Science of Computer Programming最新文献

Bounded exhaustive testing is a very effective technique for bug finding, which proposes to test a given program under all valid bounded inputs, for a bound provided by the developer. Existing bounded exhaustive testing techniques require the developer to provide a precise specification of the valid inputs. Such specifications are rarely present as part of the software under test, and writing them can be costly and challenging.

To address this situation we propose BEAPI, a tool that given a Java class under test, generates a bounded exhaustive set of objects of the class solely employing the methods of the class, without the need for a specification. BEAPI creates sequences of calls to methods from the class' public API, and executes them to generate inputs. BEAPI implements very effective pruning techniques that allow it to generate inputs efficiently.

We experimentally assessed BEAPI in several case studies from the literature, and showed that it performs comparably to the best existing specification-based bounded exhaustive generation tool (Korat), without requiring a specification of the valid inputs.

Symbolic execution is a software verification technique symbolically running programs and thereby checking for bugs. Ranged symbolic execution performs symbolic execution on program parts, so-called path ranges, in parallel. Due to the parallelism, verification is accelerated and hence scales to larger programs.

In this paper, we discuss a generalization of ranged symbolic execution to arbitrary program analyses. More specifically, we present a verification approach that splits programs into path ranges and then runs arbitrary analyses on the ranges in parallel. Our approach in particular allows to run different analyses on different program parts. We have implemented this generalization on top of the tool CPAchecker and evaluated it on programs from the SV-COMP benchmark. Our evaluation shows that verification can benefit from the parallelization of the verification task, but also needs a form of work stealing (between analyses) to become efficient.

Operating systems (OSs) suffer from pervasive memory bugs. Their primary source is shared mutable states, crucial to low-level control and efficiency. The safety of shared mutable states is not guaranteed by C/C++, in which legacy OSs are typically written. Recently, researchers have adopted Rust into OS development to implement clean-slate OSs with fewer memory bugs. Rust ensures the safety of shared mutable states that follow the “aliasing XOR mutability” discipline via its type system. With the success of Rust in clean-slate OSs, the industry has become interested in rewriting legacy OSs in Rust. However, one of the most significant obstacles to this goal is shared mutable states that are aliased AND mutable (A&M). While they are essential to the performance of legacy OSs, Rust does not guarantee their safety. Instead, programmers have identified A&M states with the same reasoning principle dubbed an A&M pattern and implemented its modular abstraction to facilitate safety reasoning. This paper investigates modular abstractions for A&M patterns in legacy OSs. We present modular abstractions for six A&M patterns in the xv6 OS. Our investigation of Linux and clean-slate Rust OSs shows that the patterns are practical, as all of them are utilized in Linux, and the abstractions are original, as none of them are found in the Rust OSs. Using the abstractions, we implemented xv6${}_{Rust}$, a complete rewrite of xv6 in Rust. The abstractions incur no run-time overhead compared to xv6 while reducing the reasoning cost of xv6${}_{Rust}$ to the level of the clean-slate Rust OSs.

In complex systems, the maintenance phase engenders the emergence of code smells due to incessant shifts in requirements and designs, stringent timelines, and the developer's relative inexperience. While not conventionally classified as errors, code smells inherently signify flawed design structures that lead to future bugs and errors. It increases the software budget and eventually makes the system hard to maintain or completely obsolete. To mitigate these challenges, practitioners must detect and refactor code smells. However, the theoretical interpretation of smell definitions and intelligent establishment of threshold values pose a significant conundrum. Supervised machine learning emerges as a potent strategy to address these problems and alleviate the dependence on expert intervention. The learning mechanism of these algorithms can be refined through data pre-processing and hyperparameter tuning. Selecting the best values for hyperparameters can be tedious and requires an expert. This study introduces an innovative paradigm that fuses twelve swarm-based, meta-heuristic algorithms with two machine learning classifiers, optimizing their hyperparameters, eliminating the need for an expert, and automating the entire code smell detection process. Through this synergistic approach, the highest post-optimization accuracy, precision, recall, F-measure, and ROC-AUC values are 99.09%, 99.20%, 99.09%, 98.06%, and 100%, respectively. The most remarkable upsurge is 35.9% in accuracy, 53.79% in precision, 35.90% in recall, 44.73% in F-measure, and 36.28% in ROC-AUC. Artificial Bee Colony, Grey Wolf, and Salp Swarm Optimizer are the top-performing swarm-intelligent algorithms. God and Data Class are the most readily detectable smells with optimized classifiers. Statistical tests underscore the profound impact of employing swarm-based algorithms to optimize machine learning classifiers, corroborated by statistical tests. This seamless integration enhances classifier performance, automates code smell detection, and offers a robust solution to a persistent software engineering challenge.

Context

Programs with non-termination behavior induce various bugs, such as denial-of-service vulnerability and memory exhaustion. Hence the ability to detect non-termination programs before software deployment is crucial. Existing detection methods are either execution-based or deep learning-based. Despite great advances, their limitations are evident. The former requires complex sandbox environments for execution, while the latter lacks fine-grained analysis.

Objective

To overcome the above limitations, this paper proposes a graph-enhanced contrastive approach, namely TerGEC, which combines both inter-class and intra-class semantics to carry out a more fine-grained analysis and exempt execution during the detection process.

Methods

In detail, TerGEC analyzes behaviors of programs from Abstract Syntax Trees (ASTs), thereby capturing intra-class semantics both syntactically and lexically. Besides, it incorporates contrastive learning to learn the discrepancy between program behaviors of termination and non-termination, thereby acquiring inter-class semantics. In addition, graph augmentation is designed to improve the robustness. Weighted contrastive loss and focal loss are also equipped in TerGEC to alleviate the classes-imbalance problem during the non-termination detection. Consequently, the whole detection process can be handled more fine-grained, and the execution can also be exempted due to the nature of deep learning.

Results

We evaluate TerGEC on five datasets of both Python and C languages. Extensive experiments demonstrate TerGEC achieves the best performance overall. Among all experimented datasets, TerGEC outperforms state-of-the-art baselines by 8.20% in terms of mAP and by 17.07% in terms of AUC on average.

Conclusion

TerGEC is capable of detecting non-terminating programs with high precision, showing that the combination of inter-class and intra-class learning, along with our proposed classes-imbalance solutions, is significantly effective in practice.

Requirements elicitation processes have a series of challenges and limitations in terms of business process focus, system transparency, and dealing with the complexity resulting from interdependence. The Design Thinking approach, which focuses on people and on understanding the context of problems, can contribute to solving them. For this reason, a requirements elicitation process based on Design Thinking has been defined, consisting of three activities: Empathise, Synthesise, and Ideate. For refining this process, a focus group discussion with experts was conducted. The experts provided feedback, specifically on the role of empathy in the process, its domain of application and activities. The results analysed from the focus group confirm the usefulness of the process and generate a series of lessons learned that allowed us to continue refining it. This paper presents the cited process, the main characteristics and results of the focus group and the refined process.

User eXperience (UX) significantly influences the success of free and open source software (FOSS) projects and is measured using UX capability maturity models (UXCMMs). Every organization desires higher levels of UX maturity; however, it requires upfront preparations and process quality control.

Harmonizing processes and analytical lenses for determining preparation for UX maturity are still challenging, and studies to create them are limited. The analysis is ad hoc and based on the actors’ will and experiences. This study proposes and validates analytical lenses.

Findings show that UX experts agreed that the lenses could be used with a consensus percentage of 81 %, the threshold value (d) = 0.112, and crisp values greater than α-cut = 0.5. On validation, 47.57 % of stakeholders agreed, and 52.43 % strongly agreed they were relevant. Results help evaluate the status quo and change culture and policies toward ideal preparation. Two areas are suggested for future research.

Quantum computing plays a crucial role in solving complex problems for which classical supercomputers require an impractical amount of time. This emerging paradigm has the potential to revolutionize various fields such as cryptography, chemistry, and finance, making it a highly relevant area of research and development. Major companies such as Google, Amazon, IBM, and Microsoft, along with prestigious research institutions such as Oxford and MIT, are investing significant efforts into advancing this technology. However, the lack of a standardized approach among different providers poses challenges for developers to effectively access and utilize quantum computing resources. In this study, we propose a quantum orchestrator that is designed to facilitate the orchestration and execution of quantum circuits across multiple quantum service providers. The proposed solution aims to simplify the process for developers and facilitate the execution of quantum tasks using resources offered by different providers. The proposal is validated with the implementation of the proposed orchestrator for Amazon Braket and IBM Quantum. It can support both quantum and classical developers in defining, configuring, and executing circuits independently of the selected provider.

Background and Context

In today's tech-driven world, programming courses are crucial. Yet, teaching programming is challenging, leading to high student failure rates. Understanding student learning patterns is key, but there's a lack of research utilizing tools to automatically collect and analyze interaction data for insights into student performance and behaviors.

Objectives

Study aims to compare problem-solving behaviors of novice and competent programmers during coding tests, identifying patterns and exploring relationships with program correctness.

Method

We built an online system with programming challenges to collect behavior data from novice and competent programmers. Our system analyzed data using various metrics to explore behavior-program correctness relationships.

Findings

Analysis showed distinct problem-solving behavior patterns. Competent programmers had fewer syntax errors, spent less time fixing bugs, and had higher program correctness. Novices made more syntax errors and spent more time fixing coding errors. Both groups used tabs for code structure, but competent programmers introduced unfamiliar variables more often and commented on them afterward. Emphasizing iterative revisions and active engagement enhances problem-solving skills and programming proficiency. Radar charts are effective for identifying improvement areas in teaching programming. The relationship between behavior and program correctness was positively correlated for competent programmers but not novices.

Implications

Study findings have implications for programming education. Radar charts help teachers identify course improvement areas. Novices can learn from competent programmers' behavior. Instructors should encourage continuous skill improvement through revisions and engagement. Identified unfamiliar programming aspects offer insights for targeted learning.