发布求助
文献互助 智能选刊 最新文献

2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)最新文献

筛选
英文 中文
ArchTacRV: Detecting and Runtime Verifying Architectural Tactics in Code ArchTacRV:在代码中检测和运行时验证架构策略
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00074
Ning Ge, Zewu Wang, Li Zhang, Jiuang Zhao, Yufei Zhou, Zewei Liu
{"title":"ArchTacRV: Detecting and Runtime Verifying Architectural Tactics in Code","authors":"Ning Ge, Zewu Wang, Li Zhang, Jiuang Zhao, Yufei Zhou, Zewei Liu","doi":"10.1109/saner53432.2022.00074","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00074","url":null,"abstract":"A software architectural tactic is a design decision for realizing quality goals at the architectural level. With the evolution of code, the designed architectural tactics might be degraded over time. In practice, the existing systems provide limited support for checking the consistency between an architectural tactic and its implementation. Kim et al. specified the generic structure and interaction behavior for a subset of architectural tactics in Role-Based Meta-modeling Language (RBML) to facilitate the design of tactics. Based on Kim et al.'s work, this paper first presents a machine learning-based method to assist users in detecting the behavior methods of the tactic structure in code, then proposes a runtime verification (RV) method for checking the behavioral consistency between the tactic specification in RBML and its implementation. We conducted experiments for the behavioral methods detection approach by comparing five machine learning models on a dataset with seventy-four open-source projects containing ten types of tactics. For each tactic, we selected an open-source project to show the effectiveness of the RV approach. Finally, we design and implement a prototype tool named ArchTacRV to help developers efficiently maintain the architectural tactics.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121600886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
PR-SZZ: How pull requests can support the tracing of defects in software repositories PR-SZZ:拉取请求如何支持软件存储库中的缺陷跟踪
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/SANER53432.2022.00012
P. Bludau, A. Pretschner
{"title":"PR-SZZ: How pull requests can support the tracing of defects in software repositories","authors":"P. Bludau, A. Pretschner","doi":"10.1109/SANER53432.2022.00012","DOIUrl":"https://doi.org/10.1109/SANER53432.2022.00012","url":null,"abstract":"The SZZ algorithm represents a standard way to identify bug fixing commits as well as inducing counterparts. It forms the basis for data sets used in numerous empirical studies. Since its creation, multiple extensions have been proposed to enhance its performance. For historical reasons, related work relies on commit messages to map bug tickets to possibly related code with no additional data used to trace inducing commits from these fixes. Therefore, we present an updated version of SZZ utilizing pull requests, which are widely adopted today. We evaluate our approach in comparison to existing SZZ variants by conducting experiments and analyzing the usage of pull requests, inner commits, and merge strategies. We base our results on 6 open-source projects with more than 50k commits and 35k pull requests. With respect to bug fixing commits, on average 18% of bug tickets can be additionally mapped to a fixing commit, resulting in an overall F-score of 0.75, an improvement of 40 percentage points. By selecting an inducing commit, we manage to reduce the false-positives and increase precision by on average 16 percentage points in comparison to existing approaches.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131327710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Variant Forks - Motivations and Impediments 变体分叉——动机和障碍
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00105
John Businge, Ahmed Zerouali, Alexandre Decan, T. Mens, S. Demeyer, Coen De Roover
{"title":"Variant Forks - Motivations and Impediments","authors":"John Businge, Ahmed Zerouali, Alexandre Decan, T. Mens, S. Demeyer, Coen De Roover","doi":"10.1109/saner53432.2022.00105","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00105","url":null,"abstract":"Social coding platforms centred around git provide explicit facilities to share code between projects: forks, pull requests, cherry-picking to name but a few. Variant forks are an interesting phenomenon in that respect, as they permit for different projects to peacefully co-exist, yet explicitly acknowledge the common ancestry. Several researchers analysed forking practices on open source platforms and observed that variant forks get created frequently. However, little is known on the motivations for launching such a variant fork. Is it mainly technical (e.g., diverging features), governance (e.g., diverging interests), legal (e.g., diverging licences), or do other factors come into play? We report the results of an exploratory qualitative analysis on the motivations behind creating and maintaining variant forks. We surveyed 105 maintainers of different active open source variant projects hosted on GitHub. Our study extends previous findings, identifying a number of fine-grained common motivations for launching a variant fork and listing concrete impediments for maintaining the co-existing projects.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"29 5","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131727424","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Lessons from Research to Practice on Writing Better Quality Puppet Scripts 从研究到实践,如何写出高质量的木偶剧本
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00019
A. Rahman, Tushar Sharma
{"title":"Lessons from Research to Practice on Writing Better Quality Puppet Scripts","authors":"A. Rahman, Tushar Sharma","doi":"10.1109/saner53432.2022.00019","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00019","url":null,"abstract":"Infrastructure as Code (IaC) scripts, such as Puppet scripts, provide practitioners the opportunity to provision computing infrastructure automatically at scale. Poorly written IaC scripts impact various facets of quality (such as security and maintainability) and, in turn, may lead to serious consequences. Many of the ill-effects can be avoided or rectified easily by following recommendations derived from research and best practices gleaned from experience. While researchers have investigated methods to improve quality aspects of Puppet scripts, such research needs to be summarized and synthesized for industry practitioners. In this article, we summarize recent research in the IaC domain by discussing key quality issues, specifically security and maintainability smells, that may arise in an IaC script. We also mine open-source repositories from three organizations (Mozilla, Openstack, and Wikimedia) and report our observations on the identified smells. Furthermore, we also synthesize recommendations from the literature for software practitioners that could improve the quality of IaC scripts. Software development teams dealing with large computing infrastructure can get benefited from the actionable recommended practices. In addition, researchers in the domain may use this study to find opportunities to improve the state-of-the-art.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132272273","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
On the Benefits of the Accelerate Metrics: An Industrial Survey at Vendasta 论加速度量的好处:Vendasta的一项工业调查
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00017
Francesco Lomio, Zadia Codabux, Dale Birtch, Dale Hopkins, D. Taibi
{"title":"On the Benefits of the Accelerate Metrics: An Industrial Survey at Vendasta","authors":"Francesco Lomio, Zadia Codabux, Dale Birtch, Dale Hopkins, D. Taibi","doi":"10.1109/saner53432.2022.00017","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00017","url":null,"abstract":"The popularity of the Accelerate metrics is increasing in the industry. The Accelerate metrics are four key metrics to evaluate the software delivery performance: lead time for changes, deployment frequency, mean time to recover, change fail rate. However, their benefits in monitoring the development process performance of microservice-based systems have not been evaluated. In this study, we analyze the case of Vendasta, a Canadian company that migrated to microservices two years ago and adopted the Accelerate metrics to monitor their development process. Our goal is to understand whether these metrics are beneficial in the microservices context from the practitioners' point of view. Therefore, we surveyed employees from different teams and obtained 62 responses. Our results show that the Accelerate metrics provide a good overview of the process issues and are particularly helpful for a high-level representation of the process performances. Furthermore, the Accelerate metrics also enabled the teams to improve their productivity, significantly reducing service outages.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"20 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133169517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Characterizing and Improving Bug-Finders with Synthetic Bugs 用合成bug描述和改进bug查找器
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00115
Yu Hu, Zekun Shen, Brendan Dolan-Gavitt
{"title":"Characterizing and Improving Bug-Finders with Synthetic Bugs","authors":"Yu Hu, Zekun Shen, Brendan Dolan-Gavitt","doi":"10.1109/saner53432.2022.00115","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00115","url":null,"abstract":"Automated bug-finding tools such as KLEE have achieved mainstream success over the last decade, and have proved capable of finding deep bugs even in programs that have received significant manual testing. Some recent works have demonstrated techniques for finding bugs in these bug-finding tools themselves; however, it remains unclear whether these correctness issues have any practical impact on their ability to uncover serious bugs. In this paper, we study this issue by conducting experiments with KLEE 1.4 and 2.2 on several corpora of memory safety bugs. Using automated bug injection, we can automatically find false negatives (i.e., bugs missed by KLEE); moreover, because the bugs we inject come with triggering inputs, we can then use concolic execution to tell which bugs were missed due path explosion and which are caused by soundness issues in KLEE. Our evaluation uncovers several sources of unsoundness, including a limitation in how KLEE detects memory errors, mismatches in the modeling of the C standard library, lack of support for floating point and C++, and issues with calls to external functions. Our results suggest that bug injection and other synthetic corpora can help highlight implementation issues in current tools and illuminate directions for future research in automated software engineering.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131653895","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
ClusterCommit: A Just-in-Time Defect Prediction Approach Using Clusters of Projects ClusterCommit:使用项目集群的实时缺陷预测方法
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00049
M. Shehab, A. Hamou-Lhadj, L. Alawneh
{"title":"ClusterCommit: A Just-in-Time Defect Prediction Approach Using Clusters of Projects","authors":"M. Shehab, A. Hamou-Lhadj, L. Alawneh","doi":"10.1109/saner53432.2022.00049","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00049","url":null,"abstract":"Existing Just-in-Time (JIT) bug prediction techniques are designed to work on single projects. In this paper, we present ClusterCommit, a JIT bug prediction approach geared towards clusters of projects that share common libraries and functionalities. Unlike existing techniques, ClusterCommit trains a machine learning model by combining commits from a set of projects that are part of a larger cluster. Once this model is built, ClusterCommit can be used to detect buggy commits in each of these projects. When applying ClusterCommits to 16 projects that revolve around the Hadoop ecosystem and 10 projects of the Hive ecosystem, the results show that ClusterCommit achieves an F1-score of 73% and MCC of 0.44 for both clusters. These preliminary results are very promising and may lead to new JIT bug prediction techniques geared towards projects that are part of a large cluster.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115684323","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Visualizing Web Application Execution Logs to Improve Software Security Defect Localization 可视化Web应用程序执行日志以改进软件安全缺陷定位
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00138
M. A. Puentes, Yunsen Lei, Noëlle Rakotondravony, Lane Harrison, Craig A. Shue
{"title":"Visualizing Web Application Execution Logs to Improve Software Security Defect Localization","authors":"M. A. Puentes, Yunsen Lei, Noëlle Rakotondravony, Lane Harrison, Craig A. Shue","doi":"10.1109/saner53432.2022.00138","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00138","url":null,"abstract":"Interactive web-based applications play an important role for both service providers and consumers. However, web applications tend to be complex, produce high-volume data, and are often ripe for attack. Attack analysis and remediation are complicated by adversary obfuscation and the difficulty in assembling and analyzing logs. In this work, we explore the web application analysis task through log file fusion, distillation, and visualization. Our approach consists of visualizing the logs of web and database traffic with detailed function execution traces. We establish causal links between events and their associated behaviors. We evaluate the effectiveness of this process using data volume reduction statistics, user interaction models, and usage scenarios. Across a set of scenarios, we find that our techniques can filter at least 97.5% of log data and reduce analysis time by 93–96%.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115755255","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Detecting Connectivity Issues in Android Apps 检测连接问题在安卓应用程序
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/SANER53432.2022.00087
Alejandro Mazuera-Rozo, Camilo Escobar-Vel'asquez, Juan Espitia-Acero, Mario Linares-V'asquez, G. Bavota
{"title":"Detecting Connectivity Issues in Android Apps","authors":"Alejandro Mazuera-Rozo, Camilo Escobar-Vel'asquez, Juan Espitia-Acero, Mario Linares-V'asquez, G. Bavota","doi":"10.1109/SANER53432.2022.00087","DOIUrl":"https://doi.org/10.1109/SANER53432.2022.00087","url":null,"abstract":"Android is the most popular mobile operating system in the world, running on more than 70% of mobile devices. This implies a gigantic and very competitive market for Android apps. Being successful in such a market is far from trivial and requires, besides the tackling of a problem or need felt by a vast audience, the development of high-quality apps. As recently showed in the literature, connectivity issues (e.g., mishandling of zero/unreliable Internet connection) can result in bugs and/or crashes, negatively affecting the app's user experience. While these issues have been studied in the literature, there are no techniques able to automatically detect and report them to developers. We present CONAN, a tool able to detect statically 16 types of connectivity issues affecting Android apps. We assessed the ability of CONAN to precisely identify these issues in a set of 44 open source apps, observing an average precision of 80%. Then, we studied the relevance of these issues for developers by (i) conducting interviews with six practitioners working with commercial Android apps, and (ii) submitting 84 issue reports for 27 open source apps. Our results show that several of the identified connectivity issues are considered as relevant by practitioners in specific contexts, in which connectivity is considered a first-class feature.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116270200","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A Study on Screen Logging Risks of Secure Keyboards of Android Financial Apps Android金融应用安全键盘屏幕记录风险研究
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) Pub Date : 2022-03-01 DOI: 10.1109/saner53432.2022.00024
Xinyue Liang, Jun Ma
{"title":"A Study on Screen Logging Risks of Secure Keyboards of Android Financial Apps","authors":"Xinyue Liang, Jun Ma","doi":"10.1109/saner53432.2022.00024","DOIUrl":"https://doi.org/10.1109/saner53432.2022.00024","url":null,"abstract":"To ensure the security of users' property, financial applications in particular require special security guarantee. Specially, to prevent the theft of user's passwords, many financial apps provide their secure keyboards. However, password compromise is still possible if the security keyboard is not implemented properly, putting the user's property at risk. In this paper, we focus on investigating secure keyboards of Android financial apps as well as their risks under screenloggers. We conducted a study on 428 financial apps downloaded from Huawei App Store, Google Play, Wandoujia and Xiaomi GetApps. Our study shows that the status of secure keyboard of financial apps is not optimistic. We find that only 161 apps (37.6%) provide app-specific secure keyboard implementations and the keyboards provided by 60 apps are not secure under screenlogger attacks. Specially, the fundamental causes of all studied insecure keyboards can be attributed to the inappropriate settings of the secure flag of the window or surface that renders the secure keyboard or its feedback animation.","PeriodicalId":437520,"journal":{"name":"2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)","volume":"97 8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123425041","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信