The tutorial and technical briefing track at ISEC 2023 was aimed to provide an opportunity for conference participants to learn, explore and have hands-on experience on interesting topics in the broad area of software engineering. In this report we present a brief description of the track followed by the accepted entries.
{"title":"A Report on Tutorials and Tech-Briefings co-located with ISEC 2023","authors":"Diptikalyan Saha, S. Nejati","doi":"10.1145/3578527.3581751","DOIUrl":"https://doi.org/10.1145/3578527.3581751","url":null,"abstract":"The tutorial and technical briefing track at ISEC 2023 was aimed to provide an opportunity for conference participants to learn, explore and have hands-on experience on interesting topics in the broad area of software engineering. In this report we present a brief description of the track followed by the accepted entries.","PeriodicalId":326318,"journal":{"name":"Proceedings of the 16th Innovations in Software Engineering Conference","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127604931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Despite higher adoption of Microservices worldwide, there is a lack of work on possible fault detection during early phases such as at requirements and design phase. We propose a novel way to detect faults using model checking CTL specifications and a SMT solver. Requirements of a system involving microservices are mapped to Netflix’s Conductor specification which is later converted into Petri nets for further analysis. Traversal analysis on the converted Petri nets not only allows us to detect a faulty specification but to correct it and adopt a better design. We tried our methodology on the TrainTicket benchmark system and we are able to detect seven faults from the benchmark application using our approach.
{"title":"Detection of Faults in Microservices using Petri Nets","authors":"Sulochan Naik, Meenakshi D'Souza","doi":"10.1145/3578527.3578541","DOIUrl":"https://doi.org/10.1145/3578527.3578541","url":null,"abstract":"Despite higher adoption of Microservices worldwide, there is a lack of work on possible fault detection during early phases such as at requirements and design phase. We propose a novel way to detect faults using model checking CTL specifications and a SMT solver. Requirements of a system involving microservices are mapped to Netflix’s Conductor specification which is later converted into Petri nets for further analysis. Traversal analysis on the converted Petri nets not only allows us to detect a faulty specification but to correct it and adopt a better design. We tried our methodology on the TrainTicket benchmark system and we are able to detect seven faults from the benchmark application using our approach.","PeriodicalId":326318,"journal":{"name":"Proceedings of the 16th Innovations in Software Engineering Conference","volume":"90 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134246052","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
gMutant is a novel mutation analyser to measure the quality of test cases. It is based on gCov. The existing gCov outputs code coverage (line and branch). Here, we scale it up in order to produce an effective metric i.e., Mutation Score (%) which is useful to report the quality of test cases. The key idea is to generate one Mutant Meta Program that has all the mutants instrumented in it. Hence, for each test input, only the generated Mutant Meta Program gets executed, instead of executing all the mutants separately. This mitigates the computational cost challenge of Mutation Testing in producing Mutation score. The gMutant that has been proposed is a generic tool which can be plugged in with any tester. It needs test cases as well as a program to generate a score (%) and a descriptive report. In our experimentation, we used Bounded Model Checker and Fuzzer to generate test cases. The run time of the gMutant is very advantageous in contrast to the traditional method of computing mutation score. It gives scores, in 4.03 (s) for CBMC and 4.01 (s) for AFL, which proves its efficiency.
gMutant是一种新的突变分析器,用于测量测试用例的质量。它基于gCov。现有的gCov输出代码覆盖率(行和分支)。在这里,我们将其扩大,以便产生一个有效的度量,例如,突变分数(%),它对报告测试用例的质量很有用。关键思想是生成一个包含所有突变体的突变体元程序。因此,对于每个测试输入,只执行生成的突变元程序,而不是单独执行所有的突变。这减轻了突变测试在产生突变分数时的计算成本挑战。已经提出的gMutant是一个可以插入任何测试器的通用工具。它需要测试用例以及生成分数(%)和描述性报告的程序。在我们的实验中,我们使用Bounded Model Checker和Fuzzer来生成测试用例。与传统的计算突变分数的方法相比,gMutant的运行时间非常有利。计算结果表明,CBMC和AFL分别为4.03分和4.01分,证明了算法的有效性。
{"title":"gMutant: A gCov based Mutation Testing Analyser","authors":"Monika Rani Golla, Sangharatna Godboley","doi":"10.1145/3578527.3578546","DOIUrl":"https://doi.org/10.1145/3578527.3578546","url":null,"abstract":"gMutant is a novel mutation analyser to measure the quality of test cases. It is based on gCov. The existing gCov outputs code coverage (line and branch). Here, we scale it up in order to produce an effective metric i.e., Mutation Score (%) which is useful to report the quality of test cases. The key idea is to generate one Mutant Meta Program that has all the mutants instrumented in it. Hence, for each test input, only the generated Mutant Meta Program gets executed, instead of executing all the mutants separately. This mitigates the computational cost challenge of Mutation Testing in producing Mutation score. The gMutant that has been proposed is a generic tool which can be plugged in with any tester. It needs test cases as well as a program to generate a score (%) and a descriptive report. In our experimentation, we used Bounded Model Checker and Fuzzer to generate test cases. The run time of the gMutant is very advantageous in contrast to the traditional method of computing mutation score. It gives scores, in 4.03 (s) for CBMC and 4.01 (s) for AFL, which proves its efficiency.","PeriodicalId":326318,"journal":{"name":"Proceedings of the 16th Innovations in Software Engineering Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133923345","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Assertion Based Verification is a design methodology that integrates Formal Methods as part of the design process. As each module is designed, the designer expresses the functional, structural and interface requirements of the module as logical formulas called assertions. These assertions are then verified using simulation and/or formal verification. This paper aims at studying the effectiveness of applying formal verification during Assertion Based Verification in the development of VHDL design for a VME-bus for safety applications in nuclear reactors. Assertions for the VHDL modules developed were expressed in PSL, and were proved using three industrially successful and popular formal verification algorithms – Bounded Model Checking, K-Induction, and Property Driven Reachability, implemented in an open-source verification tool, Yosys. Our experiments revealed that Property Driven Reachability completely outperforms K-Induction in all the cases. Bounded Model Checking for a few hundred clock cycles helped us in finding a number of important, but subtle bugs, which were missed by traditional simulation, at the cost of a justifiable increase in design effort towards writing assertions.
{"title":"Assertion Based Verification using Yosys: A Case Study from Nuclear Domain","authors":"Shubam Gupta, Ajith K. John, M. Kalra","doi":"10.1145/3578527.3578540","DOIUrl":"https://doi.org/10.1145/3578527.3578540","url":null,"abstract":"Assertion Based Verification is a design methodology that integrates Formal Methods as part of the design process. As each module is designed, the designer expresses the functional, structural and interface requirements of the module as logical formulas called assertions. These assertions are then verified using simulation and/or formal verification. This paper aims at studying the effectiveness of applying formal verification during Assertion Based Verification in the development of VHDL design for a VME-bus for safety applications in nuclear reactors. Assertions for the VHDL modules developed were expressed in PSL, and were proved using three industrially successful and popular formal verification algorithms – Bounded Model Checking, K-Induction, and Property Driven Reachability, implemented in an open-source verification tool, Yosys. Our experiments revealed that Property Driven Reachability completely outperforms K-Induction in all the cases. Bounded Model Checking for a few hundred clock cycles helped us in finding a number of important, but subtle bugs, which were missed by traditional simulation, at the cost of a justifiable increase in design effort towards writing assertions.","PeriodicalId":326318,"journal":{"name":"Proceedings of the 16th Innovations in Software Engineering Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129810545","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Siddhasagar Pani, Harshita Vani Nallagonda, Vigneswaran, Raveendra Kumar Medicherla, Rajan M
Greybox fuzzers require intermediate programs called fuzz drivers to test smart contract APIs. These fuzz drivers use the semi-random inputs (bytes) generated by fuzzers to prepare suitable inputs required to test APIs. Further, fuzz driver also uses this input to decide sequence in which APIs to be invoked and enables the fuzzer to execute the APIs in that sequence to find the vulnerabilities, if any. Manually writing such complex and intelligent fuzz drivers is laborious, requires deep technical skills, hence can be cumbersome and error prone. In this paper, we propose SmartFuzzDriverGen framework to automatically generate fuzz drivers which invoke smart contract APIs using different strategies: unit-level, sequence-based (random, user-defined), and heuristics based. We evaluate the proposed framework by testing a prototype implementation of it with Golang smart contracts (targeted for Hyperledger Fabric platform) and study the effectiveness of the generated fuzz drivers in terms of code coverage as well as bug finding abilities. We observed that fuzzing of APIs in random sequences performed better than the other methods.
{"title":"SmartFuzzDriverGen: Smart Contract Fuzzing Automation for Golang","authors":"Siddhasagar Pani, Harshita Vani Nallagonda, Vigneswaran, Raveendra Kumar Medicherla, Rajan M","doi":"10.1145/3578527.3578538","DOIUrl":"https://doi.org/10.1145/3578527.3578538","url":null,"abstract":"Greybox fuzzers require intermediate programs called fuzz drivers to test smart contract APIs. These fuzz drivers use the semi-random inputs (bytes) generated by fuzzers to prepare suitable inputs required to test APIs. Further, fuzz driver also uses this input to decide sequence in which APIs to be invoked and enables the fuzzer to execute the APIs in that sequence to find the vulnerabilities, if any. Manually writing such complex and intelligent fuzz drivers is laborious, requires deep technical skills, hence can be cumbersome and error prone. In this paper, we propose SmartFuzzDriverGen framework to automatically generate fuzz drivers which invoke smart contract APIs using different strategies: unit-level, sequence-based (random, user-defined), and heuristics based. We evaluate the proposed framework by testing a prototype implementation of it with Golang smart contracts (targeted for Hyperledger Fabric platform) and study the effectiveness of the generated fuzz drivers in terms of code coverage as well as bug finding abilities. We observed that fuzzing of APIs in random sequences performed better than the other methods.","PeriodicalId":326318,"journal":{"name":"Proceedings of the 16th Innovations in Software Engineering Conference","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129354350","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the growing advent and usage of Android applications, security of sensitive user information remains to be of paramount concern. A popular way to identify security leaks in Android applications is by performing taint analysis that tries to enlist possible paths in the program through which sources of critical information may get connected to potential sinks that may propagate leaks. Notably, the precision of such “taint information” is heavily dependent on the elements that are responsible for constructing an interprocedural path in a program – primarily, the call graph. This paper is a step towards a larger study to identify the common patterns through which information gets tainted in Android applications, aiming to suggest points in the program analysis space that could lead to their detection in a precise yet efficient manner. To begin with, we invoke FlowDroid (a popular taint-analysis tool) to analyze Android apps from a variety of domains, and measure the impact of varying the underlying call graph on the computed taint information. We observe that taint information depends significantly on the used call graph, and that certain spurious leaks can be mapped to particular causes of removable imprecision. We further classify the identified leaks into various kinds, and hope to extend this study to identify exact parts of the program that popularly leak out particular kinds of information. Our final goal is to help security analysts select the right interprocedural analysis toolset for identifying bugs in Android apps, as well as to frame app-design guidelines for helping developers first-hand avoid common sources of information leaks from their future artifacts.
{"title":"Variational Study of the Impact of Call Graphs on Precision of Android Taint Analysis","authors":"Prakash Neupane, Manas Thakur","doi":"10.1145/3578527.3578545","DOIUrl":"https://doi.org/10.1145/3578527.3578545","url":null,"abstract":"With the growing advent and usage of Android applications, security of sensitive user information remains to be of paramount concern. A popular way to identify security leaks in Android applications is by performing taint analysis that tries to enlist possible paths in the program through which sources of critical information may get connected to potential sinks that may propagate leaks. Notably, the precision of such “taint information” is heavily dependent on the elements that are responsible for constructing an interprocedural path in a program – primarily, the call graph. This paper is a step towards a larger study to identify the common patterns through which information gets tainted in Android applications, aiming to suggest points in the program analysis space that could lead to their detection in a precise yet efficient manner. To begin with, we invoke FlowDroid (a popular taint-analysis tool) to analyze Android apps from a variety of domains, and measure the impact of varying the underlying call graph on the computed taint information. We observe that taint information depends significantly on the used call graph, and that certain spurious leaks can be mapped to particular causes of removable imprecision. We further classify the identified leaks into various kinds, and hope to extend this study to identify exact parts of the program that popularly leak out particular kinds of information. Our final goal is to help security analysts select the right interprocedural analysis toolset for identifying bugs in Android apps, as well as to frame app-design guidelines for helping developers first-hand avoid common sources of information leaks from their future artifacts.","PeriodicalId":326318,"journal":{"name":"Proceedings of the 16th Innovations in Software Engineering Conference","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128946091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Software practitioners use various requirement elicitation methods to produce a well-defined product. These methods impact the software product’s eventual traits and target a particular audience segment. Virtual Reality(VR) products are no different from this influence. With the notable rise in product offerings across various domains, VR has become an essential technology for the future. Nevertheless, the type of methods practiced for requirement elicitation still has not been thoroughly studied. This paper presents a mapping study on requirement elicitation methods practiced by VR practitioners in academia and industry. We consolidated our observations based on their popularity in the practitioner community. Further, we present our insights on the necessary and sufficient conditions to conduct VR requirement elicitation using the identified methods to benefit the VR practitioner community.
{"title":"Requirements Elicitation for Virtual Reality Products - A Mapping Study","authors":"Sai Anirudh Karre, Raghav Mittal, R. Reddy","doi":"10.1145/3578527.3578536","DOIUrl":"https://doi.org/10.1145/3578527.3578536","url":null,"abstract":"Software practitioners use various requirement elicitation methods to produce a well-defined product. These methods impact the software product’s eventual traits and target a particular audience segment. Virtual Reality(VR) products are no different from this influence. With the notable rise in product offerings across various domains, VR has become an essential technology for the future. Nevertheless, the type of methods practiced for requirement elicitation still has not been thoroughly studied. This paper presents a mapping study on requirement elicitation methods practiced by VR practitioners in academia and industry. We consolidated our observations based on their popularity in the practitioner community. Further, we present our insights on the necessary and sufficient conditions to conduct VR requirement elicitation using the identified methods to benefit the VR practitioner community.","PeriodicalId":326318,"journal":{"name":"Proceedings of the 16th Innovations in Software Engineering Conference","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123479616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Enterprises today have transformed from standalone entities into interconnected systems of systems while having to function in a dynamic and uncertain environment. Uncertainty originates from several factors such as changing needs and behaviours of diverse stakeholders, occurrence of external events and advent of new technologies. This creates a need for software systems to adapt dynamically in response to change, posing a series of technological challenges. Software systems of the future need to be specifically architected to learn from interactions with their environment, recommend and evaluate adaptations as well as automatically realize the adaptations in code so as to enable enterprises to continue meeting their objectives and stay relevant. This workshop aims to bring together eminent researchers and practitioners to deliberate upon learning-based approaches to solve critical problems in industry and society.
{"title":"A Report on First Workshop on Learning-Aided Adaptive Systems","authors":"Deepali Kholkar, Suman Roychoudhury","doi":"10.1145/3578527.3581750","DOIUrl":"https://doi.org/10.1145/3578527.3581750","url":null,"abstract":"Enterprises today have transformed from standalone entities into interconnected systems of systems while having to function in a dynamic and uncertain environment. Uncertainty originates from several factors such as changing needs and behaviours of diverse stakeholders, occurrence of external events and advent of new technologies. This creates a need for software systems to adapt dynamically in response to change, posing a series of technological challenges. Software systems of the future need to be specifically architected to learn from interactions with their environment, recommend and evaluate adaptations as well as automatically realize the adaptations in code so as to enable enterprises to continue meeting their objectives and stay relevant. This workshop aims to bring together eminent researchers and practitioners to deliberate upon learning-based approaches to solve critical problems in industry and society.","PeriodicalId":326318,"journal":{"name":"Proceedings of the 16th Innovations in Software Engineering Conference","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133780748","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The conference on Program Analysis and Software Testing is a special session under the workshop category which will be held in conjunction with ISEC-2023, Indian Institute of Information Technology, Allahabad Prayagraj, UP, India. It is in line with the scope of ISEC-2023 which will be specially focused on the theme of the event. The theme is based on the research work specific to the areas mentioned in the scope of this conference. RAPAST-2023 is expected to be a good avenue where the researchers from Academia and Industries will participate by presenting their most recent research findings and experimental results in the domain of the scope.
{"title":"2nd Recent Advances in Program Analysis and Software Testing (RAPAST-2023)","authors":"Sangharatna Godboley, D. Mohapatra","doi":"10.1145/3578527.3581748","DOIUrl":"https://doi.org/10.1145/3578527.3581748","url":null,"abstract":"The conference on Program Analysis and Software Testing is a special session under the workshop category which will be held in conjunction with ISEC-2023, Indian Institute of Information Technology, Allahabad Prayagraj, UP, India. It is in line with the scope of ISEC-2023 which will be specially focused on the theme of the event. The theme is based on the research work specific to the areas mentioned in the scope of this conference. RAPAST-2023 is expected to be a good avenue where the researchers from Academia and Industries will participate by presenting their most recent research findings and experimental results in the domain of the scope.","PeriodicalId":326318,"journal":{"name":"Proceedings of the 16th Innovations in Software Engineering Conference","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129843154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Proceedings of the 16th Innovations in Software Engineering Conference","authors":"","doi":"10.1145/3578527","DOIUrl":"https://doi.org/10.1145/3578527","url":null,"abstract":"","PeriodicalId":326318,"journal":{"name":"Proceedings of the 16th Innovations in Software Engineering Conference","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114232258","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: