Pub Date : 2023-10-18DOI: 10.1007/s10515-023-00398-6
Rui Lima, João F. Ferreira, Alexandra Mendes, Carolina Carreira
Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the vulnerabilities identified in DifFuzz’s dataset. The results show that the tool can automatically correct timing side-channel vulnerabilities, being more effective with those that are control-flow based. In addition, the results of a user study show that users generally trust the refactorings produced by DifFuzzAR and that they see value in such a tool, in particular for more critical code.
{"title":"DifFuzzAR: automatic repair of timing side-channel vulnerabilities via refactoring","authors":"Rui Lima, João F. Ferreira, Alexandra Mendes, Carolina Carreira","doi":"10.1007/s10515-023-00398-6","DOIUrl":"10.1007/s10515-023-00398-6","url":null,"abstract":"<div><p>Vulnerability detection and repair is a demanding and expensive part of the software development process. As such, there has been an effort to develop new and better ways to automatically detect and repair vulnerabilities. DifFuzz is a state-of-the-art tool for automatic detection of timing side-channel vulnerabilities, a type of vulnerability that is particularly difficult to detect and correct. Despite recent progress made with tools such as DifFuzz, work on tools capable of automatically repairing timing side-channel vulnerabilities is scarce. In this paper, we propose DifFuzzAR, a tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the vulnerabilities identified in DifFuzz’s dataset. The results show that the tool can automatically correct timing side-channel vulnerabilities, being more effective with those that are control-flow based. In addition, the results of a user study show that users generally trust the refactorings produced by DifFuzzAR and that they see value in such a tool, in particular for more critical code.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"31 1","pages":""},"PeriodicalIF":3.4,"publicationDate":"2023-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s10515-023-00398-6.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50036842","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-24DOI: 10.1007/s10515-023-00399-5
Jean-Sébastien Dessureault, Daniel Massicotte
The machine learning frameworks flourished in the last decades, allowing artificial intelligence to get out of academic circles to be applied to enterprise domains. This field has significantly advanced, but there is still some meaningful improvement to reach the subsequent expectations. The proposed framework, named AI(^{2}), uses a natural language interface that allows non-specialists to benefit from machine learning algorithms without necessarily knowing how to program with a programming language. The primary contribution of the AI(^{2}) framework allows a user to call the machine learning algorithms in English, making its interface usage easier. The second contribution is greenhouse gas (GHG) awareness. It has some strategies to evaluate the GHG generated by the algorithm to be called and to propose alternatives to find a solution without executing the energy-intensive algorithm. Another contribution is a preprocessing module that helps to describe and to load data properly. Using an English text-based chatbot, this module guides the user to define every dataset so that it can be described, normalized, loaded, and divided appropriately. The last contribution of this paper is about explainability. The scientific community has known that machine learning algorithms imply the famous black-box problem for decades. Traditional machine learning methods convert an input into an output without being able to justify this result. The proposed framework explains the algorithm’s process with the proper texts, graphics, and tables. The results, declined in five cases, present usage applications from the user’s English command to the explained output. Ultimately, the AI(^{2}) framework represents the next leap toward native language-based, human-oriented concerns about machine learning framework.
{"title":"(AI^{2}): the next leap toward native language-based and explainable machine learning framework","authors":"Jean-Sébastien Dessureault, Daniel Massicotte","doi":"10.1007/s10515-023-00399-5","DOIUrl":"10.1007/s10515-023-00399-5","url":null,"abstract":"<div><p>The machine learning frameworks flourished in the last decades, allowing artificial intelligence to get out of academic circles to be applied to enterprise domains. This field has significantly advanced, but there is still some meaningful improvement to reach the subsequent expectations. The proposed framework, named AI<span>(^{2})</span>, uses a natural language interface that allows non-specialists to benefit from machine learning algorithms without necessarily knowing how to program with a programming language. The primary contribution of the AI<span>(^{2})</span> framework allows a user to call the machine learning algorithms in English, making its interface usage easier. The second contribution is greenhouse gas (GHG) awareness. It has some strategies to evaluate the GHG generated by the algorithm to be called and to propose alternatives to find a solution without executing the energy-intensive algorithm. Another contribution is a preprocessing module that helps to describe and to load data properly. Using an English text-based chatbot, this module guides the user to define every dataset so that it can be described, normalized, loaded, and divided appropriately. The last contribution of this paper is about explainability. The scientific community has known that machine learning algorithms imply the famous black-box problem for decades. Traditional machine learning methods convert an input into an output without being able to justify this result. The proposed framework explains the algorithm’s process with the proper texts, graphics, and tables. The results, declined in five cases, present usage applications from the user’s English command to the explained output. Ultimately, the AI<span>(^{2})</span> framework represents the next leap toward native language-based, human-oriented concerns about machine learning framework.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"30 2","pages":""},"PeriodicalIF":3.4,"publicationDate":"2023-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50046787","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-13DOI: 10.1007/s10515-023-00392-y
Qianguo Chen, Teng Zhou, Kui Liu, Li Li, Chunpeng Ge, Zhe Liu, Jacques Klein, Tegawendé F. Bissyandé
Smart contracts are slowly penetrating our society where they are leveraged to support critical business transactions of which financial stakes are high. Smart contract programming is, however, in its infancy, and many failures due to programming defects exploited by malicious attackers and have made the headlines. In recent years, there has been an increasing effort in the literature to identify such vulnerabilities early in smart contracts to reduce the threats to the security of the accounts. Automatically patching smart contracts, however, is a much less investigated research topic. Yet, it can provide tools to help developers in fixing known vulnerabilities more rapidly. In this paper, we propose to review smart contract vulnerabilities and specify templates that will serve to automate patch generation. We implement the TIPS pipeline with 12 fix templates and assess its effectiveness on established smart contract datasets such as SmartBugs and ContractDefects. In particular, we show that TIPS is competitive against the state-of-the-art automated repair approach (SCRepair) in the literature. Finally, we evaluate the impact of the code changes suggested by TIPS in terms of gas usage.
{"title":"Tips: towards automating patch suggestion for vulnerable smart contracts","authors":"Qianguo Chen, Teng Zhou, Kui Liu, Li Li, Chunpeng Ge, Zhe Liu, Jacques Klein, Tegawendé F. Bissyandé","doi":"10.1007/s10515-023-00392-y","DOIUrl":"10.1007/s10515-023-00392-y","url":null,"abstract":"<div><p>Smart contracts are slowly penetrating our society where they are leveraged to support critical business transactions of which financial stakes are high. Smart contract programming is, however, in its infancy, and many failures due to programming defects exploited by malicious attackers and have made the headlines. In recent years, there has been an increasing effort in the literature to identify such vulnerabilities early in smart contracts to reduce the threats to the security of the accounts. Automatically patching smart contracts, however, is a much less investigated research topic. Yet, it can provide tools to help developers in fixing known vulnerabilities more rapidly. In this paper, we propose to review smart contract vulnerabilities and specify templates that will serve to automate patch generation. We implement the TIPS pipeline with 12 fix templates and assess its effectiveness on established smart contract datasets such as SmartBugs and ContractDefects. In particular, we show that TIPS is competitive against the state-of-the-art automated repair approach (SCRepair) in the literature. Finally, we evaluate the impact of the code changes suggested by TIPS in terms of gas usage.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"30 2","pages":""},"PeriodicalIF":3.4,"publicationDate":"2023-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50024647","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Apps reviews hold a huge amount of informative user feedback that may be used to assist software practitioners in better understanding users’ needs, identify issues related to quality, such as privacy concerns and low efficiency, and evaluate the perceived users’ satisfaction with the app features. One way to efficiently extract this information is by using Aspect-Based Sentiment Analysis (ABSA). The role of ABSA of apps reviews is to identify all app’s aspects being reviewed and assign a sentiment polarity towards each aspect. This paper aims to build ABSA models using supervised Machine Learning (ML) and Deep Learning (DL) approaches. Our automated technique is intended to (1) identify the most useful and effective text-representation and task-specific features in both Aspect Category Detection (ACD) and Aspect Category Polarity, (2) empirically investigate the performance of conventional ML models when utilized for ABSA task of apps reviews, and (3) empirically compare the performance of ML models and DL models in the context of ABSA task. We built the models using different algorithms/architectures and performed hyper-parameters tuning. In addition, we extracted a set of relevant features for the ML models and performed an ablation study to analyze their contribution to the performance. Our empirical study showed that the ML model trained using Logistic Regression algorithm and BERT embeddings outperformed the other models. Although ML outperformed DL, DL models do not require hand-crafted features and they allow for a better learning of features when trained with more data.
{"title":"An automated approach to aspect-based sentiment analysis of apps reviews using machine and deep learning","authors":"Nouf Alturayeif, Hamoud Aljamaan, Jameleddine Hassine","doi":"10.1007/s10515-023-00397-7","DOIUrl":"10.1007/s10515-023-00397-7","url":null,"abstract":"<div><p>Apps reviews hold a huge amount of informative user feedback that may be used to assist software practitioners in better understanding users’ needs, identify issues related to quality, such as privacy concerns and low efficiency, and evaluate the perceived users’ satisfaction with the app features. One way to efficiently extract this information is by using Aspect-Based Sentiment Analysis (ABSA). The role of ABSA of apps reviews is to identify all app’s aspects being reviewed and assign a sentiment polarity towards each aspect. This paper aims to build ABSA models using supervised Machine Learning (ML) and Deep Learning (DL) approaches. Our automated technique is intended to (1) identify the most useful and effective text-representation and task-specific features in both Aspect Category Detection (ACD) and Aspect Category Polarity, (2) empirically investigate the performance of conventional ML models when utilized for ABSA task of apps reviews, and (3) empirically compare the performance of ML models and DL models in the context of ABSA task. We built the models using different algorithms/architectures and performed hyper-parameters tuning. In addition, we extracted a set of relevant features for the ML models and performed an ablation study to analyze their contribution to the performance. Our empirical study showed that the ML model trained using Logistic Regression algorithm and BERT embeddings outperformed the other models. Although ML outperformed DL, DL models do not require hand-crafted features and they allow for a better learning of features when trained with more data.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"30 2","pages":""},"PeriodicalIF":3.4,"publicationDate":"2023-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50017466","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-08-26DOI: 10.1007/s10515-023-00391-z
Nicolas Dilley, Julien Lange
The Go programming language offers a wide range of primitives to coordinate lightweight threads, e.g., channels, waitgroups, and mutexes—all of which may cause concurrency bugs. Static checkers that guarantee the absence of bugs are essential to help programmers avoid these costly errors before their code is executed. However existing tools either miss too many bugs or cannot handle large programs, and do not support programs that rely on statically unknown parameters that affect their concurrent structure (e.g., number of threads). To address these limitations, we propose a static checker for Go programs which relies on performing bounded model checking of their concurrent behaviours. In contrast to previous works, our approach deals with large codebases, supports programs that have statically unknown parameters, and is extensible to additional concurrency primitives. Our work includes a detailed presentation of the extraction algorithm from Go programs to models, an algorithm to automatically check programs with statically unknown parameters, and a large scale evaluation of our approach. The latter shows that our approach outperforms the state-of-the-art on 220 synthetic programs and 78 buggy programs adapted from existing codebases.�
{"title":"Automated verification of concurrent go programs via bounded model checking","authors":"Nicolas Dilley, Julien Lange","doi":"10.1007/s10515-023-00391-z","DOIUrl":"10.1007/s10515-023-00391-z","url":null,"abstract":"<div><p>The Go programming language offers a wide range of primitives to coordinate lightweight threads, e.g., channels, waitgroups, and mutexes—all of which may cause concurrency bugs. Static checkers that guarantee the absence of bugs are essential to help programmers avoid these costly errors before their code is executed. However existing tools either miss too many bugs or cannot handle large programs, and do not support programs that rely on statically unknown parameters that affect their concurrent structure (e.g., number of threads). To address these limitations, we propose a static checker for Go programs which relies on performing bounded model checking of their concurrent behaviours. In contrast to previous works, our approach deals with large codebases, supports programs that have statically unknown parameters, and is extensible to additional concurrency primitives. Our work includes a detailed presentation of the extraction algorithm from Go programs to models, an algorithm to automatically check programs with statically unknown parameters, and a large scale evaluation of our approach. The latter shows that our approach outperforms the state-of-the-art on 220 synthetic programs and 78 buggy programs adapted from existing codebases.\u0000</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"30 2","pages":""},"PeriodicalIF":3.4,"publicationDate":"2023-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50047664","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-08-22DOI: 10.1007/s10515-023-00396-8
Jinyin Chen, Jie Ge, Haibin Zheng
Widespread applications of deep neural networks (DNNs) benefit from DNN testing to guarantee their quality. In the DNN testing, numerous test cases are fed into the model to explore potential vulnerabilities, but they require expensive manual cost to check the label. Therefore, test case prioritization is proposed to solve the problem of labeling cost, e.g., surprise adequacy-based, uncertainty quantifiers-based and mutation-based prioritization methods. However, most of them suffer from limited scenarios (i.e. high confidence adversarial or false positive cases) and high time complexity. To address these challenges, we propose the concept of the activation graph from the perspective of the spatial relationship of neurons. We observe that the activation graph of cases that triggers the model’s misbehavior significantly differs from that of normal cases. Motivated by it, we design a test case prioritization method based on the activation graph, ActGraph, by extracting the high-order node feature of the activation graph for prioritization. ActGraph explains the difference between the test cases to solve the problem of scenario limitation. Without mutation operations, ActGraph is easy to implement, leading to lower time complexity. Extensive experiments on three datasets and four models demonstrate that ActGraph has the following key characteristics. (i) Effectiveness and generalizability: ActGraph shows competitive performance in all of the natural, adversarial and mixed scenarios, especially in RAUC-100 improvement ((sim times )1.40). (ii) Efficiency: ActGraph runs at less time cost ((sim times )1/50) than the state-of-the-art method. The code of ActGraph is open-sourced at https://github.com/Embed-Debuger/ActGraph.
{"title":"ActGraph: prioritization of test cases based on deep neural network activation graph","authors":"Jinyin Chen, Jie Ge, Haibin Zheng","doi":"10.1007/s10515-023-00396-8","DOIUrl":"10.1007/s10515-023-00396-8","url":null,"abstract":"<div><p>Widespread applications of deep neural networks (DNNs) benefit from DNN testing to guarantee their quality. In the DNN testing, numerous test cases are fed into the model to explore potential vulnerabilities, but they require expensive manual cost to check the label. Therefore, test case prioritization is proposed to solve the problem of labeling cost, e.g., surprise adequacy-based, uncertainty quantifiers-based and mutation-based prioritization methods. However, most of them suffer from limited scenarios (i.e. high confidence adversarial or false positive cases) and high time complexity. To address these challenges, we propose the concept of the activation graph from the perspective of the spatial relationship of neurons. We observe that the activation graph of cases that triggers the model’s misbehavior significantly differs from that of normal cases. Motivated by it, we design a test case prioritization method based on the activation graph, ActGraph, by extracting the high-order node feature of the activation graph for prioritization. ActGraph explains the difference between the test cases to solve the problem of scenario limitation. Without mutation operations, ActGraph is easy to implement, leading to lower time complexity. Extensive experiments on three datasets and four models demonstrate that ActGraph has the following key characteristics. (i) <i>Effectiveness and generalizability</i>: ActGraph shows competitive performance in all of the natural, adversarial and mixed scenarios, especially in <i>RAUC-100</i> improvement (<span>(sim times )</span>1.40). (ii) <i>Efficiency</i>: ActGraph runs at less time cost (<span>(sim times )</span>1/50) than the state-of-the-art method. The code of ActGraph is open-sourced at <i>https://github.com/Embed-Debuger/ActGraph</i>.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"30 2","pages":""},"PeriodicalIF":3.4,"publicationDate":"2023-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s10515-023-00396-8.