Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00014
Kedrian James, Yufei Du, Sanjeev Das, F. Monrose
Bug triaging entails a laborious process wherein triagers spend time examining new bug reports, localizing the bugs, and assigning them to the appropriate developer(s) to fix the bugs. In recent years, the adoption of automated software testing techniques (e.g., fuzzing) further complicates the process because bug hunters can submit an overwhelming number of reports in a short period. To lessen these pain points, we present an approach that extracts a fingerprint from crash information within a bug report, and returns a group of bugs with similar behaviors. Our approach uses symptoms of the crash to create a robust fingerprint, and leverages MinHashing and Locality Sensitive Hashing to match crashes, as well as a sequential pattern mining algorithm to find frequent closed sequences among bugs. Our evaluation shows that our approach outperforms contemporary approaches (e.g., finding previously unknown duplicates among 81 CVEs), and saves triagers time and effort.
{"title":"Separating the Wheat from the Chaff: Using Indexing and Sub-Sequence Mining Techniques to Identify Related Crashes During Bug Triage","authors":"Kedrian James, Yufei Du, Sanjeev Das, F. Monrose","doi":"10.1109/QRS57517.2022.00014","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00014","url":null,"abstract":"Bug triaging entails a laborious process wherein triagers spend time examining new bug reports, localizing the bugs, and assigning them to the appropriate developer(s) to fix the bugs. In recent years, the adoption of automated software testing techniques (e.g., fuzzing) further complicates the process because bug hunters can submit an overwhelming number of reports in a short period. To lessen these pain points, we present an approach that extracts a fingerprint from crash information within a bug report, and returns a group of bugs with similar behaviors. Our approach uses symptoms of the crash to create a robust fingerprint, and leverages MinHashing and Locality Sensitive Hashing to match crashes, as well as a sequential pattern mining algorithm to find frequent closed sequences among bugs. Our evaluation shows that our approach outperforms contemporary approaches (e.g., finding previously unknown duplicates among 81 CVEs), and saves triagers time and effort.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133617526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00117
Xueyong Tan, J. Liu
Android systems are prone to software aging due to the accumulation of numerical errors and storage-related bugs during long-term operation, resulting in gradual performance degradation and sudden system hang-ups. Thus, it is very critical to accurately identify the aging state for improving the running reliability of Android systems. In this paper, we propose a novel software aging state identification method, named EWDLL. It first introduces the exponential Weibull distribution to simulate the aging state transfer process of the Android system, then it uses Fuzzy Analytical Hierarchy Process (FAHP) to weight the model parameters and resource utilization parameters. Finally, the weighted dataset is fed into the LightGBM-LR model to identify the software state. The experimental results show that our EWDLL method performs better in identifying the software aging state for Android system, i.e., it is 0.86% to 1.09% higher in identification accuracy than the pure LightGBM-LR model, about 10.00% and 4.54% to 4.95% higher than the traditional models KNN and RF, and 1.97% to 3.09% higher than single LightGBM model. Compared with the LR model, it has a maximum accuracy improvement of about 33.29% to 35.64%.
{"title":"EWDLL: Software Aging State Identification based on LightGBM-LR Hybrid Model","authors":"Xueyong Tan, J. Liu","doi":"10.1109/QRS57517.2022.00117","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00117","url":null,"abstract":"Android systems are prone to software aging due to the accumulation of numerical errors and storage-related bugs during long-term operation, resulting in gradual performance degradation and sudden system hang-ups. Thus, it is very critical to accurately identify the aging state for improving the running reliability of Android systems. In this paper, we propose a novel software aging state identification method, named EWDLL. It first introduces the exponential Weibull distribution to simulate the aging state transfer process of the Android system, then it uses Fuzzy Analytical Hierarchy Process (FAHP) to weight the model parameters and resource utilization parameters. Finally, the weighted dataset is fed into the LightGBM-LR model to identify the software state. The experimental results show that our EWDLL method performs better in identifying the software aging state for Android system, i.e., it is 0.86% to 1.09% higher in identification accuracy than the pure LightGBM-LR model, about 10.00% and 4.54% to 4.95% higher than the traditional models KNN and RF, and 1.97% to 3.09% higher than single LightGBM model. Compared with the LR model, it has a maximum accuracy improvement of about 33.29% to 35.64%.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121995499","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00109
Jun Inoue, Hideaki Nishihara, A. Mori
We present the design and fail-safety analysis of a sparsely synchronized N-modular redundant architecture for fail-safe computing that can be built on unreliable commercial off-the-shelf (COTS) components. Though the main intended audience is railway operators, the architecture is expected to be useful for general fail-safe computations. Traditional bus-synchronized fail-safe processors have had difficulty catching up with the performance and cost improvements of COTS processors because frequent involvement of the voter needed specialized design that slowed down computations. The proposed architecture alleviates this problem by comparing data much less frequently, only when the data leaves the fail-safe processor altogether. This allows the voter to be vastly simplified, becoming easy to harden against errors. We show empirically the use of COTS hardware barely affects the reliability of the overall architecture, making it as reliable as the simple voting circuitry, with acceptable runtime overhead.
{"title":"Quantitative Analysis of Sparsely Synchronized Fail-Safe Processors","authors":"Jun Inoue, Hideaki Nishihara, A. Mori","doi":"10.1109/QRS57517.2022.00109","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00109","url":null,"abstract":"We present the design and fail-safety analysis of a sparsely synchronized N-modular redundant architecture for fail-safe computing that can be built on unreliable commercial off-the-shelf (COTS) components. Though the main intended audience is railway operators, the architecture is expected to be useful for general fail-safe computations. Traditional bus-synchronized fail-safe processors have had difficulty catching up with the performance and cost improvements of COTS processors because frequent involvement of the voter needed specialized design that slowed down computations. The proposed architecture alleviates this problem by comparing data much less frequently, only when the data leaves the fail-safe processor altogether. This allows the voter to be vastly simplified, becoming easy to harden against errors. We show empirically the use of COTS hardware barely affects the reliability of the overall architecture, making it as reliable as the simple voting circuitry, with acceptable runtime overhead.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127430987","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00054
Yaqing Shi, Song Huang, Jinyong Wan
Software testing is complicated and requires a lot of manpower and material resource in the software life cycle. The design of test cases costs a lot of time. In order to improve the efficiency of software testing in the test cases design stage, this paper uses historical test assets to assist the design of test cases in new project, and proposes a test case reuse method based on attribute weight optimization. Firstly, the text vector of test data is obtained by using Natural Language Processing. The test case package is formed based on the keyword extraction and the test case clustering, and the test case vector library is constructed. Then, a test case attribute weight optimization method based on the Genetic Simulated Annealing Algorithm is proposed. Combined with the optimized attribute weights, the test case reuse is realized by using the similarity calculation of the test case data vector. Finally, the test case reuse method is experimentally verified by two projects with different types. Experimental results show that this method can effectively improve the efficiency of test cases’ design. It has better understandability and maintainability, and improve the quality of test cases.
{"title":"Reuse of Test Case based on Attributes Weight Optimization","authors":"Yaqing Shi, Song Huang, Jinyong Wan","doi":"10.1109/QRS57517.2022.00054","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00054","url":null,"abstract":"Software testing is complicated and requires a lot of manpower and material resource in the software life cycle. The design of test cases costs a lot of time. In order to improve the efficiency of software testing in the test cases design stage, this paper uses historical test assets to assist the design of test cases in new project, and proposes a test case reuse method based on attribute weight optimization. Firstly, the text vector of test data is obtained by using Natural Language Processing. The test case package is formed based on the keyword extraction and the test case clustering, and the test case vector library is constructed. Then, a test case attribute weight optimization method based on the Genetic Simulated Annealing Algorithm is proposed. Combined with the optimized attribute weights, the test case reuse is realized by using the similarity calculation of the test case data vector. Finally, the test case reuse method is experimentally verified by two projects with different types. Experimental results show that this method can effectively improve the efficiency of test cases’ design. It has better understandability and maintainability, and improve the quality of test cases.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128135048","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00077
Jinhu Du, Song Huang, Xingya Wang, Changyou Zheng, Jin-lei Sun
An Ethereum smart contract is an agreement reached by multiple parties, which is guaranteed by blockchain technology to be executed in accordance with the terms expressed in the form of code. Its security needs are particularly prominent due to a large number of digital assets under management. Testing is an effective way to find flaws that threaten the security of smart contracts. However, current smart contract test case generation methods do not regard the impact of other functions in the smart contract on state variables, resulting in the inaccessibility of the control statements related to state variables and low branch coverage of the function under test. To alleviate this problem, this paper proposes SV-Gen. SV-Gen generates test cases for smart contracts through two steps: static analysis and dynamic search. In the first step, SV-Gen considers the read-write relationship between functions and state variables in the smart contract to generate a function invocation sequence for the function to be tested through a backtracking algorithm on state variables. Then the arguments of transactions to invoke each function in the sequence are generated through regex matching to form the primitive test case. In the second step, the primitive test cases constitute an initial population, and a genetic algorithm undertakes the task of evolving them to high branch coverage. The experimental results on one of the VeriSmart datasets show that SV-Gen can effectively enter the control constraints related to state variables and improve the branch coverage of smart contracts.
{"title":"Test Case Generation for Ethereum Smart Contract based on Data Dependency Analysis of State Variable","authors":"Jinhu Du, Song Huang, Xingya Wang, Changyou Zheng, Jin-lei Sun","doi":"10.1109/QRS57517.2022.00077","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00077","url":null,"abstract":"An Ethereum smart contract is an agreement reached by multiple parties, which is guaranteed by blockchain technology to be executed in accordance with the terms expressed in the form of code. Its security needs are particularly prominent due to a large number of digital assets under management. Testing is an effective way to find flaws that threaten the security of smart contracts. However, current smart contract test case generation methods do not regard the impact of other functions in the smart contract on state variables, resulting in the inaccessibility of the control statements related to state variables and low branch coverage of the function under test. To alleviate this problem, this paper proposes SV-Gen. SV-Gen generates test cases for smart contracts through two steps: static analysis and dynamic search. In the first step, SV-Gen considers the read-write relationship between functions and state variables in the smart contract to generate a function invocation sequence for the function to be tested through a backtracking algorithm on state variables. Then the arguments of transactions to invoke each function in the sequence are generated through regex matching to form the primitive test case. In the second step, the primitive test cases constitute an initial population, and a genetic algorithm undertakes the task of evolving them to high branch coverage. The experimental results on one of the VeriSmart datasets show that SV-Gen can effectively enter the control constraints related to state variables and improve the branch coverage of smart contracts.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126078452","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00015
Cláudia Mamede, Eduard Pinconschi, Rui Abreu, José Campos
Deep learning (DL) techniques have demonstrated potential in reasoning complex patterns of vulnerable code from high-level abstractions. Recent advancements in the area, such as the introduction of transformer-based models, like BERT, help overcome the problem of the available vulnerability detection datasets being too small to enable most DL models to capture all relevant patterns. They mitigate the challenge by leveraging knowledge from a general domain to solve problems in specific domains. In this paper, we explore different BERT-based models for multi-label classification of vulnerabilities in Java on a synthetic dataset. The models yield up to 99% in accuracy and 94% in f1-score. We remove biases in the training dataset and observe drops of up to 13% of the f1-score. We further assess the generalizability of the models on realistic samples and notice that one model, in particular, predicted unknown vulnerabilities with an f1-score of nearly 85%.
{"title":"Exploring Transformers for Multi-Label Classification of Java Vulnerabilities","authors":"Cláudia Mamede, Eduard Pinconschi, Rui Abreu, José Campos","doi":"10.1109/QRS57517.2022.00015","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00015","url":null,"abstract":"Deep learning (DL) techniques have demonstrated potential in reasoning complex patterns of vulnerable code from high-level abstractions. Recent advancements in the area, such as the introduction of transformer-based models, like BERT, help overcome the problem of the available vulnerability detection datasets being too small to enable most DL models to capture all relevant patterns. They mitigate the challenge by leveraging knowledge from a general domain to solve problems in specific domains. In this paper, we explore different BERT-based models for multi-label classification of vulnerabilities in Java on a synthetic dataset. The models yield up to 99% in accuracy and 94% in f1-score. We remove biases in the training dataset and observe drops of up to 13% of the f1-score. We further assess the generalizability of the models on realistic samples and notice that one model, in particular, predicted unknown vulnerabilities with an f1-score of nearly 85%.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129950111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00078
Nour Chetouane, F. Wotawa
The testing objective is to find interactions with a system under test leading to unexpected behavior. Such interactions are test cases that can be either manually specified or automatically generated. For the latter, we find many methods and techniques in the research literature, including combinatorial testing or model-based testing. In this paper, we focus on automated test case generation based on models where we are interested in extracting models from available data. In particular, we consider automotive testing, where cars and other vehicles must behave correctly in typical driving situations. The idea is to use available driving data from which we want to extract driving models that we can later use for generating test cases, i.e., arbitrary driving patterns for vehicle testing. Besides outlining the foundations, we discuss the first experimental results we obtain using available open-access driving data.
{"title":"Extracting Temporal Models from Data Episodes","authors":"Nour Chetouane, F. Wotawa","doi":"10.1109/QRS57517.2022.00078","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00078","url":null,"abstract":"The testing objective is to find interactions with a system under test leading to unexpected behavior. Such interactions are test cases that can be either manually specified or automatically generated. For the latter, we find many methods and techniques in the research literature, including combinatorial testing or model-based testing. In this paper, we focus on automated test case generation based on models where we are interested in extracting models from available data. In particular, we consider automotive testing, where cars and other vehicles must behave correctly in typical driving situations. The idea is to use available driving data from which we want to extract driving models that we can later use for generating test cases, i.e., arbitrary driving patterns for vehicle testing. Besides outlining the foundations, we discuss the first experimental results we obtain using available open-access driving data.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130782459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Greybox fuzzing has received much attention from developers and researchers due to its success in discovering bugs within many programs. However, randomized algorithms have limited fuzzers’ effectiveness. First, branch coverage feedback that is based on random edge ID can lead to branch collision. Besides, state-of-the-art fuzzers heavily rely on randomized methods to reach new coverage. Even fuzzers with a solver rely on incorrect assumptions, limiting their ability to solve branches and forcing them to turn to randomness as a last resort.We believe deterministic techniques deliver consistent, predictable, reproducible results. We propose Valkyrie, a greybox fuzzer whose performance is boosted primarily by deterministic techniques. Valkyrie combines collision-free branch coverage with context sensitivity to maintain accuracy while introducing an instrumentation removal algorithm to reduce overhead. It also pioneers a new mutation method, compensated step, allowing fuzzers that use solvers to adapt to real-world fuzzing scenarios without using randomness. We implement and evaluate Valkyrie’s effectiveness on the standard benchmark Magma, and a wide variety of real-world programs. Valkyrie triggered 21 unique integer and memory errors, 10.5% and 50% more than AFL++ and Angora, respectively. Valkyrie shows little to no variance across ten trials and is the fastest to trigger half of the bugs. Valkyrie reached 8.2% and 12.4% more branches in real-world programs, compared with AFL++ and Angora, respectively. We also verify that our branch counting and mutation method is better than the state-of-the-art, which shows that deterministic techniques trump random techniques in consistency, predictability, reproducibility, and performance.
{"title":"Valkyrie: Improving Fuzzing Performance Through Deterministic Techniques","authors":"Yuyang Rong, Chibin Zhang, Jianzhong Liu, Hao Chen","doi":"10.1109/QRS57517.2022.00069","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00069","url":null,"abstract":"Greybox fuzzing has received much attention from developers and researchers due to its success in discovering bugs within many programs. However, randomized algorithms have limited fuzzers’ effectiveness. First, branch coverage feedback that is based on random edge ID can lead to branch collision. Besides, state-of-the-art fuzzers heavily rely on randomized methods to reach new coverage. Even fuzzers with a solver rely on incorrect assumptions, limiting their ability to solve branches and forcing them to turn to randomness as a last resort.We believe deterministic techniques deliver consistent, predictable, reproducible results. We propose Valkyrie, a greybox fuzzer whose performance is boosted primarily by deterministic techniques. Valkyrie combines collision-free branch coverage with context sensitivity to maintain accuracy while introducing an instrumentation removal algorithm to reduce overhead. It also pioneers a new mutation method, compensated step, allowing fuzzers that use solvers to adapt to real-world fuzzing scenarios without using randomness. We implement and evaluate Valkyrie’s effectiveness on the standard benchmark Magma, and a wide variety of real-world programs. Valkyrie triggered 21 unique integer and memory errors, 10.5% and 50% more than AFL++ and Angora, respectively. Valkyrie shows little to no variance across ten trials and is the fastest to trigger half of the bugs. Valkyrie reached 8.2% and 12.4% more branches in real-world programs, compared with AFL++ and Angora, respectively. We also verify that our branch counting and mutation method is better than the state-of-the-art, which shows that deterministic techniques trump random techniques in consistency, predictability, reproducibility, and performance.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128212983","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00033
Hao Chen, Haiyang Yang, Zilun Yan, Li Kuang, Lingyan Zhang
Developers often need to locate buggy code files in the software quality maintenance process. Bug localization aims to automatically identify potentially buggy source code files from the project codes for developers based on the bug reports. Up to now, researchers have proposed many methods to advance this task. However, the early studies only focus on the accuracy of capturing text features or the efficiency of calculating relevance scores, which do not consider the semantic gap between bug reports in natural language and codes in programming language. In this paper, we propose a novel adversarial learning model to bridge the semantic gap. Due to the different characteristics of natural language and programming language, we propose two different representation models for bug reports and code files respectively, and regards the two representation models as the generators. Then we construct adversarial learning by adding a discriminator to distinguish the source of representations so that the model can learn the public features of different texts. In addition, method name is the summary of the code function, and the relevant method name often appears in the bug report. We consider the method name information according to whether the method name appears in the report. Our model can dynamically integrate the information to improve the model effect. We evaluate our model on three open-source java project datasets and compare it with four state-of-the-art methods. The experimental results show that our model outperforms the baseline models and has a significant improvement in evaluation metrics. Besides, we conduct ablation experiments to explain each module’s contribution to the model.
{"title":"CGMBL: Combining GAN and Method Name for Bug Localization","authors":"Hao Chen, Haiyang Yang, Zilun Yan, Li Kuang, Lingyan Zhang","doi":"10.1109/QRS57517.2022.00033","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00033","url":null,"abstract":"Developers often need to locate buggy code files in the software quality maintenance process. Bug localization aims to automatically identify potentially buggy source code files from the project codes for developers based on the bug reports. Up to now, researchers have proposed many methods to advance this task. However, the early studies only focus on the accuracy of capturing text features or the efficiency of calculating relevance scores, which do not consider the semantic gap between bug reports in natural language and codes in programming language. In this paper, we propose a novel adversarial learning model to bridge the semantic gap. Due to the different characteristics of natural language and programming language, we propose two different representation models for bug reports and code files respectively, and regards the two representation models as the generators. Then we construct adversarial learning by adding a discriminator to distinguish the source of representations so that the model can learn the public features of different texts. In addition, method name is the summary of the code function, and the relevant method name often appears in the bug report. We consider the method name information according to whether the method name appears in the report. Our model can dynamically integrate the information to improve the model effect. We evaluate our model on three open-source java project datasets and compare it with four state-of-the-art methods. The experimental results show that our model outperforms the baseline models and has a significant improvement in evaluation metrics. Besides, we conduct ablation experiments to explain each module’s contribution to the model.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123969827","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00103
Zhengyin Chen, Wenpin Jiao
Modern software systems need to maintain their goals in a highly dynamic environment, which requires self-adaptation. Many existing self-adaptive approaches are reactive, they execute the adaptation behavior after the goal violation. However, proactive adaptation can adapt before the goal violation to avoid adverse consequence so it has attracted more and more attention. Model predictive control is a widely used method to implement proactive adaptation. However, these works often ignore uncertainty of environment, which makes the prediction of the system inaccurate and affect the control effectiveness. Therefore, we propose an environment-aware model predictive control method. Its main idea is to add the environment state to the system model, predict the future state of the system according to the predicted environment state and the current state of the system, and solve the optimal control strategy. We use a web application simulation platform to evaluate our method. The results show that our method can achieve better adaptation results and reduce the occurrence of goal violation.
{"title":"A Proactive Self-Adaptation Approach for Software Systems based on Environment-Aware Model Predictive Control","authors":"Zhengyin Chen, Wenpin Jiao","doi":"10.1109/QRS57517.2022.00103","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00103","url":null,"abstract":"Modern software systems need to maintain their goals in a highly dynamic environment, which requires self-adaptation. Many existing self-adaptive approaches are reactive, they execute the adaptation behavior after the goal violation. However, proactive adaptation can adapt before the goal violation to avoid adverse consequence so it has attracted more and more attention. Model predictive control is a widely used method to implement proactive adaptation. However, these works often ignore uncertainty of environment, which makes the prediction of the system inaccurate and affect the control effectiveness. Therefore, we propose an environment-aware model predictive control method. Its main idea is to add the environment state to the system model, predict the future state of the system according to the predicted environment state and the current state of the system, and solve the optimal control strategy. We use a web application simulation platform to evaluate our method. The results show that our method can achieve better adaptation results and reduce the occurrence of goal violation.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123102419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: