Automated Software Engineering最新文献

Frequent smart contract security incidents pose a threat to the credibility of the Ethereum platform, making smart contract vulnerability detection a focal point of concern. Previous research has proposed vulnerability detection methods in smart contracts. Generally, these tools rely on predefined rules to detect vulnerable smart contracts. However, using out-of-date rules for vulnerability detection may lead to a significant number of false negatives and false positives due to the growing variety of smart contract vulnerability types and the ongoing enhancement of vulnerability defense mechanisms. In this paper, we propose ContractSentry, a tool for static analysis of smart contracts. First, we preprocess Solidity code to build critical contract information and transform it into an intermediate representation. Then, based on the intermediate representations, we propose composite rules for vulnerability detection by analyzing the characteristics of different types of vulnerabilities in smart contracts. Finally, we evaluate ContractSentry with two datasets and compare it with state-of-the-art vulnerability detection tools. Experimental results demonstrate that ContractSentry achieves superior detection effectiveness.

The pursuit of efficiency in code review has intensified, prompting a wave of research focused on automating code review comment generation. However, the existing body of research is fragmented, characterized by disparate approaches to task formats, factor selection, and dataset processing. Such variability often leads to an emphasis on refining model structures, overshadowing the critical roles of factor selection and representation. To bridge these gaps, we have assembled a comprehensive dataset that includes not only the primary factors identified in previous studies but also additional pertinent data. Utilizing this dataset, we assessed the impact of various factors and their representations on two leading computational approaches: fine-tuning pre-trained models and using prompts in large language models. Our investigation also examines the potential benefits and drawbacks of incorporating abstract syntax trees to represent code change structures. Our results reveal that: (1) the impact of factors varies between computational paradigms and their representations can have complex interactions; (2) integrating a code structure graph can enhance the graphing of code content, yet potentially impair the understanding capabilities of language models; and (3) strategically combining factors can elevate basic models to outperform those specifically pre-trained for tasks. These insights are pivotal for steering future research in code review automation.

Software Fault Prediction is a critical domain in machine learning aimed at pre-emptively identifying and mitigating software faults. This study addresses challenges related to imbalanced datasets and feature selection, significantly enhancing the effectiveness of fault prediction models. We mitigate class imbalance in the Unified Dataset using the Random-Over Sampling technique, resulting in superior accuracy for minority-class predictions. Additionally, we employ the innovative Ant-Colony Optimization algorithm (ACO) for feature selection, extracting pertinent features to amplify model performance. Recognizing the limitations of individual machine learning models, we introduce the Dynamic Classifier, a ground-breaking ensemble that combines predictions from multiple algorithms, elevating fault prediction precision. Model parameters are fine-tuned using the Grid-Search Method, achieving an accuracy of 94.129% and superior overall performance compared to random forest, decision tree and other standard machine learning algorithms. The core contribution of this study lies in the comparative analysis, pitting our Dynamic Classifier against Standard Algorithms using diverse performance metrics. The results unequivocally establish the Dynamic Classifier as a frontrunner, highlighting its prowess in fault prediction. In conclusion, this research introduces a comprehensive and innovative approach to software fault prediction. It pioneers the resolution of class imbalance, employs cutting-edge feature selection, and introduces dynamic ensemble classifiers. The proposed methodology, showcasing a significant advancement in performance over existing methods, illuminates the path toward developing more accurate and efficient fault prediction models.

App stores enable users to provide insightful feedback on apps, which developers can use for future software application enhancement and evolution. However, finding user reviews that are valuable and relevant for quality improvement and app enhancement is challenging because of increasing end-user feedback. Also, to date, according to our knowledge, the existing sentiment analysis approaches lack in considering sarcasm and its types when identifying sentiments of end-user reviews for requirements decision-making. Moreover, no work has been reported on detecting sarcasm by analyzing app reviews. This paper proposes an automated approach by detecting sarcasm and its types in end-user reviews and identifying valuable requirements-related information using natural language processing (NLP) and deep learning (DL) algorithms to help software engineers better understand end-user sentiments. For this purpose, we crawled 55,000 end-user comments on seven software apps in the Play Store. Then, a novel sarcasm coding guideline is developed by critically analyzing end-user reviews and recovering frequently used sarcastic types such as Irony, Humor, Flattery, Self-Deprecation, and Passive Aggression. Next, using coding guidelines and the content analysis approach, we annotated the 10,000 user comments and made them parsable for the state-of-the-art DL algorithms. We conducted a survey at two different universities in Pakistan to identify participants’ accuracy in manually identifying sarcasm in the end-user reviews. We developed a ground truth to compare the results of DL algorithms. We then applied various fine-tuned DL classifiers to first detect sarcasm in the end-user feedback and then further classified the sarcastic reviews into more fine-grained sarcastic types. For this, end-user comments are first pre-processed and balanced with the instances in the dataset. Then, feature engineering is applied to fine-tune the DL classifiers. We obtain an average accuracy of 97%, 96%, 96%, 96%, 96%, 86%, and 90% with binary classification and 90%, 91%, 92%, 91%, 91%, 75%, and 89% with CNN, LSTM, BiLSTM, GRU, BiGRU, RNN, and BiRNN classifiers, respectively. Such information would help improve the performance of sentiment analysis approaches to understand better the associated sentiments with the identified new features or issues.

Fault localization is a process that aims to identify the potentially faulty statements responsible for program failures by analyzing runtime information. Therefore, the input code coverage matrix plays a crucial role in FL. However, the effectiveness of fault localization is compromised by the presence of coincidental correct test cases (CCTC) in the coverage matrix. These CCTC execute faulty code but do not result in program failures. To address this issue, many existing methods focus on identifying CCTC through cluster analysis. However, these methods have three problems. Firstly, identifying the optimal cluster count poses a considerable challenge in CCTC detection. Secondly, the effectiveness of CCTC detection is heavily influenced by the initial centroid selection. Thirdly, the presence of abundant fault-irrelevant statements within the raw coverage matrix introduces substantial noise for CCTC detection. To overcome these challenges, we propose SCD4FL: a semantic context-based CCTC detection method to enhance the coverage matrix for fault localization. SCD4FL incorporates and implements two key ideas: (1) SCD4FL uses the intersection of execution slices to construct a semantic context from the raw coverage matrix, effectively reducing noise during CCTC detection. (2) SCD4FL employs an expert-knowledge-based K-nearest neighbors (KNN) algorithm to detect the CCTC, effectively eliminating the requirement of determining the cluster number and initial centroid. To evaluate the effectiveness of SCD4FL, we conducted extensive experiments on 420 faulty versions of nine benchmarks using six state-of-the-art fault localization methods and two representative CCTC detection methods. The experimental results validate the effectiveness of our method in enhancing the performance of the six fault localization methods and two CCTC detection methods, e.g., the RNN method can be improved by 53.09% under the MFR metric.

Software Fault Prediction is an efficient strategy to improve the quality of software systems. In reality, there won’t be adequate software fault data for a recently established project where the Cross-Project Fault Prediction (CPFP) model plays an important role. CPFP model utilizes other finished projects data to predict faults in ongoing projects. Existing CPFP methods concentrate on discrepancies in distribution between projects without exploring relevant source projects selection combined with distribution gap minimizing methods. Additionally, performing imbalance learning and feature extraction in software projects only balances the data and reduces features by eliminating redundant and unrelated features. This paper proposes a novel SRES method called Similarity and applicability based source projects selection, REsampling, and Stacked autoencoder (SRES) model. To analyze the performance of relevant source projects over CPFP, we proposed a new similarity and applicability based source projects selection method to automatically select sources for the target project. In addition, we introduced a new resampling method that balances source project data by generating data related to the target project, eliminating unrelated data, and reducing the distribution gap. Then, SRES uses the stacked autoencoder to extract informative intermediate feature data to further improve the prediction accuracy of the CPFP. SRES performs comparable to or superior to the conventional CPFP model on six different performance indicators over 24 projects by effectively addressing the issues of CPFP. In conclusion, we can ensure that resampling and feature reduction techniques, along with source projects selection can improve cross-project prediction performance.