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50041902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Program translation aims to translate one kind of programming language to another, e.g., from Python to Java. Due to the inefficiency of translation rules construction with pure human effort (software engineer) and the low quality of machine translation results with pure machine effort, it is suggested to implement program translation in a human–machine cooperative way. However, existing human–machine program translation methods fail to utilize the human’s ability effectively, which require human to post-edit the results (i.e., statically modified directly on the model generated code). To solve this problem, we propose HMPT (Human-Machine Program Translation), a novel method that achieves program translation based on human–machine cooperation. It can (1) reduce the human effort by introducing a prefix-based interactive protocol that feeds the human’s edit into the model as the prefix and regenerates better output code, and (2) reduce the interactive response time resulted by excessive program length in the regeneration process from two aspects: avoiding duplicate prefix generation with cache attention information, as well as reducing invalid suffix generation by splicing the suffix of the results. The experiments are conducted on two real datasets. Results show compared to the baselines, our method reduces the human effort up to 73.5% at the token level and reduces the response time up to 76.1%.
{"title":"HMPT: a human–machine cooperative program translation method","authors":"Xin Zhang, Zhiwen Yu, Jiaqi Liu, Hui Wang, Liang Wang, Bin Guo","doi":"10.1007/s10515-023-00395-9","DOIUrl":"10.1007/s10515-023-00395-9","url":null,"abstract":"<div><p>Program translation aims to translate one kind of programming language to another, e.g., from Python to Java. Due to the inefficiency of translation rules construction with pure human effort (software engineer) and the low quality of machine translation results with pure machine effort, it is suggested to implement program translation in a human–machine cooperative way. However, existing human–machine program translation methods fail to utilize the human’s ability effectively, which require human to post-edit the results (i.e., statically modified directly on the model generated code). To solve this problem, we propose HMPT (Human-Machine Program Translation), a novel method that achieves program translation based on human–machine cooperation. It can (1) reduce the human effort by introducing a prefix-based interactive protocol that feeds the human’s edit into the model as the prefix and regenerates better output code, and (2) reduce the interactive response time resulted by excessive program length in the regeneration process from two aspects: avoiding duplicate prefix generation with cache attention information, as well as reducing invalid suffix generation by splicing the suffix of the results. The experiments are conducted on two real datasets. Results show compared to the baselines, our method reduces the human effort up to 73.5% at the token level and reduces the response time up to 76.1%.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"30 2","pages":""},"PeriodicalIF":3.4,"publicationDate":"2023-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s10515-023-00395-9.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50040344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-08-02DOI: 10.1007/s10515-023-00394-w
Yuying Li, Yang Feng, Chao Guo, Zhenyu Chen, Baowen Xu
The testing of Android applications(apps) is a challenging task due to the serious fragmentation issues and diverse usage environments. To improve the testing efficiency and collect the feedbacks from real usage scenarios, crowdsourcing has been employed in the testing of Android. However, crowdsourced testing is a manual working paradigm, while the shortage of testing guidance for crowd workers who often have limited software engineering knowledge may result in many redundant or invalid test reports. To fill this gap, this paper presents an automated test case generation approach for the testing of Android apps. Our approach is built upon static program analysis and is capable of providing detailed testing steps to guide workers in performing testing. Furthermore, we use the automated testing tool for pre-testing, and crowd workers only need to test the uncovered test cases. We evaluate our approach with six widely-used apps to evaluate its effectiveness and efficiency. The experimental results show that our approach can detect 71.5% more bugs in diverse categories and achieve 21.8% higher path coverage in comparison with classic crowdsourced testing techniques. Also, in the experiment, we detect 44 unknown bugs in the six subjects, which indicates our approach is highly promising for assisting the testing of Android apps in practice.
{"title":"Crowdsourced test case generation for android applications via static program analysis","authors":"Yuying Li, Yang Feng, Chao Guo, Zhenyu Chen, Baowen Xu","doi":"10.1007/s10515-023-00394-w","DOIUrl":"10.1007/s10515-023-00394-w","url":null,"abstract":"<div><p>The testing of Android applications(apps) is a challenging task due to the serious fragmentation issues and diverse usage environments. To improve the testing efficiency and collect the feedbacks from real usage scenarios, crowdsourcing has been employed in the testing of Android. However, crowdsourced testing is a manual working paradigm, while the shortage of testing guidance for crowd workers who often have limited software engineering knowledge may result in many redundant or invalid test reports. To fill this gap, this paper presents an automated test case generation approach for the testing of Android apps. Our approach is built upon static program analysis and is capable of providing detailed testing steps to guide workers in performing testing. Furthermore, we use the automated testing tool for pre-testing, and crowd workers only need to test the uncovered test cases. We evaluate our approach with six widely-used apps to evaluate its effectiveness and efficiency. The experimental results show that our approach can detect 71.5% more bugs in diverse categories and achieve 21.8% higher path coverage in comparison with classic crowdsourced testing techniques. Also, in the experiment, we detect 44 unknown bugs in the six subjects, which indicates our approach is highly promising for assisting the testing of Android apps in practice.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"30 2","pages":""},"PeriodicalIF":3.4,"publicationDate":"2023-08-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s10515-023-00394-w.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50001596","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-07-29DOI: 10.1007/s10515-023-00386-w
Johnathan Mauricio Calle Gallego, Carlos Mario Zapata Jaramillo
Requirements elicitation is a stakeholder-centered approach; therefore, natural language remains an effective way of documenting and validating requirements. As the scope of the software domain grows, software analysts process a higher number of requirements documents, generating delays and errors while characterizing the software domain. Natural language processing is key in such a process, allowing software analysts for speeding up the requirements elicitation process and mitigating the impact of the ambiguity and misinterpretations coming from natural-language-based requirements documents. However, natural-language-processing-based proposals for requirements elicitation are mainly focused on specific domains and still fail for understanding several requirements writing styles. In this paper, we present QUARE, a question-answering model for requirements elicitation. The QUARE model comprises a meta-ontology for requirements elicitation, easing the generation of requirements-elicitation-related questions and the initial structuration of any software domain. In addition, the QUARE model includes a named entity recognition and relation extraction system focused on requirements elicitation, allowing software analysts for processing several requirements writing styles. Although software analysts address a software domain at a time, they use the same kind of questions for identifying and characterizing requirements abstractions such as actors, concepts, and actions from a software domain. Such a process may be framed into the QUARE model workflow. We validate our proposal by using an experimental process including real-world requirements documents coming from several software domains and requirements writing styles. The QUARE model is a novel proposal aimed at supporting software analysts in the requirements elicitation process.
{"title":"QUARE: towards a question-answering model for requirements elicitation","authors":"Johnathan Mauricio Calle Gallego, Carlos Mario Zapata Jaramillo","doi":"10.1007/s10515-023-00386-w","DOIUrl":"10.1007/s10515-023-00386-w","url":null,"abstract":"<div><p>Requirements elicitation is a stakeholder-centered approach; therefore, natural language remains an effective way of documenting and validating requirements. As the scope of the software domain grows, software analysts process a higher number of requirements documents, generating delays and errors while characterizing the software domain. Natural language processing is key in such a process, allowing software analysts for speeding up the requirements elicitation process and mitigating the impact of the ambiguity and misinterpretations coming from natural-language-based requirements documents. However, natural-language-processing-based proposals for requirements elicitation are mainly focused on specific domains and still fail for understanding several requirements writing styles. In this paper, we present QUARE, a question-answering model for requirements elicitation. The QUARE model comprises a meta-ontology for requirements elicitation, easing the generation of requirements-elicitation-related questions and the initial structuration of any software domain. In addition, the QUARE model includes a named entity recognition and relation extraction system focused on requirements elicitation, allowing software analysts for processing several requirements writing styles. Although software analysts address a software domain at a time, they use the same kind of questions for identifying and characterizing requirements abstractions such as actors, concepts, and actions from a software domain. Such a process may be framed into the QUARE model workflow. We validate our proposal by using an experimental process including real-world requirements documents coming from several software domains and requirements writing styles. The QUARE model is a novel proposal aimed at supporting software analysts in the requirements elicitation process.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"30 2","pages":""},"PeriodicalIF":3.4,"publicationDate":"2023-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s10515-023-00386-w.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50053460","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-07-28DOI: 10.1007/s10515-023-00390-0
Ahmed Chikhaoui, Abdelhafid Chadli, Abdelkader Ouared
Obviously, the complexity of mathematical database cost models increases with the evolution of the database technology brought by emerging hardware and the new deployment platforms (ex. Cloud). This finding raises questions about the reliability of past Cost Models (CMs). Indeed, redesigning a database CM to evaluate the quality of service (QoS) attributes (i.e. response time, energy, sizing, etc.) is becoming a challenging task. First, because developers directly implement the CM by hard coding inside a DBMS without a prior design. Second, due to a lack of a stepwise development process to support an incremental CM design and continuous testing to diagnose errors that occur at each design stage. Moreover, reusing CMs for other purposes is a major issue that necessitates investigations to allow designers reusing and adapting CMs according to their needs. To take up these challenges, we propose a model-based framework for incremental design and continuous testing of Database CMs Specifically, we are motivated by proposing an approach that aims at shifting CMs design from an adhoc design to a structured and shared design by using a set of design guidelines inspired from software engineering practices. Finally, we propose to use the DevOps reuse practices (Continuous Integration/Continuous Delivery: CI/CD) to store the CM under design in a repository after each upgrade to be reused, improved, calibrated, and refined for other purposes. We evaluate our approach against common CM features, and we carry out a comparison with some analytical models from the literature. Findings show that our framework provides a high CM prediction accuracy, and identify the right design components with a precision ranging from 85% to 100%.
{"title":"A model-based DevOps process for development of mathematical database cost models","authors":"Ahmed Chikhaoui, Abdelhafid Chadli, Abdelkader Ouared","doi":"10.1007/s10515-023-00390-0","DOIUrl":"10.1007/s10515-023-00390-0","url":null,"abstract":"<div><p>Obviously, the complexity of mathematical database cost models increases with the evolution of the database technology brought by emerging hardware and the new deployment platforms (ex. Cloud). This finding raises questions about the reliability of past Cost Models (CMs). Indeed, redesigning a database CM to evaluate the quality of service (QoS) attributes (i.e. response time, energy, sizing, etc.) is becoming a challenging task. First, because developers directly implement the CM by hard coding inside a DBMS without a prior design. Second, due to a lack of a stepwise development process to support an incremental CM design and continuous testing to diagnose errors that occur at each design stage. Moreover, reusing CMs for other purposes is a major issue that necessitates investigations to allow designers reusing and adapting CMs according to their needs. To take up these challenges, we propose a model-based framework for incremental design and continuous testing of Database CMs Specifically, we are motivated by proposing an approach that aims at shifting CMs design from an adhoc design to a structured and shared design by using a set of design guidelines inspired from software engineering practices. Finally, we propose to use the DevOps reuse practices (Continuous Integration/Continuous Delivery: CI/CD) to store the CM under design in a repository after each upgrade to be reused, improved, calibrated, and refined for other purposes. We evaluate our approach against common CM features, and we carry out a comparison with some analytical models from the literature. Findings show that our framework provides a high CM prediction accuracy, and identify the right design components with a precision ranging from 85% to 100%.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"30 2","pages":""},"PeriodicalIF":3.4,"publicationDate":"2023-07-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s10515-023-00390-0.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50051211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号