Pub Date : 2024-08-13DOI: 10.1109/TSE.2024.3443624
Mohan Cui;Hui Xu;Hongliang Tian;Yangfan Zhou
Rust is an effective system programming language that guarantees memory safety via compile-time verifications. It employs a novel ownership-based resource management model to facilitate automated deallocation. This model is anticipated to eliminate memory leaks. However, we observed that user intervention drives it into semi-automated memory management and makes it error-prone to cause leaks. In contrast to violating memory-safety guarantees restricted by the �unsafe� keyword, the boundary of leaking memory is implicit, and the compiler would not emit any warnings for developers. In this paper, we present �rCanary�, a static, non-intrusive, and fully automated model checker to detect leaks across the semi-automated boundary. We design an encoder to abstract data with heap allocation and formalize a refined leak-free memory model based on boolean satisfiability. It can generate SMT-Lib2 format constraints for Rust MIR and is implemented as a Cargo component. We evaluate �rCanary� by using flawed package benchmarks collected from the pull requests of open-source Rust projects. The results indicate that it is possible to recall all these defects with acceptable false positives. We further apply our tool to more than 1,200 real-world crates from crates.io and GitHub, identifying 19 crates having memory leaks. Our analyzer is also efficient, that costs 8.4 seconds per package.
{"title":"rCanary: Detecting Memory Leaks Across Semi-Automated Memory Management Boundary in Rust","authors":"Mohan Cui;Hui Xu;Hongliang Tian;Yangfan Zhou","doi":"10.1109/TSE.2024.3443624","DOIUrl":"10.1109/TSE.2024.3443624","url":null,"abstract":"Rust is an effective system programming language that guarantees memory safety via compile-time verifications. It employs a novel ownership-based resource management model to facilitate automated deallocation. This model is anticipated to eliminate memory leaks. However, we observed that user intervention drives it into semi-automated memory management and makes it error-prone to cause leaks. In contrast to violating memory-safety guarantees restricted by the \u0000<italic>unsafe</i>\u0000 keyword, the boundary of leaking memory is implicit, and the compiler would not emit any warnings for developers. In this paper, we present \u0000<sc>rCanary</small>\u0000, a static, non-intrusive, and fully automated model checker to detect leaks across the semi-automated boundary. We design an encoder to abstract data with heap allocation and formalize a refined leak-free memory model based on boolean satisfiability. It can generate SMT-Lib2 format constraints for Rust MIR and is implemented as a Cargo component. We evaluate \u0000<sc>rCanary</small>\u0000 by using flawed package benchmarks collected from the pull requests of open-source Rust projects. The results indicate that it is possible to recall all these defects with acceptable false positives. We further apply our tool to more than 1,200 real-world crates from crates.io and GitHub, identifying 19 crates having memory leaks. Our analyzer is also efficient, that costs 8.4 seconds per package.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"50 9","pages":"2472-2484"},"PeriodicalIF":6.5,"publicationDate":"2024-08-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141980717","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Code summarization aims to automatically generate natural language descriptions for code, and has become a rapidly expanding research area in the past decades. Unfortunately, existing approaches mainly focus on the “one-to-one” mapping from methods to short descriptions, which hinders them from becoming practical tools: 1) The program context is ignored, so they have difficulty in predicting keywords outside the target method; 2) They are typically trained to generate brief function descriptions with only one sentence in length, and therefore have difficulty in providing specific information. These drawbacks are partially due to the limitations of public code summarization datasets. In this paper, we first build a large code summarization dataset including different code contexts and summary content annotations, and then propose a deep learning framework that learns to generate structured code summaries from hybrid program context, named StructCodeSum. It provides both an LLM-based approach and a lightweight approach which are suitable for different scenarios. Given a target method, StructCodeSum predicts its function description, return description, parameter description, and usage description through hybrid code context, and ultimately builds a Javadoc-style code summary. The hybrid code context consists of path context, class context, documentation context and call context of the target method. Extensive experimental results demonstrate: 1) The hybrid context covers more than 70% of the summary tokens in average and significantly boosts the model performance; 2) When generating function descriptions, StructCodeSum outperforms the state-of-the-art approaches by a large margin; 3) According to human evaluation, the quality of the structured summaries generated by our approach is better than the documentation generated by Code Llama.
