Current metrics for assessing the adequacy of a test-suite plainly focus on the number of components (be it lines, branches, paths) covered by the suite, but do not explicitly check how the tests actually exercise these components and whether they provide enough information so that spectrum-based fault localization techniques can perform accurate fault isolation. We propose a metric, called DDU, aimed at complementing adequacy measurements by quantifying a test-suite's diagnosability, i.e., the effectiveness of applying spectrum-based fault localization to pinpoint faults in the code in the event of test failures. Our aim is to increase the value generated by creating thorough test-suites, so they are not only regarded as error detection mechanisms but also as effective diagnostic aids that help widely-used fault-localization techniques to accurately pinpoint the location of bugs in the system. Our experiments show that optimizing a test suite with respect to DDU yields a 34% gain in spectrum-based fault localization report accuracy when compared to the standard branch-coverage metric.
{"title":"A Test-Suite Diagnosability Metric for Spectrum-Based Fault Localization Approaches","authors":"Alexandre Perez, Rui Abreu, A. Deursen","doi":"10.1109/ICSE.2017.66","DOIUrl":"https://doi.org/10.1109/ICSE.2017.66","url":null,"abstract":"Current metrics for assessing the adequacy of a test-suite plainly focus on the number of components (be it lines, branches, paths) covered by the suite, but do not explicitly check how the tests actually exercise these components and whether they provide enough information so that spectrum-based fault localization techniques can perform accurate fault isolation. We propose a metric, called DDU, aimed at complementing adequacy measurements by quantifying a test-suite's diagnosability, i.e., the effectiveness of applying spectrum-based fault localization to pinpoint faults in the code in the event of test failures. Our aim is to increase the value generated by creating thorough test-suites, so they are not only regarded as error detection mechanisms but also as effective diagnostic aids that help widely-used fault-localization techniques to accurately pinpoint the location of bugs in the system. Our experiments show that optimizing a test suite with respect to DDU yields a 34% gain in spectrum-based fault localization report accuracy when compared to the standard branch-coverage metric.","PeriodicalId":6505,"journal":{"name":"2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)","volume":"17 1","pages":"654-664"},"PeriodicalIF":0.0,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87679608","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Traversal is one of the most fundamental operations on data structures, in which an algorithm systematically visits some or all of the data items of a data structure. We propose a dynamic analysis technique, called Travioli, for detecting data-structure traversals. We introduce the concept of acyclic execution contexts, which enables precise detection of traversals of arrays and linked data structures such as lists and trees in the presence of both loops and recursion. We describe how the information reported by Travioli can be used for visualizing data-structure traversals, manually generating performance regression tests, and for discovering performance bugs caused by redundant traversals. We evaluate Travioli on five real-world JavaScript programs. In our experiments, Travioli produced fewer than 4% false positives. We were able to construct performance tests for 93.75% of the reported true traversals. Travioli also found two asymptotic performance bugs in widely used JavaScript frameworks D3 and express.
{"title":"Travioli: A Dynamic Analysis for Detecting Data-Structure Traversals","authors":"Rohan Padhye, Koushik Sen","doi":"10.1109/ICSE.2017.50","DOIUrl":"https://doi.org/10.1109/ICSE.2017.50","url":null,"abstract":"Traversal is one of the most fundamental operations on data structures, in which an algorithm systematically visits some or all of the data items of a data structure. We propose a dynamic analysis technique, called Travioli, for detecting data-structure traversals. We introduce the concept of acyclic execution contexts, which enables precise detection of traversals of arrays and linked data structures such as lists and trees in the presence of both loops and recursion. We describe how the information reported by Travioli can be used for visualizing data-structure traversals, manually generating performance regression tests, and for discovering performance bugs caused by redundant traversals. We evaluate Travioli on five real-world JavaScript programs. In our experiments, Travioli produced fewer than 4% false positives. We were able to construct performance tests for 93.75% of the reported true traversals. Travioli also found two asymptotic performance bugs in widely used JavaScript frameworks D3 and express.","PeriodicalId":6505,"journal":{"name":"2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)","volume":"98 1","pages":"473-483"},"PeriodicalIF":0.0,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85798077","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Code clones are common in software. When applying similar edits to clones, developers often find it difficult to examine the runtime behavior of clones. The problem is exacerbated when some clones are tested, while their counterparts are not. To reuse tests for similar but not identical clones, Grafter transplants one clone to its counterpart by (1) identifying variations in identifier names, types, and method call targets, (2) resolving compilation errors caused by such variations through code transformation, and (3) inserting stub code to transfer input data and intermediate output values for examination. To help developers examine behavioral differences between clones, Grafter supports fine-grained differential testing at both the test outcome level and the intermediate program state level. In our evaluation on three open source projects, Grafter successfully reuses tests in 94% of clone pairs without inducing build errors, demonstrating its automated code transplantation capability. To examine the robustness of G RAFTER, we systematically inject faults using a mutation testing tool, Major, and detect behavioral differences induced by seeded faults. Compared with a static cloning bug finder, Grafter detects 31% more mutants using the test-level comparison and almost 2X more using the state-level comparison. This result indicates that Grafter should effectively complement static cloning bug finders.
{"title":"Automated Transplantation and Differential Testing for Clones","authors":"Tianyi Zhang, Miryung Kim","doi":"10.1109/ICSE.2017.67","DOIUrl":"https://doi.org/10.1109/ICSE.2017.67","url":null,"abstract":"Code clones are common in software. When applying similar edits to clones, developers often find it difficult to examine the runtime behavior of clones. The problem is exacerbated when some clones are tested, while their counterparts are not. To reuse tests for similar but not identical clones, Grafter transplants one clone to its counterpart by (1) identifying variations in identifier names, types, and method call targets, (2) resolving compilation errors caused by such variations through code transformation, and (3) inserting stub code to transfer input data and intermediate output values for examination. To help developers examine behavioral differences between clones, Grafter supports fine-grained differential testing at both the test outcome level and the intermediate program state level. In our evaluation on three open source projects, Grafter successfully reuses tests in 94% of clone pairs without inducing build errors, demonstrating its automated code transplantation capability. To examine the robustness of G RAFTER, we systematically inject faults using a mutation testing tool, Major, and detect behavioral differences induced by seeded faults. Compared with a static cloning bug finder, Grafter detects 31% more mutants using the test-level comparison and almost 2X more using the state-level comparison. This result indicates that Grafter should effectively complement static cloning bug finders.","PeriodicalId":6505,"journal":{"name":"2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)","volume":"153 1","pages":"665-676"},"PeriodicalIF":0.0,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77705055","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In most safety-critical domains the need for traceability is prescribed by certifying bodies. Trace links are generally created among requirements, design, source code, test cases and other artifacts, however, creating such links manually is time consuming and error prone. Automated solutions use information retrieval and machine learning techniques to generate trace links, however, current techniques fail to understand semantics of the software artifacts or to integrate domain knowledge into the tracing process and therefore tend to deliver imprecise and inaccurate results. In this paper, we present a solution that uses deep learning to incorporate requirements artifact semantics and domain knowledge into the tracing solution. We propose a tracing network architecture that utilizes Word Embedding and Recurrent Neural Network (RNN) models to generate trace links. Word embedding learns word vectors that represent knowledge of the domain corpus and RNN uses these word vectors to learn the sentence semantics of requirements artifacts. We trained 360 different configurations of the tracing network using existing trace links in the Positive Train Control domain and identified the Bidirectional Gated Recurrent Unit (BI-GRU) as the best model for the tracing task. BI-GRU significantly out-performed state-of-the-art tracing methods including the Vector Space Model and Latent Semantic Indexing.
{"title":"Semantically Enhanced Software Traceability Using Deep Learning Techniques","authors":"Jin Guo, Jinghui Cheng, J. Cleland-Huang","doi":"10.1109/ICSE.2017.9","DOIUrl":"https://doi.org/10.1109/ICSE.2017.9","url":null,"abstract":"In most safety-critical domains the need for traceability is prescribed by certifying bodies. Trace links are generally created among requirements, design, source code, test cases and other artifacts, however, creating such links manually is time consuming and error prone. Automated solutions use information retrieval and machine learning techniques to generate trace links, however, current techniques fail to understand semantics of the software artifacts or to integrate domain knowledge into the tracing process and therefore tend to deliver imprecise and inaccurate results. In this paper, we present a solution that uses deep learning to incorporate requirements artifact semantics and domain knowledge into the tracing solution. We propose a tracing network architecture that utilizes Word Embedding and Recurrent Neural Network (RNN) models to generate trace links. Word embedding learns word vectors that represent knowledge of the domain corpus and RNN uses these word vectors to learn the sentence semantics of requirements artifacts. We trained 360 different configurations of the tracing network using existing trace links in the Positive Train Control domain and identified the Bidirectional Gated Recurrent Unit (BI-GRU) as the best model for the tracing task. BI-GRU significantly out-performed state-of-the-art tracing methods including the Vector Space Model and Latent Semantic Indexing.","PeriodicalId":6505,"journal":{"name":"2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)","volume":"11 1","pages":"3-14"},"PeriodicalIF":0.0,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80824850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Han Liu, Chengnian Sun, Z. Su, Yu Jiang, M. Gu, Jiaguang Sun
Program obfuscation is a common practice in software development to obscure source code or binary code, in order to prevent humans from understanding the purpose or logic of software. It protects intellectual property and deters malicious attacks. While tremendous efforts have been devoted to the development of various obfuscation techniques, we have relatively little knowledge on how to most effectively use them together. The biggest challenge lies in identifying the most effective combination of obfuscation techniques. This paper presents a unified framework to optimize program obfuscation. Given an input program P and a set T of obfuscation transformations, our technique can automatically identify a sequence seq = ‹t1, t2, …, tn› (∀i ∈ [1, n]. ti ∈ T), such that applying ti in order on P yields the optimal obfuscation performance. We model the process of searching for seq as a mathematical optimization problem. The key technical contributions of this paper are: (1) an obscurity language model to assess obfuscation effectiveness/optimality, and (2) a guided stochastic algorithm based on Markov chain Monte Carlo methods to search for the optimal solution seq. We have realized the framework in a tool Closure* for JavaScript, and evaluated it on 25 most starred JavaScript projects on GitHub (19K lines of code). Our machinery study shows that Closure* outperforms the well-known Google Closure Compiler by defending 26% of the attacks initiated by JSNice. Our human study also reveals that Closure* is practical and can reduce the human attack success rate by 30%.
{"title":"Stochastic Optimization of Program Obfuscation","authors":"Han Liu, Chengnian Sun, Z. Su, Yu Jiang, M. Gu, Jiaguang Sun","doi":"10.1109/ICSE.2017.28","DOIUrl":"https://doi.org/10.1109/ICSE.2017.28","url":null,"abstract":"Program obfuscation is a common practice in software development to obscure source code or binary code, in order to prevent humans from understanding the purpose or logic of software. It protects intellectual property and deters malicious attacks. While tremendous efforts have been devoted to the development of various obfuscation techniques, we have relatively little knowledge on how to most effectively use them together. The biggest challenge lies in identifying the most effective combination of obfuscation techniques. This paper presents a unified framework to optimize program obfuscation. Given an input program P and a set T of obfuscation transformations, our technique can automatically identify a sequence seq = ‹t1, t2, …, tn› (∀i ∈ [1, n]. ti ∈ T), such that applying ti in order on P yields the optimal obfuscation performance. We model the process of searching for seq as a mathematical optimization problem. The key technical contributions of this paper are: (1) an obscurity language model to assess obfuscation effectiveness/optimality, and (2) a guided stochastic algorithm based on Markov chain Monte Carlo methods to search for the optimal solution seq. We have realized the framework in a tool Closure* for JavaScript, and evaluated it on 25 most starred JavaScript projects on GitHub (19K lines of code). Our machinery study shows that Closure* outperforms the well-known Google Closure Compiler by defending 26% of the attacks initiated by JSNice. Our human study also reveals that Closure* is practical and can reduce the human attack success rate by 30%.","PeriodicalId":6505,"journal":{"name":"2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)","volume":"27 1","pages":"221-231"},"PeriodicalIF":0.0,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90552542","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Race conditions are common in web applicationsbut are difficult to diagnose and repair. Although there existtools for detecting races in web applications, they all report alarge number of false positives. That is, the races they report areeither bogus, meaning they can never occur in practice, or benign, meaning they do not lead to erroneous behaviors. Since manuallydiagnosing them is tedious and error prone, reporting theserace warnings to developers would be counter-productive. Wepropose a platform-agnostic, deterministic replay-based methodfor identifying not only the real but also the truly harmful raceconditions. It relies on executing each pair of racing events in twodifferent orders and assessing their impact on the program state:we say a race is harmful only if (1) both of the two executions arefeasible and (2) they lead to different program states. We haveevaluated our evidence-based classification method on a large setof real websites from Fortune-500 companies and demonstratedthat it significantly outperforms all state-of-the-art techniques.
{"title":"RClassify: Classifying Race Conditions in Web Applications via Deterministic Replay","authors":"Lu Zhang, Chao Wang","doi":"10.1109/ICSE.2017.33","DOIUrl":"https://doi.org/10.1109/ICSE.2017.33","url":null,"abstract":"Race conditions are common in web applicationsbut are difficult to diagnose and repair. Although there existtools for detecting races in web applications, they all report alarge number of false positives. That is, the races they report areeither bogus, meaning they can never occur in practice, or benign, meaning they do not lead to erroneous behaviors. Since manuallydiagnosing them is tedious and error prone, reporting theserace warnings to developers would be counter-productive. Wepropose a platform-agnostic, deterministic replay-based methodfor identifying not only the real but also the truly harmful raceconditions. It relies on executing each pair of racing events in twodifferent orders and assessing their impact on the program state:we say a race is harmful only if (1) both of the two executions arefeasible and (2) they lead to different program states. We haveevaluated our evidence-based classification method on a large setof real websites from Fortune-500 companies and demonstratedthat it significantly outperforms all state-of-the-art techniques.","PeriodicalId":6505,"journal":{"name":"2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)","volume":"336 1","pages":"278-288"},"PeriodicalIF":0.0,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80637543","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zhengzi Xu, Bihuan Chen, Mahinthan Chandramohan, Yang Liu, Fu Song
Software vulnerability is one of the major threats to software security. Once discovered, vulnerabilities are often fixed by applying security patches. In that sense, security patches carry valuable information about vulnerabilities, which could be used to discover, understand and fix (similar) vulnerabilities. However, most existing patch analysis approaches work at the source code level, while binary-level patch analysis often heavily relies on a lot of human efforts and expertise. Even worse, some vulnerabilities may be secretly patched without applying CVE numbers, or only the patched binary programs are available while the patches are not publicly released. These practices greatly hinder patch analysis and vulnerability analysis. In this paper, we propose a scalable binary-level patch analysis framework, named SPAIN, which can automatically identify security patches and summarize patch patterns and their corresponding vulnerability patterns. Specifically, given the original and patched versions of a binary program, we locate the patched functions and identify the changed traces (i.e., a sequence of basic blocks) that may contain security or non-security patches. Then we identify security patches through a semantic analysis of these traces and summarize the patterns through a taint analysis on the patched functions. The summarized patterns can be used to search similar patches or vulnerabilities in binary programs. Our experimental results on several real-world projects have shown that: i) SPAIN identified security patches with high accuracy and high scalability, ii) SPAIN summarized 5 patch patterns and their corresponding vulnerability patterns for 5 vulnerability types, and iii) SPAIN discovered security patches that were not documented, and discovered 3 zero-day vulnerabilities.
{"title":"SPAIN: Security Patch Analysis for Binaries towards Understanding the Pain and Pills","authors":"Zhengzi Xu, Bihuan Chen, Mahinthan Chandramohan, Yang Liu, Fu Song","doi":"10.1109/ICSE.2017.49","DOIUrl":"https://doi.org/10.1109/ICSE.2017.49","url":null,"abstract":"Software vulnerability is one of the major threats to software security. Once discovered, vulnerabilities are often fixed by applying security patches. In that sense, security patches carry valuable information about vulnerabilities, which could be used to discover, understand and fix (similar) vulnerabilities. However, most existing patch analysis approaches work at the source code level, while binary-level patch analysis often heavily relies on a lot of human efforts and expertise. Even worse, some vulnerabilities may be secretly patched without applying CVE numbers, or only the patched binary programs are available while the patches are not publicly released. These practices greatly hinder patch analysis and vulnerability analysis. In this paper, we propose a scalable binary-level patch analysis framework, named SPAIN, which can automatically identify security patches and summarize patch patterns and their corresponding vulnerability patterns. Specifically, given the original and patched versions of a binary program, we locate the patched functions and identify the changed traces (i.e., a sequence of basic blocks) that may contain security or non-security patches. Then we identify security patches through a semantic analysis of these traces and summarize the patterns through a taint analysis on the patched functions. The summarized patterns can be used to search similar patches or vulnerabilities in binary programs. Our experimental results on several real-world projects have shown that: i) SPAIN identified security patches with high accuracy and high scalability, ii) SPAIN summarized 5 patch patterns and their corresponding vulnerability patterns for 5 vulnerability types, and iii) SPAIN discovered security patches that were not documented, and discovered 3 zero-day vulnerabilities.","PeriodicalId":6505,"journal":{"name":"2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)","volume":"179 1","pages":"462-472"},"PeriodicalIF":0.0,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80682544","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Shi, Suresh Thummalapenta, Shuvendu K. Lahiri, N. Bjørner, J. Czerwonka
Modern build systems help increase developer productivityby performing incremental building and testing. Thesebuild systems view a software project as a group of interdependentmodules and perform regression test selection at themodule level. However, many large software projects have imprecisedependency graphs that lead to wasteful test executions. Ifa test belongs to a module that has more dependencies than theactual dependencies of the test, then it is executed unnecessarilywhenever a code change impacts those additional dependencies. In this paper, we formulate the problem of wasteful testexecutions due to suboptimal placement of tests in modules. We propose a greedy algorithm to reduce the number oftest executions by suggesting test movements while consideringhistorical build information and actual dependencies of tests. Wehave implemented our technique, called TestOptimizer, on topof CloudBuild, the build system developed within Microsoft overthe last few years. We have evaluated the technique on five largeproprietary projects. Our results show that the suggested testmovements can lead to a reduction of 21.66 million test executions(17.09%) across all our subject projects. We received encouragingfeedback from the developers of these projects, they accepted andintend to implement ≈80% of our reported suggestions.
{"title":"Optimizing Test Placement for Module-Level Regression Testing","authors":"A. Shi, Suresh Thummalapenta, Shuvendu K. Lahiri, N. Bjørner, J. Czerwonka","doi":"10.1109/ICSE.2017.69","DOIUrl":"https://doi.org/10.1109/ICSE.2017.69","url":null,"abstract":"Modern build systems help increase developer productivityby performing incremental building and testing. Thesebuild systems view a software project as a group of interdependentmodules and perform regression test selection at themodule level. However, many large software projects have imprecisedependency graphs that lead to wasteful test executions. Ifa test belongs to a module that has more dependencies than theactual dependencies of the test, then it is executed unnecessarilywhenever a code change impacts those additional dependencies. In this paper, we formulate the problem of wasteful testexecutions due to suboptimal placement of tests in modules. We propose a greedy algorithm to reduce the number oftest executions by suggesting test movements while consideringhistorical build information and actual dependencies of tests. Wehave implemented our technique, called TestOptimizer, on topof CloudBuild, the build system developed within Microsoft overthe last few years. We have evaluated the technique on five largeproprietary projects. Our results show that the suggested testmovements can lead to a reduction of 21.66 million test executions(17.09%) across all our subject projects. We received encouragingfeedback from the developers of these projects, they accepted andintend to implement ≈80% of our reported suggestions.","PeriodicalId":6505,"journal":{"name":"2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)","volume":"6 1","pages":"689-699"},"PeriodicalIF":0.0,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88633627","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Subjective judgments in software engineering tasks are of critical importance but can be difficult to study with conventional means. Medical imaging techniques hold the promise of relating cognition to physical activities and brain structures. In a controlled experiment involving 29 participants, we examine code comprehension, code review and prose review using functional magnetic resonance imaging. We find that the neural representations of programming languages vs. natural languages are distinct. We can classify which task a participant is undertaking based solely on brain activity (balanced accuracy 79%, p
{"title":"Decoding the Representation of Code in the Brain: An fMRI Study of Code Review and Expertise","authors":"Benjamin Floyd, Tyler Santander, Westley Weimer","doi":"10.1109/ICSE.2017.24","DOIUrl":"https://doi.org/10.1109/ICSE.2017.24","url":null,"abstract":"Subjective judgments in software engineering tasks are of critical importance but can be difficult to study with conventional means. Medical imaging techniques hold the promise of relating cognition to physical activities and brain structures. In a controlled experiment involving 29 participants, we examine code comprehension, code review and prose review using functional magnetic resonance imaging. We find that the neural representations of programming languages vs. natural languages are distinct. We can classify which task a participant is undertaking based solely on brain activity (balanced accuracy 79%, p","PeriodicalId":6505,"journal":{"name":"2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)","volume":"41 1","pages":"175-186"},"PeriodicalIF":0.0,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78378870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Large and complicated UML models are not useful, because they are difficult to understand. This problem can be solved by using several diagrams of the same system at different levels of abstraction. Unfortunately, UML does not define an explicit set of rules for ensuring that diagrams at different levels of abstraction are consistent. We define such a set of rules, that we call diagram refinement. Diagram refinement is intuitive, and applicable to several kinds of UML diagrams (mostly to structural diagrams but also to use case diagrams), yet it rests on a solid mathematical basis—the theory of graph homomorphisms. We illustrate its usefulness with a series of examples.
{"title":"UML Diagram Refinement (Focusing on Class-and Use Case Diagrams)","authors":"David Faitelson, S. Tyszberowicz","doi":"10.1109/ICSE.2017.73","DOIUrl":"https://doi.org/10.1109/ICSE.2017.73","url":null,"abstract":"Large and complicated UML models are not useful, because they are difficult to understand. This problem can be solved by using several diagrams of the same system at different levels of abstraction. Unfortunately, UML does not define an explicit set of rules for ensuring that diagrams at different levels of abstraction are consistent. We define such a set of rules, that we call diagram refinement. Diagram refinement is intuitive, and applicable to several kinds of UML diagrams (mostly to structural diagrams but also to use case diagrams), yet it rests on a solid mathematical basis—the theory of graph homomorphisms. We illustrate its usefulness with a series of examples.","PeriodicalId":6505,"journal":{"name":"2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)","volume":"161 1","pages":"735-745"},"PeriodicalIF":0.0,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86260120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: