首页 > 最新文献

2021 28th Asia-Pacific Software Engineering Conference (APSEC)最新文献

英文 中文
A Research Landscape of Software Engineering Education 软件工程教育的研究前景
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00026
Xin Huang, He Zhang, Xin Zhou, Dong Shao, M. L. Jaccheri
Nowadays, software permeates almost every aspect of our lives. To produce complex and large-scale software products, a large number of software engineers are required. Accordingly, researchers and educators recognize the importance of Software Engineering Education (SEE), and many studies related to SEE have been published in recent years. To synthesize the large amount of research in SEE, some Systematic Literature Reviews (SLRs) focusing on different areas of SEE have been conducted and reported. However, due to their limited focuses, none of these SLRs is able to depict an overall state-of-the-art for SEE. To remedy this, we conducted a tertiary study on SEE, which identifies 26 relevant SLRs published between 2004 and 2019. By classifying and positioning these SLRs in two dimensions, i.e. the education methods/tools applied for SEE and the research topics related to SEE, we present a landscape of SEE, which locates the SLRs on SEE and their research dimensions. Further, we collected the issues studied in the published research and those that need to be addressed for instructors. This paper also discusses the challenges of the current SEE research landscape.
如今,软件几乎渗透到我们生活的方方面面。为了生产复杂的大型软件产品,需要大量的软件工程师。因此,研究人员和教育工作者认识到软件工程教育(SEE)的重要性,并且近年来发表了许多与SEE相关的研究。为了综合大量关于SEE的研究,针对SEE的不同领域进行了一些系统文献综述(Systematic Literature Reviews, slr)。然而,由于它们的聚焦有限,这些单反都无法描绘SEE的整体最新技术。为了解决这个问题,我们对SEE进行了一项高等研究,确定了2004年至2019年期间发表的26个相关单反。通过在SEE的教育方法/工具和SEE相关的研究课题两个维度上对这些单反进行分类和定位,我们呈现了SEE的景观,该景观定位了SEE的单反及其研究维度。此外,我们收集了在已发表的研究中研究的问题以及需要为教师解决的问题。本文还讨论了当前SEE研究领域面临的挑战。
{"title":"A Research Landscape of Software Engineering Education","authors":"Xin Huang, He Zhang, Xin Zhou, Dong Shao, M. L. Jaccheri","doi":"10.1109/APSEC53868.2021.00026","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00026","url":null,"abstract":"Nowadays, software permeates almost every aspect of our lives. To produce complex and large-scale software products, a large number of software engineers are required. Accordingly, researchers and educators recognize the importance of Software Engineering Education (SEE), and many studies related to SEE have been published in recent years. To synthesize the large amount of research in SEE, some Systematic Literature Reviews (SLRs) focusing on different areas of SEE have been conducted and reported. However, due to their limited focuses, none of these SLRs is able to depict an overall state-of-the-art for SEE. To remedy this, we conducted a tertiary study on SEE, which identifies 26 relevant SLRs published between 2004 and 2019. By classifying and positioning these SLRs in two dimensions, i.e. the education methods/tools applied for SEE and the research topics related to SEE, we present a landscape of SEE, which locates the SLRs on SEE and their research dimensions. Further, we collected the issues studied in the published research and those that need to be addressed for instructors. This paper also discusses the challenges of the current SEE research landscape.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134458242","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
DeepRelease: Language-agnostic Release Notes Generation from Pull Requests of Open-source Software DeepRelease:从开源软件的拉取请求生成与语言无关的发布说明
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00018
Huaxi Jiang, Jie Zhu, Li Yang, Geng Liang, Chun Zuo
The release note is an essential software artifact of open-source software that documents crucial information about changes, such as new features and bug fixes. With the help of release notes, both developers and users could have a general understanding of the latest version without browsing the source code. However, it is a daunting and time-consuming job for developers to produce release notes. Although prior studies have provided some automatic approaches, they generate release notes mainly by extracting information from code changes. This will result in language-specific and not being general enough to be applicable. Therefore, helping developers produce release notes effectively remains an unsolved challenge. To address the problem, we first conduct a manual study on the release notes of 900 GitHub projects, which reveals that more than 54% of projects produce their release notes with pull requests. Based on the empirical finding, we propose a deep learning based approach named DeepRelease (Deep learning based Release notes generator) to generate release notes according to pull requests. The process of release notes generation in DeepRelease includes the change entries generation and the change category (i.e., new features or bug fixes) generation, which are formulated as a text summarization task and a multi-class classification problem, respectively. Since DeepRelease fully employs text information from pull requests to summarize changes and identify the change category, it is language-agnostic and can be used for projects in any language. We build a dataset with over 46K release notes and evaluate DeepRelease on the dataset. The experimental results indicate that DeepRelease outperforms four baselines and can generate release notes similar to those manually written ones in a fraction of the time.
发行说明是开源软件必不可少的软件工件,它记录了有关更改的关键信息,例如新功能和错误修复。在发行说明的帮助下,开发人员和用户都可以在不浏览源代码的情况下对最新版本有一个大致的了解。然而,对于开发人员来说,制作发行说明是一项艰巨而耗时的工作。尽管先前的研究已经提供了一些自动的方法,但是它们主要是通过从代码变更中提取信息来生成发布说明。这将导致语言特定,而不是通用到足以适用。因此,帮助开发人员有效地制作发行说明仍然是一个未解决的挑战。为了解决这个问题,我们首先对900个GitHub项目的发布说明进行了手工研究,发现超过54%的项目使用拉请求生成发布说明。基于经验发现,我们提出了一种基于深度学习的方法DeepRelease(基于深度学习的发布说明生成器)来根据拉取请求生成发布说明。DeepRelease中的发布说明生成过程包括变更条目的生成和变更类别(即新特性或bug修复)的生成,这两个过程分别被表述为文本摘要任务和多类分类问题。由于DeepRelease完全使用来自拉取请求的文本信息来总结更改并识别更改类别,因此它与语言无关,可以用于任何语言的项目。我们建立了一个包含超过46K个发行说明的数据集,并在数据集上评估DeepRelease。实验结果表明,DeepRelease优于四个基线,并且可以在很短的时间内生成类似于手动编写的发布说明。
{"title":"DeepRelease: Language-agnostic Release Notes Generation from Pull Requests of Open-source Software","authors":"Huaxi Jiang, Jie Zhu, Li Yang, Geng Liang, Chun Zuo","doi":"10.1109/APSEC53868.2021.00018","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00018","url":null,"abstract":"The release note is an essential software artifact of open-source software that documents crucial information about changes, such as new features and bug fixes. With the help of release notes, both developers and users could have a general understanding of the latest version without browsing the source code. However, it is a daunting and time-consuming job for developers to produce release notes. Although prior studies have provided some automatic approaches, they generate release notes mainly by extracting information from code changes. This will result in language-specific and not being general enough to be applicable. Therefore, helping developers produce release notes effectively remains an unsolved challenge. To address the problem, we first conduct a manual study on the release notes of 900 GitHub projects, which reveals that more than 54% of projects produce their release notes with pull requests. Based on the empirical finding, we propose a deep learning based approach named DeepRelease (Deep learning based Release notes generator) to generate release notes according to pull requests. The process of release notes generation in DeepRelease includes the change entries generation and the change category (i.e., new features or bug fixes) generation, which are formulated as a text summarization task and a multi-class classification problem, respectively. Since DeepRelease fully employs text information from pull requests to summarize changes and identify the change category, it is language-agnostic and can be used for projects in any language. We build a dataset with over 46K release notes and evaluate DeepRelease on the dataset. The experimental results indicate that DeepRelease outperforms four baselines and can generate release notes similar to those manually written ones in a fraction of the time.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130874089","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
NameChecker: Detecting Inconsistency between Method Names and Method Bodies NameChecker:检测方法名和方法体之间的不一致
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00010
Kejun Li, Taiming Wang, Hui Liu
Methods are basic elements for functional organization in software applications. A high-quality method name should clearly express its function, and help developers understand its usages quickly without reading through the lengthy and complex method body. However, in some cases, method names could be inconsistent with their functional implementations. The inconsistency in turn may result in inaccurate interpretation of methods, and even buggy method invocations. To this end, in this paper, we propose a deep learning-based approach, called NameChecker, to detecting the inconsistency between method names and their corresponding method bodies. NameChecker extracts lexical and structural features of source code by static code analysis. Based on the extracted features, NameChecker employs deep learning techniques (i.e., LSTM, and Attention mechanism) to predict whether the given method name is consistent with its implementation. Different from other deep learning based approaches to inconsistency detection, NameChecker avoids the generation (recommendation) of method names. Empirical studies suggested that generated method names are often incorrect, and thus avoiding method name generation may significantly improve the accuracy of NameChecker. We evaluate NameChecker on open-source applications, and our evaluation results suggest that NameChecker improves the state of the art by increasing the F1-score from 66.7% to 73.4%.
方法是软件应用程序中功能组织的基本要素。一个高质量的方法名应该清楚地表达它的功能,并帮助开发人员快速理解它的用法,而不需要阅读冗长而复杂的方法体。然而,在某些情况下,方法名可能与它们的功能实现不一致。这种不一致反过来可能导致对方法的不准确解释,甚至导致方法调用的错误。为此,在本文中,我们提出了一种基于深度学习的方法,称为NameChecker,用于检测方法名称与其对应的方法体之间的不一致性。NameChecker通过静态代码分析提取源代码的词法和结构特征。基于提取的特征,NameChecker使用深度学习技术(即LSTM和注意力机制)来预测给定的方法名称是否与其实现一致。与其他基于深度学习的不一致检测方法不同,NameChecker避免了方法名称的生成(推荐)。实证研究表明,生成的方法名往往不正确,因此避免生成方法名可以显著提高NameChecker的准确性。我们在开源应用程序上对NameChecker进行了评估,我们的评估结果表明,NameChecker通过将f1得分从66.7%提高到73.4%,提高了技术水平。
{"title":"NameChecker: Detecting Inconsistency between Method Names and Method Bodies","authors":"Kejun Li, Taiming Wang, Hui Liu","doi":"10.1109/APSEC53868.2021.00010","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00010","url":null,"abstract":"Methods are basic elements for functional organization in software applications. A high-quality method name should clearly express its function, and help developers understand its usages quickly without reading through the lengthy and complex method body. However, in some cases, method names could be inconsistent with their functional implementations. The inconsistency in turn may result in inaccurate interpretation of methods, and even buggy method invocations. To this end, in this paper, we propose a deep learning-based approach, called NameChecker, to detecting the inconsistency between method names and their corresponding method bodies. NameChecker extracts lexical and structural features of source code by static code analysis. Based on the extracted features, NameChecker employs deep learning techniques (i.e., LSTM, and Attention mechanism) to predict whether the given method name is consistent with its implementation. Different from other deep learning based approaches to inconsistency detection, NameChecker avoids the generation (recommendation) of method names. Empirical studies suggested that generated method names are often incorrect, and thus avoiding method name generation may significantly improve the accuracy of NameChecker. We evaluate NameChecker on open-source applications, and our evaluation results suggest that NameChecker improves the state of the art by increasing the F1-score from 66.7% to 73.4%.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134049614","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Mining API Constraints from Library and Client to Detect API Misuses 从库和客户端挖掘API约束以检测API滥用
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00024
Hushuang Zeng, Jingxin Chen, Beijun Shen, Hao Zhong
Calling Application Programming Interfaces (APIs) shall follow various constraints (e.g., call orders). If these con-straints are violated, API misuses are introduced to code, and such misuses can cause severe bugs. To effectively detect API misuses, most prior approaches mine constraints from client code, and assume that the violations of constraints are potential misuses. However, as client code only illustrates a small portion of API usages, constraints mined from client code are typically incomplete. As a result, when mined constraints are used to detect bugs, many violations of constraints turn out to be false positives. In this paper, our research purpose is to find more misuses and to reduce false positives. As library code contains many details on APIs, we propose an approach that mines API constraints from both client and library code. From client code, our approach builds API usage graphs and uses a frequent subgraph mining algorithm to mine frequent usage patterns as API constraints. From library code, our approach derives various types of constraints with our predefined strategies. With constraints from both sources, our graph matching algorithm can detect API misuses. As a result, our approach takes advantage from both the comprehensiveness and informativeness of library-based constraints and the accuracy of client-based patterns. We compared our approach with MuDetect on the MuBench dataset. Our results show that it significantly improves the detection effectiveness of MuBench from 39.5% to 50.2% of the recall, and from 30.6% to 41.7% of the precision.
调用应用程序编程接口(api)应遵循各种约束(例如,调用顺序)。如果违反了这些约束,就会在代码中引入API误用,而这种误用会导致严重的错误。为了有效地检测API的滥用,大多数先前的方法从客户端代码中挖掘约束,并假设违反约束是潜在的滥用。然而,由于客户端代码只说明了API用法的一小部分,从客户端代码中挖掘的约束通常是不完整的。因此,当挖掘的约束被用来检测bug时,许多违反约束的行为被证明是误报。在本文中,我们的研究目的是发现更多的误用,减少误报。由于库代码包含许多关于API的细节,我们提出了一种从客户端和库代码中挖掘API约束的方法。从客户端代码中,我们的方法构建API使用图,并使用频繁子图挖掘算法来挖掘作为API约束的频繁使用模式。从库代码中,我们的方法通过预定义的策略派生出各种类型的约束。在这两个来源的约束下,我们的图匹配算法可以检测API的滥用。因此,我们的方法利用了基于库的约束的全面性和信息性以及基于客户机的模式的准确性。我们将我们的方法与MuBench数据集上的MuDetect进行了比较。结果表明,该方法显著提高了MuBench的检测效率,召回率从39.5%提高到50.2%,准确率从30.6%提高到41.7%。
{"title":"Mining API Constraints from Library and Client to Detect API Misuses","authors":"Hushuang Zeng, Jingxin Chen, Beijun Shen, Hao Zhong","doi":"10.1109/APSEC53868.2021.00024","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00024","url":null,"abstract":"Calling Application Programming Interfaces (APIs) shall follow various constraints (e.g., call orders). If these con-straints are violated, API misuses are introduced to code, and such misuses can cause severe bugs. To effectively detect API misuses, most prior approaches mine constraints from client code, and assume that the violations of constraints are potential misuses. However, as client code only illustrates a small portion of API usages, constraints mined from client code are typically incomplete. As a result, when mined constraints are used to detect bugs, many violations of constraints turn out to be false positives. In this paper, our research purpose is to find more misuses and to reduce false positives. As library code contains many details on APIs, we propose an approach that mines API constraints from both client and library code. From client code, our approach builds API usage graphs and uses a frequent subgraph mining algorithm to mine frequent usage patterns as API constraints. From library code, our approach derives various types of constraints with our predefined strategies. With constraints from both sources, our graph matching algorithm can detect API misuses. As a result, our approach takes advantage from both the comprehensiveness and informativeness of library-based constraints and the accuracy of client-based patterns. We compared our approach with MuDetect on the MuBench dataset. Our results show that it significantly improves the detection effectiveness of MuBench from 39.5% to 50.2% of the recall, and from 30.6% to 41.7% of the precision.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115505458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
[Title page i] [标题页i]
Pub Date : 2021-12-01 DOI: 10.1109/apsec53868.2021.00001
{"title":"[Title page i]","authors":"","doi":"10.1109/apsec53868.2021.00001","DOIUrl":"https://doi.org/10.1109/apsec53868.2021.00001","url":null,"abstract":"","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117124658","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Novel Architectural Design for Solving Lost-Link Problems in UAV Collaboration 一种解决无人机协同失联问题的新架构设计
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00045
G. Airlangga, Alan Liu
Research in unmanned aerial vehicles (UAVs) has gained attention from various communities because of their potential usage in improving safety and efficiency in different applications. An UAV has shown promising results in dangerous conditions such as forest fires, search and rescue, medical deliveries, wildlife monitoring and geophysical scanning. Some external conditions like slow or no internet connection areas such as rural, farm, forest, ocean, etc. may affect the performance of the UAVs. These conditions can be considered as lost-link problems. Several approaches have been conducted to resolve such issues by implementing robust on-board architecture, machine learning approaches and developing knowledge based reasoning systems. However, much of software architecture research has concentrated on UAV implementation in normal network condition. Thus, we propose a model for considering lost-link problems in software architecture. In this paper, we describe two interconnected architectures for client and server. The UAV as a client is controlled by microkernel based architecture and the server is developed using microservice architecture. Both of them are connected using a synchronizer component to collect, filter, analyze, predict, and mitigate an UAV when a lost-link problem occurs. Therefore, the UAV can still find an appropriate action to complete a mission as far as the sensor and actuator are not in a critical condition. Experiment results show that our approach yields high percentage of mission accomplishment, fault tolerance and performance in a lost-link situation.
由于无人机在各种应用中具有提高安全性和效率的潜在用途,其研究受到了各界的关注。无人机在森林火灾、搜救、医疗运送、野生动物监测和地球物理扫描等危险条件下显示出了良好的效果。一些外部条件,如缓慢或没有互联网连接的地区,如农村,农场,森林,海洋等,可能会影响无人机的性能。这些情况可以被认为是失联问题。通过实现强大的板载架构、机器学习方法和开发基于知识的推理系统,已经采取了几种方法来解决这些问题。然而,很多软件架构的研究都集中在无人机在正常网络条件下的实现上。因此,我们提出了一个考虑软件体系结构中丢失链接问题的模型。在本文中,我们描述了客户端和服务器两种相互连接的体系结构。无人机作为客户端采用基于微内核的架构进行控制,服务器采用微服务架构进行开发。两者都使用同步器组件连接,以便在发生失联问题时收集、过滤、分析、预测和缓解无人机。因此,只要传感器和执行器不处于临界状态,无人机仍然可以找到合适的动作来完成任务。实验结果表明,该方法具有较高的任务完成率、容错性和失联情况下的性能。
{"title":"A Novel Architectural Design for Solving Lost-Link Problems in UAV Collaboration","authors":"G. Airlangga, Alan Liu","doi":"10.1109/APSEC53868.2021.00045","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00045","url":null,"abstract":"Research in unmanned aerial vehicles (UAVs) has gained attention from various communities because of their potential usage in improving safety and efficiency in different applications. An UAV has shown promising results in dangerous conditions such as forest fires, search and rescue, medical deliveries, wildlife monitoring and geophysical scanning. Some external conditions like slow or no internet connection areas such as rural, farm, forest, ocean, etc. may affect the performance of the UAVs. These conditions can be considered as lost-link problems. Several approaches have been conducted to resolve such issues by implementing robust on-board architecture, machine learning approaches and developing knowledge based reasoning systems. However, much of software architecture research has concentrated on UAV implementation in normal network condition. Thus, we propose a model for considering lost-link problems in software architecture. In this paper, we describe two interconnected architectures for client and server. The UAV as a client is controlled by microkernel based architecture and the server is developed using microservice architecture. Both of them are connected using a synchronizer component to collect, filter, analyze, predict, and mitigate an UAV when a lost-link problem occurs. Therefore, the UAV can still find an appropriate action to complete a mission as far as the sensor and actuator are not in a critical condition. Experiment results show that our approach yields high percentage of mission accomplishment, fault tolerance and performance in a lost-link situation.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124013235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Automated Fault Tree generation in Open-PSA from UML Models 在Open-PSA中从UML模型自动生成故障树
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00076
Hasnaa EL Jihad, Morayo Adedjouma, M. Morelli
This paper presents the coupling between systems engineering (SE) and safety analysis (SA), by proposing an approach that allows integrating a safety analysis methodology to the ‘Papyrus 4 robotics’ (P4R) framework. We are especially interesting by automatic generation of fault trees in Open-PSA format from a UML Models.
本文通过提出一种允许将安全分析方法集成到“Papyrus 4 robotics”(P4R)框架的方法,介绍了系统工程(SE)和安全分析(SA)之间的耦合。我们对从UML模型中以Open-PSA格式自动生成故障树特别感兴趣。
{"title":"Automated Fault Tree generation in Open-PSA from UML Models","authors":"Hasnaa EL Jihad, Morayo Adedjouma, M. Morelli","doi":"10.1109/APSEC53868.2021.00076","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00076","url":null,"abstract":"This paper presents the coupling between systems engineering (SE) and safety analysis (SA), by proposing an approach that allows integrating a safety analysis methodology to the ‘Papyrus 4 robotics’ (P4R) framework. We are especially interesting by automatic generation of fault trees in Open-PSA format from a UML Models.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122792352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Detecting Duplicate Questions in Stack Overflow via Semantic and Relevance Approaches 基于语义和相关性方法的堆栈溢出重复问题检测
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00019
Zhifang Liao, Wen-Xiong Li, Yan Zhang, Song Yu
Stack Overflow is a popular online Q&A website related to programming. Although Stack Overflow has detailed questioning guidance, duplicate questions still appear frequently, and a large number of duplicate questions make the quality of the community degraded. To solve this problem, Stack Overflow allows users with high reputations to manually mark duplicate questions. However, this method is inefficient and causes many duplicate questions to remain undiscovered. Therefore, this paper proposes a duplicate questions detection model based on semantic and relevance. The model employs Siamese BiLSTM to encode question pairs and captures the semantic interaction information of title and body through soft align attention and inference composition. The soft term match captures the relevance information in the title. We evaluate the effectiveness of the model in six question groups on Stack Overflow. Compared with the latest deep learning model, the F1-Score and ACC of our model increased by 9.401% and 8.901%, respectively. Experimental results show that our model outperforms the baselines and achieves competitive performance.
Stack Overflow是一个与编程相关的热门在线问答网站。Stack Overflow虽然有详细的提问指导,但是重复的问题仍然频繁出现,大量的重复问题使得社区的质量下降。为了解决这个问题,Stack Overflow允许声誉较高的用户手动标记重复的问题。然而,这种方法是低效的,并且导致许多重复的问题仍然未被发现。为此,本文提出了一种基于语义和相关性的重复问题检测模型。该模型采用Siamese BiLSTM对问题对进行编码,并通过软对齐注意和推理组合来获取标题和正文的语义交互信息。软词匹配捕获标题中的相关信息。我们在堆栈溢出的六个问题组中评估了该模型的有效性。与最新的深度学习模型相比,我们模型的F1-Score和ACC分别提高了9.401%和8.901%。实验结果表明,该模型的性能优于基准,具有一定的竞争力。
{"title":"Detecting Duplicate Questions in Stack Overflow via Semantic and Relevance Approaches","authors":"Zhifang Liao, Wen-Xiong Li, Yan Zhang, Song Yu","doi":"10.1109/APSEC53868.2021.00019","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00019","url":null,"abstract":"Stack Overflow is a popular online Q&A website related to programming. Although Stack Overflow has detailed questioning guidance, duplicate questions still appear frequently, and a large number of duplicate questions make the quality of the community degraded. To solve this problem, Stack Overflow allows users with high reputations to manually mark duplicate questions. However, this method is inefficient and causes many duplicate questions to remain undiscovered. Therefore, this paper proposes a duplicate questions detection model based on semantic and relevance. The model employs Siamese BiLSTM to encode question pairs and captures the semantic interaction information of title and body through soft align attention and inference composition. The soft term match captures the relevance information in the title. We evaluate the effectiveness of the model in six question groups on Stack Overflow. Compared with the latest deep learning model, the F1-Score and ACC of our model increased by 9.401% and 8.901%, respectively. Experimental results show that our model outperforms the baselines and achieves competitive performance.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122988242","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Automated Construction of Continuous Delivery Pipelines from Architecture Models 基于架构模型的持续交付管道的自动构建
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00038
Selin Aydin, Andreas Steffens, H. Lichter
Continuous Delivery (CD) aims at reducing the cycle time from changes to software release while also increasing the software quality. To automate CD, delivery process models, defining all delivery activities need to be designed. Quality properties of delivery process models, such as maintainability, still oppose challenges. Previous research indicates that the quality of such models can be improved by aligning them with the software architecture. While software architecture knowledge is only incorporated implicitly, deep technical and process knowledge is required. On this basis, this paper introduces a new kind of delivery process models that focus mainly on software architecture knowledge. Hereby, we discard the current activity-centric view and shift to an artifact-centric view. Moreover, we outsource the required process- and technical knowledge to a transformation activities knowledge base. In order to make an artifact-based delivery process model executable, we provide a model-to-model transformation which constructs a CD pipeline from an artifact-based model with the help of the transformation activities knowledge base. We evaluated our approach by conducting a small industrial qualitative user study. It showed that low-experienced developers benefit from the reduced knowledge requirements of the artifact-based modeling approach.
持续交付(CD)旨在减少从变更到软件发布的周期时间,同时也提高软件质量。为了使CD自动化,需要设计交付过程模型,定义所有交付活动。交付过程模型的质量属性,例如可维护性,仍然面临挑战。先前的研究表明,可以通过将这些模型与软件体系结构对齐来提高模型的质量。虽然软件架构知识只是隐式地结合在一起,但是需要深入的技术和过程知识。在此基础上,介绍了一种以软件体系结构知识为核心的新型交付过程模型。因此,我们放弃当前以活动为中心的视图,并转向以工件为中心的视图。此外,我们将所需的过程和技术知识外包给转换活动知识库。为了使基于工件的交付过程模型可执行,我们提供了一个模型到模型的转换,该转换在转换活动知识库的帮助下,从基于工件的模型构造了一个CD管道。我们通过进行小型工业定性用户研究来评估我们的方法。它表明,经验不足的开发人员从基于工件的建模方法减少的知识需求中受益。
{"title":"Automated Construction of Continuous Delivery Pipelines from Architecture Models","authors":"Selin Aydin, Andreas Steffens, H. Lichter","doi":"10.1109/APSEC53868.2021.00038","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00038","url":null,"abstract":"Continuous Delivery (CD) aims at reducing the cycle time from changes to software release while also increasing the software quality. To automate CD, delivery process models, defining all delivery activities need to be designed. Quality properties of delivery process models, such as maintainability, still oppose challenges. Previous research indicates that the quality of such models can be improved by aligning them with the software architecture. While software architecture knowledge is only incorporated implicitly, deep technical and process knowledge is required. On this basis, this paper introduces a new kind of delivery process models that focus mainly on software architecture knowledge. Hereby, we discard the current activity-centric view and shift to an artifact-centric view. Moreover, we outsource the required process- and technical knowledge to a transformation activities knowledge base. In order to make an artifact-based delivery process model executable, we provide a model-to-model transformation which constructs a CD pipeline from an artifact-based model with the help of the transformation activities knowledge base. We evaluated our approach by conducting a small industrial qualitative user study. It showed that low-experienced developers benefit from the reduced knowledge requirements of the artifact-based modeling approach.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114886567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Program Verification Enhanced Precise Analysis of Interrupt-Driven Program Vulnerabilities 程序验证增强了中断驱动程序漏洞的精确分析
Pub Date : 2021-12-01 DOI: 10.1109/APSEC53868.2021.00033
Xiang Du, Liangze Yin, Haining Feng, Wei Dong
Due to the non-deterministic occurring of interrupt service routines, vulnerabilities of interrupt-driven programs, such as data race and atomicity violation, are usually hard to discover. Static analysis is an effective method for vulnerability analysis of interrupt-driven programs. However, existing techniques usually produce a large number of false alarms, which limits the application of static analysis in practice. To achieve high precision in vulnerability analysis of interrupt-driven programs, this paper proposes a program verification enhanced precise analysis method. For each potential vulnerability detected by static analysis, we propose a vulnerability validation approach which employs program verification to further automatically verify its feasibility. We have implemented a prototype of our method on top of CBMC. Experimental results on both an academic benchmark and 24 real-world programs show that our method can successfully identify true vulnerabilities and achieve a high precise analysis.
由于中断服务程序的不确定性,中断驱动程序的数据竞争、原子性冲突等漏洞往往难以发现。静态分析是中断驱动程序漏洞分析的有效方法。然而,现有的技术往往会产生大量的虚警,这限制了静态分析在实际中的应用。为了实现中断驱动程序漏洞分析的高精度,本文提出了一种程序验证增强的精确分析方法。针对静态分析检测到的每一个潜在漏洞,我们提出了一种漏洞验证方法,利用程序验证进一步自动验证其可行性。我们已经在CBMC之上实现了我们方法的原型。在一个学术基准和24个实际程序上的实验结果表明,我们的方法能够成功地识别出真实的漏洞,并实现了高精度的分析。
{"title":"Program Verification Enhanced Precise Analysis of Interrupt-Driven Program Vulnerabilities","authors":"Xiang Du, Liangze Yin, Haining Feng, Wei Dong","doi":"10.1109/APSEC53868.2021.00033","DOIUrl":"https://doi.org/10.1109/APSEC53868.2021.00033","url":null,"abstract":"Due to the non-deterministic occurring of interrupt service routines, vulnerabilities of interrupt-driven programs, such as data race and atomicity violation, are usually hard to discover. Static analysis is an effective method for vulnerability analysis of interrupt-driven programs. However, existing techniques usually produce a large number of false alarms, which limits the application of static analysis in practice. To achieve high precision in vulnerability analysis of interrupt-driven programs, this paper proposes a program verification enhanced precise analysis method. For each potential vulnerability detected by static analysis, we propose a vulnerability validation approach which employs program verification to further automatically verify its feasibility. We have implemented a prototype of our method on top of CBMC. Experimental results on both an academic benchmark and 24 real-world programs show that our method can successfully identify true vulnerabilities and achieve a high precise analysis.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133225189","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
2021 28th Asia-Pacific Software Engineering Conference (APSEC)
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1