首页 > 最新文献

2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)最新文献

英文 中文
Decoding Grounded Theory for Software Engineering 软件工程译码接地理论
Rashina Hoda
Grounded Theory, while becoming increasingly popular in software engineering, is also one of the most misunderstood, misused, and poorly presented and evaluated method in software engineering. When applied well, GT results in dense and valuable explanations of how and why phenomena occur in practice. GT can be applied as a full research method leading to mature theories and also in limited capacity for data analysis within other methods, using its robust open coding and constant comparison procedures. This technical briefing will go through the social origins of GT, present examples of grounded theories developed in SE, discuss the key challenges SE researchers face, and provide a gentle introduction to socio-technical grounded theory, a variant of GT for software engineering research.
扎根理论虽然在软件工程中越来越流行,但也是软件工程中最容易被误解、误用、表现和评估不佳的方法之一。如果应用得当,GT可以对实践中现象的发生方式和原因做出密集而有价值的解释。GT可以作为一种完整的研究方法,导致理论成熟,但在其他方法中数据分析能力有限,因为它具有鲁棒的开放编码和不断的比较过程。本技术简报将介绍GT的社会起源,展示在SE中发展的扎根理论的例子,讨论SE研究人员面临的关键挑战,并提供社会技术扎根理论的温和介绍,这是软件工程研究中GT的一个变体。
{"title":"Decoding Grounded Theory for Software Engineering","authors":"Rashina Hoda","doi":"10.1109/ICSE-Companion52605.2021.00139","DOIUrl":"https://doi.org/10.1109/ICSE-Companion52605.2021.00139","url":null,"abstract":"Grounded Theory, while becoming increasingly popular in software engineering, is also one of the most misunderstood, misused, and poorly presented and evaluated method in software engineering. When applied well, GT results in dense and valuable explanations of how and why phenomena occur in practice. GT can be applied as a full research method leading to mature theories and also in limited capacity for data analysis within other methods, using its robust open coding and constant comparison procedures. This technical briefing will go through the social origins of GT, present examples of grounded theories developed in SE, discuss the key challenges SE researchers face, and provide a gentle introduction to socio-technical grounded theory, a variant of GT for software engineering research.","PeriodicalId":136929,"journal":{"name":"2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"127 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132751237","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Artifact for Improving Fault Localization by Integrating Value and Predicate Based Causal Inference Techniques 结合基于值和谓词的因果推理技术改进故障定位的工件
Yigit Küçük, Tim A. D. Henderson, Andy Podgurski
This work presents an overview of the artifact for the paper titled "Improving Fault Localization by Integrating Value and Predicate Based Causal Inference Techniques". The artifact was implemented in a virtual machine and includes the scripts for the UniVal algorithm for fault localization employing the Defects4J test suite. Technical information about the individual components for the artifact's repository as well as guidance on the necessary documentation for utilizing the software is provided.
这项工作概述了题为“通过整合基于值和谓词的因果推理技术来改进故障定位”的论文中的工件。该工件是在虚拟机中实现的,并且包含使用缺陷4j测试套件进行故障定位的UniVal算法的脚本。提供了关于工件存储库的各个组件的技术信息,以及关于使用软件的必要文档的指导。
{"title":"Artifact for Improving Fault Localization by Integrating Value and Predicate Based Causal Inference Techniques","authors":"Yigit Küçük, Tim A. D. Henderson, Andy Podgurski","doi":"10.1109/ICSE-Companion52605.2021.00078","DOIUrl":"https://doi.org/10.1109/ICSE-Companion52605.2021.00078","url":null,"abstract":"This work presents an overview of the artifact for the paper titled \"Improving Fault Localization by Integrating Value and Predicate Based Causal Inference Techniques\". The artifact was implemented in a virtual machine and includes the scripts for the UniVal algorithm for fault localization employing the Defects4J test suite. Technical information about the individual components for the artifact's repository as well as guidance on the necessary documentation for utilizing the software is provided.","PeriodicalId":136929,"journal":{"name":"2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132964022","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
RUSTInA: Automatically Checking and Patching Inline Assembly Interface Compliance (Artifact Evaluation): Accepted submission #992 – “Interface Compliance of Inline Assembly: Automatically Check, Patch and Refine” 自动检查和修补内联装配接口合规性(工件评估):已接受提交#992 -“内联装配接口合规性:自动检查,修补和改进”
Frédéric Recoules, Sébastien Bardin, Richard Bonichon, Matthieu Lemerre, L. Mounier, Marie-Laure Potet
The main goal of the artifact is to support the experimental claims of the paper #992 "Interface Compliance of Inline As-sembly: Automatically Check, Patch and Refine" by making both the prototype and data availableto the community. The expected result is the same output as the figures given in Table I and Table IV (appendix C) of the paper. In addition, we hope the released snapshot of our prototype is simple, documented and robust enough to have some uses for people dealing withinline assembly.
工件的主要目标是通过使原型和数据对社区可用来支持论文#992“Inline as - assembly的接口遵从性:自动检查、修补和改进”的实验声明。预期结果与本文表一和表四(附录C)给出的数字相同。此外,我们希望发布的原型快照是简单的,有文档记录的,并且足够健壮,可以让人们使用内联汇编。
{"title":"RUSTInA: Automatically Checking and Patching Inline Assembly Interface Compliance (Artifact Evaluation): Accepted submission #992 – “Interface Compliance of Inline Assembly: Automatically Check, Patch and Refine”","authors":"Frédéric Recoules, Sébastien Bardin, Richard Bonichon, Matthieu Lemerre, L. Mounier, Marie-Laure Potet","doi":"10.1109/ICSE-Companion52605.2021.00089","DOIUrl":"https://doi.org/10.1109/ICSE-Companion52605.2021.00089","url":null,"abstract":"The main goal of the artifact is to support the experimental claims of the paper #992 \"Interface Compliance of Inline As-sembly: Automatically Check, Patch and Refine\" by making both the prototype and data availableto the community. The expected result is the same output as the figures given in Table I and Table IV (appendix C) of the paper. In addition, we hope the released snapshot of our prototype is simple, documented and robust enough to have some uses for people dealing withinline assembly.","PeriodicalId":136929,"journal":{"name":"2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130170710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Explainable Just-In-Time Bug Prediction: Are We There Yet? 可解释的即时漏洞预测:我们做到了吗?
Reem Aleithan
Explaining the prediction results of software bug prediction models is a challenging task, which can provide useful information for developers to understand and fix the predicted bugs. Recently, Jirayus et al.'s proposed to use two model-agnostic techniques (i.e., LIME and iBreakDown) to explain the prediction results of bug prediction models. Although their experiments on file-level bug prediction show promising results, the performance of these techniques on explaining the results of just-in-time (i.e., change-level) bug prediction is unknown. This paper conducts the first empirical study to explore the explainability of these model-agnostic techniques on just-in-time bug prediction models. Specifically, this study takes a three-step approach, 1) replicating previously widely used just-in-time bug prediction models, 2) applying Local Interpretability Model-agnostic Explanation Technique (LIME) and iBreakDown on the prediction results, and 3) manually evaluating the explanations for buggy instances (i.e. positive predictions) against the root cause of the bugs. The results of our experiment show that LIME and iBreakDown fail to explain defect prediction explanations for just-in-time bug prediction models, unlike file-level. This paper urges for new approaches for explaining the results of just-in-time bug prediction models.
解释软件bug预测模型的预测结果是一项具有挑战性的任务,它可以为开发人员理解和修复预测的bug提供有用的信息。最近,Jirayus等人提出使用两种模型不可知技术(即LIME和iBreakDown)来解释bug预测模型的预测结果。尽管他们在文件级bug预测上的实验显示了有希望的结果,但这些技术在解释即时(即更改级)bug预测结果方面的性能是未知的。本文首次进行了实证研究,探讨了这些模型不可知技术对即时缺陷预测模型的可解释性。具体来说,本研究采取了三步走的方法,1)复制以前广泛使用的即时错误预测模型,2)对预测结果应用局部可解释性模型不可知解释技术(LIME)和iBreakDown, 3)针对错误的根本原因手动评估错误实例的解释(即积极预测)。我们的实验结果表明,与文件级不同,LIME和iBreakDown无法解释即时错误预测模型的缺陷预测解释。本文敦促采用新的方法来解释即时错误预测模型的结果。
{"title":"Explainable Just-In-Time Bug Prediction: Are We There Yet?","authors":"Reem Aleithan","doi":"10.1109/ICSE-Companion52605.2021.00056","DOIUrl":"https://doi.org/10.1109/ICSE-Companion52605.2021.00056","url":null,"abstract":"Explaining the prediction results of software bug prediction models is a challenging task, which can provide useful information for developers to understand and fix the predicted bugs. Recently, Jirayus et al.'s proposed to use two model-agnostic techniques (i.e., LIME and iBreakDown) to explain the prediction results of bug prediction models. Although their experiments on file-level bug prediction show promising results, the performance of these techniques on explaining the results of just-in-time (i.e., change-level) bug prediction is unknown. This paper conducts the first empirical study to explore the explainability of these model-agnostic techniques on just-in-time bug prediction models. Specifically, this study takes a three-step approach, 1) replicating previously widely used just-in-time bug prediction models, 2) applying Local Interpretability Model-agnostic Explanation Technique (LIME) and iBreakDown on the prediction results, and 3) manually evaluating the explanations for buggy instances (i.e. positive predictions) against the root cause of the bugs. The results of our experiment show that LIME and iBreakDown fail to explain defect prediction explanations for just-in-time bug prediction models, unlike file-level. This paper urges for new approaches for explaining the results of just-in-time bug prediction models.","PeriodicalId":136929,"journal":{"name":"2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131517434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Anomaly Detection in Scratch Assignments 划痕分配中的异常检测
Nina Körber
For teachers, automated tool support for debugging and assessing their students' programming assignments is a great help in their everyday business. For block-based programming languages which are commonly used to introduce younger learners to programming, testing frameworks and other software analysis tools exist, but require manual work such as writing test suites or formal specifications. However, most of the teachers using languages like Scratch are not trained for or experienced in this kind of task. Linters do not require manual work but are limited to generic bugs and therefore miss potential task-specific bugs in student solutions. In prior work, we proposed the use of anomaly detection to find project-specific bugs in sets of student programming assignments automatically, without any additional manual labour required from the teachers' side. Evaluation on student solutions for typical programming assignments showed that anomaly detection is a reliable way to locate bugs in a data set of student programs. In this paper, we enhance our initial approach by lowering the abstraction level. The results suggest that the lower abstraction level can focus anomaly detection on the relevant parts of the programs.
对于教师来说,用于调试和评估学生编程作业的自动化工具支持在他们的日常业务中是一个很大的帮助。对于通常用于向年轻学习者介绍编程的基于块的编程语言,存在测试框架和其他软件分析工具,但需要手工工作,例如编写测试套件或正式规范。然而,大多数使用Scratch等语言的教师都没有接受过此类任务的培训或经验。linter不需要手工操作,但仅限于通用错误,因此会错过学生解决方案中潜在的特定于任务的错误。在之前的工作中,我们建议使用异常检测来自动查找学生编程作业中特定于项目的错误,而不需要教师方面进行任何额外的手工劳动。对典型编程作业的学生解决方案的评估表明,异常检测是一种在学生程序数据集中定位错误的可靠方法。在本文中,我们通过降低抽象级别来增强我们的初始方法。结果表明,较低的抽象层次可以将异常检测集中在程序的相关部分。
{"title":"Anomaly Detection in Scratch Assignments","authors":"Nina Körber","doi":"10.1109/ICSE-Companion52605.2021.00050","DOIUrl":"https://doi.org/10.1109/ICSE-Companion52605.2021.00050","url":null,"abstract":"For teachers, automated tool support for debugging and assessing their students' programming assignments is a great help in their everyday business. For block-based programming languages which are commonly used to introduce younger learners to programming, testing frameworks and other software analysis tools exist, but require manual work such as writing test suites or formal specifications. However, most of the teachers using languages like Scratch are not trained for or experienced in this kind of task. Linters do not require manual work but are limited to generic bugs and therefore miss potential task-specific bugs in student solutions. In prior work, we proposed the use of anomaly detection to find project-specific bugs in sets of student programming assignments automatically, without any additional manual labour required from the teachers' side. Evaluation on student solutions for typical programming assignments showed that anomaly detection is a reliable way to locate bugs in a data set of student programs. In this paper, we enhance our initial approach by lowering the abstraction level. The results suggest that the lower abstraction level can focus anomaly detection on the relevant parts of the programs.","PeriodicalId":136929,"journal":{"name":"2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134071606","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Data and Materials for: Why Don’t Developers Detect Improper Input Validation?'; DROP TABLE Papers; -- 数据和材料:为什么开发人员不检测不正确的输入验证?放下桌子上的纸;--
Larissa Braz, Enrico Fregnan, G. Çalikli, Alberto Bacchelli
Improper Input Validation (IIV) is a dangerous software vulnerability that occurs when a system does not safely handle input data. Although IIV is easy to detect and fix, it still commonly happens in practice; so, why do developers not recognize IIV? Answering this question is key to understand how to support developers in creating secure software systems. In our work, we studied to what extent developers can detect IIV and investigate underlying reasons. To do so, we conducted an online experiment with 146 software developers. In this document, we explain how to obtain the artifact package of our study, the artifact material, and how to use the artifacts.
当系统不能安全地处理输入数据时,不正确的输入验证(IIV)是一个危险的软件漏洞。虽然iv很容易检测和修复,但在实践中仍然经常发生;那么,为什么开发者不承认IIV呢?回答这个问题是理解如何支持开发人员创建安全软件系统的关键。在我们的工作中,我们研究了开发人员可以在多大程度上检测到iv并调查潜在的原因。为此,我们对146名软件开发人员进行了在线实验。在本文档中,我们将解释如何获得我们研究的工件包、工件材料以及如何使用工件。
{"title":"Data and Materials for: Why Don’t Developers Detect Improper Input Validation?'; DROP TABLE Papers; --","authors":"Larissa Braz, Enrico Fregnan, G. Çalikli, Alberto Bacchelli","doi":"10.1109/ICSE-Companion52605.2021.00090","DOIUrl":"https://doi.org/10.1109/ICSE-Companion52605.2021.00090","url":null,"abstract":"Improper Input Validation (IIV) is a dangerous software vulnerability that occurs when a system does not safely handle input data. Although IIV is easy to detect and fix, it still commonly happens in practice; so, why do developers not recognize IIV? Answering this question is key to understand how to support developers in creating secure software systems. In our work, we studied to what extent developers can detect IIV and investigate underlying reasons. To do so, we conducted an online experiment with 146 software developers. In this document, we explain how to obtain the artifact package of our study, the artifact material, and how to use the artifacts.","PeriodicalId":136929,"journal":{"name":"2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131211481","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Shipwright: A Human-in-the-Loop System for Dockerfile Repair 船匠:用于码头文件修复的人在循环系统
Jordan Henkel, Denini Silva, Leopoldo Teixeira, Marcelo d’Amorim, T. Reps
Shipwright is a human-in-the-loop system for Dockerfile repair. In this artifact, we provide the data, tools, and scripts necessary to allow others to run our experiments (either in full, or reduced versions where necessary). In particular, we provide code and data corresponding to each of the four research questions we answered in the Shipwright paper.
Shipwright是一个用于Dockerfile修复的人在循环系统。在这个工件中,我们提供了必要的数据、工具和脚本,以允许其他人运行我们的实验(在必要的情况下,可以是完整版本,也可以是缩减版本)。特别是,我们提供了对应于我们在Shipwright论文中回答的四个研究问题的代码和数据。
{"title":"Shipwright: A Human-in-the-Loop System for Dockerfile Repair","authors":"Jordan Henkel, Denini Silva, Leopoldo Teixeira, Marcelo d’Amorim, T. Reps","doi":"10.1109/ICSE-Companion52605.2021.00087","DOIUrl":"https://doi.org/10.1109/ICSE-Companion52605.2021.00087","url":null,"abstract":"Shipwright is a human-in-the-loop system for Dockerfile repair. In this artifact, we provide the data, tools, and scripts necessary to allow others to run our experiments (either in full, or reduced versions where necessary). In particular, we provide code and data corresponding to each of the four research questions we answered in the Shipwright paper.","PeriodicalId":136929,"journal":{"name":"2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124848448","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Microservice-Based Performance Problem Detection in Cyber-Physical System Software Updates 基于微服务的信息物理系统软件更新性能问题检测
A. Gartziandia
Software embedded in Cyber-Physical Systems (CPSs) usually has a large life-cycle and is continuously evolving. The increasing expansion of IoT and CPSs has highlighted the need for additional mechanisms for remote deployment and updating of this software, to ensure its correct behaviour. Performance problems require special attention, as they may appear in operation due to limitations in lab testing and environmental conditions. In this context, we propose a microservice-based method to detect performance problems in CPSs. These microservices will be deployed in installation to detect performance problems in run-time when new software versions are deployed. The problem detection is based on Machine Learning algorithms, which predict the performance of a new software release based onknowledge from previous releases. This permits taking corrective actions so that system reliability is guaranteed.
嵌入在信息物理系统(cps)中的软件通常具有较长的生命周期,并且是不断发展的。物联网和cps的不断扩展凸显了对远程部署和更新该软件的额外机制的需求,以确保其正确的行为。性能问题需要特别注意,因为由于实验室测试和环境条件的限制,它们可能在操作中出现。在这种情况下,我们提出了一种基于微服务的方法来检测cps中的性能问题。这些微服务将部署在安装中,以便在部署新软件版本时检测运行时的性能问题。问题检测基于机器学习算法,该算法根据以前版本的知识预测新软件版本的性能。这允许采取纠正措施,从而保证系统的可靠性。
{"title":"Microservice-Based Performance Problem Detection in Cyber-Physical System Software Updates","authors":"A. Gartziandia","doi":"10.1109/ICSE-Companion52605.2021.00062","DOIUrl":"https://doi.org/10.1109/ICSE-Companion52605.2021.00062","url":null,"abstract":"Software embedded in Cyber-Physical Systems (CPSs) usually has a large life-cycle and is continuously evolving. The increasing expansion of IoT and CPSs has highlighted the need for additional mechanisms for remote deployment and updating of this software, to ensure its correct behaviour. Performance problems require special attention, as they may appear in operation due to limitations in lab testing and environmental conditions. In this context, we propose a microservice-based method to detect performance problems in CPSs. These microservices will be deployed in installation to detect performance problems in run-time when new software versions are deployed. The problem detection is based on Machine Learning algorithms, which predict the performance of a new software release based onknowledge from previous releases. This permits taking corrective actions so that system reliability is guaranteed.","PeriodicalId":136929,"journal":{"name":"2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122257085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A Dataset of Vulnerable Code Changes of the Chromium OS Project Chromium OS项目易受攻击代码变更数据集
Rajshakhar Paul, Asif Kamal Turzo, Amiangshu Bosu
This paper presents a an empirically built and validated dataset of code reviews from the Chromium OS project that either identified or missed security vulnerabilities. The dataset includes total 890 vulnerable code changes categorized based on the CWE specification and is publicly available at: https://zenodo.org/record/4539891
本文介绍了一个经验构建和验证的代码审查数据集,这些数据集来自Chromium OS项目,可以识别或遗漏安全漏洞。该数据集包括基于CWE规范分类的总共890个易受攻击的代码更改,并可在https://zenodo.org/record/4539891上公开获取
{"title":"A Dataset of Vulnerable Code Changes of the Chromium OS Project","authors":"Rajshakhar Paul, Asif Kamal Turzo, Amiangshu Bosu","doi":"10.1109/ICSE-Companion52605.2021.00113","DOIUrl":"https://doi.org/10.1109/ICSE-Companion52605.2021.00113","url":null,"abstract":"This paper presents a an empirically built and validated dataset of code reviews from the Chromium OS project that either identified or missed security vulnerabilities. The dataset includes total 890 vulnerable code changes categorized based on the CWE specification and is publicly available at: https://zenodo.org/record/4539891","PeriodicalId":136929,"journal":{"name":"2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116461362","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
White-Box Performance-Influence Models: A Profiling and Learning Approach (Replication Package) 白盒性能影响模型:分析和学习方法(复制包)
Max Weber, S. Apel, Norbert Siegmund
These artifacts refer to the study and implementation of the paper 'White-Box Performance-Influence Models: A Profiling and Learning Approach'. In this document, we describe the idea and process of how to build white-box performance models for configurable software systems. Specifically, we describe the general steps and tools that we have used to implement our approach, the data we have obtained, and the evaluation setup. We further list the available artifacts, such as raw measurements, configurations, and scripts at our software heritage repository.
这些工件参考了论文“白盒性能影响模型:分析和学习方法”的研究和实现。在本文中,我们描述了如何为可配置软件系统构建白盒性能模型的思想和过程。具体来说,我们将描述用于实现我们的方法的一般步骤和工具、我们获得的数据以及评估设置。我们进一步列出了可用的工件,例如软件遗产存储库中的原始度量、配置和脚本。
{"title":"White-Box Performance-Influence Models: A Profiling and Learning Approach (Replication Package)","authors":"Max Weber, S. Apel, Norbert Siegmund","doi":"10.1109/ICSE-Companion52605.2021.00107","DOIUrl":"https://doi.org/10.1109/ICSE-Companion52605.2021.00107","url":null,"abstract":"These artifacts refer to the study and implementation of the paper 'White-Box Performance-Influence Models: A Profiling and Learning Approach'. In this document, we describe the idea and process of how to build white-box performance models for configurable software systems. Specifically, we describe the general steps and tools that we have used to implement our approach, the data we have obtained, and the evaluation setup. We further list the available artifacts, such as raw measurements, configurations, and scripts at our software heritage repository.","PeriodicalId":136929,"journal":{"name":"2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128215458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1