The Internet of Things (IoT) has become a core driver leading technological advancements and social transformations. Furthermore, data generation plays multiple roles in IoT, such as driving decision-making, achieving intelligence, promoting innovation, improving user experience, and ensuring security, making it a critical factor in promoting the development and application of IoT. Due to the vast scale of the network and the complexity of device interconnection, effective resource allocation has become crucial. Leveraging the flexibility of Network Virtualization technology in decoupling network functions and resources, this work proposes a Multi-Domain Virtual Network Embedding algorithm based on Deep Reinforcement Learning to provide energy-efficient resource allocation decision-making for IoT data generation. Specifically, we deploy a four-layer structured agent to calculate candidate IoT nodes and links that meet data generation requirements. Moreover, the agent is guided by the reward mechanism and gradient back-propagation algorithm for optimization. Finally, the effectiveness of the proposed method is validated through simulation experiments. Compared with other methods, our method improves the long-term revenue, long-term resource utilization, and allocation success rate by 15.78%, 15.56%, and 6.78%, respectively.

With the widespread application of deep learning in software engineering, deep code models have played an important role in improving code quality and development efficiency, promoting the intelligence and industrialization of software engineering. In recent years, the fragility of deep code models has been constantly exposed, with various attack methods emerging against deep code models and robustness attacks being a new attack paradigm. Adversarial samples after model deployment are generated to evade the predictions of deep code models, making robustness attacks a hot research direction. Therefore, to provide a comprehensive survey of robustness attacks on deep code models and their implications, this paper comprehensively analyzes the robustness attack methods in deep code models. Firstly, it analyzes the differences between robustness attacks and other attack paradigms, defines basic attack methods and processes, and then summarizes robustness attacks’ threat model, evaluation metrics, attack settings, etc. Furthermore, existing attack methods are classified from multiple dimensions, such as attacker knowledge and attack scenarios. In addition, common tasks, datasets, and deep learning models in robustness attack research are also summarized, introducing beneficial applications of robustness attacks in data augmentation, adversarial training, etc., and finally, looking forward to future key research directions.

Unmanned aerial systems (UAS) rely on various avionics systems that are safety-critical and mission-critical. A major requirement of international safety standards is to perform rigorous system-level testing of avionics software systems. The current industrial practice is to manually create test scenarios, manually/automatically execute these scenarios using simulators, and manually evaluate outcomes. The test scenarios typically consist of setting certain flight or environment conditions and testing the system under test in these settings. The state-of-the-art approaches for this purpose also require manual test scenario development and evaluation. In this paper, we propose a novel approach to automate the system-level testing of the UAS. The proposed approach (namely AITester) utilizes model-based testing and artificial intelligence (AI) techniques to automatically generate, execute, and evaluate various test scenarios. The test scenarios are generated on the fly, i.e., during test execution based on the environmental context at runtime. The approach is supported by a toolset. We empirically evaluated the proposed approach on two core components of UAS, an autopilot system of an unmanned aerial vehicle (UAV) and cockpit display systems (CDS) of the ground control station (GCS). The results show that the AITester effectively generates test scenarios causing deviations from the expected behavior of the UAV autopilot and reveals potential flaws in the GCS-CDS.

Decentralized Finance (DeFi) uses blockchain technologies to transform traditional financial activities into decentralized platforms that run without intermediaries and centralized institutions. Smart contracts are programs that run on the blockchain, and by utilizing smart contracts, developers can more easily develop DeFi applications. Some key features of smart contracts—self-executed and immutability—ensure the trustworthiness, transparency and efficiency of DeFi applications and have led to a fast-growing DeFi market. However, misbehaving developers can add traps or backdoor code snippets to a smart contract, which are hard for contract users to discover. We call these code snippets in a DeFi smart contract as “DeFi Contract Traps” (DCTs). In this paper, we identify five DeFi contract traps and introduce their behaviors, describe how attackers use them to make unfair profits and analyze their prevalence in the Ethereum platform. We propose a symbolic execution tool, DeFiDefender, to detect such traps and use a manually labeled small-scale dataset that consists of 700 smart contracts to evaluate it. Our results show that our tool is not only highly effective but also highly efficient.DeFiDefender only needs 0.48 s to analyze one DeFi smart contract and obtains a high average accuracy (98.17%), precision (99.74%)and recall (89.24%). Among the five DeFi contract traps introduced in this paper, four of them can be detected through contract bytecode without the need for source code. We also apply DeFiDefender to a large-scale dataset that consists of 20,679 real DeFi-related Ethereum smart contracts. We found that 52.13% of these DeFi smart contracts contain at least one contract trap. Although a smart contract that contains contract traps is not necessarily malicious, our finding suggests that DeFi-related contracts have many centralized issues in a zero-trust environment and in the absence of a trusted party.