEEE International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2016-08-01 DOI: 10.1109/QRS.2016.30
Yukiya Uneno, O. Mizuno, Eun-Hye Choi
{"title":"Using a Distributed Representation of Words in Localizing Relevant Files for Bug Reports","authors":"Yukiya Uneno, O. Mizuno, Eun-Hye Choi","doi":"10.1109/QRS.2016.30","DOIUrl":"https://doi.org/10.1109/QRS.2016.30","url":null,"abstract":"Once a bug in software is reported, developers have to determine which source files are related to the bug. This process is referred to as bug localization, and an automatic way of bug localization is important to improve developers' productivity. This paper proposes an approach called DrewBL to efficiently localize faulty files for a given bug report using a natural language processing tool, word2vec. In DrewBL, we first build a vector space model named semantic-VSM which represents a distributed representation of words in the bug report and source code files and next compute the relevance between them by feeding the constructed model to word2vec. We also present an approach called CombBL to further improve the accuracy of bug localization which employs not only the proposed DrewBL but also existing bug localization techniques, such as BugLocator based on textual similarity and Bugspots based on bug-fixing history, in a combinational manner. This paper gives our early experimental results to show the effectiveness and efficiency of the proposed approaches using two open source projects.","PeriodicalId":412973,"journal":{"name":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117279778","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
MedicationChecker: Development of a Formally Verified Android Application with EventB2SQL MedicationChecker:使用EventB2SQL开发一个正式验证的Android应用程序
2016 IEEE International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2016-08-01 DOI: 10.1109/QRS.2016.42
Tim Wahls
{"title":"MedicationChecker: Development of a Formally Verified Android Application with EventB2SQL","authors":"Tim Wahls","doi":"10.1109/QRS.2016.42","DOIUrl":"https://doi.org/10.1109/QRS.2016.42","url":null,"abstract":"In this work, we present a case study on the development of a formally verified Android application for checking medication interactions and contraindications. Combining formal methods and Model-View-Controller development methodologies, we created an Event-B model for the application, verified that no patient could be prescribed a medication that had an interaction or contraindication for them, generated code for the model and part of the user interface with the EventB2SQL tool, and then implemented the controller and the rest of the view by hand. We describe our experience in employing this methodology, enhancements to the EventB2SQL tool, and some notes on the performance and usability of the resulting application.","PeriodicalId":412973,"journal":{"name":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116516732","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Test Case Prioritization Using Adaptive Random Sequence with Category-Partition-Based Distance 基于类别分区距离的自适应随机序列测试用例优先级排序
2016 IEEE International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2016-08-01 DOI: 10.1109/QRS.2016.49
Xiaofang Zhang, Xiaoyuan Xie, T. Chen
{"title":"Test Case Prioritization Using Adaptive Random Sequence with Category-Partition-Based Distance","authors":"Xiaofang Zhang, Xiaoyuan Xie, T. Chen","doi":"10.1109/QRS.2016.49","DOIUrl":"https://doi.org/10.1109/QRS.2016.49","url":null,"abstract":"Test case prioritization schedules test cases in a certain order aiming to improve the effectiveness of regression testing. Random sequence is a basic and simple prioritization technique, while Adaptive Random Sequence (ARS) makes use of extra information to improve the diversity of random sequence. Some researchers have proposed prioritization techniques using ARS with white-box information, such as code coverage information, or with black-box information, such as string distances of the input data. In this paper, we propose new black-box test case prioritization techniques using ARS, and the diversity of test cases is assessed by category-partition-based distance. Our experimental studies show that these new techniques deliver higher fault-detection effectiveness than random prioritization, especially in the case of smaller ratio of failed test cases. In addition, in the comparison of different distance metrics, techniques with category-partition-based distance generally deliver better fault-detection effectiveness and efficiency, meanwhile in the comparison of different ordering algorithms, our ARS-based ordering algorithms usually have comparable fault-detection effectiveness but much lower computation overhead, and thus are much more cost-effective.","PeriodicalId":412973,"journal":{"name":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"118 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115640896","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Verifying Distributed Controllers with Local Invariants 用局部不变量验证分布式控制器
2016 IEEE International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2016-08-01 DOI: 10.1109/QRS.2016.24
Yiqun Wang, Shengwei An, Xiaoxing Ma, Chun Cao, Chang Xu
{"title":"Verifying Distributed Controllers with Local Invariants","authors":"Yiqun Wang, Shengwei An, Xiaoxing Ma, Chun Cao, Chang Xu","doi":"10.1109/QRS.2016.24","DOIUrl":"https://doi.org/10.1109/QRS.2016.24","url":null,"abstract":"Controllers restrict systems to behave only in good manners. Different from controlling monolithic systems where controllers can be automatically synthesized from specifications, controlling distributed systems often has to use distributed controllers that are manually programmed. To ensure their correctness, manually programmed controllers themselves need to be formally verified. This task can be challenging due to the complexity caused by the autonomy and asynchrony of distributed controllers. The limited scalability of existing model checkers also exacerbates the problem. In this paper we explore the modeling and verification of distributed controllers using Alloy. Besides resorting to the Small Scopes Hypothesis of the Alloy methodology, we also leverage local invariant based modular verification techniques for better scalability. A local invariant characterizes a logical relationship between a local sub-system and its neighbors and abstracts away the concrete interactions. These concrete interactions would otherwise explode the system state space during verification. The approach is first illustrated with the well-understood Two-Phase Commit protocol, and then is applied to the verification of several dynamic software update protocols, which gives an initial evidence of its effectiveness.","PeriodicalId":412973,"journal":{"name":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114735442","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
NOTICE: A Framework for Non-Functional Testing of Compilers 注意:编译器的非功能测试框架
2016 IEEE International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2016-08-01 DOI: 10.1109/QRS.2016.45
M. Boussaa, Olivier Barais, B. Baudry, G. Sunyé
{"title":"NOTICE: A Framework for Non-Functional Testing of Compilers","authors":"M. Boussaa, Olivier Barais, B. Baudry, G. Sunyé","doi":"10.1109/QRS.2016.45","DOIUrl":"https://doi.org/10.1109/QRS.2016.45","url":null,"abstract":"Generally, compiler users apply different optimizations to generate efficient code with respect to non-functional properties such as energy consumption, execution time, etc. However, due to the huge number of optimizations provided by modern compilers, finding the best optimization sequence for a specific objective and a given program is more and more challenging. This paper proposes NOTICE, a component-based framework for non-functional testing of compilers through the monitoring of generated code in a controlled sand-boxing environment. We evaluate the effectiveness of our approach by verifying the optimizations performed by the GCC compiler. Our experimental results show that our approach is able to auto-tune compilers according to user requirements and construct optimizations that yield to better performance results than standard optimization levels. We also demonstrate that NOTICE can be used to automatically construct optimization levels that represent optimal trade-offs between multiple non-functional properties such as execution time and resource usage requirements.","PeriodicalId":412973,"journal":{"name":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127982553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信