{"title":"Learning to Generate Structured Code Summaries From Hybrid Code Context","authors":"Ziyi Zhou;Mingchen Li;Huiqun Yu;Guisheng Fan;Penghui Yang;Zijie Huang","doi":"10.1109/TSE.2024.3439562","DOIUrl":"10.1109/TSE.2024.3439562","url":null,"abstract":"Code summarization aims to automatically generate natural language descriptions for code, and has become a rapidly expanding research area in the past decades. Unfortunately, existing approaches mainly focus on the “one-to-one” mapping from methods to short descriptions, which hinders them from becoming practical tools: 1) The program context is ignored, so they have difficulty in predicting keywords outside the target method; 2) They are typically trained to generate brief function descriptions with only one sentence in length, and therefore have difficulty in providing specific information. These drawbacks are partially due to the limitations of public code summarization datasets. In this paper, we first build a large code summarization dataset including different code contexts and summary content annotations, and then propose a deep learning framework that learns to generate structured code summaries from hybrid program context, named StructCodeSum. It provides both an LLM-based approach and a lightweight approach which are suitable for different scenarios. Given a target method, StructCodeSum predicts its function description, return description, parameter description, and usage description through hybrid code context, and ultimately builds a Javadoc-style code summary. The hybrid code context consists of path context, class context, documentation context and call context of the target method. Extensive experimental results demonstrate: 1) The hybrid context covers more than 70% of the summary tokens in average and significantly boosts the model performance; 2) When generating function descriptions, StructCodeSum outperforms the state-of-the-art approaches by a large margin; 3) According to human evaluation, the quality of the structured summaries generated by our approach is better than the documentation generated by Code Llama.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"50 10","pages":"2512-2528"},"PeriodicalIF":6.5,"publicationDate":"2024-08-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141980716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-13DOI: 10.1109/TSE.2024.3443741
SayedHassan Khatoonabadi;Ahmad Abdellatif;Diego Elias Costa;Emad Shihab
The success of a Pull Request (PR) depends on the responsiveness of the maintainers and the contributor during the review process. Being aware of the expected waiting times can lead to better interactions and managed expectations for both the maintainers and the contributor. In this paper, we propose a machine-learning approach to predict the first response latency of the maintainers following the submission of a PR, and the first response latency of the contributor after receiving the first response from the maintainers. We curate a dataset of 20 large and popular open-source projects on GitHub and extract 21 features to characterize projects, contributors, PRs, and review processes. Using these features, we then evaluate seven types of classifiers to identify the best-performing models. We also conduct permutation feature importance and SHAP analyses to understand the importance and the impact of different features on the predicted response latencies. We find that our CatBoost models are the most effective for predicting the first response latencies of both maintainers and contributors. Compared to a dummy classifier that always returns the majority class, these models achieved an average improvement of 29% in AUC-ROC and 51% in AUC-PR for maintainers, as well as 39% in AUC-ROC and 89% in AUC-PR for contributors across the studied projects. The results indicate that our models can aptly predict the first response latencies using the selected features. We also observe that PRs submitted earlier in the week, containing an average number of commits, and with concise descriptions are more likely to receive faster first responses from the maintainers. Similarly, PRs with a lower first response latency from maintainers, that received the first response of maintainers earlier in the week, and containing an average number of commits tend to receive faster first responses from the contributors. Additionally, contributors with a higher acceptance rate and a history of timely responses in the project are likely to both obtain and provide faster first responses. Moreover, we show the effectiveness of our approach in a cross-project setting. Finally, we discuss key guidelines for maintainers, contributors, and researchers to help facilitate the PR review process.
