Pub Date : 2013-11-01DOI: 10.1109/ISSREW.2013.6688888
C. Tantithamthavorn, Rattamont Teekavanich, Akinori Ihara, Ken-ichi Matsumoto
In this study, we proposed an approach to mine a change history to improve the bug localization performance. The key idea is that a recently fixed file may be fixed in the near future. We used a combination of textual feature and mining the change history to recommend source code files that are likely to be fixed for a given bug report. First, we adopted the Vector Space Model (VSM) to find relevant source code files that are textually similar to the bug report. Second, we analyzed the change history to identify previously fixed files. We then estimated the fault proneness of these files. Finally, we combined the two scores, from textual similarity and fault proneness, for every source code file. We then recommend developers examine source code files with higher scores. We evaluated our approach based on 1,212 bug reports from the Eclipse Platform and Eclipse JDT. The experimental results show that our proposed approach can improve the bug localization performance and effectively identify buggy files.
{"title":"Mining A change history to quickly identify bug locations : A case study of the Eclipse project","authors":"C. Tantithamthavorn, Rattamont Teekavanich, Akinori Ihara, Ken-ichi Matsumoto","doi":"10.1109/ISSREW.2013.6688888","DOIUrl":"https://doi.org/10.1109/ISSREW.2013.6688888","url":null,"abstract":"In this study, we proposed an approach to mine a change history to improve the bug localization performance. The key idea is that a recently fixed file may be fixed in the near future. We used a combination of textual feature and mining the change history to recommend source code files that are likely to be fixed for a given bug report. First, we adopted the Vector Space Model (VSM) to find relevant source code files that are textually similar to the bug report. Second, we analyzed the change history to identify previously fixed files. We then estimated the fault proneness of these files. Finally, we combined the two scores, from textual similarity and fault proneness, for every source code file. We then recommend developers examine source code files with higher scores. We evaluated our approach based on 1,212 bug reports from the Eclipse Platform and Eclipse JDT. The experimental results show that our proposed approach can improve the bug localization performance and effectively identify buggy files.","PeriodicalId":332420,"journal":{"name":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132506732","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-11-01DOI: 10.1109/ISSREW.2013.6688899
Alfred Granger, Paul R. Garrett, Gary Dalmadge
Presents a collection of slides exploring the concept of medical risk in relation to software development and testing.
介绍一系列探索与软件开发和测试相关的医疗风险概念的幻灯片。
{"title":"Medical device software risk assessment requires cross functional personnel","authors":"Alfred Granger, Paul R. Garrett, Gary Dalmadge","doi":"10.1109/ISSREW.2013.6688899","DOIUrl":"https://doi.org/10.1109/ISSREW.2013.6688899","url":null,"abstract":"Presents a collection of slides exploring the concept of medical risk in relation to software development and testing.","PeriodicalId":332420,"journal":{"name":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"306 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131817454","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-11-01DOI: 10.1109/ISSREW.2013.6688858
Da Young Lee, M. Vouk, L. Williams
Can software reliability models be used to assess software security? One of the issues is that security problems are relatively rare under “normal” operational profiles, while “classical” reliability models may not be suitable for use in attack conditions. We investigated a range of Fedora open source software security problems to see if some of the basic assumptions behind software reliability growth models hold for discovery of security problems in non-attack situations. We find that in some cases, under “normal” operational use, security problem detection process may be described as a Poisson process. In those cases, we can use appropriate classical software reliability growth models to assess “security reliability” of that software in non-attack situations.
{"title":"Using software reliability models for security assessment — Verification of assumptions","authors":"Da Young Lee, M. Vouk, L. Williams","doi":"10.1109/ISSREW.2013.6688858","DOIUrl":"https://doi.org/10.1109/ISSREW.2013.6688858","url":null,"abstract":"Can software reliability models be used to assess software security? One of the issues is that security problems are relatively rare under “normal” operational profiles, while “classical” reliability models may not be suitable for use in attack conditions. We investigated a range of Fedora open source software security problems to see if some of the basic assumptions behind software reliability growth models hold for discovery of security problems in non-attack situations. We find that in some cases, under “normal” operational use, security problem detection process may be described as a Poisson process. In those cases, we can use appropriate classical software reliability growth models to assess “security reliability” of that software in non-attack situations.","PeriodicalId":332420,"journal":{"name":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"125 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132103247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-11-01DOI: 10.1109/ISSREW.2013.6688914
M. Galster, Daniel Tofan
Many open source software systems are variability-intensive because they are frequently adapted to different customer needs or deployment environments. Variability in these systems not only occurs in functionality, but also in quality attributes (e.g., security, reliability, dependability). Furthermore, variability in functionality and variability in quality attributes affect each other. Recently, open source communities have adopted microblogging to document and share software engineering knowledge. Microblogging dissolves boundaries between developers and other stakeholders (e.g., end users). This facilitates the involvement of many different non-technical stakeholders in the software development process. In this paper, we investigate the feasibility and suitability of utilizing microblogs to identify and analyze dependability information about open source software systems. We use the example of the currently most popular microblogging infrastructure (Twitter) and a widely used open source content management system (Drupal). Our results indicate that even though open source communities frequently share information on Twitter, challenges exist for extracting and analyzing dependability information. Furthermore, a better understanding is needed to describe the relation between issues reported by user communities in microblogs, and issues and actions documented by developer communities in change logs and release information.
{"title":"Exploring possibilities to analyse microblogs for dependability information in variability-intensive open source software systems","authors":"M. Galster, Daniel Tofan","doi":"10.1109/ISSREW.2013.6688914","DOIUrl":"https://doi.org/10.1109/ISSREW.2013.6688914","url":null,"abstract":"Many open source software systems are variability-intensive because they are frequently adapted to different customer needs or deployment environments. Variability in these systems not only occurs in functionality, but also in quality attributes (e.g., security, reliability, dependability). Furthermore, variability in functionality and variability in quality attributes affect each other. Recently, open source communities have adopted microblogging to document and share software engineering knowledge. Microblogging dissolves boundaries between developers and other stakeholders (e.g., end users). This facilitates the involvement of many different non-technical stakeholders in the software development process. In this paper, we investigate the feasibility and suitability of utilizing microblogs to identify and analyze dependability information about open source software systems. We use the example of the currently most popular microblogging infrastructure (Twitter) and a widely used open source content management system (Drupal). Our results indicate that even though open source communities frequently share information on Twitter, challenges exist for extracting and analyzing dependability information. Furthermore, a better understanding is needed to describe the relation between issues reported by user communities in microblogs, and issues and actions documented by developer communities in change logs and release information.","PeriodicalId":332420,"journal":{"name":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123843107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-11-01DOI: 10.1109/ISSREW.2013.6688877
K. Vinod, Pandit Pattabhirama, M. Ramachandra
The healthcare industry has taken a significant pie in the information technology where a great progress is being shown in analyzing the research and development data collected over the years. Yet, most of the potential for value creation is still unclaimed. [1] In a typical healthcare system, the actual usage of the system can be determined when one transitions from the monitoring or a limited release phase of the project to the volume deployment mode. An early, if not a continuous feedback, can be ensured when the systems are usually beta tested at the selected sites. This is where we bring in the system log file analysis to play a major role in determining the reliability of the deployed system to receive an incessant and established feedback.
{"title":"Reliability feedback through system log analysis","authors":"K. Vinod, Pandit Pattabhirama, M. Ramachandra","doi":"10.1109/ISSREW.2013.6688877","DOIUrl":"https://doi.org/10.1109/ISSREW.2013.6688877","url":null,"abstract":"The healthcare industry has taken a significant pie in the information technology where a great progress is being shown in analyzing the research and development data collected over the years. Yet, most of the potential for value creation is still unclaimed. [1] In a typical healthcare system, the actual usage of the system can be determined when one transitions from the monitoring or a limited release phase of the project to the volume deployment mode. An early, if not a continuous feedback, can be ensured when the systems are usually beta tested at the selected sites. This is where we bring in the system log file analysis to play a major role in determining the reliability of the deployed system to receive an incessant and established feedback.","PeriodicalId":332420,"journal":{"name":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122344007","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-11-01DOI: 10.1109/ISSREW.2013.6688852
C. Luo, H. Okamura, T. Dohi
Resiliency (resilience) is one of the important criteria for evaluating the sturdiness of systems. The resiliency is generally defined as the ability of resistance from disturbance that is caused by sudden changes of system configuration. However, there is no formal quantitative definition of system resiliency. In this paper, we propose the quantification of system resiliency by using continuous time Markov chains (CTMCs). According to probabilistic models, we formulate the quantification resiliency for performance indices of the system by two methods. Also, we discuss the applicability of our quantification of resiliency and compare the effectiveness of two definitions through numerical examples.
{"title":"Characteristic analysis of quantitative definition of resiliency measure","authors":"C. Luo, H. Okamura, T. Dohi","doi":"10.1109/ISSREW.2013.6688852","DOIUrl":"https://doi.org/10.1109/ISSREW.2013.6688852","url":null,"abstract":"Resiliency (resilience) is one of the important criteria for evaluating the sturdiness of systems. The resiliency is generally defined as the ability of resistance from disturbance that is caused by sudden changes of system configuration. However, there is no formal quantitative definition of system resiliency. In this paper, we propose the quantification of system resiliency by using continuous time Markov chains (CTMCs). According to probabilistic models, we formulate the quantification resiliency for performance indices of the system by two methods. Also, we discuss the applicability of our quantification of resiliency and compare the effectiveness of two definitions through numerical examples.","PeriodicalId":332420,"journal":{"name":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114454658","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-11-01DOI: 10.1109/ISSREW.2013.6688864
Wei Hoo Chong
Reproducing issues to verify if the issues, especially reset issues, reported by customer are valid issues are tedious and time consuming. The rationale is not all issues can be reproduced and it is not easy to reproduce as some issues may be caused by hardware failure, environmental factor such as air pressure and temperature, and etc. Although the existing reset capture implemented in the radio is used to capturing this kind of intermittent defects, these dependencies are not recorded into the radio when issue happened. The reset capture is able to capture the last state of the radio before reset happens. So, the information such as, how many calls had been made before the radio hangs and resets? What is the battery level before resets? It remains unknown. This information is crucial for the issue as we need to know whether the issue happens after the first call made or after many calls made; during battery level is low or full. Hence, a Diagnostic tool is introduced in order to track radios' condition and to serve as an additional information for developer in bug fixing. iDoctor aims to reduce time in reproducing issues and helps developers to resolve issues faster if the comprehensive data logging is performed. At the same time, the health of the radio can be monitored as well. As a result, this will increase customer's satisfaction and their confidence level to the company that may directly impact to the company's market share.
{"title":"Radio Diagnostic tool: IDoctor","authors":"Wei Hoo Chong","doi":"10.1109/ISSREW.2013.6688864","DOIUrl":"https://doi.org/10.1109/ISSREW.2013.6688864","url":null,"abstract":"Reproducing issues to verify if the issues, especially reset issues, reported by customer are valid issues are tedious and time consuming. The rationale is not all issues can be reproduced and it is not easy to reproduce as some issues may be caused by hardware failure, environmental factor such as air pressure and temperature, and etc. Although the existing reset capture implemented in the radio is used to capturing this kind of intermittent defects, these dependencies are not recorded into the radio when issue happened. The reset capture is able to capture the last state of the radio before reset happens. So, the information such as, how many calls had been made before the radio hangs and resets? What is the battery level before resets? It remains unknown. This information is crucial for the issue as we need to know whether the issue happens after the first call made or after many calls made; during battery level is low or full. Hence, a Diagnostic tool is introduced in order to track radios' condition and to serve as an additional information for developer in bug fixing. iDoctor aims to reduce time in reproducing issues and helps developers to resolve issues faster if the comprehensive data logging is performed. At the same time, the health of the radio can be monitored as well. As a result, this will increase customer's satisfaction and their confidence level to the company that may directly impact to the company's market share.","PeriodicalId":332420,"journal":{"name":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115618627","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-11-01DOI: 10.1109/ISSREW.2013.6688921
Irfan Šljivo, B. Gallina, Jan Carlson, H. Hansson
Our aim is to contribute to bridging the gap between the justified need from industry to reuse third-party components and skepticism of the safety community in integrating and reusing components developed without real knowledge of the system context. We have developed a notion of safety contract that will help to capture safety-related information for supporting the reuse of software components in and across safety-critical systems. In this paper we present our extension of the contract formalism for specifying strong and weak assumption/guarantee contracts for out-of-context reusable components. We elaborate on notion of satisfaction, including refinement, dominance and composition check. To show the usage and the expressiveness of our extended formalism, we specify strong and weak safety contracts related to a wheel braking system.
{"title":"Strong and weak contract formalism for third-party component reuse","authors":"Irfan Šljivo, B. Gallina, Jan Carlson, H. Hansson","doi":"10.1109/ISSREW.2013.6688921","DOIUrl":"https://doi.org/10.1109/ISSREW.2013.6688921","url":null,"abstract":"Our aim is to contribute to bridging the gap between the justified need from industry to reuse third-party components and skepticism of the safety community in integrating and reusing components developed without real knowledge of the system context. We have developed a notion of safety contract that will help to capture safety-related information for supporting the reuse of software components in and across safety-critical systems. In this paper we present our extension of the contract formalism for specifying strong and weak assumption/guarantee contracts for out-of-context reusable components. We elaborate on notion of satisfaction, including refinement, dominance and composition check. To show the usage and the expressiveness of our extended formalism, we specify strong and weak safety contracts related to a wheel braking system.","PeriodicalId":332420,"journal":{"name":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127229388","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-11-01DOI: 10.1109/ISSREW.2013.6688855
V. Patu, Shuichiro Yamamoto
Today's software systems are facing new and complicated challenges in confronting with security issues. There are lots of security models, tools and methods that are being created and used within institutes and organizations in order to mitigate risk, threats and vulnerabilities of systems. However, the publicized information so far still has holes and limitations in postulating successful results. This paper presents our new model to archive the dependability goal of a security assurance case.
{"title":"A new model to capture security threat patterns by complying with standards and lesson learned — Archiving dependability for security assurance cases","authors":"V. Patu, Shuichiro Yamamoto","doi":"10.1109/ISSREW.2013.6688855","DOIUrl":"https://doi.org/10.1109/ISSREW.2013.6688855","url":null,"abstract":"Today's software systems are facing new and complicated challenges in confronting with security issues. There are lots of security models, tools and methods that are being created and used within institutes and organizations in order to mitigate risk, threats and vulnerabilities of systems. However, the publicized information so far still has holes and limitations in postulating successful results. This paper presents our new model to archive the dependability goal of a security assurance case.","PeriodicalId":332420,"journal":{"name":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123642639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-11-01DOI: 10.1109/ISSREW.2013.6688919
Fernanda Buonanno, Domenico Di Leo, Paolo di Paolo, R. Pietrantuono, S. Russo
Software is an increasing part of train control systems, calling for the integration of sound software design techniques into consolidated industrial systems' engineering processes. Although requirements engineering is a traditional software engineering area, its relevance for critical embedded systems is underestimated. We present the experience of a public-private collaboration between University of Naples and Ansaldo Breda, a leading company in the field of rail transit systems. The experience is focused on requirements engineering as a driver to improve the development process in order to better support, in the long term, software quality and safety assurance activities, at the same time with a proper cost/quality trade-off (higher quality costs are compensated through reuse over a product line).
{"title":"Requirements engineering in rail transit production: An experience report","authors":"Fernanda Buonanno, Domenico Di Leo, Paolo di Paolo, R. Pietrantuono, S. Russo","doi":"10.1109/ISSREW.2013.6688919","DOIUrl":"https://doi.org/10.1109/ISSREW.2013.6688919","url":null,"abstract":"Software is an increasing part of train control systems, calling for the integration of sound software design techniques into consolidated industrial systems' engineering processes. Although requirements engineering is a traditional software engineering area, its relevance for critical embedded systems is underestimated. We present the experience of a public-private collaboration between University of Naples and Ansaldo Breda, a leading company in the field of rail transit systems. The experience is focused on requirements engineering as a driver to improve the development process in order to better support, in the long term, software quality and safety assurance activities, at the same time with a proper cost/quality trade-off (higher quality costs are compensated through reuse over a product line).","PeriodicalId":332420,"journal":{"name":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124989553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: