首页 > 最新文献

Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering最新文献

英文 中文
Crash consistency validation made easy 使崩溃一致性验证变得容易
Yanyan Jiang, Haicheng Chen, Feng Qin, Chang Xu, Xiaoxing Ma, Jian Lu
Software should behave correctly even in adverse conditions. Particularly, we study the problem of automated validation of crash consistency, i.e., file system data safety when systems crash. Existing work requires non-trivial manual efforts of specifying checking scripts and workloads, which is an obstacle for software developers. Therefore, we propose C3, a novel approach that makes crash consistency validation as easy as pressing a single button. With a program and an input, C3 automatically reports inconsistent crash sites. C3 not only exempts developers from the need of writing crash site checking scripts (by an algorithm that computes editing distance between file system snapshots) but also reduces the reliance on dedicated workloads (by test amplification). We implemented C3 as an open-source tool. With C3, we found 14 bugs in open-source software that have severe consequences at crash and 11 of them were previously unknown to the developers, including in highly mature software (e.g., GNU zip and GNU coreutils sort) and popular ones being actively developed (e.g., Adobe Brackets and TeXstudio).
即使在不利条件下,软件也应该正确运行。特别地,我们研究了崩溃一致性的自动验证问题,即系统崩溃时文件系统数据的安全性。现有的工作需要手工指定检查脚本和工作负载,这对软件开发人员来说是一个障碍。因此,我们提出C3,一种新颖的方法,使崩溃一致性验证就像按一个按钮一样简单。有了程序和输入,C3自动报告不一致的崩溃地点。C3不仅免除了开发人员编写崩溃站点检查脚本的需要(通过计算文件系统快照之间的编辑距离的算法),而且还减少了对专用工作负载的依赖(通过测试放大)。我们将C3实现为一个开源工具。通过C3,我们在开源软件中发现了14个会导致严重崩溃的bug,其中11个是开发者以前不知道的,包括高度成熟的软件(例如,GNU zip和GNU coretils sort)和正在积极开发的流行软件(例如,Adobe Brackets和TeXstudio)。
{"title":"Crash consistency validation made easy","authors":"Yanyan Jiang, Haicheng Chen, Feng Qin, Chang Xu, Xiaoxing Ma, Jian Lu","doi":"10.1145/2950290.2950327","DOIUrl":"https://doi.org/10.1145/2950290.2950327","url":null,"abstract":"Software should behave correctly even in adverse conditions. Particularly, we study the problem of automated validation of crash consistency, i.e., file system data safety when systems crash. Existing work requires non-trivial manual efforts of specifying checking scripts and workloads, which is an obstacle for software developers. Therefore, we propose C3, a novel approach that makes crash consistency validation as easy as pressing a single button. With a program and an input, C3 automatically reports inconsistent crash sites. C3 not only exempts developers from the need of writing crash site checking scripts (by an algorithm that computes editing distance between file system snapshots) but also reduces the reliance on dedicated workloads (by test amplification). We implemented C3 as an open-source tool. With C3, we found 14 bugs in open-source software that have severe consequences at crash and 11 of them were previously unknown to the developers, including in highly mature software (e.g., GNU zip and GNU coreutils sort) and popular ones being actively developed (e.g., Adobe Brackets and TeXstudio).","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"36 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89191898","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Multi-representational security analysis 多表示安全分析
Eunsuk Kang, Aleksandar Milicevic, D. Jackson
Security attacks often exploit flaws that are not anticipated in an abstract design, but are introduced inadvertently when high-level interactions in the design are mapped to low-level behaviors in the supporting platform. This paper proposes a multi-representational approach to security analysis, where models capturing distinct (but possibly overlapping) views of a system are automatically composed in order to enable an end-to-end analysis. This approach allows the designer to incrementally explore the impact of design decisions on security, and discover attacks that span multiple layers of the system. This paper describes Poirot, a prototype implementation of the approach, and reports on our experience on applying Poirot to detect previously unknown security flaws in publicly deployed systems.
安全攻击通常利用抽象设计中没有预料到的缺陷,但当设计中的高级交互映射到支持平台中的低级行为时,这些缺陷会被无意中引入。本文提出了一种多表示的安全分析方法,其中捕获系统的不同(但可能重叠)视图的模型被自动组合以启用端到端分析。这种方法允许设计人员逐步探索设计决策对安全性的影响,并发现跨越系统多层的攻击。本文描述了该方法的原型实现Poirot,并报告了我们应用Poirot来检测公开部署系统中先前未知的安全缺陷的经验。
{"title":"Multi-representational security analysis","authors":"Eunsuk Kang, Aleksandar Milicevic, D. Jackson","doi":"10.1145/2950290.2950356","DOIUrl":"https://doi.org/10.1145/2950290.2950356","url":null,"abstract":"Security attacks often exploit flaws that are not anticipated in an abstract design, but are introduced inadvertently when high-level interactions in the design are mapped to low-level behaviors in the supporting platform. This paper proposes a multi-representational approach to security analysis, where models capturing distinct (but possibly overlapping) views of a system are automatically composed in order to enable an end-to-end analysis. This approach allows the designer to incrementally explore the impact of design decisions on security, and discover attacks that span multiple layers of the system. This paper describes Poirot, a prototype implementation of the approach, and reports on our experience on applying Poirot to detect previously unknown security flaws in publicly deployed systems.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"27 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85332581","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
On the utility of dominator mutants for mutation testing 论显性突变体在突变检测中的应用
Bob Kurtz
Mutation testing has been shown to support the generation of test sets that are highly effective at detecting faults. However, practitioner adoption of mutation testing has been minimal in part because of problems that arise from the huge numbers of redundant and equivalent mutants that are generated. The research described here examines the relationship between mutants and attempts to reduce the number of redundant and equivalent mutants in order to make mutation testing more practical for the software tester.
突变测试已被证明支持生成在检测故障方面非常有效的测试集。然而,从业者对突变测试的采用很少,部分原因是产生的大量冗余和等效突变所产生的问题。这里描述的研究检查了突变之间的关系,并试图减少冗余和等效突变的数量,以便使突变测试对软件测试人员更实用。
{"title":"On the utility of dominator mutants for mutation testing","authors":"Bob Kurtz","doi":"10.1145/2950290.2983950","DOIUrl":"https://doi.org/10.1145/2950290.2983950","url":null,"abstract":"Mutation testing has been shown to support the generation of test sets that are highly effective at detecting faults. However, practitioner adoption of mutation testing has been minimal in part because of problems that arise from the huge numbers of redundant and equivalent mutants that are generated. The research described here examines the relationship between mutants and attempts to reduce the number of redundant and equivalent mutants in order to make mutation testing more practical for the software tester.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"6 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86194391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Refactoring and migration of cascading style sheets: towards optimization and improved maintainability 级联样式表的重构和迁移:优化和提高可维护性
D. Mazinanian
Cascading Style Sheets is the standard styling language, and is extensively used for defining the presentation of web, mobile and desktop applications. Despite its popularity, the language's design shortcomings have made CSS development and maintenance challenging. This thesis aims at developing techniques for safely transforming CSS code (through refactoring, or migration to a preprocessor language), with the goal of optimization and improved maintainability.
层叠样式表是标准的样式语言,广泛用于定义web、移动和桌面应用程序的表示。尽管它很受欢迎,但该语言的设计缺陷给CSS的开发和维护带来了挑战。本文旨在开发安全转换CSS代码的技术(通过重构或迁移到预处理器语言),以优化和改进可维护性为目标。
{"title":"Refactoring and migration of cascading style sheets: towards optimization and improved maintainability","authors":"D. Mazinanian","doi":"10.1145/2950290.2983943","DOIUrl":"https://doi.org/10.1145/2950290.2983943","url":null,"abstract":"Cascading Style Sheets is the standard styling language, and is extensively used for defining the presentation of web, mobile and desktop applications. Despite its popularity, the language's design shortcomings have made CSS development and maintenance challenging. This thesis aims at developing techniques for safely transforming CSS code (through refactoring, or migration to a preprocessor language), with the goal of optimization and improved maintainability.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":" 8","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91514996","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Combinatorial generation of structurally complex test inputs for commercial software applications 为商业软件应用程序组合生成结构复杂的测试输入
Hua Zhong, Lingming Zhang, S. Khurshid
Despite recent progress in automated test generation research, significant challenges remain for applying these techniques on large-scale software systems. These systems under test often require structurally complex test inputs within a large input domain. It is challenging to automatically generate a reasonable number of tests that are both legal and behaviorally-diverse to exercise these systems. Constraint-based test generation is an effective approach for generating structurally complex inputs for systematic testing. While this approach can typically generate large numbers of tests, it has limited scalability – tests generated are usually only up to a small bound on input size. Combinatorial test generation, e.g., pair-wise testing, is a more scalable approach but is challenging to apply on commercial software systems that require complex input structures that cannot be formed by using arbitrary combinations. This paper introduces comKorat, which unifies constraint-based generation of structurally complex tests with combinatorial testing. Specifically, comKorat integrates Korat and ACTS test generators to generate test suites for large scale software systems with structurally complex test inputs. We have successfully applied comKorat on four software applications developed at eBay and Yahoo!. The experimental results show that comKorat outperforms existing solutions in execution time and test coverage. Furthermore, comKorat found a total of 59 previously unknown bugs in the four applications.
尽管自动化测试生成研究最近取得了进展,但在大规模软件系统上应用这些技术仍然存在重大挑战。这些被测试的系统通常需要在一个大的输入域中进行结构复杂的测试输入。自动生成合理数量的既合法又行为多样的测试来运行这些系统是具有挑战性的。基于约束的测试生成是生成结构复杂的系统测试输入的有效方法。虽然这种方法通常可以生成大量的测试,但它具有有限的可伸缩性——生成的测试通常只能达到输入大小的一个小范围。组合测试生成,例如成对测试,是一种更具可扩展性的方法,但在商业软件系统中应用是具有挑战性的,因为商业软件系统需要复杂的输入结构,不能通过使用任意组合来形成。本文介绍了comKorat,它将基于约束的结构复杂测试生成与组合测试相结合。具体来说,comKorat集成了Korat和ACTS测试生成器,为具有结构复杂测试输入的大型软件系统生成测试套件。我们已经成功地将comKorat应用于eBay和Yahoo!开发的四个软件应用程序。实验结果表明,comKorat在执行时间和测试覆盖率方面优于现有的解决方案。此外,comKorat在这四个应用程序中总共发现了59个以前未知的错误。
{"title":"Combinatorial generation of structurally complex test inputs for commercial software applications","authors":"Hua Zhong, Lingming Zhang, S. Khurshid","doi":"10.1145/2950290.2983959","DOIUrl":"https://doi.org/10.1145/2950290.2983959","url":null,"abstract":"Despite recent progress in automated test generation research, significant challenges remain for applying these techniques on large-scale software systems. These systems under test often require structurally complex test inputs within a large input domain. It is challenging to automatically generate a reasonable number of tests that are both legal and behaviorally-diverse to exercise these systems. Constraint-based test generation is an effective approach for generating structurally complex inputs for systematic testing. While this approach can typically generate large numbers of tests, it has limited scalability – tests generated are usually only up to a small bound on input size. Combinatorial test generation, e.g., pair-wise testing, is a more scalable approach but is challenging to apply on commercial software systems that require complex input structures that cannot be formed by using arbitrary combinations. This paper introduces comKorat, which unifies constraint-based generation of structurally complex tests with combinatorial testing. Specifically, comKorat integrates Korat and ACTS test generators to generate test suites for large scale software systems with structurally complex test inputs. We have successfully applied comKorat on four software applications developed at eBay and Yahoo!. The experimental results show that comKorat outperforms existing solutions in execution time and test coverage. Furthermore, comKorat found a total of 59 previously unknown bugs in the four applications.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"2 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91384019","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Isomorphic regression testing: executing uncovered branches without test augmentation 同构回归测试:执行未覆盖的分支而不增加测试
Jie M. Zhang, Yiling Lou, Lingming Zhang, Dan Hao, Lu Zhang, Hong Mei
In software testing, it is very hard to achieve high coverage with the program under test, leaving many behaviors unexplored. To alleviate this problem, various automated test generation and augmentation approaches have been proposed, among which symbolic execution and search-based techniques are the most competitive, while each has key challenges to be solved. Different from prior work, we present a new methodology for regression testing --Isomorphic Regression Testing,which explores the behaviors of the program under test by creating its variants (i.e., modified programs) instead of generating tests. In this paper, we make the first implementation of isomorphic regression testing through an approach named ISON, which creates program variants by negating branch conditions. The results show that ISON is able to additionally execute 5.3% to 80.0% branches that are originally uncovered. Furthermore, ISON also detects a number of faults not detected by a popular automated test generation tool (i.e., EvoSuite) under the scenario of regression testing.
在软件测试中,很难实现被测程序的高覆盖率,留下许多未被探索的行为。为了缓解这一问题,人们提出了各种自动化测试生成和增强方法,其中符号执行和基于搜索的技术最具竞争力,但每种技术都有需要解决的关键挑战。与之前的工作不同,我们提出了一种新的回归测试方法——同构回归测试,它通过创建其变体(即修改的程序)而不是生成测试来探索被测程序的行为。在本文中,我们通过一种名为ISON的方法首次实现了同构回归测试,该方法通过否定分支条件来创建程序变体。结果表明,ISON能够额外执行最初未覆盖的分支的5.3%到80.0%。此外,在回归测试的场景下,ISON还可以检测到许多没有被流行的自动化测试生成工具(例如,EvoSuite)检测到的错误。
{"title":"Isomorphic regression testing: executing uncovered branches without test augmentation","authors":"Jie M. Zhang, Yiling Lou, Lingming Zhang, Dan Hao, Lu Zhang, Hong Mei","doi":"10.1145/2950290.2950313","DOIUrl":"https://doi.org/10.1145/2950290.2950313","url":null,"abstract":"In software testing, it is very hard to achieve high coverage with the program under test, leaving many behaviors unexplored. To alleviate this problem, various automated test generation and augmentation approaches have been proposed, among which symbolic execution and search-based techniques are the most competitive, while each has key challenges to be solved. Different from prior work, we present a new methodology for regression testing --Isomorphic Regression Testing,which explores the behaviors of the program under test by creating its variants (i.e., modified programs) instead of generating tests. In this paper, we make the first implementation of isomorphic regression testing through an approach named ISON, which creates program variants by negating branch conditions. The results show that ISON is able to additionally execute 5.3% to 80.0% branches that are originally uncovered. Furthermore, ISON also detects a number of faults not detected by a popular automated test generation tool (i.e., EvoSuite) under the scenario of regression testing.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"44 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77948268","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Finding and breaking test dependencies to speed up test execution 查找和破坏测试依赖以加速测试执行
Sebastian Kappler
Software testing takes up the major part of the build time, which hinders developers' ability to promptly identify and fix problems. Test parallelization is an effective means to speed up test executions, hence improving software development. Effective and sound test parallelization requires that tests are independent or that test dependencies are known in advance. However, current techniques to detect test dependencies are either precise but slow, or fast but inaccurate. Further, available algorithms for test parallelization either over-constraint test executions, which reduces their level of parallelism, or re-execute the same tests multiple times, which increases the execution effort. This research addresses both sides of the problem of speeding up test execution: it aims to devise a practical test detection technique that can suitably balance efficiency and accuracy, and develop a novel technique to break test dependencies which allows both sound and efficient test executions.
软件测试占据了构建时间的主要部分,这阻碍了开发人员及时识别和修复问题的能力。测试并行化是加速测试执行的有效手段,从而改进软件开发。有效且合理的测试并行化要求测试是独立的,或者测试依赖项是事先已知的。然而,当前检测测试依赖关系的技术要么精确但缓慢,要么快速但不准确。此外,测试并行化的可用算法要么过度约束测试执行,这会降低它们的并行性级别,要么多次重新执行相同的测试,这会增加执行工作。本研究从两个方面解决了加速测试执行的问题:它旨在设计一种实用的测试检测技术,可以适当地平衡效率和准确性,并开发一种新的技术来打破测试依赖,从而允许健全和有效的测试执行。
{"title":"Finding and breaking test dependencies to speed up test execution","authors":"Sebastian Kappler","doi":"10.1145/2950290.2983974","DOIUrl":"https://doi.org/10.1145/2950290.2983974","url":null,"abstract":"Software testing takes up the major part of the build time, which hinders developers' ability to promptly identify and fix problems. Test parallelization is an effective means to speed up test executions, hence improving software development. Effective and sound test parallelization requires that tests are independent or that test dependencies are known in advance. However, current techniques to detect test dependencies are either precise but slow, or fast but inaccurate. Further, available algorithms for test parallelization either over-constraint test executions, which reduces their level of parallelism, or re-execute the same tests multiple times, which increases the execution effort. This research addresses both sides of the problem of speeding up test execution: it aims to devise a practical test detection technique that can suitably balance efficiency and accuracy, and develop a novel technique to break test dependencies which allows both sound and efficient test executions.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"194 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76952911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Reaching the masses: a new subdiscipline of app programmer education 接触大众:应用程序程序员教育的新分支学科
Charles Weir, A. Rashid, J. Noble
Programmers’ lack of knowledge and interest in secure development threatens everyone who uses mobile apps. The rise of apps has engaged millions of independent app developers, who rarely encounter any but low level security techniques. But what if software security were presented as a game, or a story, or a discussion? What if learning app security techniques could be fun as well as empowering? Only by introducing the powerful motivating techniques developed for other disciplines can we hope to upskill independent app developers, and achieve the security that we’ll need in 2025 to safeguard our identities and our data.
程序员对安全开发缺乏知识和兴趣,威胁着所有使用移动应用程序的人。应用程序的兴起吸引了数以百万计的独立应用程序开发人员,他们很少遇到任何低水平的安全技术。但是,如果软件安全以游戏、故事或讨论的形式呈现呢?如果学习应用安全技术既有趣又有意义,那会怎么样?只有通过引入为其他学科开发的强大激励技术,我们才能希望提高独立应用程序开发人员的技能,并实现我们在2025年需要的安全性,以保护我们的身份和数据。
{"title":"Reaching the masses: a new subdiscipline of app programmer education","authors":"Charles Weir, A. Rashid, J. Noble","doi":"10.1145/2950290.2983981","DOIUrl":"https://doi.org/10.1145/2950290.2983981","url":null,"abstract":"Programmers’ lack of knowledge and interest in secure development threatens everyone who uses mobile apps. The rise of apps has engaged millions of independent app developers, who rarely encounter any but low level security techniques. But what if software security were presented as a game, or a story, or a discussion? What if learning app security techniques could be fun as well as empowering? Only by introducing the powerful motivating techniques developed for other disciplines can we hope to upskill independent app developers, and achieve the security that we’ll need in 2025 to safeguard our identities and our data.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"24 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77777384","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
Gray links in the use of requirements traceability 灰色链接在需求追溯性的使用上
Nan Niu, Wentao Wang, Arushi Gupta
The value of traceability is in its use. How do different software engineering tasks affect the tracing of the same requirement? In this paper, we answer the question via an empirical study where we explicitly assign the participants into 3 trace-usage groups of one requirement: finding its implementation for verification and validation purpose, changing it within the original software system, and reusing it toward another application. The results uncover what we call "gray links"--around 20% of the total traces are voted to be true links with respect to only one task but not the others. We provide a mechanism to identify such gray links and discuss how they can be leveraged to advance the research and practice of value-based requirements traceability.
可追溯性的价值在于它的使用。不同的软件工程任务如何影响对相同需求的跟踪?在本文中,我们通过一个实证研究来回答这个问题,我们明确地将参与者分配到一个需求的3个跟踪使用组:为验证和确认目的找到它的实现,在原始软件系统中更改它,并在另一个应用程序中重用它。结果揭示了我们所谓的“灰色链接”——大约20%的总痕迹被认为是与一个任务相关的真实链接,而不是与其他任务相关的链接。我们提供了一种机制来识别这样的灰色链接,并讨论如何利用它们来推进基于价值的需求可追溯性的研究和实践。
{"title":"Gray links in the use of requirements traceability","authors":"Nan Niu, Wentao Wang, Arushi Gupta","doi":"10.1145/2950290.2950354","DOIUrl":"https://doi.org/10.1145/2950290.2950354","url":null,"abstract":"The value of traceability is in its use. How do different software engineering tasks affect the tracing of the same requirement? In this paper, we answer the question via an empirical study where we explicitly assign the participants into 3 trace-usage groups of one requirement: finding its implementation for verification and validation purpose, changing it within the original software system, and reusing it toward another application. The results uncover what we call \"gray links\"--around 20% of the total traces are voted to be true links with respect to only one task but not the others. We provide a mechanism to identify such gray links and discuss how they can be leveraged to advance the research and practice of value-based requirements traceability.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"5 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75521291","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 35
TIPMerge: recommending experts for integrating changes across branches TIPMerge:为跨分支集成变更推荐专家
Catarina Costa, J. Figueiredo, Leonardo Gresta Paulino Murta, A. Sarma
Parallel development in branches is a common software practice. However, past work has found that integration of changes across branches is not easy, and often leads to failures. Thus far, there has been little work to recommend developers who have the right expertise to perform a branch integration. We propose TIPMerge, a novel tool that recommends developers who are best suited to perform merges, by taking into consideration developers’ past experience in the project, their changes in the branches, and de-pendencies among modified files in the branches. We evaluated TIPMerge on 28 projects, which included up to 15,584 merges with at least two developers, and potentially conflicting changes. On average, 85% of the top-3 recommendations by TIPMerge correctly included the developer who performed the merge. Best (accuracy) results of recommendations were at 98%. Our inter-views with developers of two projects reveal that in cases where the TIPMerge recommendation did not match the actual merge developer, the recommended developer had the expertise to per-form the merge, or was involved in a collaborative merge session.
分支中的并行开发是一种常见的软件实践。然而,过去的工作发现跨分支的变更集成并不容易,并且经常导致失败。到目前为止,还没有什么工作可以推荐具有执行分支集成的专业知识的开发人员。我们提出TIPMerge,一个新颖的工具,通过考虑开发人员过去在项目中的经验,他们在分支中的变更,以及分支中修改文件之间的依赖关系,来推荐最适合执行合并的开发人员。我们在28个项目上评估了TIPMerge,其中包括至少两个开发人员的多达15,584个合并,以及潜在的冲突变更。平均而言,TIPMerge给出的前3个推荐中有85%正确地包含了执行合并的开发人员。推荐的最佳(准确度)结果为98%。我们对两个项目的开发人员的访谈显示,在TIPMerge推荐与实际的合并开发人员不匹配的情况下,被推荐的开发人员具有执行合并的专业知识,或者参与了协作合并会话。
{"title":"TIPMerge: recommending experts for integrating changes across branches","authors":"Catarina Costa, J. Figueiredo, Leonardo Gresta Paulino Murta, A. Sarma","doi":"10.1145/2950290.2950339","DOIUrl":"https://doi.org/10.1145/2950290.2950339","url":null,"abstract":"Parallel development in branches is a common software practice. However, past work has found that integration of changes across branches is not easy, and often leads to failures. Thus far, there has been little work to recommend developers who have the right expertise to perform a branch integration. We propose TIPMerge, a novel tool that recommends developers who are best suited to perform merges, by taking into consideration developers’ past experience in the project, their changes in the branches, and de-pendencies among modified files in the branches. We evaluated TIPMerge on 28 projects, which included up to 15,584 merges with at least two developers, and potentially conflicting changes. On average, 85% of the top-3 recommendations by TIPMerge correctly included the developer who performed the merge. Best (accuracy) results of recommendations were at 98%. Our inter-views with developers of two projects reveal that in cases where the TIPMerge recommendation did not match the actual merge developer, the recommended developer had the expertise to per-form the merge, or was involved in a collaborative merge session.","PeriodicalId":20532,"journal":{"name":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering","volume":"47 4 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83189701","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
期刊
Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1