首页 > 最新文献

2021 28th Asia-Pacific Software Engineering Conference (APSEC)最新文献

英文 中文
Data Flow Testing for PLC Programs via Dynamic Symbolic Execution 基于动态符号执行的PLC程序数据流测试
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00023
Weigang He, Xia Mao, Ting Su, Yanhong Huang, Jianqi Shi
Programmable logic controllers (PLCs) are broadly used in the safety-critical industrial field, which requires high reliability to avoid catastrophes. Data flow testing (DFT) focuses on data flow relationships in a program and has a stronger fault-detection ability than other control flow-based testing. However, there is no automated testing tool supporting DFT for PLC programs. Hence, we propose an automated data flow testing framework for PLC programs. Our DFT framework is based on dynamic symbolic execution (DSE). Considering the cyclic execution feature of PLC programs, our approach needs reachable states which can be provided by branch testing. Besides, our approach improves testing performance through a novel guided path search algorithm. Furthermore, we evaluate our approach on several programs to demonstrate that this approach is practical and effective.
可编程逻辑控制器(plc)广泛应用于安全关键的工业领域,这需要高可靠性来避免灾难。数据流测试(Data flow testing, DFT)关注的是程序中的数据流关系,比其他基于控制流的测试具有更强的故障检测能力。然而,目前还没有支持DFT的PLC程序自动化测试工具。因此,我们提出了一个PLC程序的自动化数据流测试框架。我们的DFT框架基于动态符号执行(DSE)。考虑到PLC程序的循环执行特性,该方法需要可达状态,可达状态可由分支测试提供。此外,我们的方法通过一种新的引导路径搜索算法提高了测试性能。此外,我们在几个项目中评估了我们的方法,以证明这种方法是实用和有效的。
{"title":"Data Flow Testing for PLC Programs via Dynamic Symbolic Execution","authors":"Weigang He, Xia Mao, Ting Su, Yanhong Huang, Jianqi Shi","doi":"10.1109/APSEC53868.2021.00023","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00023","url":null,"abstract":"Programmable logic controllers (PLCs) are broadly used in the safety-critical industrial field, which requires high reliability to avoid catastrophes. Data flow testing (DFT) focuses on data flow relationships in a program and has a stronger fault-detection ability than other control flow-based testing. However, there is no automated testing tool supporting DFT for PLC programs. Hence, we propose an automated data flow testing framework for PLC programs. Our DFT framework is based on dynamic symbolic execution (DSE). Considering the cyclic execution feature of PLC programs, our approach needs reachable states which can be provided by branch testing. Besides, our approach improves testing performance through a novel guided path search algorithm. Furthermore, we evaluate our approach on several programs to demonstrate that this approach is practical and effective.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126859698","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Understanding Metrics Team-Stakeholder Communication in Agile Metrics Service Delivery 在敏捷度量服务交付中理解度量团队与利益相关者的沟通
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00047
N. B. Lindström, Dina Koutsikouri, M. Staron, Wilhelm Meding, Ola Söder
In this paper, we explore challenges in communication between metrics teams and stakeholders in metrics service delivery. Drawing on interviews and interactive workshops with team members and stakeholders at two different Swedish agile software development organizations, we identify interrelated challenges such as aligning expectations, prioritizing demands, providing regular feedback, and maintaining continuous dialogue, which influence team-stakeholder interaction, relationships and performance. Our study shows the importance of understanding communicative hurdles and provides suggestions for their mitigation, therefore meriting further empirical research.
在本文中,我们探讨了在度量服务交付中度量团队和利益相关者之间沟通的挑战。通过与两个不同的瑞典敏捷软件开发组织的团队成员和利益相关者的访谈和互动研讨会,我们确定了相互关联的挑战,例如调整期望、确定需求的优先级、提供定期反馈和保持持续的对话,这些都会影响团队利益相关者的互动、关系和绩效。我们的研究显示了理解沟通障碍的重要性,并提供了缓解沟通障碍的建议,因此值得进一步的实证研究。
{"title":"Understanding Metrics Team-Stakeholder Communication in Agile Metrics Service Delivery","authors":"N. B. Lindström, Dina Koutsikouri, M. Staron, Wilhelm Meding, Ola Söder","doi":"10.1109/APSEC53868.2021.00047","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00047","url":null,"abstract":"In this paper, we explore challenges in communication between metrics teams and stakeholders in metrics service delivery. Drawing on interviews and interactive workshops with team members and stakeholders at two different Swedish agile software development organizations, we identify interrelated challenges such as aligning expectations, prioritizing demands, providing regular feedback, and maintaining continuous dialogue, which influence team-stakeholder interaction, relationships and performance. Our study shows the importance of understanding communicative hurdles and provides suggestions for their mitigation, therefore meriting further empirical research.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"249 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122107840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Extracting a Micro State Transition Table Using the KLEE Symbolic Execution Engine 使用KLEE符号执行引擎提取微状态转移表
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00072
Norihiro Yoshida, Takahiro Shimizu, Ryota Yamamoto, Hiroaki Takada
In this paper, we suggest an approach for extracting fine-grained state transition tables using the KLEE symbolic execution engine to assist developers in understanding the behavior of C source code for embedded systems.
在本文中,我们提出了一种使用KLEE符号执行引擎提取细粒度状态转换表的方法,以帮助开发人员理解嵌入式系统C源代码的行为。
{"title":"Extracting a Micro State Transition Table Using the KLEE Symbolic Execution Engine","authors":"Norihiro Yoshida, Takahiro Shimizu, Ryota Yamamoto, Hiroaki Takada","doi":"10.1109/APSEC53868.2021.00072","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00072","url":null,"abstract":"In this paper, we suggest an approach for extracting fine-grained state transition tables using the KLEE symbolic execution engine to assist developers in understanding the behavior of C source code for embedded systems.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128279789","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards Continuous Data Collection from In-service Products: Exploring the Relation Between Data Dimensions and Collection Challenges 面向在役产品的连续数据收集:探索数据维度与收集挑战之间的关系
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00032
Anas Dakkak, Hongyi Zhang, D. I. Mattos, Jan Bosch, H. H. Olsson
Data collected from in-service products play an important role in enabling software-intensive embedded systems suppliers to embrace data-driven practices. Data can be used in many different ways such as to continuously learn and improve the product, enhance post-deployment services, reduce operational cost or create a better user experience. While there is no shortage of possible use cases leveraging data from in-service products, software-intensive embedded systems companies struggle to continuously collect data from their in-service products. Often, data collection is done in an ad-hoc way and targeting specific use cases or needs. Besides, few studies have investigated data collection challenges in relation to the data dimensions, which are the minimum set of quantifiable data aspects that can define software-intensive embedded product data from a collection point of view. To help address data collection challenges, and to provide companies with guidance on how to improve this process, we conducted a case study at a large multinational telecommunications supplier focusing on data characteristics and collection challenges from the Radio Access Networks (RAN) products. We further investigated the relations of these challenges to the data dimensions to increase our understanding of how data dominions contribute to the challenges.
从现役产品中收集的数据在使软件密集型嵌入式系统供应商接受数据驱动实践方面发挥着重要作用。数据可以以许多不同的方式使用,例如持续学习和改进产品,增强部署后服务,降低运营成本或创造更好的用户体验。虽然不乏利用在役产品数据的可能用例,但软件密集型嵌入式系统公司仍在努力从其在役产品中持续收集数据。通常,数据收集以特别的方式完成,并针对特定的用例或需求。此外,很少有研究调查与数据维度相关的数据收集挑战,数据维度是可以从收集的角度定义软件密集型嵌入式产品数据的可量化数据方面的最小集合。为了帮助解决数据收集挑战,并为公司提供如何改进这一过程的指导,我们对一家大型跨国电信供应商进行了案例研究,重点关注无线接入网络(RAN)产品的数据特征和收集挑战。我们进一步研究了这些挑战与数据维度之间的关系,以加深我们对数据领域如何促成这些挑战的理解。
{"title":"Towards Continuous Data Collection from In-service Products: Exploring the Relation Between Data Dimensions and Collection Challenges","authors":"Anas Dakkak, Hongyi Zhang, D. I. Mattos, Jan Bosch, H. H. Olsson","doi":"10.1109/APSEC53868.2021.00032","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00032","url":null,"abstract":"Data collected from in-service products play an important role in enabling software-intensive embedded systems suppliers to embrace data-driven practices. Data can be used in many different ways such as to continuously learn and improve the product, enhance post-deployment services, reduce operational cost or create a better user experience. While there is no shortage of possible use cases leveraging data from in-service products, software-intensive embedded systems companies struggle to continuously collect data from their in-service products. Often, data collection is done in an ad-hoc way and targeting specific use cases or needs. Besides, few studies have investigated data collection challenges in relation to the data dimensions, which are the minimum set of quantifiable data aspects that can define software-intensive embedded product data from a collection point of view. To help address data collection challenges, and to provide companies with guidance on how to improve this process, we conducted a case study at a large multinational telecommunications supplier focusing on data characteristics and collection challenges from the Radio Access Networks (RAN) products. We further investigated the relations of these challenges to the data dimensions to increase our understanding of how data dominions contribute to the challenges.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124708410","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
IconChecker: Anomaly Detection of Icon-Behaviors for Android Apps IconChecker:图标行为的异常检测Android应用程序
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00028
Yuxuan Li, Ruitao Feng, Sen Chen, Qianyu Guo, Lingling Fan, Xiaohong Li
As a result of the technical evolution in network technologies and the upper applications, the reliance of mobile apps on the Internet increased heavily on the purpose of excellent service in years. However, the speedy increase brought not only conveniences but also security risks. For instance, it is unveiled that there exists a series of malicious apps, which are aiming to collect users’ private data and imperceptibly send them to remote servers under the camouflage of normal users’ behaviors. To defend against the threat, although lots of research has been proposed, it is still a challenge to capture the abnormal behaviors more precisely. In this paper, we propose IconChecker, a GUI-based anomaly detection framework, to detect icons that can cause malicious network payloads under the premise of users’ normal intentions. IconChecker can detect the abnormal icon-behaviors with the icon's semantics and triggered network traffic in relatively high precision, and further generate a security report for analysis and development. To demonstrate the effectiveness, we evaluate IconChecker from: (1) the accuracy of network traffic sniffing; (2) the accuracy of icon semantics classification; (3) the overall precision of IconChecker towards real apps; (4) comparing IconChecker with the existing tool, i.e., DeepIntent. The detection results show that IconChecker can outperform at the precision of 84% in terms of our summarized 8 categories of icon-behaviors. We remark that IconChecker is the first work, which dynamically detects abnormal icon-behaviors, to identify the malicious network payloads in Android apps.
由于网络技术和上层应用程序的技术发展,移动应用程序对互联网的依赖程度逐年增加,以提供优质服务为目的。然而,快速增长带来便利的同时也带来了安全风险。例如,据披露,存在一系列恶意应用程序,旨在收集用户的私人数据,并在正常用户行为的伪装下不知不觉地将其发送到远程服务器。为了防御这种威胁,尽管已经提出了许多研究,但如何更准确地捕捉异常行为仍然是一个挑战。本文提出了基于gui的异常检测框架IconChecker,在用户正常意图的前提下,检测可能导致恶意网络载荷的图标。IconChecker可以根据图标的语义和触发的网络流量,以较高的精度检测出图标的异常行为,并生成安全报告供分析和开发。为了证明IconChecker的有效性,我们从以下方面对其进行评估:(1)网络流量嗅探的准确性;(2)图标语义分类的准确性;(3) IconChecker对实际应用的整体精度;(4)对比IconChecker与现有工具DeepIntent。检测结果表明,就我们总结的8类图标行为而言,IconChecker的准确率可以达到84%。我们注意到IconChecker是第一个动态检测异常图标行为的作品,以识别Android应用程序中的恶意网络有效负载。
{"title":"IconChecker: Anomaly Detection of Icon-Behaviors for Android Apps","authors":"Yuxuan Li, Ruitao Feng, Sen Chen, Qianyu Guo, Lingling Fan, Xiaohong Li","doi":"10.1109/APSEC53868.2021.00028","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00028","url":null,"abstract":"As a result of the technical evolution in network technologies and the upper applications, the reliance of mobile apps on the Internet increased heavily on the purpose of excellent service in years. However, the speedy increase brought not only conveniences but also security risks. For instance, it is unveiled that there exists a series of malicious apps, which are aiming to collect users’ private data and imperceptibly send them to remote servers under the camouflage of normal users’ behaviors. To defend against the threat, although lots of research has been proposed, it is still a challenge to capture the abnormal behaviors more precisely. In this paper, we propose IconChecker, a GUI-based anomaly detection framework, to detect icons that can cause malicious network payloads under the premise of users’ normal intentions. IconChecker can detect the abnormal icon-behaviors with the icon's semantics and triggered network traffic in relatively high precision, and further generate a security report for analysis and development. To demonstrate the effectiveness, we evaluate IconChecker from: (1) the accuracy of network traffic sniffing; (2) the accuracy of icon semantics classification; (3) the overall precision of IconChecker towards real apps; (4) comparing IconChecker with the existing tool, i.e., DeepIntent. The detection results show that IconChecker can outperform at the precision of 84% in terms of our summarized 8 categories of icon-behaviors. We remark that IconChecker is the first work, which dynamically detects abnormal icon-behaviors, to identify the malicious network payloads in Android apps.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124789427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
APSEC 2021 Program Committee APSEC 2021项目委员会
Pub Date : 2021-12-01 DOI: 10.1109/apsec53868.2021.00007
{"title":"APSEC 2021 Program Committee","authors":"","doi":"10.1109/apsec53868.2021.00007","DOIUrl":"https://doi.org/10.1109/apsec53868.2021.00007","url":null,"abstract":"","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128936299","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Learn To Align: A Code Alignment Network For Code Clone Detection 学习对齐:代码克隆检测的代码对齐网络
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00008
Aiping Zhang, Kui Liu, Liming Fang, Qianjun Liu, Xinyu Yun, S. Ji
Deep learning techniques have achieved promising results in code clone detection in the past decade. However, existing techniques merely focus on how to extract more dis-criminative features from source codes, while some issues, such as structural differences of functional similar codes, are not explicitly addressed. This phenomenon is common when programmers copy a code segment along with adding or removing several statements, or use a more flexible syntax structure to implement the same function. In this paper, we unify the aforementioned problems as the problem of code misalignment, and propose a novel code alignment network to tackle it. We design a bi-directional causal convolutional neural network to extract feature representations of code fragments with rich structural and semantical information. After feature extraction, our method learns to align the two code fragments in a data-driven fashion. We present two independent strategies for code alignment, namely attention-based alignment and sparse reconstruction-based alignment. Both two strategies strive to learn an alignment matrix that represents the correspondences between two code fragments. Our method outperforms state-of-the-art methods in terms of F1 score by 0.5% and 3.1 % on BigCloneBench and OJClone, respectively11Our code is available at https://github.com/ArcticHare105/Code-Alignment.
在过去的十年中,深度学习技术在代码克隆检测方面取得了可喜的成果。然而,现有的技术只关注如何从源代码中提取更多的区别特征,而一些问题,如功能相似代码的结构差异,没有明确解决。当程序员复制代码段并添加或删除几个语句时,或者使用更灵活的语法结构来实现相同的功能时,这种现象很常见。本文将上述问题统一为代码对齐问题,并提出了一种新的代码对齐网络来解决代码对齐问题。我们设计了一个双向因果卷积神经网络来提取具有丰富结构和语义信息的代码片段的特征表示。在特征提取之后,我们的方法学习以数据驱动的方式对齐两个代码片段。我们提出了两种独立的代码对齐策略,即基于注意力的对齐和基于稀疏重建的对齐。这两种策略都努力学习一个表示两个代码片段之间对应关系的对齐矩阵。在BigCloneBench和OJClone上,我们的方法在F1得分方面分别比最先进的方法高出0.5%和3.1%。11我们的代码可从https://github.com/ArcticHare105/Code-Alignment获得。
{"title":"Learn To Align: A Code Alignment Network For Code Clone Detection","authors":"Aiping Zhang, Kui Liu, Liming Fang, Qianjun Liu, Xinyu Yun, S. Ji","doi":"10.1109/APSEC53868.2021.00008","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00008","url":null,"abstract":"Deep learning techniques have achieved promising results in code clone detection in the past decade. However, existing techniques merely focus on how to extract more dis-criminative features from source codes, while some issues, such as structural differences of functional similar codes, are not explicitly addressed. This phenomenon is common when programmers copy a code segment along with adding or removing several statements, or use a more flexible syntax structure to implement the same function. In this paper, we unify the aforementioned problems as the problem of code misalignment, and propose a novel code alignment network to tackle it. We design a bi-directional causal convolutional neural network to extract feature representations of code fragments with rich structural and semantical information. After feature extraction, our method learns to align the two code fragments in a data-driven fashion. We present two independent strategies for code alignment, namely attention-based alignment and sparse reconstruction-based alignment. Both two strategies strive to learn an alignment matrix that represents the correspondences between two code fragments. Our method outperforms state-of-the-art methods in terms of F1 score by 0.5% and 3.1 % on BigCloneBench and OJClone, respectively11Our code is available at https://github.com/ArcticHare105/Code-Alignment.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"150 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114443898","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Categorizing npm Packages by Analyzing the Text Information in Software Repositories 通过分析软件库中的文本信息对npm包进行分类
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00013
Yu Wang, Huaxiao Liu, Shanquan Gao, Shujia Li
To prevent JavaScript developers from reinventing wheels, npm ecosystem provides numerous third-party libraries for developers to realize relevant functionalities. Npm displays the tags provided by the creators for these packages to help developers find suitable ones. However, not all creators have the habit of tagging their packages, and thus npm cannot provide tag information of a lot of packages for developers to help them understand the package functionalities effectively. Considering that many tags are unrelated to the functionality of packages, we propose a method to find out the tags that are important to distinguish the functionality categories of packages and assign them to untagged packages for assisting developers in the process of retrieving the packages. Firstly, we analyze the attribute of existing tags in npm to establish category tags (functionality categories). Then, we further mine the readme of tagged packages to generate keywords for each category tag. Finally, our method identifies category tags for untagged packages by measuring the similarity between their readme and the keywords of category tags. The evaluation demonstrates that our approach has a good performance in assigning category tags to untagged packages.
为了防止JavaScript开发人员重新发明轮子,npm生态系统为开发人员提供了许多第三方库来实现相关功能。Npm会显示创建者为这些包提供的标签,以帮助开发人员找到合适的。然而,并不是所有的创建者都有标记他们的包的习惯,因此npm不能为开发人员提供很多包的标记信息来帮助他们有效地理解包的功能。考虑到许多标签与包的功能无关,我们提出了一种方法来找出重要的标签来区分包的功能类别,并将它们分配给未标记的包,以帮助开发人员在检索包的过程中。首先,我们分析npm中现有标签的属性,建立类别标签(功能类别)。然后,我们进一步挖掘标记包的自述,为每个类别标记生成关键字。最后,我们的方法通过测量未标记包的自述和类别标签的关键字之间的相似性来识别未标记包的类别标签。评估表明,我们的方法在为未标记的包分配类别标签方面具有良好的性能。
{"title":"Categorizing npm Packages by Analyzing the Text Information in Software Repositories","authors":"Yu Wang, Huaxiao Liu, Shanquan Gao, Shujia Li","doi":"10.1109/APSEC53868.2021.00013","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00013","url":null,"abstract":"To prevent JavaScript developers from reinventing wheels, npm ecosystem provides numerous third-party libraries for developers to realize relevant functionalities. Npm displays the tags provided by the creators for these packages to help developers find suitable ones. However, not all creators have the habit of tagging their packages, and thus npm cannot provide tag information of a lot of packages for developers to help them understand the package functionalities effectively. Considering that many tags are unrelated to the functionality of packages, we propose a method to find out the tags that are important to distinguish the functionality categories of packages and assign them to untagged packages for assisting developers in the process of retrieving the packages. Firstly, we analyze the attribute of existing tags in npm to establish category tags (functionality categories). Then, we further mine the readme of tagged packages to generate keywords for each category tag. Finally, our method identifies category tags for untagged packages by measuring the similarity between their readme and the keywords of category tags. The evaluation demonstrates that our approach has a good performance in assigning category tags to untagged packages.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130527260","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Static Analysis of Resource Usage Bounds for Imperative Programs 命令式程序资源使用界限的静态分析
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00077
Liqian Chen, Taoqing Chen, Guangsheng Fan, Banghu Yin
Analyzing worst-case resource usage of a program is a difficult but important problem. Existing static bound analysis techniques mainly focus on deriving the upper-bound number of visits to a given control location or iterations of a loop. However, there still exist gaps between such bounds and resource usage bounds. In this paper, we present a static analysis approach to derive resource usage bounds for imperative programs. We leverage techniques of program transformation, numerical value analysis, pointer analysis and program slicing, to model and analyze resource usage in a program. We have conducted experiments to derive usage bounds of various resources in C programs, including heap memory, file descriptors, sockets, user-defined resources, etc. The result suggests that our approach can infer usage bounds of resources in practical imperative programs.
分析程序最坏情况下的资源使用情况是一个困难而又重要的问题。现有的静态边界分析技术主要集中在求给定控制位置的访问次数上限或求循环的迭代次数上限。然而,这种界限与资源使用界限之间仍然存在差距。本文提出了一种静态分析方法来推导命令式程序的资源使用边界。我们利用程序转换、数值分析、指针分析和程序切片等技术,对程序中的资源使用进行建模和分析。我们已经进行了实验来推导C程序中各种资源的使用界限,包括堆内存、文件描述符、套接字、用户定义资源等。结果表明,我们的方法可以推断出实际命令式程序中资源的使用边界。
{"title":"Static Analysis of Resource Usage Bounds for Imperative Programs","authors":"Liqian Chen, Taoqing Chen, Guangsheng Fan, Banghu Yin","doi":"10.1109/APSEC53868.2021.00077","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00077","url":null,"abstract":"Analyzing worst-case resource usage of a program is a difficult but important problem. Existing static bound analysis techniques mainly focus on deriving the upper-bound number of visits to a given control location or iterations of a loop. However, there still exist gaps between such bounds and resource usage bounds. In this paper, we present a static analysis approach to derive resource usage bounds for imperative programs. We leverage techniques of program transformation, numerical value analysis, pointer analysis and program slicing, to model and analyze resource usage in a program. We have conducted experiments to derive usage bounds of various resources in C programs, including heap memory, file descriptors, sockets, user-defined resources, etc. The result suggests that our approach can infer usage bounds of resources in practical imperative programs.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122237397","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Survey on Pains and Best Practices of Code Review 代码审查的痛苦和最佳实践调查
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00055
Liming Dong, He Zhang, Lanxin Yang, Zhiluo Weng, Xin Yang, Xin Zhou, Zifan Pan
Despite widespread agreement on the benefits of code review, its outcomes may not be as expected. The complications can undermine the purpose of the development process and even destroy the entire development cycle. Both academia and the industrial communities have invested a great deal of time and effort into code reviews. When a project team adheres to the best practices and creates a conducive environment, it is likely that code reviews could be conducted effectively and efficiently. By reviewing peer-reviewed scientific publications and gray literature on code review best practices, we summarized 57 practices as well as 19 code review pains that they address. Our review has shown that following best practices can ease the process of code review considerably. Multiple actionable practices are needed to support code review pains at the same time. To enable the adoption of best practices, OSS and industrial communities alike invest in integrating automatic techniques with code review tools. We hope that this review will provide researchers and practitioners with a comprehensive understanding of code review practices, aiding them in conducting code reviews more successfully.
尽管人们普遍认同代码审查的好处,但其结果可能并不如预期的那样。这些并发症会破坏开发过程的目的,甚至破坏整个开发周期。学术界和工业界都在代码审查上投入了大量的时间和精力。当一个项目团队坚持最佳实践并创建一个有利的环境时,代码审查很可能会有效地进行。通过回顾同行评审的科学出版物和关于代码评审最佳实践的灰色文献,我们总结了57个实践以及它们所处理的19个代码评审难点。我们的审查表明,遵循最佳实践可以在很大程度上简化代码审查的过程。同时需要多个可操作的实践来支持代码审查。为了采用最佳实践,OSS和工业社区都投资于将自动技术与代码审查工具集成在一起。我们希望这个审查将为研究人员和实践者提供对代码审查实践的全面理解,帮助他们更成功地进行代码审查。
{"title":"Survey on Pains and Best Practices of Code Review","authors":"Liming Dong, He Zhang, Lanxin Yang, Zhiluo Weng, Xin Yang, Xin Zhou, Zifan Pan","doi":"10.1109/APSEC53868.2021.00055","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00055","url":null,"abstract":"Despite widespread agreement on the benefits of code review, its outcomes may not be as expected. The complications can undermine the purpose of the development process and even destroy the entire development cycle. Both academia and the industrial communities have invested a great deal of time and effort into code reviews. When a project team adheres to the best practices and creates a conducive environment, it is likely that code reviews could be conducted effectively and efficiently. By reviewing peer-reviewed scientific publications and gray literature on code review best practices, we summarized 57 practices as well as 19 code review pains that they address. Our review has shown that following best practices can ease the process of code review considerably. Multiple actionable practices are needed to support code review pains at the same time. To enable the adoption of best practices, OSS and industrial communities alike invest in integrating automatic techniques with code review tools. We hope that this review will provide researchers and practitioners with a comprehensive understanding of code review practices, aiding them in conducting code reviews more successfully.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"EM-24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121006814","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
期刊
2021 28th Asia-Pacific Software Engineering Conference (APSEC)
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1