{"title":"Predicting the First Response Latency of Maintainers and Contributors in Pull Requests","authors":"SayedHassan Khatoonabadi;Ahmad Abdellatif;Diego Elias Costa;Emad Shihab","doi":"10.1109/TSE.2024.3443741","DOIUrl":"10.1109/TSE.2024.3443741","url":null,"abstract":"The success of a Pull Request (PR) depends on the responsiveness of the maintainers and the contributor during the review process. Being aware of the expected waiting times can lead to better interactions and managed expectations for both the maintainers and the contributor. In this paper, we propose a machine-learning approach to predict the first response latency of the maintainers following the submission of a PR, and the first response latency of the contributor after receiving the first response from the maintainers. We curate a dataset of 20 large and popular open-source projects on GitHub and extract 21 features to characterize projects, contributors, PRs, and review processes. Using these features, we then evaluate seven types of classifiers to identify the best-performing models. We also conduct permutation feature importance and SHAP analyses to understand the importance and the impact of different features on the predicted response latencies. We find that our CatBoost models are the most effective for predicting the first response latencies of both maintainers and contributors. Compared to a dummy classifier that always returns the majority class, these models achieved an average improvement of 29% in AUC-ROC and 51% in AUC-PR for maintainers, as well as 39% in AUC-ROC and 89% in AUC-PR for contributors across the studied projects. The results indicate that our models can aptly predict the first response latencies using the selected features. We also observe that PRs submitted earlier in the week, containing an average number of commits, and with concise descriptions are more likely to receive faster first responses from the maintainers. Similarly, PRs with a lower first response latency from maintainers, that received the first response of maintainers earlier in the week, and containing an average number of commits tend to receive faster first responses from the contributors. Additionally, contributors with a higher acceptance rate and a history of timely responses in the project are likely to both obtain and provide faster first responses. Moreover, we show the effectiveness of our approach in a cross-project setting. Finally, we discuss key guidelines for maintainers, contributors, and researchers to help facilitate the PR review process.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"50 10","pages":"2529-2543"},"PeriodicalIF":6.5,"publicationDate":"2024-08-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141980758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Large Language Models (LLMs) have demonstrated remarkable potential in code generation. The integration of Chain of Thought (CoT) reasoning can further boost their performance. However, current CoT methods often require manual writing or LLMs with over 100 billion parameters to generate, impeding their applicability in resource-constrained scenarios. In this study, we investigate lightweight Language Models (�$ell$�LMs), which are defined to have fewer than 10 billion parameters. Empirically, we find that most �$ell$�LMs cannot generate high-quality CoTs when prompted by the few-shot method, but can take advantage of high-quality CoTs generated elsewhere to improve their performance in code generation. Based on these findings, we design a novel approach �COTTON� which can leverage �$ell$�LMs to automatically generate CoTs for code generation. We synthesize new datasets and conduct extensive experiments on various benchmarks. The results show that the CoTs generated by �COTTON� outperform the baselines in terms of automated and human evaluation metrics. In particular, the CoTs generated by �COTTON� boost various �$ell$�LMs to achieve higher performance gains than those generated by LLMs such as ChatGLM (130B), and are competitive with those generated by Gemini and gpt-3.5-turbo. The results also reveal that �COTTON� not only improves the performance of �$ell$�LMs, but also enhances the performance of LLMs. Our study showcases the potential of �$ell$�LMs in software engineering applications.
{"title":"Chain-of-Thought in Neural Code Generation: From and for Lightweight Language Models","authors":"Guang Yang;Yu Zhou;Xiang Chen;Xiangyu Zhang;Terry Yue Zhuo;Taolue Chen","doi":"10.1109/TSE.2024.3440503","DOIUrl":"10.1109/TSE.2024.3440503","url":null,"abstract":"Large Language Models (LLMs) have demonstrated remarkable potential in code generation. The integration of Chain of Thought (CoT) reasoning can further boost their performance. However, current CoT methods often require manual writing or LLMs with over 100 billion parameters to generate, impeding their applicability in resource-constrained scenarios. In this study, we investigate lightweight Language Models (\u0000<inline-formula><tex-math>$ell$</tex-math></inline-formula>\u0000LMs), which are defined to have fewer than 10 billion parameters. Empirically, we find that most \u0000<inline-formula><tex-math>$ell$</tex-math></inline-formula>\u0000LMs cannot generate high-quality CoTs when prompted by the few-shot method, but can take advantage of high-quality CoTs generated elsewhere to improve their performance in code generation. Based on these findings, we design a novel approach \u0000<monospace>COTTON</monospace>\u0000 which can leverage \u0000<inline-formula><tex-math>$ell$</tex-math></inline-formula>\u0000LMs to automatically generate CoTs for code generation. We synthesize new datasets and conduct extensive experiments on various benchmarks. The results show that the CoTs generated by \u0000<monospace>COTTON</monospace>\u0000 outperform the baselines in terms of automated and human evaluation metrics. In particular, the CoTs generated by \u0000<monospace>COTTON</monospace>\u0000 boost various \u0000<inline-formula><tex-math>$ell$</tex-math></inline-formula>\u0000LMs to achieve higher performance gains than those generated by LLMs such as ChatGLM (130B), and are competitive with those generated by Gemini and gpt-3.5-turbo. The results also reveal that \u0000<monospace>COTTON</monospace>\u0000 not only improves the performance of \u0000<inline-formula><tex-math>$ell$</tex-math></inline-formula>\u0000LMs, but also enhances the performance of LLMs. Our study showcases the potential of \u0000<inline-formula><tex-math>$ell$</tex-math></inline-formula>\u0000LMs in software engineering applications.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"50 9","pages":"2437-2457"},"PeriodicalIF":6.5,"publicationDate":"2024-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141974084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-09DOI: 10.1109/TSE.2024.3440587
Georgios Kourtis;Clare Dixon;Michael Fisher
We introduce a variant of a formalism appearing in recent work geared towards modelling systems in which a distinguished entity (leader) orchestrates the operation of an arbitrary number of identical entities (followers). Our variant is better suited for the verification of system properties involving complex arithmetic conditions. Whereas the original formalism is translated into a tractable fragment of first-order temporal logic, aiming to utilize automated (first-order temporal logic) theorem provers for verification, our variant is translated into linear integer arithmetic, aiming to utilize satisfiability modulo theories (SMT) solvers for verification. In particular, for any given system specified in our formalism, we prove, for any natural number �n�, the existence of a linear integer arithmetic formula whose models are in one-to-one correspondence with certain counting abstractions (profiles) of executions of the system for �n� time steps. Thus, one is able to verify, for any natural number �n�, that all executions for �n� time steps of any such system have a given property by establishing that said formula logically entails the property. To highlight the practical utility of our approach, we specify and verify three consensus protocols, actively used in distributed database systems and low-power wireless networks.
