Design by contract (DbC) is a software development methodology that makes use of assertions to produce better quality object-oriented software. The idea behind DbC is that a method defines a contract stating the requirements a client needs to fulfill to use it, the precondition, and the properties it ensures after its execution, the postcondition. Though there exists ample support for DbC for sequential programs, applying DbC to concurrent programs presents several challenges. The first challenge is interference, the product of multiple threads of execution modifying and accessing shared data. The second is the specification of thread-safety properties in the presence of inheritance.We present a solution to these challenges in the context of Java programs by extending the Java modeling language (JML) specification language. We experiment our solution on a large size industrial software system.
{"title":"Concurrent Contracts for Java in JML","authors":"Wladimir Araujo, L. Briand, Y. Labiche","doi":"10.1109/ISSRE.2008.9","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.9","url":null,"abstract":"Design by contract (DbC) is a software development methodology that makes use of assertions to produce better quality object-oriented software. The idea behind DbC is that a method defines a contract stating the requirements a client needs to fulfill to use it, the precondition, and the properties it ensures after its execution, the postcondition. Though there exists ample support for DbC for sequential programs, applying DbC to concurrent programs presents several challenges. The first challenge is interference, the product of multiple threads of execution modifying and accessing shared data. The second is the specification of thread-safety properties in the presence of inheritance.We present a solution to these challenges in the context of Java programs by extending the Java modeling language (JML) specification language. We experiment our solution on a large size industrial software system.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127177390","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
How can we deliver highly reliable software profitably, for low cost and at large scale? The value of answering this question is enormous: providing software quality costs organizations, let alone consumers, roughly half a trillion dollars per year worldwide. Large scale data suggests that discovering and correcting defects in the traditional ways, while necessary, is not a sufficient answer. This talk will review some of the salient efforts and results of the Windows team in pursuit of high reliability. We will identify some long-term challenges and describe the built-in tools and capabilities that enable the research and industrial communities to study and address reliability issues in the Windows ecosystem.
{"title":"How Economics Shape Reliability: Lessons and Opportunities from Windows Development","authors":"Solom Heddaya","doi":"10.1109/ISSRE.2008.64","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.64","url":null,"abstract":"How can we deliver highly reliable software profitably, for low cost and at large scale? The value of answering this question is enormous: providing software quality costs organizations, let alone consumers, roughly half a trillion dollars per year worldwide. Large scale data suggests that discovering and correcting defects in the traditional ways, while necessary, is not a sufficient answer. This talk will review some of the salient efforts and results of the Windows team in pursuit of high reliability. We will identify some long-term challenges and describe the built-in tools and capabilities that enable the research and industrial communities to study and address reliability issues in the Windows ecosystem.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132392131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Testing aspect-oriented programs is challenging in part because of the interactions between the aspects and the base classes with which the aspects are woven. Coverage metrics, such as joinpoint coverage, address faults resulting from the changes in base class control flow that may be introduced by the woven advices. Definitions of joinpoint coverage in the literature typically require counting the execution of aspects at each joinpoint. We present a tool for measuring joinpoint coverage from two perspectives: per advice, which measures the execution of the advice at each joinpoint it is woven into, and per class, which measures the execution of all the advices in each joinpoint in the class. This gives a more detailed measurement of joinpoint coverage and helps in identifying what more needs to be tested in both the base class and the aspect. The tool is based on AspectJ and Java bytecode, and thus, does not require any source code. We demonstrate the use of our tool to measure the joinpoint coverage of test inputs generated by Xie and Zhao's Aspectra framework.
{"title":"A Joinpoint Coverage Measurement Tool for Evaluating the Effectiveness of Test Inputs for AspectJ Programs","authors":"Fadi Wedyan, Sudipto Ghosh","doi":"10.1109/ISSRE.2008.12","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.12","url":null,"abstract":"Testing aspect-oriented programs is challenging in part because of the interactions between the aspects and the base classes with which the aspects are woven. Coverage metrics, such as joinpoint coverage, address faults resulting from the changes in base class control flow that may be introduced by the woven advices. Definitions of joinpoint coverage in the literature typically require counting the execution of aspects at each joinpoint. We present a tool for measuring joinpoint coverage from two perspectives: per advice, which measures the execution of the advice at each joinpoint it is woven into, and per class, which measures the execution of all the advices in each joinpoint in the class. This gives a more detailed measurement of joinpoint coverage and helps in identifying what more needs to be tested in both the base class and the aspect. The tool is based on AspectJ and Java bytecode, and thus, does not require any source code. We demonstrate the use of our tool to measure the joinpoint coverage of test inputs generated by Xie and Zhao's Aspectra framework.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127817405","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
S. Weber, A. Paradkar, S. McIntosh, David C. Toll, P. Karger, M. Kaplan, E. Palmer
In this paper, we describe results of a case study to establish the feasibility of deriving mappings between an abstract user level specification and the code elements in a concrete implementation of a highly secure smart card operating system. Such a mapping is necessary for feedback-directed specification-based test generation to improve code coverage, needed by the stringent criteria for high-assurance systems. We used test cases generated from the user level specification to identify the executed code elements and attempted to use static analysis to map the unexecuted code elements to the corresponding elements in the user level specification. Our primary result is evidence that, given a sufficiently expressive user level specification and a test generation system that is able to effectively use such a specification, the resulting tests will cover the vast majority of the code branches that are able to be covered. Therefore, the benefit of a feedback-directed system will be limited. We further provide evidence that the static analysis required to generate feedback in these cases tends to be difficult, involving inferring the semantics of the internal implementation of data structures. In particular, we observed that the internal states at the implementation level in a high security application pose significant challenges to this mapping process.
{"title":"The Feasibility of Automated Feedback-Directed Specification-Based Test Generation: A Case Study of a High-Assurance Operating System","authors":"S. Weber, A. Paradkar, S. McIntosh, David C. Toll, P. Karger, M. Kaplan, E. Palmer","doi":"10.1109/ISSRE.2008.33","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.33","url":null,"abstract":"In this paper, we describe results of a case study to establish the feasibility of deriving mappings between an abstract user level specification and the code elements in a concrete implementation of a highly secure smart card operating system. Such a mapping is necessary for feedback-directed specification-based test generation to improve code coverage, needed by the stringent criteria for high-assurance systems. We used test cases generated from the user level specification to identify the executed code elements and attempted to use static analysis to map the unexecuted code elements to the corresponding elements in the user level specification. Our primary result is evidence that, given a sufficiently expressive user level specification and a test generation system that is able to effectively use such a specification, the resulting tests will cover the vast majority of the code branches that are able to be covered. Therefore, the benefit of a feedback-directed system will be limited. We further provide evidence that the static analysis required to generate feedback in these cases tends to be difficult, involving inferring the semantics of the internal implementation of data structures. In particular, we observed that the internal states at the implementation level in a high security application pose significant challenges to this mapping process.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123892758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Boya Sun, Ray-Yaung Chang, Xianghao Chen, Andy Podgurski
We present empirical results indicating that when programmers fix bugs, they often fail to propagate the fixes to all of the locations in a code base where they are applicable, thereby leaving instances of the bugs in the code. We propose a practical approach to help programmers to propagate many bug fixes completely. This entails first extracting a programming rule from a bug fix, in the form of a graph minor of an enhanced procedure dependence graph. Our approach assists the programmer in specifying rules by automatically matching simple rule templates; the programmer may also edit rules or compose them from scratch. A graph matching algorithm for detecting rule violations is then used to locate the places in the code base where the bug fix is applicable. Our approach does not require that rules occur repeatedly in the code base. We present empirical results indicating that the approach nevertheless exhibits good precision.
{"title":"Automated Support for Propagating Bug Fixes","authors":"Boya Sun, Ray-Yaung Chang, Xianghao Chen, Andy Podgurski","doi":"10.1109/ISSRE.2008.29","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.29","url":null,"abstract":"We present empirical results indicating that when programmers fix bugs, they often fail to propagate the fixes to all of the locations in a code base where they are applicable, thereby leaving instances of the bugs in the code. We propose a practical approach to help programmers to propagate many bug fixes completely. This entails first extracting a programming rule from a bug fix, in the form of a graph minor of an enhanced procedure dependence graph. Our approach assists the programmer in specifying rules by automatically matching simple rule templates; the programmer may also edit rules or compose them from scratch. A graph matching algorithm for detecting rule violations is then used to locate the places in the code base where the bug fix is applicable. Our approach does not require that rules occur repeatedly in the code base. We present empirical results indicating that the approach nevertheless exhibits good precision.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128920332","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the growing scale of software system, assuring software quality through automated testing becomes increasingly important. When automated testing is involved in software development, the uncertainty caused by automated test failures should not be ignored. Besides, the modification of tested software may introduce some potential faults and further invalidate some test scripts, which may lead to the failed outcomes. Based on the facts, we will propose a Markov renewal process (MRP) to model the correlation among software runs during the software development. The use of the proposed modeling framework is illustrated through an example. Compared to previous work, the proposed framework indeed addresses the influence of test automation and provides more useful information.
{"title":"Modeling the Software Failure Correlations When Test Automation Is Adopted during the Software Development","authors":"Chu-Ti Lin, Chin-Yu Huang","doi":"10.1109/ISSRE.2008.34","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.34","url":null,"abstract":"With the growing scale of software system, assuring software quality through automated testing becomes increasingly important. When automated testing is involved in software development, the uncertainty caused by automated test failures should not be ignored. Besides, the modification of tested software may introduce some potential faults and further invalidate some test scripts, which may lead to the failed outcomes. Based on the facts, we will propose a Markov renewal process (MRP) to model the correlation among software runs during the software development. The use of the proposed modeling framework is illustrated through an example. Compared to previous work, the proposed framework indeed addresses the influence of test automation and provides more useful information.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132506613","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The objective of this paper is to provide a first analysis of the effectiveness of simple server replication vs. failure prevention in non-high-availability applications. We analyze service availability for a system with N servers where each server is modeled as a finite queue subject to failures. A Petri net analysis suggests that service availability is most effectively improved by server duplication, but for further improvement the combination with failure prevention seems most effective.
{"title":"Replication vs. Failure Prevention - How to Boost Service Availability?","authors":"Felix Salfner, K. Wolter","doi":"10.1109/ISSRE.2008.52","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.52","url":null,"abstract":"The objective of this paper is to provide a first analysis of the effectiveness of simple server replication vs. failure prevention in non-high-availability applications. We analyze service availability for a system with N servers where each server is modeled as a finite queue subject to failures. A Petri net analysis suggests that service availability is most effectively improved by server duplication, but for further improvement the combination with failure prevention seems most effective.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132316160","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In large software development projects, the number of defects can be considerably high and defect management can become even more challenging when the development is distributed over several sites. Defect reduction solutions and commonly agreed defect management methods are needed to handle the defects and to meet the target quality level of the software, measured by the number of open defects. In this study, a combination of three quality metrics was used to support the defect management process in four consecutive multi-site software development programs involving several hundred people, and the result was compared to a program not using the described quality criteria set. According to the results, defect closing speed was improved, the number of open defects was reduced, and defects were reported earlier in programs that were using the quality metrics.
{"title":"Exploring Quality Metrics to Support Defect Management Process in a Multi-site Organization - A Case Study","authors":"K. Korhonen, O. Salo","doi":"10.1109/ISSRE.2008.20","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.20","url":null,"abstract":"In large software development projects, the number of defects can be considerably high and defect management can become even more challenging when the development is distributed over several sites. Defect reduction solutions and commonly agreed defect management methods are needed to handle the defects and to meet the target quality level of the software, measured by the number of open defects. In this study, a combination of three quality metrics was used to support the defect management process in four consecutive multi-site software development programs involving several hundred people, and the result was compared to a program not using the described quality criteria set. According to the results, defect closing speed was improved, the number of open defects was reduced, and defects were reported earlier in programs that were using the quality metrics.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130844078","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
For many safety-critical systems a safety case is built as part of the certification or acceptance process. The safety case assembles evidence to justify that the design and implementation of a system avoid hazardous software behavior. Fault modeling and analysis can provide a rich source of evidence that the design meets safety goals. However, there is currently little guidance available to bridge the gap between the fault modeling that developers perform and the mandated safety case. In this experience report we describe results and open issues from an investigation of how evidence from software tool supported fault modeling and analysis of a spacecraft power system could assist in safety-case construction. The ways in which the software fault models can provide evidence for the safety case appears to be applicable to other critical systems.
{"title":"Using Fault Modeling in Safety Cases","authors":"R. Lutz, A. Patterson-Hine","doi":"10.1109/ISSRE.2008.13","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.13","url":null,"abstract":"For many safety-critical systems a safety case is built as part of the certification or acceptance process. The safety case assembles evidence to justify that the design and implementation of a system avoid hazardous software behavior. Fault modeling and analysis can provide a rich source of evidence that the design meets safety goals. However, there is currently little guidance available to bridge the gap between the fault modeling that developers perform and the mandated safety case. In this experience report we describe results and open issues from an investigation of how evidence from software tool supported fault modeling and analysis of a spacecraft power system could assist in safety-case construction. The ways in which the software fault models can provide evidence for the safety case appears to be applicable to other critical systems.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126850746","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We propose an RBF (radial basis function) neural network-based fault localization method to help programmers locate bugs in a more effective way. An RBF neural network with a three-layer feed-forward structure is employed to learn the relationship between the statement coverage of a test case and its corresponding execution result. The trained network is then given as input a set of virtual test cases, each covering only a single statement. The output of the network for each test case is considered to be the suspiciousness of the corresponding statement; a statement with a higher suspiciousness has a higher likelihood of containing a bug. The set of statements ranked in descending order by their suspiciousness are then examined by programmers one by one until a bug is located. Three case studies on different programs (space, grep and make) were conducted with each faulty version having exactly one bug. An additional program gcc was also used to demonstrate the concept of extending the proposed method to programs with multiple bugs. Our experimental data suggest that an RBF neural network-based fault localization method is more effective in locating a program bug (by examining less code before the first faulty statement containing the bug is identified) than another popular method, Tarantula, which also uses the coverage and execution results to compute the suspiciousness of each statement.
{"title":"Using an RBF Neural Network to Locate Program Bugs","authors":"W. E. Wong, Yan Shi, Yu Qi, R. Golden","doi":"10.1109/ISSRE.2008.15","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.15","url":null,"abstract":"We propose an RBF (radial basis function) neural network-based fault localization method to help programmers locate bugs in a more effective way. An RBF neural network with a three-layer feed-forward structure is employed to learn the relationship between the statement coverage of a test case and its corresponding execution result. The trained network is then given as input a set of virtual test cases, each covering only a single statement. The output of the network for each test case is considered to be the suspiciousness of the corresponding statement; a statement with a higher suspiciousness has a higher likelihood of containing a bug. The set of statements ranked in descending order by their suspiciousness are then examined by programmers one by one until a bug is located. Three case studies on different programs (space, grep and make) were conducted with each faulty version having exactly one bug. An additional program gcc was also used to demonstrate the concept of extending the proposed method to programs with multiple bugs. Our experimental data suggest that an RBF neural network-based fault localization method is more effective in locating a program bug (by examining less code before the first faulty statement containing the bug is identified) than another popular method, Tarantula, which also uses the coverage and execution results to compute the suspiciousness of each statement.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122539136","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: