首页 > 最新文献

2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)最新文献

英文 中文
MiSim: A Simulator for Resilience Assessment of Microservice-Based Architectures MiSim:基于微服务架构的弹性评估模拟器
Sebastian Frank, Lion Wagner, M. A. Hakamian, Martin Straesser, A. Hoorn
Increased resilience compared to monolithic architectures is both one of the key promises of microservice-based architectures and a big challenge, e.g., due to the systems’ distributed nature. Resilience assessment through simulation requires fewer resources than the measurement-based techniques used in practice. However, there is no existing simulation approach that is suitable for a holistic resilience assessment of microservices comprised of (i) representative fault injections, (ii) common resilience mechanisms, and (iii) time-varying workloads. This paper presents MiSim — an extensible simulator for resilience assessment of microservice-based architectures. It overcomes the stated limitations of related work. MiSim fits resilience engineering practices by supporting scenario-based experiments and requiring only lightweight input models. We demonstrate how MiSim simulates (1) common resilience mechanisms — i.e., circuit breaker, connection limiter, retry, load balancer, and autoscaler — and (2) fault injections — i.e., instance/service killing and latency injections. In addition, we use TeaStore, a reference microservice-based architecture, aiming to reproduce scaling behavior from an experiment by using simulation. Our results show that MiSim allows for quantitative insights into microservice-based systems’ complex transient behavior by providing up to 25 metrics.
与单片架构相比,增强的弹性既是基于微服务架构的关键承诺之一,也是一个巨大的挑战,例如,由于系统的分布式特性。与实践中使用的基于测量的技术相比,通过模拟进行弹性评估所需的资源更少。然而,目前还没有合适的模拟方法来对微服务进行全面的弹性评估,这些微服务包括:(i)有代表性的故障注入,(ii)常见的弹性机制,以及(iii)随时间变化的工作负载。本文介绍了MiSim——一个用于基于微服务架构的弹性评估的可扩展模拟器。它克服了相关工作的局限性。MiSim通过支持基于场景的实验和只需要轻量级输入模型来适应弹性工程实践。我们演示了MiSim如何模拟(1)常见的弹性机制——即断路器、连接限制器、重试、负载平衡器和自动缩放器——以及(2)故障注入——即实例/服务终止和延迟注入。此外,我们还使用了TeaStore,这是一种基于微服务的参考架构,旨在通过模拟来重现实验中的扩展行为。我们的研究结果表明,MiSim通过提供多达25个指标,可以对基于微服务的系统的复杂瞬态行为进行定量分析。
{"title":"MiSim: A Simulator for Resilience Assessment of Microservice-Based Architectures","authors":"Sebastian Frank, Lion Wagner, M. A. Hakamian, Martin Straesser, A. Hoorn","doi":"10.1109/QRS57517.2022.00105","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00105","url":null,"abstract":"Increased resilience compared to monolithic architectures is both one of the key promises of microservice-based architectures and a big challenge, e.g., due to the systems’ distributed nature. Resilience assessment through simulation requires fewer resources than the measurement-based techniques used in practice. However, there is no existing simulation approach that is suitable for a holistic resilience assessment of microservices comprised of (i) representative fault injections, (ii) common resilience mechanisms, and (iii) time-varying workloads. This paper presents MiSim — an extensible simulator for resilience assessment of microservice-based architectures. It overcomes the stated limitations of related work. MiSim fits resilience engineering practices by supporting scenario-based experiments and requiring only lightweight input models. We demonstrate how MiSim simulates (1) common resilience mechanisms — i.e., circuit breaker, connection limiter, retry, load balancer, and autoscaler — and (2) fault injections — i.e., instance/service killing and latency injections. In addition, we use TeaStore, a reference microservice-based architecture, aiming to reproduce scaling behavior from an experiment by using simulation. Our results show that MiSim allows for quantitative insights into microservice-based systems’ complex transient behavior by providing up to 25 metrics.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"55 47","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120815913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
GOV: A Verification Method for Smart Contract Gas-Optimization 一种智能合约天然气优化的验证方法
Yuan Huang, Rong Wang, Xiangping Chen, Xiao-cong Zhou, Ziyan Wang
Developers may not understand the Gas mechanism of Ethereum, so many smart contracts consume a lot of unnecessary Gas. To address this issue, existing studies have proposed several methods to optimize the code of the contracts to reduce Gas consumption. To verify the effectiveness, most of the methods deploy a private chain to make verification. However, a more reasonable way is to employ the real transactions on Ethereum to trigger the contracts before and after optimization, and then compare the Gas consumption. To achieve this goal, we proposed a method, GOV, to estimate the Gas consumption of the optimized contract by using the real transactions on Ethereum. Our method enables the optimized contract to follow the execution path of the contract before optimization, thus solving the problem of inconsistent execution paths before and after optimization. A preliminary evaluation shows that GOV can effectively estimate the Gas consumption of optimized contract.
开发人员可能不了解以太坊的Gas机制,因此许多智能合约消耗了大量不必要的Gas。为了解决这一问题,已有研究提出了几种优化合同代码的方法,以减少天然气消耗。为了验证有效性,大多数方法都部署了私有链来进行验证。然而,更合理的方法是使用以太坊上的真实交易来触发优化前后的合约,然后比较Gas消耗。为了实现这一目标,我们提出了一种方法GOV,通过使用以太坊上的真实交易来估计优化合约的Gas消耗。我们的方法使优化后的契约遵循优化前契约的执行路径,从而解决了优化前后执行路径不一致的问题。初步评价表明,GOV能有效估算优化后合同的用气量。
{"title":"GOV: A Verification Method for Smart Contract Gas-Optimization","authors":"Yuan Huang, Rong Wang, Xiangping Chen, Xiao-cong Zhou, Ziyan Wang","doi":"10.1109/QRS57517.2022.00055","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00055","url":null,"abstract":"Developers may not understand the Gas mechanism of Ethereum, so many smart contracts consume a lot of unnecessary Gas. To address this issue, existing studies have proposed several methods to optimize the code of the contracts to reduce Gas consumption. To verify the effectiveness, most of the methods deploy a private chain to make verification. However, a more reasonable way is to employ the real transactions on Ethereum to trigger the contracts before and after optimization, and then compare the Gas consumption. To achieve this goal, we proposed a method, GOV, to estimate the Gas consumption of the optimized contract by using the real transactions on Ethereum. Our method enables the optimized contract to follow the execution path of the contract before optimization, thus solving the problem of inconsistent execution paths before and after optimization. A preliminary evaluation shows that GOV can effectively estimate the Gas consumption of optimized contract.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"51 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120817291","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Emotional Dashboard: a Non-Intrusive Approach to Monitor Software Developers' Emotions and Personality Traits 情绪仪表板:一种监控软件开发人员情绪和个性特征的非侵入性方法
Leo Silva, Marília Castro, Miriam Silva, Milena Santos, U. Kulesza, Margarida Lima, H. Madeira
Developers' emotions are crucial elements that influence the overall job satisfaction of software engineers, including motivation, productivity, and quality of the work, affecting the software development lifecycle. Existing approaches to assess and monitor developers' emotions, such as facial expressions, self-assessed surveys, and biometric sensors, imply considerable intrusiveness on developers' routines and tend to be used only during limited periods. This paper proposes a new non-intrusive and automatable tool (Emotional Dashboard) to assess, monitor, and visualize software developers' emotions during long periods, providing team leaders and project managers with an overview of teams' and software developers' emotional statuses. The idea is to use posts shared by developers on social media to assess their emotions' polarity and visualize the emotional situation on a dashboard, allowing the identification of potentially abnormal emotional periods that may affect the software development. A first evaluation of the tool’s accuracy, done by comparing the emotion polarity (negative, positive, or neutral) of posts done by our tool with the manual classification of a set of posts done by three psychologists, has shown an accuracy of 77%. The tool is available for analysis at this link: https://emotional-dashboard.herokuapp.com.
开发人员的情绪是影响软件工程师整体工作满意度的关键因素,包括动机、生产力和工作质量,影响软件开发生命周期。现有的评估和监控开发者情绪的方法,如面部表情、自我评估调查和生物传感器,都意味着对开发者日常工作的干扰,而且往往只在有限的时间内使用。本文提出了一种新的非侵入性和可自动化的工具(情感仪表板)来评估、监控和可视化软件开发人员在长时间内的情绪,为团队领导和项目经理提供团队和软件开发人员情绪状态的概述。这个想法是利用开发人员在社交媒体上分享的帖子来评估他们的情绪极性,并在仪表板上可视化情绪状况,从而识别可能影响软件开发的潜在异常情绪时期。通过比较我们的工具所做的帖子的情绪极性(消极、积极或中立)与三位心理学家所做的一组帖子的手动分类,对工具的准确性进行了首次评估,结果显示准确率为77%。该工具可在此链接进行分析:https://emotional-dashboard.herokuapp.com。
{"title":"Emotional Dashboard: a Non-Intrusive Approach to Monitor Software Developers' Emotions and Personality Traits","authors":"Leo Silva, Marília Castro, Miriam Silva, Milena Santos, U. Kulesza, Margarida Lima, H. Madeira","doi":"10.1109/QRS57517.2022.00045","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00045","url":null,"abstract":"Developers' emotions are crucial elements that influence the overall job satisfaction of software engineers, including motivation, productivity, and quality of the work, affecting the software development lifecycle. Existing approaches to assess and monitor developers' emotions, such as facial expressions, self-assessed surveys, and biometric sensors, imply considerable intrusiveness on developers' routines and tend to be used only during limited periods. This paper proposes a new non-intrusive and automatable tool (Emotional Dashboard) to assess, monitor, and visualize software developers' emotions during long periods, providing team leaders and project managers with an overview of teams' and software developers' emotional statuses. The idea is to use posts shared by developers on social media to assess their emotions' polarity and visualize the emotional situation on a dashboard, allowing the identification of potentially abnormal emotional periods that may affect the software development. A first evaluation of the tool’s accuracy, done by comparing the emotion polarity (negative, positive, or neutral) of posts done by our tool with the manual classification of a set of posts done by three psychologists, has shown an accuracy of 77%. The tool is available for analysis at this link: https://emotional-dashboard.herokuapp.com.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129390281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Division by Zero: Threats and Effects in Spectrum-Based Fault Localization Formulas 零除法:基于频谱的故障定位公式的威胁与影响
Dániel Vince, Attila Szatmári, Ákos Kiss, Árpád Beszédes
Spectrum-Based Fault Localization (SBFL) is based on risk formulas to rank program elements, which work generally well in various situations. However, it cannot be ruled out that zero division might happen during score calculation, which has negative consequences, e.g., essential elements will not be in the top part of the rank list. The literature has given several strategies to tackle the problem, although there is little knowledge on which one to use. In our work, we performed mathematical analysis and an empirical study to find out how this phenomenon affects SBFL. Results show that division by zero happens in many cases, and the strategies can mitigate their consequences with varying success. Thus, we propose a combined method to avoid the threat of division by zero and improve the trustworthiness of SBFL. Our proposals should be taken into consideration whenever a formula is being used or a new one is proposed.
基于谱的故障定位(SBFL)是一种基于风险公式对程序元素进行排序的方法,在各种情况下都能很好地工作。但是,也不排除在计算分数的过程中会出现除法为零的情况,这种情况会产生负面的后果,例如,基本元素不会出现在排名的前几位。文献给出了几种解决这个问题的策略,尽管很少有人知道该使用哪一种。在我们的工作中,我们进行了数学分析和实证研究,以找出这一现象如何影响SBFL。结果表明,除零在许多情况下都会发生,这些策略可以以不同的成功程度减轻其后果。因此,我们提出了一种组合的方法来避免被除零的威胁,提高SBFL的可信度。每当使用一种公式或提出一种新公式时,都应考虑到我们的建议。
{"title":"Division by Zero: Threats and Effects in Spectrum-Based Fault Localization Formulas","authors":"Dániel Vince, Attila Szatmári, Ákos Kiss, Árpád Beszédes","doi":"10.1109/QRS57517.2022.00032","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00032","url":null,"abstract":"Spectrum-Based Fault Localization (SBFL) is based on risk formulas to rank program elements, which work generally well in various situations. However, it cannot be ruled out that zero division might happen during score calculation, which has negative consequences, e.g., essential elements will not be in the top part of the rank list. The literature has given several strategies to tackle the problem, although there is little knowledge on which one to use. In our work, we performed mathematical analysis and an empirical study to find out how this phenomenon affects SBFL. Results show that division by zero happens in many cases, and the strategies can mitigate their consequences with varying success. Thus, we propose a combined method to avoid the threat of division by zero and improve the trustworthiness of SBFL. Our proposals should be taken into consideration whenever a formula is being used or a new one is proposed.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"2016 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128582029","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Collaboration-Aware Approach to Profiling Developer Expertise with Cross-Community Data 使用跨社区数据分析开发人员专业知识的协作意识方法
Xiaotao Song, Jiafei Yan, Yuexin Huang, Hailong Sun, Hongyu Zhang
Developer expertise is an important factor that should be considered in various software development activities. And it is challenging to accurately profile the expertise of developers as their activities often disperse across different online communities, such as Community Question Answering sites (e.g., Stack Overflow) and Open Source Software platforms (e.g., GitHub). In this regard, early work mainly considers a single community while recent studies are starting to profile developers with cross-community data. However, few works consider the collaborative interactions among developers in evaluating developer expertise across communities. In this work, we propose a collaboration-aware approach to profiling developer expertise using cross-community data by taking into consideration developers’ contributions, collaborative interactions, and the dynamic changes of expertise. Specifically, we are concerned with the common developers in GitHub and Stack Overflow. First, we propose a time-sensitive model to characterize the developer’s expertise in the two communities and integrate the results to generate basic expertise profiles. Second, we build a developer network by analyzing the collaborative interactions among the developers of the two communities. Finally, we apply the topic-sensitive PageRank algorithm to incorporate developer relationships into expertise profiling. Results of extensive experiments on a large number of common developers of GitHub and Stack Overflow demonstrate the effectiveness of our approach.
开发人员专业知识是在各种软件开发活动中应该考虑的一个重要因素。准确地描述开发人员的专业知识是一项挑战,因为他们的活动经常分散在不同的在线社区,例如社区问答网站(例如Stack Overflow)和开源软件平台(例如GitHub)。在这方面,早期的工作主要考虑单个社区,而最近的研究开始使用跨社区数据来分析开发人员。然而,在评估跨社区的开发人员专业知识时,很少有人考虑开发人员之间的协作交互。在这项工作中,我们提出了一种协作意识的方法,通过考虑开发人员的贡献、协作交互和专业知识的动态变化,使用跨社区数据来分析开发人员的专业知识。具体来说,我们关注的是GitHub和Stack Overflow中的普通开发人员。首先,我们提出了一个时间敏感模型来描述两个社区中开发人员的专业知识,并将结果整合以生成基本的专业知识概况。其次,通过分析两个社区开发者之间的协作互动,构建开发者网络。最后,我们应用主题敏感的PageRank算法将开发人员关系纳入专家分析。在GitHub和Stack Overflow的大量普通开发人员身上进行的大量实验结果证明了我们的方法的有效性。
{"title":"A Collaboration-Aware Approach to Profiling Developer Expertise with Cross-Community Data","authors":"Xiaotao Song, Jiafei Yan, Yuexin Huang, Hailong Sun, Hongyu Zhang","doi":"10.1109/QRS57517.2022.00043","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00043","url":null,"abstract":"Developer expertise is an important factor that should be considered in various software development activities. And it is challenging to accurately profile the expertise of developers as their activities often disperse across different online communities, such as Community Question Answering sites (e.g., Stack Overflow) and Open Source Software platforms (e.g., GitHub). In this regard, early work mainly considers a single community while recent studies are starting to profile developers with cross-community data. However, few works consider the collaborative interactions among developers in evaluating developer expertise across communities. In this work, we propose a collaboration-aware approach to profiling developer expertise using cross-community data by taking into consideration developers’ contributions, collaborative interactions, and the dynamic changes of expertise. Specifically, we are concerned with the common developers in GitHub and Stack Overflow. First, we propose a time-sensitive model to characterize the developer’s expertise in the two communities and integrate the results to generate basic expertise profiles. Second, we build a developer network by analyzing the collaborative interactions among the developers of the two communities. Finally, we apply the topic-sensitive PageRank algorithm to incorporate developer relationships into expertise profiling. Results of extensive experiments on a large number of common developers of GitHub and Stack Overflow demonstrate the effectiveness of our approach.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"31 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132993160","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Empirical Study of the Bug Link Rate
Chenglin Li, Yangyang Zhao, Yibiao Yang
Defect data is critical for software defect prediction. To collect defect data, it is essential to establish links between bugs and their fixes. Missing links (i.e. low link rate) can cause false negatives in the defect dataset, and bias the experimental results. Despite the importance of bug links, little prior work has used bug link rate as a criterion for selecting subjects, and there is no empirical evidence to know whether there are simpler alternative criteria for evaluating a project’s link rate to aid selection. To this end, we conduct a comprehensive study on the bug link rate. Based on 34 open-source projects, we make a detailed statistical analysis of the actual link rates of the projects, and examine the factors affecting link rates from both quantitative and qualitative perspectives. The findings could improve the understanding of bug link rates, and guide the selection of better subjects for defect prediction.
缺陷数据是软件缺陷预测的关键。为了收集缺陷数据,在缺陷和它们的修复之间建立联系是必要的。缺失链接(即低链接率)可能导致缺陷数据集中的假阴性,并使实验结果产生偏差。尽管bug链接很重要,但很少有先前的工作使用bug链接率作为选择主题的标准,并且没有经验证据表明是否有更简单的替代标准来评估项目的链接率以帮助选择。为此,我们对bug链接率进行了全面的研究。基于34个开源项目,我们对项目的实际链接率进行了详细的统计分析,并从定量和定性两个角度考察了影响链接率的因素。这些发现可以提高对错误链接率的理解,并指导选择更好的缺陷预测对象。
{"title":"An Empirical Study of the Bug Link Rate","authors":"Chenglin Li, Yangyang Zhao, Yibiao Yang","doi":"10.1109/QRS57517.2022.00028","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00028","url":null,"abstract":"Defect data is critical for software defect prediction. To collect defect data, it is essential to establish links between bugs and their fixes. Missing links (i.e. low link rate) can cause false negatives in the defect dataset, and bias the experimental results. Despite the importance of bug links, little prior work has used bug link rate as a criterion for selecting subjects, and there is no empirical evidence to know whether there are simpler alternative criteria for evaluating a project’s link rate to aid selection. To this end, we conduct a comprehensive study on the bug link rate. Based on 34 open-source projects, we make a detailed statistical analysis of the actual link rates of the projects, and examine the factors affecting link rates from both quantitative and qualitative perspectives. The findings could improve the understanding of bug link rates, and guide the selection of better subjects for defect prediction.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126878622","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
PDG2Vec: Identify the Binary Function Similarity with Program Dependence Graph PDG2Vec:用程序依赖图识别二值函数相似度
Yuntao Zhang, Yanhao Wang, Yuwei Liu, Zhengyuan Pang, B. Fang
Binary code similarity identification is an important technique applied to many security applications (e.g., plagiarism detection, bug search). The primary challenge of this research topic is how to extract sufficient information from the binary code for similarity comparison. Although numerous approaches have been proposed to address the challenge, most of them leverage features determined by human experience or extracted using machine learning methods and ignore some critical technique semantic information. Additionally, they assess their approach exclusively in laboratory environments and lack real-world datasets. Both problems lead to the limited effectiveness of these methods in real application scenarios (e.g., vulnerable function search).In this paper, we propose a novel approach PDG2Vec, which extracts the data dependence graph and control dependence graph (i.e., program dependence graph (PDG)) as the features of functions and uses them for identifying function similarity. Meanwhile, we design several strategies to optimize the PDG’s construction and use them in similarity comparison to balance time-consuming and accuracy. We implement the prototype of PDG2Vec, which can perform binary code similarity comparison across architectures of x86, x86_64, MIPS32, ARM32, and ARM64. We evaluate PDG2Vec with two datasets. The experimental results show that PDG2Vec is resilient to cross-architecture and extracts more precise semantics than other approaches. Moreover, PDG2Vec outperforms the state-of-the-art tools in the vulnerable function search scenario and has excellent performance.
二进制代码相似度识别是应用于许多安全应用(如抄袭检测、错误搜索)的一项重要技术。本课题的主要挑战是如何从二进制码中提取足够的信息进行相似性比较。尽管已经提出了许多方法来解决这一挑战,但大多数方法都利用了由人类经验确定的特征或使用机器学习方法提取的特征,而忽略了一些关键的技术语义信息。此外,他们仅在实验室环境中评估他们的方法,缺乏真实世界的数据集。这两个问题导致这些方法在实际应用场景(如脆弱函数搜索)中的有效性有限。在本文中,我们提出了一种新的方法PDG2Vec,该方法提取数据依赖图和控制依赖图(即程序依赖图(PDG))作为函数的特征,并利用它们来识别函数的相似性。同时,我们设计了几种策略来优化PDG的构建,并将它们用于相似度比较,以平衡耗时和准确性。我们实现了PDG2Vec原型,它可以跨x86、x86_64、MIPS32、ARM32和ARM64架构进行二进制代码相似性比较。我们用两个数据集评估PDG2Vec。实验结果表明,PDG2Vec具有较强的跨架构适应性,提取的语义比其他方法更精确。此外,PDG2Vec在脆弱函数搜索场景中优于最先进的工具,具有优异的性能。
{"title":"PDG2Vec: Identify the Binary Function Similarity with Program Dependence Graph","authors":"Yuntao Zhang, Yanhao Wang, Yuwei Liu, Zhengyuan Pang, B. Fang","doi":"10.1109/QRS57517.2022.00061","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00061","url":null,"abstract":"Binary code similarity identification is an important technique applied to many security applications (e.g., plagiarism detection, bug search). The primary challenge of this research topic is how to extract sufficient information from the binary code for similarity comparison. Although numerous approaches have been proposed to address the challenge, most of them leverage features determined by human experience or extracted using machine learning methods and ignore some critical technique semantic information. Additionally, they assess their approach exclusively in laboratory environments and lack real-world datasets. Both problems lead to the limited effectiveness of these methods in real application scenarios (e.g., vulnerable function search).In this paper, we propose a novel approach PDG2Vec, which extracts the data dependence graph and control dependence graph (i.e., program dependence graph (PDG)) as the features of functions and uses them for identifying function similarity. Meanwhile, we design several strategies to optimize the PDG’s construction and use them in similarity comparison to balance time-consuming and accuracy. We implement the prototype of PDG2Vec, which can perform binary code similarity comparison across architectures of x86, x86_64, MIPS32, ARM32, and ARM64. We evaluate PDG2Vec with two datasets. The experimental results show that PDG2Vec is resilient to cross-architecture and extracts more precise semantics than other approaches. Moreover, PDG2Vec outperforms the state-of-the-art tools in the vulnerable function search scenario and has excellent performance.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"126 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116092946","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Empirical Study on Software Defect Prediction using Function Point Analysis 基于功能点分析的软件缺陷预测实证研究
Xinghan Zhao, Cong Tian
The software defect prediction method based on requirement specification is proposed to address the defect prediction needs in the requirements phase when the organization adopts the W-model of software development. The theoretical synthesis presents that the function point and the number of defects should be positively correlated. The theory’s correctness is verified by analyzing the correlation between function point and defect distribution of eight software applications. Then, the mathematical equations for software configuration testing defects are derived, and the specific meaning of the equation is explained. Finally, the shortcomings of this study and the subsequent research directions are pointed out.
提出了基于需求说明书的软件缺陷预测方法,以解决组织采用软件开发的w模型时需求阶段的缺陷预测需求。理论综合表明,功能点与缺陷数应呈正相关关系。通过分析八个软件应用的功能点与缺陷分布的相关性,验证了理论的正确性。然后,推导了软件组态测试缺陷的数学方程,并说明了该方程的具体含义。最后指出了本研究的不足和后续的研究方向。
{"title":"An Empirical Study on Software Defect Prediction using Function Point Analysis","authors":"Xinghan Zhao, Cong Tian","doi":"10.1109/QRS57517.2022.00027","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00027","url":null,"abstract":"The software defect prediction method based on requirement specification is proposed to address the defect prediction needs in the requirements phase when the organization adopts the W-model of software development. The theoretical synthesis presents that the function point and the number of defects should be positively correlated. The theory’s correctness is verified by analyzing the correlation between function point and defect distribution of eight software applications. Then, the mathematical equations for software configuration testing defects are derived, and the specific meaning of the equation is explained. Finally, the shortcomings of this study and the subsequent research directions are pointed out.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121767526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Context-Aware Program Simplification to Improve Information Retrieval-Based Bug Localization 上下文感知程序简化改进基于信息检索的Bug定位
Yilin Yang, Ziyuan Wang, Zhenyu Chen, Baowen Xu
Information Retrieval-based Bug localization (IRBL) techniques have become a hot research topic in bug localization due to their few external dependencies and low execution cost. However, existing IRBL techniques have many challenges regarding localization granularity and applicability. First, existing IRBL techniques have not yet achieved statement-level bug localization. Second, almost all studies are limited to Java-based projects, and the effectiveness of these techniques for other widely used programming languages (e.g., Python) is still unknown. The reason for these deficiencies is that existing IRBL techniques mainly employ conventional NLP techniques to analyze the bug reports and have not yet fully exploited the stack trace attached to the bug reports. To improve IRBL techniques in terms of localization granularity and adaptability, we propose a context-aware program simplification technique—COPS—that is able to localize defective statements in suspicious files by analyzing the stack trace in bug reports, which enables statement-level bug localization for Python-based projects. Experiments using 948 bug reports show that our technique can localize the buggy statements with 102.6% higher Top@10, 56.2% higher MAP@10, and 95.6% higher MRR@10 than the baseline. Compared with the state-of-the-art techniques, COPS can improve 19.1% in MAP@10 and achieve 92% buggy statement coverage with a full scope search. Experimental results show that COPS has higher bug localization effectiveness than existing IRBL techniques; and that COPS achieves the same effectiveness with higher execution efficiency than state-of-the-art statement-level defect techniques.
基于信息检索的Bug定位技术(IRBL)因其对外部依赖少、执行成本低等优点,成为Bug定位领域的研究热点。然而,现有的IRBL技术在本地化粒度和适用性方面存在许多挑战。首先,现有的IRBL技术尚未实现语句级错误定位。其次,几乎所有的研究都局限于基于java的项目,这些技术对其他广泛使用的编程语言(例如Python)的有效性仍然未知。造成这些缺陷的原因是现有的IRBL技术主要采用传统的NLP技术来分析bug报告,并没有充分利用bug报告附带的堆栈跟踪。为了在本地化粒度和适应性方面改进IRBL技术,我们提出了一种上下文感知的程序简化技术- cop -它能够通过分析错误报告中的堆栈跟踪来本地化可疑文件中的缺陷语句,从而实现基于python的项目的语句级错误本地化。使用948个bug报告进行的实验表明,我们的技术可以比基线高102.6% Top@10、56.2% MAP@10和95.6% MRR@10地定位bug语句。与最先进的技术相比,cop可以在MAP@10中提高19.1%,在全范围搜索中实现92%的错误语句覆盖率。实验结果表明,与现有的IRBL技术相比,COPS具有更高的bug定位效率;并且与最先进的语句级缺陷技术相比,COPS以更高的执行效率达到了相同的效果。
{"title":"Context-Aware Program Simplification to Improve Information Retrieval-Based Bug Localization","authors":"Yilin Yang, Ziyuan Wang, Zhenyu Chen, Baowen Xu","doi":"10.1109/QRS57517.2022.00035","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00035","url":null,"abstract":"Information Retrieval-based Bug localization (IRBL) techniques have become a hot research topic in bug localization due to their few external dependencies and low execution cost. However, existing IRBL techniques have many challenges regarding localization granularity and applicability. First, existing IRBL techniques have not yet achieved statement-level bug localization. Second, almost all studies are limited to Java-based projects, and the effectiveness of these techniques for other widely used programming languages (e.g., Python) is still unknown. The reason for these deficiencies is that existing IRBL techniques mainly employ conventional NLP techniques to analyze the bug reports and have not yet fully exploited the stack trace attached to the bug reports. To improve IRBL techniques in terms of localization granularity and adaptability, we propose a context-aware program simplification technique—COPS—that is able to localize defective statements in suspicious files by analyzing the stack trace in bug reports, which enables statement-level bug localization for Python-based projects. Experiments using 948 bug reports show that our technique can localize the buggy statements with 102.6% higher Top@10, 56.2% higher MAP@10, and 95.6% higher MRR@10 than the baseline. Compared with the state-of-the-art techniques, COPS can improve 19.1% in MAP@10 and achieve 92% buggy statement coverage with a full scope search. Experimental results show that COPS has higher bug localization effectiveness than existing IRBL techniques; and that COPS achieves the same effectiveness with higher execution efficiency than state-of-the-art statement-level defect techniques.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133996973","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Predictive Mutation Analysis of Test Case Prioritization for Deep Neural Networks 深度神经网络测试用例优先级的预测突变分析
Zhengyuan Wei, Haipeng Wang, Imran Ashraf, William Chan
Testing deep neural networks requires high-quality test cases, but using new test cases would incur the labor-intensive test case labeling issue in the test oracle problem. Test case prioritization for failure-revealing test cases alleviates the problem. Existing metric-based techniques analyze vector-based prediction outputs. They cannot handle regression models. Existing mutation-based techniques either remain ineffective or incur high computational costs. In this paper, we propose EffiMAP, an effective and efficient test case prioritization technique with predictive mutation analysis. In the test phase, without performing a comprehensive mutation analysis, EffiMAP predicts whether model mutants are killed by a test case by the information extracted from the execution trace of the test case. Our experiment shows that EffiMAP significantly outperforms the previous state-of-the-art technique in both effectiveness and efficiency in the test phase of handling test cases of both classification and regression models. This paper is the first work to show the feasibility of predictive mutation analysis to rank test cases with a higher probability of exposing model prediction failures in the domain of deep neural network testing.
测试深度神经网络需要高质量的测试用例,但是使用新的测试用例会在测试oracle问题中引起劳动密集型的测试用例标签问题。测试用例对故障揭示测试用例的优先级可以缓解这个问题。现有的基于度量的技术分析基于向量的预测输出。它们不能处理回归模型。现有的基于突变的技术要么是无效的,要么需要高昂的计算成本。本文提出了一种基于预测突变分析的高效测试用例优先排序技术——EffiMAP。在测试阶段,不需要执行全面的突变分析,EffiMAP通过从测试用例的执行跟踪中提取的信息来预测模型突变是否被测试用例杀死。我们的实验表明,在处理分类和回归模型的测试用例的测试阶段,EffiMAP在有效性和效率方面都明显优于以前最先进的技术。本文首次展示了预测突变分析在深度神经网络测试领域对测试用例进行排序的可行性,该方法具有较高的暴露模型预测失败的概率。
{"title":"Predictive Mutation Analysis of Test Case Prioritization for Deep Neural Networks","authors":"Zhengyuan Wei, Haipeng Wang, Imran Ashraf, William Chan","doi":"10.1109/QRS57517.2022.00074","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00074","url":null,"abstract":"Testing deep neural networks requires high-quality test cases, but using new test cases would incur the labor-intensive test case labeling issue in the test oracle problem. Test case prioritization for failure-revealing test cases alleviates the problem. Existing metric-based techniques analyze vector-based prediction outputs. They cannot handle regression models. Existing mutation-based techniques either remain ineffective or incur high computational costs. In this paper, we propose EffiMAP, an effective and efficient test case prioritization technique with predictive mutation analysis. In the test phase, without performing a comprehensive mutation analysis, EffiMAP predicts whether model mutants are killed by a test case by the information extracted from the execution trace of the test case. Our experiment shows that EffiMAP significantly outperforms the previous state-of-the-art technique in both effectiveness and efficiency in the test phase of handling test cases of both classification and regression models. This paper is the first work to show the feasibility of predictive mutation analysis to rank test cases with a higher probability of exposing model prediction failures in the domain of deep neural network testing.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114552836","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
期刊
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1