我们介绍了近期工作中出现的一种形式主义的变体,该形式主义针对的是一个杰出实体(领导者)协调任意数量相同实体(追随者)运行的系统建模。我们的变体更适合验证涉及复杂运算条件的系统属性。原形式主义被转化为一阶时态逻辑的可控片段,目的是利用自动(一阶时态逻辑)定理证明器进行验证,而我们的变体被转化为线性整数运算,目的是利用可满足性模态理论(SMT)求解器进行验证。具体地说,对于我们的形式主义中指定的任何给定系统,对于任何自然数 n,我们都能证明线性整数算术公式的存在,该公式的模型与系统在 n 个时间步长内执行的某些计数抽象(轮廓)一一对应。因此,对于任何自然数 n,我们都可以通过确定上述公式在逻辑上蕴含了某一属性,来验证任何此类系统在 n 个时间步长内的所有执行都具有该属性。为了突出我们方法的实用性,我们指定并验证了分布式数据库系统和低功耗无线网络中常用的三种共识协议。
{"title":"Parameterized Verification of Leader/Follower Systems via Arithmetic Constraints","authors":"Georgios Kourtis;Clare Dixon;Michael Fisher","doi":"10.1109/TSE.2024.3440587","DOIUrl":"10.1109/TSE.2024.3440587","url":null,"abstract":"We introduce a variant of a formalism appearing in recent work geared towards modelling systems in which a distinguished entity (leader) orchestrates the operation of an arbitrary number of identical entities (followers). Our variant is better suited for the verification of system properties involving complex arithmetic conditions. Whereas the original formalism is translated into a tractable fragment of first-order temporal logic, aiming to utilize automated (first-order temporal logic) theorem provers for verification, our variant is translated into linear integer arithmetic, aiming to utilize satisfiability modulo theories (SMT) solvers for verification. In particular, for any given system specified in our formalism, we prove, for any natural number \u0000<italic>n</i>\u0000, the existence of a linear integer arithmetic formula whose models are in one-to-one correspondence with certain counting abstractions (profiles) of executions of the system for \u0000<italic>n</i>\u0000 time steps. Thus, one is able to verify, for any natural number \u0000<italic>n</i>\u0000, that all executions for \u0000<italic>n</i>\u0000 time steps of any such system have a given property by establishing that said formula logically entails the property. To highlight the practical utility of our approach, we specify and verify three consensus protocols, actively used in distributed database systems and low-power wireless networks.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"50 9","pages":"2458-2471"},"PeriodicalIF":6.5,"publicationDate":"2024-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10632563","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141910269","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-06DOI: 10.1109/TSE.2024.3439002
Diego Clerissi;Giovanni Denaro;Marco Mobilio;Leonardo Mariani
The generation of syntactically and semantically valid input data, able to exercise functionalities imposing constraints on the validity of the inputs, is a key challenge in automatic GUI (Graphical User Interface) testing. Existing test case generation techniques often rely on manually curated catalogs of values, although they might require significant effort to be created and maintained, and could hardly scale to applications with several input forms. Alternatively, it is possible to extract values from external data sources, such as the Web or publicly available knowledge bases. However, external sources are unlikely to provide the domain-specific and application-specific data that are often required to thoroughly exercise applications. This paper proposes �DBInputs�, a novel approach that automatically identifies domain-specific and application-specific inputs to effectively fulfill the validity constraints present in the tested GUI screens. The approach exploits syntactic and semantic similarities between the identifiers of the input fields shown on GUI screens and those of the tables of the target GUI application database, and extracts valid inputs from such database, automatically resolving the mismatch between the user interface and the database schema. �DBInputs� can properly cope with system testing and maintenance testing efforts, since databases are naturally and inexpensively available in those phases. Our experiments with 4 Web applications and 11 Mobile apps provide evidence that �DBInputs� can outperform techniques like random input selection and �Link�, a competing approach for searching inputs from knowledge bases, in both Web and Mobile domains.
{"title":"DBInputs: Exploiting Persistent Data to Improve Automated GUI Testing","authors":"Diego Clerissi;Giovanni Denaro;Marco Mobilio;Leonardo Mariani","doi":"10.1109/TSE.2024.3439002","DOIUrl":"10.1109/TSE.2024.3439002","url":null,"abstract":"The generation of syntactically and semantically valid input data, able to exercise functionalities imposing constraints on the validity of the inputs, is a key challenge in automatic GUI (Graphical User Interface) testing. Existing test case generation techniques often rely on manually curated catalogs of values, although they might require significant effort to be created and maintained, and could hardly scale to applications with several input forms. Alternatively, it is possible to extract values from external data sources, such as the Web or publicly available knowledge bases. However, external sources are unlikely to provide the domain-specific and application-specific data that are often required to thoroughly exercise applications. This paper proposes \u0000<sc>DBInputs</small>\u0000, a novel approach that automatically identifies domain-specific and application-specific inputs to effectively fulfill the validity constraints present in the tested GUI screens. The approach exploits syntactic and semantic similarities between the identifiers of the input fields shown on GUI screens and those of the tables of the target GUI application database, and extracts valid inputs from such database, automatically resolving the mismatch between the user interface and the database schema. \u0000<sc>DBInputs</small>\u0000 can properly cope with system testing and maintenance testing efforts, since databases are naturally and inexpensively available in those phases. Our experiments with 4 Web applications and 11 Mobile apps provide evidence that \u0000<sc>DBInputs</small>\u0000 can outperform techniques like random input selection and \u0000<sc>Link</small>\u0000, a competing approach for searching inputs from knowledge bases, in both Web and Mobile domains.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"50 9","pages":"2412-2436"},"PeriodicalIF":6.5,"publicationDate":"2024-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10624678","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141899593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Context-free language (CFL) reachability is a fundamental framework for formulating program analyses. CFL-reachability analysis works on top of an edge-labeled graph by deriving reachability relations and adding them as labeled edges to the graph. Existing CFL-reachability algorithms typically adopt a single-reachability relation derivation (SRD) strategy, i.e., one reachability relation is derived at a time. Unfortunately, this strategy can lead to redundancy, hindering the efficiency of the analysis. To address this problem, this paper proposes �Pearl�, a �multi-derivation� approach that reduces derivation redundancy for CFL-reachability solving, which significantly improves the efficiency of CFL-reachability analysis. Our key insight is that multiple edges can be simultaneously derived via batch propagation of reachability relations. We also tailor our multi-derivation approach to tackle transitive relations that frequently arise when solving CFL-reachability. Specifically, we present a highly efficient transitive-aware variant, �PearlPG�, which enhances �Pearl� with �propagation graphs�, a lightweight but effective graph representation, to further diminish redundant derivations. We evaluate the performance of our approach on two clients, i.e., context-sensitive value-flow analysis and field-sensitive alias analysis for C/C++. By eliminating a large amount of redundancy, our approach outperforms two baselines including the standard CFL-reachability algorithm and a state-of-the-art solver �Pocr� specialized for fast transitivity solving. In particular, the empirical results demonstrate that, for value-flow analysis and alias analysis respectively, �PearlPG� runs 3.09�$times$� faster on average (up to 4.44�$times$�) and 2.25�$times$� faster on average (up to 3.31�$times$�) than �Pocr�, while also consuming less memory.
