首页 > 最新文献

2021 28th Asia-Pacific Software Engineering Conference (APSEC)最新文献

英文 中文
Thread-Sensitive Data Race Detection for Java 线程敏感的Java数据竞争检测
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00011
S. Schulz, Emanuel Herrendorf, Christoph Bockisch
In this paper we present StaTS, a precise static data-race detection mechanism for Java. It analyzes applications in four phases. The first one is a novel points-to analysis that includes approximations of threads and execution contexts. The second phase uses the results of the points-to analysis to compute which fields are accessed by which threads, while considering the locks held by the threads. The third phase carries out a context-sensitive static happens-before analysis to rule out accesses in execution contexts that can never be executed in parallel. The final phase builds upon the results of the first three to determine conflicting accesses and report them to the user. Our proof-of-concept implementation does not scale for large programs, which is why it can optionally limit the number of points-to relations it considers, based on sampling. Nevertheless, our evaluation shows that, even with sampling enabled for large programs, StaTS detects more data races than existing approaches. In terms of execution time, the analysis without sampling takes in the order of seconds for smaller programs. For larger ones and with sampling enabled, analysis takes minutes, thus being practically usable in nightly build environments in all cases.
在本文中,我们介绍了StaTS,一种用于Java的精确静态数据竞争检测机制。它分四个阶段分析应用程序。第一个是新颖的点到分析,包括线程和执行上下文的近似。第二阶段使用点到分析的结果来计算哪些线程访问哪些字段,同时考虑线程持有的锁。第三阶段执行上下文敏感的静态happens-before分析,以排除永远不能并行执行的执行上下文中的访问。最后一个阶段以前三个阶段的结果为基础,确定冲突的访问并将其报告给用户。我们的概念验证实现不能扩展到大型程序,这就是为什么它可以根据抽样选择限制它所考虑的点到关系的数量。然而,我们的评估表明,即使为大型程序启用了采样,StaTS也比现有方法检测到更多的数据竞争。在执行时间方面,对于较小的程序,不进行采样的分析需要几秒钟的时间。对于更大的系统和启用了采样的情况,分析需要几分钟,因此在所有情况下都可以在夜间构建环境中实际使用。
{"title":"Thread-Sensitive Data Race Detection for Java","authors":"S. Schulz, Emanuel Herrendorf, Christoph Bockisch","doi":"10.1109/APSEC53868.2021.00011","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00011","url":null,"abstract":"In this paper we present StaTS, a precise static data-race detection mechanism for Java. It analyzes applications in four phases. The first one is a novel points-to analysis that includes approximations of threads and execution contexts. The second phase uses the results of the points-to analysis to compute which fields are accessed by which threads, while considering the locks held by the threads. The third phase carries out a context-sensitive static happens-before analysis to rule out accesses in execution contexts that can never be executed in parallel. The final phase builds upon the results of the first three to determine conflicting accesses and report them to the user. Our proof-of-concept implementation does not scale for large programs, which is why it can optionally limit the number of points-to relations it considers, based on sampling. Nevertheless, our evaluation shows that, even with sampling enabled for large programs, StaTS detects more data races than existing approaches. In terms of execution time, the analysis without sampling takes in the order of seconds for smaller programs. For larger ones and with sampling enabled, analysis takes minutes, thus being practically usable in nightly build environments in all cases.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130257391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Automated Feedback Generation for Multiple Function Programs 多功能程序的自动反馈生成
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00078
Dongwook Choi, Jinseok Heo, Eunseok Lee
Automated Feedback Generation (AFG) was proposed to automatically generate personalized feedback on students' programming assignments. Existing AFG techniques have been developed mainly for novice programmers, so feedback on complex programs cannot be generated. Therefore, we propose MUNCK, which automatically generates feedback for multiple function programs, one of the complex programs. Our experiment shows that MUNCK can generate feedback for 90% of multiple function programs.
自动反馈生成(AFG)是一种针对学生编程作业自动生成个性化反馈的方法。现有的AFG技术主要是为新手程序员开发的,因此无法生成复杂程序的反馈。因此,我们提出了一种复杂程序MUNCK,它可以自动生成多个功能程序的反馈。我们的实验表明,MUNCK可以为90%的多功能程序生成反馈。
{"title":"Automated Feedback Generation for Multiple Function Programs","authors":"Dongwook Choi, Jinseok Heo, Eunseok Lee","doi":"10.1109/APSEC53868.2021.00078","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00078","url":null,"abstract":"Automated Feedback Generation (AFG) was proposed to automatically generate personalized feedback on students' programming assignments. Existing AFG techniques have been developed mainly for novice programmers, so feedback on complex programs cannot be generated. Therefore, we propose MUNCK, which automatically generates feedback for multiple function programs, one of the complex programs. Our experiment shows that MUNCK can generate feedback for 90% of multiple function programs.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"138 20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128508490","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
API parameter recommendation based on language model and program analysis 基于语言模型和程序分析的API参数推荐
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00056
Tran-Manh Cuong, T. Tran, Tan M. Nguyen, Thu-Trang Nguyen, Son Nguyen, H. Vo
APIs are extensively and frequently used in source code to leverage existing libraries and improve programming productivity. However, correctly and effectively using APIs, especially from unfamiliar libraries, is a non-trivial task. Although various approaches have been proposed for recommending API method calls in code completion, suggesting actual parameters for such APIs still needs further investigating. In this paper, we introduce FLUTE, an efficient and novel approach combining program analysis and language models for recommending API parameters. With FLUTE, the source code of programs is first analyzed to generate syntactically legal and type-valid candidates. Then, these candidates are ranked using language models. Our empirical results on two large real-world projects Netbeans and Eclipse indicate that FLUTE achieves 80% and +90% in Top-1 and Top-5 Precision, which means the tool outperforms the state-of-the-art approach.
api在源代码中广泛且频繁地使用,以利用现有库并提高编程效率。然而,正确有效地使用api,特别是来自不熟悉的库的api,是一项重要的任务。尽管已经提出了各种方法来推荐在代码完成中调用API方法,但是为这些API建议实际参数仍然需要进一步研究。本文介绍了一种结合程序分析和语言模型的高效新颖的API参数推荐方法——FLUTE。使用FLUTE,首先分析程序的源代码以生成语法上合法且类型有效的候选程序。然后,使用语言模型对这些候选对象进行排名。我们在两个大型现实世界项目Netbeans和Eclipse上的经验结果表明,FLUTE在Top-1和Top-5精度上分别达到80%和+90%,这意味着该工具优于最先进的方法。
{"title":"API parameter recommendation based on language model and program analysis","authors":"Tran-Manh Cuong, T. Tran, Tan M. Nguyen, Thu-Trang Nguyen, Son Nguyen, H. Vo","doi":"10.1109/APSEC53868.2021.00056","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00056","url":null,"abstract":"APIs are extensively and frequently used in source code to leverage existing libraries and improve programming productivity. However, correctly and effectively using APIs, especially from unfamiliar libraries, is a non-trivial task. Although various approaches have been proposed for recommending API method calls in code completion, suggesting actual parameters for such APIs still needs further investigating. In this paper, we introduce FLUTE, an efficient and novel approach combining program analysis and language models for recommending API parameters. With FLUTE, the source code of programs is first analyzed to generate syntactically legal and type-valid candidates. Then, these candidates are ranked using language models. Our empirical results on two large real-world projects Netbeans and Eclipse indicate that FLUTE achieves 80% and +90% in Top-1 and Top-5 Precision, which means the tool outperforms the state-of-the-art approach.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128527882","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Towards Accurate File Tracking Based on AST Differences 基于AST差异的精确文件跟踪
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00067
Akira Fujimoto, Yoshiki Higo, S. Kusumoto
In the field of software development, version control systems such as Git are imperative tools that help software teams manage source code. Git can detect a change history of each file individually. Even if a file was renamed in the past, Git can identify and track the before renamed file based on content similarities, which are calculated as the ratio of lines that match pre- and post-change files to the total number of lines. However, line-based comparison techniques do not consider source code structures and have coarse granularity, which can result in misidentifying pre-change files and tracking interruptions. To resolve these problems, this paper proposes a technique that calculates file content similarities using source code differences based on an abstract syntax tree. In experiments conducted on 197 open source Java-based projects, we found that the number of rename detections increased 3.3 %, and that, on average, our technique tracked commits 1.37 times more frequently than previous technique. We also measured accuracy levels and found that the maximum F - measure was 0.943, which is higher than the 0.926 maximum value of the line-based technique.
在软件开发领域,像Git这样的版本控制系统是帮助软件团队管理源代码的必备工具。Git可以单独检测每个文件的变更历史。即使文件在过去被重命名过,Git也可以根据内容相似度来识别和跟踪重命名之前的文件,内容相似度是根据修改前和修改后文件匹配的行数与总行数的比值计算出来的。然而,基于行的比较技术不考虑源代码结构,并且具有粗粒度,这可能导致错误地识别预更改文件和跟踪中断。为了解决这些问题,本文提出了一种基于抽象语法树的源代码差异计算文件内容相似度的技术。在对197个基于java的开源项目进行的实验中,我们发现重命名检测的数量增加了3.3%,并且,平均而言,我们的技术跟踪提交的频率比以前的技术高1.37倍。我们还测量了精度水平,发现F -测度的最大值为0.943,高于基于线的技术的最大值0.926。
{"title":"Towards Accurate File Tracking Based on AST Differences","authors":"Akira Fujimoto, Yoshiki Higo, S. Kusumoto","doi":"10.1109/APSEC53868.2021.00067","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00067","url":null,"abstract":"In the field of software development, version control systems such as Git are imperative tools that help software teams manage source code. Git can detect a change history of each file individually. Even if a file was renamed in the past, Git can identify and track the before renamed file based on content similarities, which are calculated as the ratio of lines that match pre- and post-change files to the total number of lines. However, line-based comparison techniques do not consider source code structures and have coarse granularity, which can result in misidentifying pre-change files and tracking interruptions. To resolve these problems, this paper proposes a technique that calculates file content similarities using source code differences based on an abstract syntax tree. In experiments conducted on 197 open source Java-based projects, we found that the number of rename detections increased 3.3 %, and that, on average, our technique tracked commits 1.37 times more frequently than previous technique. We also measured accuracy levels and found that the maximum F - measure was 0.943, which is higher than the 0.926 maximum value of the line-based technique.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123673434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
PNPEq: Verification of Scheduled Conditional Behavior in Embedded Software using Petri Nets 基于Petri网的嵌入式软件计划条件行为验证
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00059
R. Mittal, Dominique Blouin, S. Bandyopadhyay
Software for embedded systems goes through a scheduling phase where it is subjected to optimizing transformations. In such a scenario, validating the preservation of semantics across the transformation is essential. In this paper, we present PNPEq (Petri Net Program Equivalence), an ongoing work on a novel translation validation technique to handle various schedule-time conditional optimizations among others. The method makes use of a reduced size Petri net model integrating SMT solvers for validating arithmetic transformations. The approach is illustrated with a simple program and its translation, and further validated with a preliminary example suite.
嵌入式系统的软件要经历一个调度阶段,在这个阶段它要进行优化转换。在这样的场景中,跨转换验证语义的保存是必要的。在本文中,我们提出了PNPEq (Petri网程序等效),这是一种正在进行的新型翻译验证技术,用于处理各种调度时间条件优化等。该方法利用缩小尺寸的Petri网模型集成SMT求解器来验证算法转换。通过一个简单的程序及其翻译说明了该方法,并通过一个初步的示例套件进一步验证了该方法。
{"title":"PNPEq: Verification of Scheduled Conditional Behavior in Embedded Software using Petri Nets","authors":"R. Mittal, Dominique Blouin, S. Bandyopadhyay","doi":"10.1109/APSEC53868.2021.00059","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00059","url":null,"abstract":"Software for embedded systems goes through a scheduling phase where it is subjected to optimizing transformations. In such a scenario, validating the preservation of semantics across the transformation is essential. In this paper, we present PNPEq (Petri Net Program Equivalence), an ongoing work on a novel translation validation technique to handle various schedule-time conditional optimizations among others. The method makes use of a reduced size Petri net model integrating SMT solvers for validating arithmetic transformations. The approach is illustrated with a simple program and its translation, and further validated with a preliminary example suite.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126183572","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Exposing Vulnerable Paths: Enhance Static Analysis with Lightweight Symbolic Execution 暴露易受攻击的路径:用轻量级符号执行增强静态分析
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00051
Guangwei Li, Ting Yuan, Jie Lu, Lian Li, Xiaobin Zhang, Xu Song, Kejun Zhang
Static analysis tools, although widely adopted in industry, suffer from a high false positive rate. This paper aims to refine the results of static analysis tools, by automatically searching for a vulnerable path from given defect report. To realize this goal, we develop SATRACER, a novel tool which integrates symbolic execution techniques with static analysis. SATRACER selectively skips those program parts which can be consistently updated by static analysis, thus drastically improving performance. We have applied SATRACER to a set of 21 real-world applications. Evaluation results show that SATRACER can successfully remove 71.4% false alarms reported by a commercial static analysis tool in 10 hours, and confirmed 29 real use-after-free bugs and 895 real null-pointer-dereference bugs.
静态分析工具虽然在工业中被广泛采用,但存在较高的误报率。本文旨在通过从给定的缺陷报告中自动搜索易受攻击的路径来改进静态分析工具的结果。为了实现这一目标,我们开发了一种将符号执行技术与静态分析相结合的新工具SATRACER。SATRACER选择性地跳过那些可以通过静态分析持续更新的程序部分,从而大大提高了性能。我们已经将SATRACER应用到21个实际应用程序中。评估结果表明,SATRACER可以在10小时内成功消除商业静态分析工具报告的71.4%的假警报,并确认了29个真正的免费后使用错误和895个真正的空指针解引用错误。
{"title":"Exposing Vulnerable Paths: Enhance Static Analysis with Lightweight Symbolic Execution","authors":"Guangwei Li, Ting Yuan, Jie Lu, Lian Li, Xiaobin Zhang, Xu Song, Kejun Zhang","doi":"10.1109/APSEC53868.2021.00051","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00051","url":null,"abstract":"Static analysis tools, although widely adopted in industry, suffer from a high false positive rate. This paper aims to refine the results of static analysis tools, by automatically searching for a vulnerable path from given defect report. To realize this goal, we develop SATRACER, a novel tool which integrates symbolic execution techniques with static analysis. SATRACER selectively skips those program parts which can be consistently updated by static analysis, thus drastically improving performance. We have applied SATRACER to a set of 21 real-world applications. Evaluation results show that SATRACER can successfully remove 71.4% false alarms reported by a commercial static analysis tool in 10 hours, and confirmed 29 real use-after-free bugs and 895 real null-pointer-dereference bugs.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130426141","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Critical Understanding of Security Vulnerability Detection Plugin Evaluation Reports 对安全漏洞检测插件评估报告的关键理解
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00035
S. Beba, Magnus Melseth Karlsen, Jingyue Li, Bing Zhang
Integrated development environment (IDE) plugins aimed at detecting web application security vulnerabilities can help developers create secure applications in the first place. Most of such IDE plugins use static source code analysis approaches. Although several empirical studies evaluated the plugins and compared their precision and recall of detecting web application security, few follow-up studies tried to understand the evaluation results. We analyzed more than 20,000 vulnerability reports based on 7,215 distinct test cases spanning 11 categories of web application vulnerabilities to understand the evaluation results of three open-source IDE plugins, namely, SpotBugs, FindSecBugs, and Early Security Vulnerability Detector (ESVD), which aimed at detecting security vulnerabilities of Java-based web applications. Our results identify many factors besides the source code analysis approach that can dramatically bias the detection performance. Based on our insights, we improved the studied plugins. In addition, our study raises the alarm that, without solid root cause analyses, the evaluation and comparisons of security vulnerability detection approaches and tools could be misleading. Thus, we proposed a guideline on reporting the evaluation results of the security vulnerability detection approaches.
旨在检测web应用程序安全漏洞的集成开发环境(IDE)插件可以帮助开发人员在第一时间创建安全的应用程序。大多数这样的IDE插件使用静态源代码分析方法。虽然有一些实证研究评估了这些插件,并比较了它们检测web应用程序安全的准确率和召回率,但很少有后续研究试图理解评估结果。我们基于11类web应用漏洞的7215个不同测试用例,分析了2万多份漏洞报告,了解了SpotBugs、FindSecBugs和早期安全漏洞检测器(Early Security vulnerability Detector, ESVD)这三个开源IDE插件的评估结果,这三个插件旨在检测基于java的web应用的安全漏洞。我们的结果确定了除了源代码分析方法之外的许多因素,这些因素会极大地影响检测性能。基于我们的见解,我们改进了研究过的插件。此外,我们的研究还敲响了警钟,如果没有扎实的根本原因分析,对安全漏洞检测方法和工具的评估和比较可能会产生误导。因此,我们提出了安全漏洞检测方法评估结果报告准则。
{"title":"Critical Understanding of Security Vulnerability Detection Plugin Evaluation Reports","authors":"S. Beba, Magnus Melseth Karlsen, Jingyue Li, Bing Zhang","doi":"10.1109/APSEC53868.2021.00035","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00035","url":null,"abstract":"Integrated development environment (IDE) plugins aimed at detecting web application security vulnerabilities can help developers create secure applications in the first place. Most of such IDE plugins use static source code analysis approaches. Although several empirical studies evaluated the plugins and compared their precision and recall of detecting web application security, few follow-up studies tried to understand the evaluation results. We analyzed more than 20,000 vulnerability reports based on 7,215 distinct test cases spanning 11 categories of web application vulnerabilities to understand the evaluation results of three open-source IDE plugins, namely, SpotBugs, FindSecBugs, and Early Security Vulnerability Detector (ESVD), which aimed at detecting security vulnerabilities of Java-based web applications. Our results identify many factors besides the source code analysis approach that can dramatically bias the detection performance. Based on our insights, we improved the studied plugins. In addition, our study raises the alarm that, without solid root cause analyses, the evaluation and comparisons of security vulnerability detection approaches and tools could be misleading. Thus, we proposed a guideline on reporting the evaluation results of the security vulnerability detection approaches.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129712573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Detecting Functional Differences using Automatic Test Generation for Automated Assessment in Programming Education 应用自动测试生成技术检测程序设计教育自动化评估中的功能差异
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00062
Ryoko Izuta, S. Matsumoto, H. Igaki, S. Saiki, Naoki Fukuyasu, S. Kusumoto
Software testing is being leveraged in programming education for automated assessment of programming assignments. When using software testing in programming education, program specifications are provided as unit or integration tests, and students create programs that pass these tests. Although this method has various advantages, such as ensuring objective program specifications and automating the operation check, it also has many disadvantages. For example, detecting innovations, such as original specifications and functional extensions by an individual student, is difficult. The purpose of this research is to automatically detect functional differences among student programs in programming education using tests. In our proposed method, automatic test generation is applied to student programs, and the generated tests are mutually executed for other student programs. Furthermore, we classify the tests based on the execution path to obtain sets of tests that are capable of detecting functional differences.
软件测试在编程教育中被用于编程作业的自动评估。当在编程教育中使用软件测试时,程序规范以单元或集成测试的形式提供,学生创建通过这些测试的程序。该方法虽然具有保证程序规范客观、操作检查自动化等优点,但也存在许多缺点。例如,检测创新,例如单个学生的原始规范和功能扩展,是很困难的。本研究的目的是利用测试来自动侦测程式设计教育中学生程式的功能差异。在我们提出的方法中,自动测试生成应用于学生程序,并且生成的测试在其他学生程序中相互执行。此外,我们根据执行路径对测试进行分类,以获得能够检测功能差异的测试集。
{"title":"Detecting Functional Differences using Automatic Test Generation for Automated Assessment in Programming Education","authors":"Ryoko Izuta, S. Matsumoto, H. Igaki, S. Saiki, Naoki Fukuyasu, S. Kusumoto","doi":"10.1109/APSEC53868.2021.00062","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00062","url":null,"abstract":"Software testing is being leveraged in programming education for automated assessment of programming assignments. When using software testing in programming education, program specifications are provided as unit or integration tests, and students create programs that pass these tests. Although this method has various advantages, such as ensuring objective program specifications and automating the operation check, it also has many disadvantages. For example, detecting innovations, such as original specifications and functional extensions by an individual student, is difficult. The purpose of this research is to automatically detect functional differences among student programs in programming education using tests. In our proposed method, automatic test generation is applied to student programs, and the generated tests are mutually executed for other student programs. Furthermore, we classify the tests based on the execution path to obtain sets of tests that are capable of detecting functional differences.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121391052","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Metamorphic Testing for Reliability in System of Systems 多系统系统可靠性的变形试验
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00046
Kiat Kian Anthony Chua, Doo-Hwan Bae, Eunkyoung Jee
System of Systems (SoS), refers to a class of systems that are comprised of independent constituent systems (CS) interacting with one another to form a larger system, thus resulting in a common goal being achieved through the set of interactions between the CSs. In conventional systems software testing, the problem of identifying correct behaviour given a set of test inputs is called the oracle problem. In terms of SoS, the oracle problem is exacerbated due to each CS in an SoS being sufficiently complex systems themselves. We address the oracle problem in the domain of the software testing in System of Systems (SoS) by applying Metamorphic Testing (MT). In order to derive concrete Metamorphic Relations (MR) for SoS, we first borrow the concept of creating MRs from abstract Metamorphic Relation Patterns (MRPs), where the represented MRPs themselves describe characteristics that are used in the modeling and analysis of SoS. They are then applied to two SoS simulator types, the Smart Grid SoS and Mass Casualty Incident (MCI) Response SoS in order to test for reliability in SoS and to also determine the viability of MT in SoS. It is shown through the experiments conducted that the derived concrete MRs are able to find faults in both the systems under test.
系统的系统(System of Systems, SoS)是指由独立的组成系统(CS)相互作用形成一个更大的系统,从而通过CSs之间的一组相互作用实现共同目标的一类系统。在传统的系统软件测试中,识别给定一组测试输入的正确行为的问题被称为oracle问题。就SoS而言,由于SoS中的每个CS本身都是足够复杂的系统,因此oracle问题变得更加严重。本文应用变形测试(MT)解决了系统中的软件测试领域中的oracle问题。为了推导出具体的SoS的变质关系(MR),我们首先从抽象的变质关系模式(MRPs)中借用了创建MRs的概念,其中所表示的MRPs本身描述了用于SoS建模和分析的特征。然后将它们应用于两种SoS模拟器类型,即智能电网SoS和大规模伤亡事件(MCI)响应SoS,以测试SoS的可靠性,并确定MT在SoS中的可行性。实验结果表明,所推导的混凝土磁流变模型能够发现两种系统的故障。
{"title":"Metamorphic Testing for Reliability in System of Systems","authors":"Kiat Kian Anthony Chua, Doo-Hwan Bae, Eunkyoung Jee","doi":"10.1109/APSEC53868.2021.00046","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00046","url":null,"abstract":"System of Systems (SoS), refers to a class of systems that are comprised of independent constituent systems (CS) interacting with one another to form a larger system, thus resulting in a common goal being achieved through the set of interactions between the CSs. In conventional systems software testing, the problem of identifying correct behaviour given a set of test inputs is called the oracle problem. In terms of SoS, the oracle problem is exacerbated due to each CS in an SoS being sufficiently complex systems themselves. We address the oracle problem in the domain of the software testing in System of Systems (SoS) by applying Metamorphic Testing (MT). In order to derive concrete Metamorphic Relations (MR) for SoS, we first borrow the concept of creating MRs from abstract Metamorphic Relation Patterns (MRPs), where the represented MRPs themselves describe characteristics that are used in the modeling and analysis of SoS. They are then applied to two SoS simulator types, the Smart Grid SoS and Mass Casualty Incident (MCI) Response SoS in order to test for reliability in SoS and to also determine the viability of MT in SoS. It is shown through the experiments conducted that the derived concrete MRs are able to find faults in both the systems under test.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124019536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Applying Problem Frames in Behavior-Driven Development for Smart Cone System 问题框架在智能锥体系统行为驱动开发中的应用
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00070
Yi-Chun Yen, Bing-Yun Wang, Xin-Zhe Zhong, Wei-Yi Chiang, Chin-Yun Hsieh, Yu Chin Cheng
Initial observations of adopting behavior-driven development for an Internet of Things System in an agile process context is reported. Since an IoT system usually comprises multiple subsystems, the problem frames approach is adopted alongside to define the specifications that capture the overarching behaviors at the system level and constituent behaviors at the subsystem and component levels. Development of specifications based on the two practices is illustrated with the development case of a Smart Cone system.
本文报道了在敏捷过程背景下对物联网系统采用行为驱动开发的初步观察。由于物联网系统通常由多个子系统组成,因此采用问题框架方法来定义捕获系统级总体行为和子系统和组件级组成行为的规范。以智能锥系统的开发案例说明了基于这两种实践的规范开发。
{"title":"Applying Problem Frames in Behavior-Driven Development for Smart Cone System","authors":"Yi-Chun Yen, Bing-Yun Wang, Xin-Zhe Zhong, Wei-Yi Chiang, Chin-Yun Hsieh, Yu Chin Cheng","doi":"10.1109/APSEC53868.2021.00070","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00070","url":null,"abstract":"Initial observations of adopting behavior-driven development for an Internet of Things System in an agile process context is reported. Since an IoT system usually comprises multiple subsystems, the problem frames approach is adopted alongside to define the specifications that capture the overarching behaviors at the system level and constituent behaviors at the subsystem and component levels. Development of specifications based on the two practices is illustrated with the development case of a Smart Cone system.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"127 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123448881","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
期刊
2021 28th Asia-Pacific Software Engineering Conference (APSEC)
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1