{"title":"Pearl: A Multi-Derivation Approach to Efficient CFL-Reachability Solving","authors":"Chenghang Shi;Haofeng Li;Yulei Sui;Jie Lu;Lian Li;Jingling Xue","doi":"10.1109/TSE.2024.3437684","DOIUrl":"10.1109/TSE.2024.3437684","url":null,"abstract":"Context-free language (CFL) reachability is a fundamental framework for formulating program analyses. CFL-reachability analysis works on top of an edge-labeled graph by deriving reachability relations and adding them as labeled edges to the graph. Existing CFL-reachability algorithms typically adopt a single-reachability relation derivation (SRD) strategy, i.e., one reachability relation is derived at a time. Unfortunately, this strategy can lead to redundancy, hindering the efficiency of the analysis. To address this problem, this paper proposes \u0000<small>Pearl</small>\u0000, a \u0000<i>multi-derivation</i>\u0000 approach that reduces derivation redundancy for CFL-reachability solving, which significantly improves the efficiency of CFL-reachability analysis. Our key insight is that multiple edges can be simultaneously derived via batch propagation of reachability relations. We also tailor our multi-derivation approach to tackle transitive relations that frequently arise when solving CFL-reachability. Specifically, we present a highly efficient transitive-aware variant, \u0000<small>Pearl<sup>PG</sup></small>\u0000, which enhances \u0000<small>Pearl</small>\u0000 with \u0000<i>propagation graphs</i>\u0000, a lightweight but effective graph representation, to further diminish redundant derivations. We evaluate the performance of our approach on two clients, i.e., context-sensitive value-flow analysis and field-sensitive alias analysis for C/C++. By eliminating a large amount of redundancy, our approach outperforms two baselines including the standard CFL-reachability algorithm and a state-of-the-art solver \u0000<small>Pocr</small>\u0000 specialized for fast transitivity solving. In particular, the empirical results demonstrate that, for value-flow analysis and alias analysis respectively, \u0000<small>Pearl<sup>PG</sup></small>\u0000 runs 3.09\u0000<inline-formula><tex-math>$times$</tex-math></inline-formula>\u0000 faster on average (up to 4.44\u0000<inline-formula><tex-math>$times$</tex-math></inline-formula>\u0000) and 2.25\u0000<inline-formula><tex-math>$times$</tex-math></inline-formula>\u0000 faster on average (up to 3.31\u0000<inline-formula><tex-math>$times$</tex-math></inline-formula>\u0000) than \u0000<small>Pocr</small>\u0000, while also consuming less memory.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"50 9","pages":"2379-2397"},"PeriodicalIF":6.5,"publicationDate":"2024-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141895696","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-05DOI: 10.1109/TSE.2024.3438119
Aniruddhan Murali;Mahmoud Alfadel;Meiyappan Nagappan;Meng Xu;Chengnian Sun
Memory leak bugs are a major problem in C/C++ programs. They occur when memory objects are not deallocated. Developers need to manually deallocate these objects to prevent memory leaks. As such, several techniques have been proposed to automatically fix memory leaks. Although proposed approaches have merit in automatically fixing memory leaks, they present limitations. Static-based approaches attempt to trace the complete semantics of memory object across all paths. However, they have scalability-related challenges when the target program has a large number of paths (path explosion). On the other hand, dynamic approaches can spell out precise semantics of memory object only on a single execution path (it does not consider multiple execution paths). In this paper, we complement prior approaches by designing and implementing a novel framework named �AddressWatcher�. AddressWatcher allows the semantics of a memory object to be tracked on multiple execution paths. Addresswatcher accomplishes this by using a leak database that allows one to store and compare different execution paths of a leak over several test cases. Also, AddressWatcher performs lightweight instrumentation during compile time that is utilized during the program execution to watch and track memory leak read/writes. We conduct an evaluation of AddressWatcher over five popular packages, namely binutils, openssh, tmux, openssl and git. In 23 out of 50 real-world memory leak bugs, AddressWatcher correctly points to a free location to fix memory leaks. Finally, we submit 25 Pull Requests across 12 popular OSS repositories using AddressWatcher suggestions. Among these, 21 were merged leading to 5 open issues being addressed. In fact, our critical fix prompted a new version release for the calc repository, a program used to find large primes. Furthermore, our contributions through these PRs sparked intense discussions and appreciation in various repositories such as coturn, h2o, and radare2.
{"title":"AddressWatcher: Sanitizer-Based Localization of Memory Leak Fixes","authors":"Aniruddhan Murali;Mahmoud Alfadel;Meiyappan Nagappan;Meng Xu;Chengnian Sun","doi":"10.1109/TSE.2024.3438119","DOIUrl":"10.1109/TSE.2024.3438119","url":null,"abstract":"Memory leak bugs are a major problem in C/C++ programs. They occur when memory objects are not deallocated. Developers need to manually deallocate these objects to prevent memory leaks. As such, several techniques have been proposed to automatically fix memory leaks. Although proposed approaches have merit in automatically fixing memory leaks, they present limitations. Static-based approaches attempt to trace the complete semantics of memory object across all paths. However, they have scalability-related challenges when the target program has a large number of paths (path explosion). On the other hand, dynamic approaches can spell out precise semantics of memory object only on a single execution path (it does not consider multiple execution paths). In this paper, we complement prior approaches by designing and implementing a novel framework named \u0000<italic>AddressWatcher</i>\u0000. AddressWatcher allows the semantics of a memory object to be tracked on multiple execution paths. Addresswatcher accomplishes this by using a leak database that allows one to store and compare different execution paths of a leak over several test cases. Also, AddressWatcher performs lightweight instrumentation during compile time that is utilized during the program execution to watch and track memory leak read/writes. We conduct an evaluation of AddressWatcher over five popular packages, namely binutils, openssh, tmux, openssl and git. In 23 out of 50 real-world memory leak bugs, AddressWatcher correctly points to a free location to fix memory leaks. Finally, we submit 25 Pull Requests across 12 popular OSS repositories using AddressWatcher suggestions. Among these, 21 were merged leading to 5 open issues being addressed. In fact, our critical fix prompted a new version release for the calc repository, a program used to find large primes. Furthermore, our contributions through these PRs sparked intense discussions and appreciation in various repositories such as coturn, h2o, and radare2.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"50 9","pages":"2398-2411"},"PeriodicalIF":6.5,"publicationDate":"2024-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141895639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-05DOI: 10.1109/TSE.2024.3437355
Anda Liang;Emerson Murphy-Hill;Westley Weimer;Yu Huang
Online platforms and communities are a critical part of modern software engineering, yet are often affected by human biases. While previous studies investigated human biases and their potential harms against the efficiency and fairness of online communities, they have mainly focused on the open source and �Q & A� platforms, such as �GitHub� and �Stack Overflow�, but overlooked the audience-focused online platforms for delivering programming and SE-related technical articles, where millions of software engineering practitioners share, seek for, and learn from high-quality software engineering articles (i.e., �technical articles� for SE). Furthermore, most of the previous work has revealed gender and race bias, but we have little knowledge about the effect of age on software engineering practice. In this paper, we propose to investigate the effect of authors’ demographic information (gender and age) on the evaluation of technical articles on software engineering and potential behavioral differences among participants. We conducted a survey-based and controlled human study and collected responses from 540 participants to investigate developers’ evaluation of technical articles for software engineering. By controlling the gender and age of the author profiles of technical articles for SE, we found that raters tend to have more positive content depth evaluations for younger male authors when compared to older male authors and that male participants conduct technical article evaluations faster than female participants, consistent with prior study findings. Surprisingly, different from other software engineering evaluation activities (e.g., code review, pull request, etc.), we did not find a significant difference in the genders of authors on the evaluation outcome of technical articles in SE.
在线平台和社区是现代软件工程的重要组成部分,但往往受到人为偏见的影响。虽然以往的研究调查了人为偏见及其对在线社区的效率和公平性的潜在危害,但这些研究主要集中在开源和 Q & A 平台,如 GitHub 和 Stack Overflow,却忽略了以受众为中心的在线平台,这些平台提供编程和 SE 相关的技术文章,数百万软件工程从业人员在这些平台上分享、寻求和学习高质量的软件工程文章(即 SE 技术文章)。此外,以前的工作大多揭示了性别和种族偏见,但我们对年龄对软件工程实践的影响知之甚少。在本文中,我们拟研究作者的人口统计学信息(性别和年龄)对软件工程技术文章评价的影响,以及参与者之间潜在的行为差异。我们开展了一项以调查为基础的对照人类研究,收集了 540 名参与者的回答,以调查开发人员对软件工程技术文章的评价。通过控制软件工程技术文章作者的性别和年龄,我们发现,与年长的男性作者相比,评分者倾向于对年轻男性作者的内容深度做出更积极的评价,而且男性参与者比女性参与者更快地进行技术文章评价,这与之前的研究结果一致。令人惊讶的是,与其他软件工程评估活动(如代码审查、拉取请求等)不同,我们没有发现作者性别在 SE 技术文章评估结果上的显著差异。
{"title":"A Controlled Experiment in Age and Gender Bias When Reading Technical Articles in Software Engineering","authors":"Anda Liang;Emerson Murphy-Hill;Westley Weimer;Yu Huang","doi":"10.1109/TSE.2024.3437355","DOIUrl":"10.1109/TSE.2024.3437355","url":null,"abstract":"Online platforms and communities are a critical part of modern software engineering, yet are often affected by human biases. While previous studies investigated human biases and their potential harms against the efficiency and fairness of online communities, they have mainly focused on the open source and \u0000<italic>Q & A</i>\u0000 platforms, such as \u0000<italic>GitHub</i>\u0000 and \u0000<italic>Stack Overflow</i>\u0000, but overlooked the audience-focused online platforms for delivering programming and SE-related technical articles, where millions of software engineering practitioners share, seek for, and learn from high-quality software engineering articles (i.e., \u0000<italic>technical articles</i>\u0000 for SE). Furthermore, most of the previous work has revealed gender and race bias, but we have little knowledge about the effect of age on software engineering practice. In this paper, we propose to investigate the effect of authors’ demographic information (gender and age) on the evaluation of technical articles on software engineering and potential behavioral differences among participants. We conducted a survey-based and controlled human study and collected responses from 540 participants to investigate developers’ evaluation of technical articles for software engineering. By controlling the gender and age of the author profiles of technical articles for SE, we found that raters tend to have more positive content depth evaluations for younger male authors when compared to older male authors and that male participants conduct technical article evaluations faster than female participants, consistent with prior study findings. Surprisingly, different from other software engineering evaluation activities (e.g., code review, pull request, etc.), we did not find a significant difference in the genders of authors on the evaluation outcome of technical articles in SE.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"50 10","pages":"2498-2511"},"PeriodicalIF":6.5,"publicationDate":"2024-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10623245","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141895697","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-01DOI: 10.1109/TSE.2024.3436623
Zheng Li;Nicolás Saldías-Vallejos;Diego Seco;María Andrea Rodríguez;Rajiv Ranjan
Microservices architecture advocates decentralized data ownership for building software systems. Particularly, in the Database per Service pattern, each microservice is supposed to maintain its own database and to handle the data related to its functionality. When implementing microservices in practice, however, there seems to be a paradox: The de facto technology (i.e., containerization) for microservice implementation is claimed to be unsuitable for the microservice component (i.e., database) in production environments, mainly due to the data persistence issues (e.g., dangling volumes) and security concerns. As a result, the existing discussions generally suggest replacing database containers with cloud database services, while leaving the on-premises microservice implementation out of consideration. After identifying three statelessness-dominant application scenarios, we proposed container-native data persistence as a conditional solution to enable resilient database containers in production. In essence, this data persistence solution distinguishes stateless data access (i.e., reading) from stateful data processing (i.e., creating, updating, and deleting), and thus it aims at the development of stateless microservices for suitable applications. In addition to developing our proposal, this research is particularly focused on its validation, via prototyping the solution and evaluating its performance, and via applying this solution to two real-world microservice applications. From the industrial perspective, the validation results have proved the feasibility, usability, and efficiency of fully containerized microservices for production in applicable situations. From the academic perspective, this research has shed light on the operation-side micro-optimization of individual microservices, which fundamentally expands the scope of “software micro-optimization” and reveals new research opportunities.
{"title":"Long Live the Image: On Enabling Resilient Production Database Containers for Microservice Applications","authors":"Zheng Li;Nicolás Saldías-Vallejos;Diego Seco;María Andrea Rodríguez;Rajiv Ranjan","doi":"10.1109/TSE.2024.3436623","DOIUrl":"10.1109/TSE.2024.3436623","url":null,"abstract":"Microservices architecture advocates decentralized data ownership for building software systems. Particularly, in the Database per Service pattern, each microservice is supposed to maintain its own database and to handle the data related to its functionality. When implementing microservices in practice, however, there seems to be a paradox: The de facto technology (i.e., containerization) for microservice implementation is claimed to be unsuitable for the microservice component (i.e., database) in production environments, mainly due to the data persistence issues (e.g., dangling volumes) and security concerns. As a result, the existing discussions generally suggest replacing database containers with cloud database services, while leaving the on-premises microservice implementation out of consideration. After identifying three statelessness-dominant application scenarios, we proposed container-native data persistence as a conditional solution to enable resilient database containers in production. In essence, this data persistence solution distinguishes stateless data access (i.e., reading) from stateful data processing (i.e., creating, updating, and deleting), and thus it aims at the development of stateless microservices for suitable applications. In addition to developing our proposal, this research is particularly focused on its validation, via prototyping the solution and evaluating its performance, and via applying this solution to two real-world microservice applications. From the industrial perspective, the validation results have proved the feasibility, usability, and efficiency of fully containerized microservices for production in applicable situations. From the academic perspective, this research has shed light on the operation-side micro-optimization of individual microservices, which fundamentally expands the scope of “software micro-optimization” and reveals new research opportunities.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"50 9","pages":"2363-2378"},"PeriodicalIF":6.5,"publicationDate":"2024-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141877537","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: