首页 > 最新文献

2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)最新文献

英文 中文
node2defect: Using Network Embedding to Improve Software Defect Prediction node2defect:利用网络嵌入改进软件缺陷预测
YunHuan Qu, Ting Liu, Jianlei Chi, Yangxu Jin, Di Cui, A. He, Q. Zheng
Network measures have been proved to be useful in predicting software defects. Leveraging the dependency relationships between software modules, network measures can capture various structural features of software systems. However, existing studies have relied on user-defined network measures (e.g., degree statistics or centrality metrics), which are inflexible and require high computation cost, to describe the structural features. In this paper, we propose a new method called node2defect which uses a newly proposed network embedding technique, node2vec, to automatically learn to encode dependency network structure into low-dimensional vector spaces to improve software defect prediction. Specifically, we firstly construct a program's Class Dependency Network. Then node2vec is used to automatically learn structural features of the network. After that, we combine the learned features with traditional software engineering features, for accurate defect prediction. We evaluate our method on 15 open source programs. The experimental results show that in average, node2defect improves the state-of-the-art approach by 9.15% in terms of F-measure.
网络度量已被证明在预测软件缺陷方面是有用的。利用软件模块之间的依赖关系,网络度量可以捕获软件系统的各种结构特征。然而,现有的研究依赖于用户自定义的网络度量(如度统计或中心性度量)来描述结构特征,这些度量缺乏灵活性且计算成本高。本文提出了一种名为node2defect的新方法,该方法利用新提出的网络嵌入技术node2vec,自动学习将依赖网络结构编码到低维向量空间中,以提高软件缺陷的预测能力。具体来说,我们首先构建程序的类依赖网络。然后使用node2vec自动学习网络的结构特征。然后,我们将学习到的特征与传统的软件工程特征结合起来,进行准确的缺陷预测。我们在15个开源程序上评估了我们的方法。实验结果表明,在F-measure方面,node2缺陷平均提高了9.15%。
{"title":"node2defect: Using Network Embedding to Improve Software Defect Prediction","authors":"YunHuan Qu, Ting Liu, Jianlei Chi, Yangxu Jin, Di Cui, A. He, Q. Zheng","doi":"10.1145/3238147.3240469","DOIUrl":"https://doi.org/10.1145/3238147.3240469","url":null,"abstract":"Network measures have been proved to be useful in predicting software defects. Leveraging the dependency relationships between software modules, network measures can capture various structural features of software systems. However, existing studies have relied on user-defined network measures (e.g., degree statistics or centrality metrics), which are inflexible and require high computation cost, to describe the structural features. In this paper, we propose a new method called node2defect which uses a newly proposed network embedding technique, node2vec, to automatically learn to encode dependency network structure into low-dimensional vector spaces to improve software defect prediction. Specifically, we firstly construct a program's Class Dependency Network. Then node2vec is used to automatically learn structural features of the network. After that, we combine the learned features with traditional software engineering features, for accurate defect prediction. We evaluate our method on 15 open source programs. The experimental results show that in average, node2defect improves the state-of-the-art approach by 9.15% in terms of F-measure.","PeriodicalId":6622,"journal":{"name":"2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)","volume":"60 1","pages":"844-849"},"PeriodicalIF":0.0,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77218246","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Is This Class Thread-Safe? Inferring Documentation using Graph-Based Learning 这个类线程安全吗?使用基于图的学习推断文档
Andrew Habib, Michael Pradel
Thread-safe classes are pervasive in concurrent, object-oriented software. However, many classes lack documentation regarding their safety guarantees under multi-threaded usage. This lack of documentation forces developers who use a class in a concurrent program to either carefully inspect the implementation of the class, to conservatively synchronize all accesses to it, or to optimistically assume that the class is thread-safe. To overcome the lack of documentation, we present TSFinder, an approach to automatically classify classes as supposedly thread-safe or thread-unsafe. The key idea is to combine a lightweight static analysis that extracts a graph representation from classes with a graph-based classifier. After training the classifier with classes known to be thread-safe and thread-unsafe, it achieves an accuracy of 94.5% on previously unseen classes, enabling the approach to infer thread safety documentation with high confidence. The classifier takes about 3 seconds per class, i.e., it is efficient enough to infer documentation for many classes.
线程安全类在并发的、面向对象的软件中非常普遍。然而,许多类缺乏关于它们在多线程使用下的安全保证的文档。由于缺乏文档,在并发程序中使用类的开发人员要么仔细检查类的实现,要么保守地同步对它的所有访问,要么乐观地假设类是线程安全的。为了克服缺乏文档的问题,我们提出了TSFinder,这是一种自动将类分类为线程安全或线程不安全的方法。关键思想是将从类中提取图表示的轻量级静态分析与基于图的分类器结合起来。在使用已知的线程安全和线程不安全的类训练分类器之后,它对以前未见过的类的准确率达到94.5%,从而使该方法能够高可信度地推断线程安全文档。分类器每个类大约需要3秒,也就是说,它的效率足以推断许多类的文档。
{"title":"Is This Class Thread-Safe? Inferring Documentation using Graph-Based Learning","authors":"Andrew Habib, Michael Pradel","doi":"10.1145/3238147.3238212","DOIUrl":"https://doi.org/10.1145/3238147.3238212","url":null,"abstract":"Thread-safe classes are pervasive in concurrent, object-oriented software. However, many classes lack documentation regarding their safety guarantees under multi-threaded usage. This lack of documentation forces developers who use a class in a concurrent program to either carefully inspect the implementation of the class, to conservatively synchronize all accesses to it, or to optimistically assume that the class is thread-safe. To overcome the lack of documentation, we present TSFinder, an approach to automatically classify classes as supposedly thread-safe or thread-unsafe. The key idea is to combine a lightweight static analysis that extracts a graph representation from classes with a graph-based classifier. After training the classifier with classes known to be thread-safe and thread-unsafe, it achieves an accuracy of 94.5% on previously unseen classes, enabling the approach to infer thread safety documentation with high confidence. The classifier takes about 3 seconds per class, i.e., it is efficient enough to infer documentation for many classes.","PeriodicalId":6622,"journal":{"name":"2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)","volume":"01 1","pages":"41-52"},"PeriodicalIF":0.0,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86072964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Empirically Assessing Opportunities for Prefetching and Caching in Mobile Apps 根据经验评估移动应用中的预取和缓存机会
Yixue Zhao, Paul Wat, Marcelo Schmitt Laser, N. Medvidović
Network latency in mobile software has a large impact on user experience, with potentially severe economic consequences. Prefetching and caching have been shown effective in reducing the latencies in browser-based systems. However, those techniques cannot be directly applied to the emerging domain of mobile apps because of the differences in network interactions. Moreover, there is a lack of research on prefetching and caching techniques that may be suitable for the mobile app domain, and it is not clear whether such techniques can be effective or whether they are even feasible. This paper takes the first step toward answering these questions by conducting a comprehensive study to understand the characteristics of HTTP requests in over 1,000 popular Android apps. Our work focuses on the prefetchability of requests using static program analysis techniques and cacheability of resulting responses. We find that there is a substantial opportunity to leverage prefetching and caching in mobile apps, but that suitable techniques must take into account the nature of apps' network interactions and idiosyncrasies such as untrustworthy HTTP header information. Our observations provide guidelines for developers to utilize prefetching and caching schemes in app development, and motivate future research in this area.
移动软件中的网络延迟对用户体验有很大影响,并可能带来严重的经济后果。预取和缓存在减少基于浏览器的系统中的延迟方面已经被证明是有效的。然而,由于网络交互的差异,这些技术不能直接应用于移动应用的新兴领域。此外,对于可能适用于移动应用领域的预取和缓存技术的研究还很缺乏,这些技术是否有效,甚至是否可行都不清楚。本文通过对1000多个流行Android应用的HTTP请求特征进行全面研究,迈出了回答这些问题的第一步。我们的工作重点是使用静态程序分析技术的请求的预取性和结果响应的可缓存性。我们发现,在移动应用程序中利用预取和缓存有很大的机会,但合适的技术必须考虑到应用程序网络交互的性质和特性,如不可信的HTTP头信息。我们的观察结果为开发人员在应用程序开发中使用预取和缓存方案提供了指导,并激励了该领域的未来研究。
{"title":"Empirically Assessing Opportunities for Prefetching and Caching in Mobile Apps","authors":"Yixue Zhao, Paul Wat, Marcelo Schmitt Laser, N. Medvidović","doi":"10.1145/3238147.3238215","DOIUrl":"https://doi.org/10.1145/3238147.3238215","url":null,"abstract":"Network latency in mobile software has a large impact on user experience, with potentially severe economic consequences. Prefetching and caching have been shown effective in reducing the latencies in browser-based systems. However, those techniques cannot be directly applied to the emerging domain of mobile apps because of the differences in network interactions. Moreover, there is a lack of research on prefetching and caching techniques that may be suitable for the mobile app domain, and it is not clear whether such techniques can be effective or whether they are even feasible. This paper takes the first step toward answering these questions by conducting a comprehensive study to understand the characteristics of HTTP requests in over 1,000 popular Android apps. Our work focuses on the prefetchability of requests using static program analysis techniques and cacheability of resulting responses. We find that there is a substantial opportunity to leverage prefetching and caching in mobile apps, but that suitable techniques must take into account the nature of apps' network interactions and idiosyncrasies such as untrustworthy HTTP header information. Our observations provide guidelines for developers to utilize prefetching and caching schemes in app development, and motivate future research in this area.","PeriodicalId":6622,"journal":{"name":"2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)","volume":"41 1","pages":"554-564"},"PeriodicalIF":0.0,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86401009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
The Need for Context in Software Engineering (IEEE CS Harlan Mills Award Keynote) 软件工程中对上下文的需求(IEEE CS Harlan Mills奖主题演讲)
G. Murphy
The development of a software system requires the orchestration of many different people using many different tools. Despite the need for a developer who is performing a task to understand the context in which that task is undertaken, the tools we imagine, build and provide to support software developers are typically isolated. Instead of the tools helping a developer work within the appropriate context, it is the developer who must bring the context to the tools. In this talk, I will argue that the lack of context in the software engineering tools we build limits the effectiveness of developers and of our software development practices.
软件系统的开发需要许多不同的人使用许多不同的工具进行编排。尽管执行任务的开发人员需要了解任务所处的环境,但我们想象、构建和提供的支持软件开发人员的工具通常是孤立的。不是工具帮助开发人员在适当的上下文中工作,而是开发人员必须将上下文带到工具中。在这次演讲中,我将论证我们构建的软件工程工具中缺乏上下文限制了开发人员和软件开发实践的有效性。
{"title":"The Need for Context in Software Engineering (IEEE CS Harlan Mills Award Keynote)","authors":"G. Murphy","doi":"10.1145/3238147.3241987","DOIUrl":"https://doi.org/10.1145/3238147.3241987","url":null,"abstract":"The development of a software system requires the orchestration of many different people using many different tools. Despite the need for a developer who is performing a task to understand the context in which that task is undertaken, the tools we imagine, build and provide to support software developers are typically isolated. Instead of the tools helping a developer work within the appropriate context, it is the developer who must bring the context to the tools. In this talk, I will argue that the lack of context in the software engineering tools we build limits the effectiveness of developers and of our software development practices.","PeriodicalId":6622,"journal":{"name":"2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)","volume":"21 1","pages":"5-5"},"PeriodicalIF":0.0,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87336590","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Expandable Group Identification in Spreadsheets 电子表格中可扩展的组标识
Wensheng Dou, Shi Han, Liang Xu, D. Zhang, Jun Wei
Spreadsheets are widely used in various business tasks. Spreadsheet users may put similar data and computations by repeating a block of cells (a unit) in their spreadsheets. We name the unit and all its expanding ones as an expandable group. All units in an expandable group share the same or similar formats and semantics. As a data storage and management tool, expandable groups represent the fundamental structure in spreadsheets. However, existing spreadsheet systems do not recognize any expandable groups. Therefore, other spreadsheet analysis tools, e.g., data integration and fault detection, cannot utilize this structure of expandable groups to perform precise analysis. In this paper, we propose ExpCheck to automatically extract expandable groups in spreadsheets. We observe that continuous units that share the similar formats and semantics are likely to be an expandable group. Inspired by this, we inspect the format of each cell and its corresponding semantics, and further classify them into expandable groups according to their similarity. We evaluate ExpCheck on 120 spreadsheets randomly sampled from the EUSES and VEnron corpora. The experimental results show that ExpCheck is effective. ExpCheck successfully detect expandable groups with F1-measure of 73.1%, significantly outperforming the state-of-the-art techniques (F1-measure of 13.3%).
电子表格广泛用于各种业务任务。电子表格用户可以通过在他们的电子表格中重复一个单元格块(一个单位)来放置类似的数据和计算。我们将该单元及其所有扩展单元命名为可扩展组。可扩展组中的所有单元共享相同或相似的格式和语义。作为一种数据存储和管理工具,可扩展组代表了电子表格中的基本结构。但是,现有的电子表格系统不能识别任何可扩展组。因此,其他电子表格分析工具,例如数据集成和故障检测,不能利用这种可扩展组的结构来执行精确的分析。在本文中,我们提出了ExpCheck来自动提取电子表格中的可扩展组。我们观察到,具有相似格式和语义的连续单元很可能是一个可扩展的群。受此启发,我们考察了每个单元格的格式及其对应的语义,并根据它们的相似性将它们进一步分类为可扩展的组。我们在从EUSES和VEnron语料库中随机抽取的120个电子表格上评估ExpCheck。实验结果表明,ExpCheck是有效的。ExpCheck以73.1%的f1测量值成功检测出可扩展组,显著优于目前最先进的技术(f1测量值为13.3%)。
{"title":"Expandable Group Identification in Spreadsheets","authors":"Wensheng Dou, Shi Han, Liang Xu, D. Zhang, Jun Wei","doi":"10.1145/3238147.3238222","DOIUrl":"https://doi.org/10.1145/3238147.3238222","url":null,"abstract":"Spreadsheets are widely used in various business tasks. Spreadsheet users may put similar data and computations by repeating a block of cells (a unit) in their spreadsheets. We name the unit and all its expanding ones as an expandable group. All units in an expandable group share the same or similar formats and semantics. As a data storage and management tool, expandable groups represent the fundamental structure in spreadsheets. However, existing spreadsheet systems do not recognize any expandable groups. Therefore, other spreadsheet analysis tools, e.g., data integration and fault detection, cannot utilize this structure of expandable groups to perform precise analysis. In this paper, we propose ExpCheck to automatically extract expandable groups in spreadsheets. We observe that continuous units that share the similar formats and semantics are likely to be an expandable group. Inspired by this, we inspect the format of each cell and its corresponding semantics, and further classify them into expandable groups according to their similarity. We evaluate ExpCheck on 120 spreadsheets randomly sampled from the EUSES and VEnron corpora. The experimental results show that ExpCheck is effective. ExpCheck successfully detect expandable groups with F1-measure of 73.1%, significantly outperforming the state-of-the-art techniques (F1-measure of 13.3%).","PeriodicalId":6622,"journal":{"name":"2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)","volume":"38 1","pages":"498-508"},"PeriodicalIF":0.0,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87733450","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Testing Autonomous Cars for Feature Interaction Failures using Many-Objective Search 使用多目标搜索测试自动驾驶汽车的特征交互故障
Raja Ben Abdessalem, Annibale Panichella, S. Nejati, L. Briand, Thomas Stifter
Complex systems such as autonomous cars are typically built as a composition of features that are independent units of functionality. Features tend to interact and impact one another's behavior in unknown ways. A challenge is to detect and manage feature interactions, in particular, those that violate system requirements, hence leading to failures. In this paper, we propose a technique to detect feature interaction failures by casting this problem into a search-based test generation problem. We define a set of hybrid test objectives (distance functions) that combine traditional coverage-based heuristics with new heuristics specifically aimed at revealing feature interaction failures. We develop a new search-based test generation algorithm, called FITEST, that is guided by our hybrid test objectives. FITEST extends recently proposed many-objective evolutionary algorithms to reduce the time required to compute fitness values. We evaluate our approach using two versions of an industrial self-driving system. Our results show that our hybrid test objectives are able to identify more than twice as many feature interaction failures as two baseline test objectives used in the software testing literature (i.e., coverage-based and failure-based test objectives). Further, the feedback from domain experts indicates that the detected feature interaction failures represent real faults in their systems that were not previously identified based on analysis of the system features and their requirements.
像自动驾驶汽车这样的复杂系统通常是由独立的功能单元组成的。功能倾向于以未知的方式相互作用和影响彼此的行为。一个挑战是检测和管理功能交互,特别是那些违反系统需求,从而导致失败的交互。在本文中,我们提出了一种通过将该问题转化为基于搜索的测试生成问题来检测特征交互故障的技术。我们定义了一组混合测试目标(距离函数),将传统的基于覆盖率的启发式方法与专门用于揭示特征交互失败的新启发式方法结合起来。我们开发了一种新的基于搜索的测试生成算法,称为FITEST,它以我们的混合测试目标为指导。FITEST扩展了最近提出的多目标进化算法,以减少计算适应度值所需的时间。我们使用两个版本的工业自动驾驶系统来评估我们的方法。我们的结果表明,我们的混合测试目标能够识别比软件测试文献中使用的两个基线测试目标(即,基于覆盖率和基于失败的测试目标)多两倍的功能交互失败。此外,来自领域专家的反馈表明,检测到的特征交互故障代表了他们的系统中真正的故障,这些故障以前没有根据对系统特征及其需求的分析来识别。
{"title":"Testing Autonomous Cars for Feature Interaction Failures using Many-Objective Search","authors":"Raja Ben Abdessalem, Annibale Panichella, S. Nejati, L. Briand, Thomas Stifter","doi":"10.1145/3238147.3238192","DOIUrl":"https://doi.org/10.1145/3238147.3238192","url":null,"abstract":"Complex systems such as autonomous cars are typically built as a composition of features that are independent units of functionality. Features tend to interact and impact one another's behavior in unknown ways. A challenge is to detect and manage feature interactions, in particular, those that violate system requirements, hence leading to failures. In this paper, we propose a technique to detect feature interaction failures by casting this problem into a search-based test generation problem. We define a set of hybrid test objectives (distance functions) that combine traditional coverage-based heuristics with new heuristics specifically aimed at revealing feature interaction failures. We develop a new search-based test generation algorithm, called FITEST, that is guided by our hybrid test objectives. FITEST extends recently proposed many-objective evolutionary algorithms to reduce the time required to compute fitness values. We evaluate our approach using two versions of an industrial self-driving system. Our results show that our hybrid test objectives are able to identify more than twice as many feature interaction failures as two baseline test objectives used in the software testing literature (i.e., coverage-based and failure-based test objectives). Further, the feedback from domain experts indicates that the detected feature interaction failures represent real faults in their systems that were not previously identified based on analysis of the system features and their requirements.","PeriodicalId":6622,"journal":{"name":"2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)","volume":"187 1","pages":"143-154"},"PeriodicalIF":0.0,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80675101","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 117
Top-Down Model-Driven Engineering of Web Services from Extended OpenAPI Models 基于扩展OpenAPI模型的自顶向下模型驱动的Web服务工程
David Sferruzza
Web services engineering is a crucial subject, because web services are often built to be used by other programs; thus they should have a good documentation targeting developers. Furthermore, when building a digital product, engineers need to build several programs that interact with a central instance of web services. OpenAPI, a popular industry standard, makes possible to document web services in order to quickly make a prototype of the product. It allows a top-down process where developers iterate to build an OpenAPI model that describes the web services they want, and then implement both the web services and the programs that will consume them. However, when doing such rapid prototyping, developers tend to either skip this design phase and implement web services right away, or stop updating the OpenAPI model when the product is released; in both cases they cannot take advantage of having an OpenAPI model aligned with the implementation. We show how OpenAPI can be extended to add implementation details inside models. These extensions link services to assemblies of components that describe computations. Hence a top-down development process that keeps model and implementation aligned. Moreover, this makes possible for developers to benefit from more support features while keeping the same flexibility.
Web服务工程是一门至关重要的学科,因为Web服务通常是为供其他程序使用而构建的;因此,他们应该有针对开发人员的良好文档。此外,在构建数字产品时,工程师需要构建几个与web服务中心实例交互的程序。OpenAPI是一种流行的行业标准,它使记录web服务以便快速制作产品原型成为可能。它允许一个自顶向下的过程,在这个过程中,开发人员迭代构建一个描述他们想要的web服务的OpenAPI模型,然后实现web服务和将使用它们的程序。然而,在进行如此快速的原型设计时,开发人员倾向于跳过这个设计阶段并立即实现web服务,或者在产品发布时停止更新OpenAPI模型;在这两种情况下,它们都不能利用与实现保持一致的OpenAPI模型。我们将展示如何扩展OpenAPI以在模型中添加实现细节。这些扩展将服务链接到描述计算的组件集。因此,自顶向下的开发过程使模型和实现保持一致。此外,这使得开发人员可以从更多的支持特性中受益,同时保持相同的灵活性。
{"title":"Top-Down Model-Driven Engineering of Web Services from Extended OpenAPI Models","authors":"David Sferruzza","doi":"10.1145/3238147.3241536","DOIUrl":"https://doi.org/10.1145/3238147.3241536","url":null,"abstract":"Web services engineering is a crucial subject, because web services are often built to be used by other programs; thus they should have a good documentation targeting developers. Furthermore, when building a digital product, engineers need to build several programs that interact with a central instance of web services. OpenAPI, a popular industry standard, makes possible to document web services in order to quickly make a prototype of the product. It allows a top-down process where developers iterate to build an OpenAPI model that describes the web services they want, and then implement both the web services and the programs that will consume them. However, when doing such rapid prototyping, developers tend to either skip this design phase and implement web services right away, or stop updating the OpenAPI model when the product is released; in both cases they cannot take advantage of having an OpenAPI model aligned with the implementation. We show how OpenAPI can be extended to add implementation details inside models. These extensions link services to assemblies of components that describe computations. Hence a top-down development process that keeps model and implementation aligned. Moreover, this makes possible for developers to benefit from more support features while keeping the same flexibility.","PeriodicalId":6622,"journal":{"name":"2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)","volume":"41 1","pages":"940-943"},"PeriodicalIF":0.0,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90839322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
PFix: Fixing Concurrency Bugs Based on Memory Access Patterns PFix:修复基于内存访问模式的并发错误
Huarui Lin, Zan Wang, Shuang Liu, Jun Sun, Dongdi Zhang, Guangning Wei
Concurrency bugs of a multi-threaded program may only manifest with certain scheduling, i.e., they are heisenbugs which are observed only from time to time if we execute the same program with the same input multiple times. They are notoriously hard to fix. In this work, we propose an approach to automatically fix concurrency bugs. Compared to previous approaches, our key idea is to systematically fix concurrency bugs by inferring locking policies from failure inducing memory-access patterns. That is, we automatically identify memory-access patterns which are correlated with the manifestation of the bug, and then conjecture what is the intended locking policy of the program. Afterwards, we fix the program by implementing the locking policy so that the failure inducing memory-access patterns are made impossible. We have implemented our approach in a toolkit called PFix which supports Java programs. We applied PFix to a set of 23 concurrency bugs and are able to automatically fix 19 of them. In comparison, Grail which is the state-of-the-art tool for fixing concurrency bugs in Java programs can only fix 3 of them correctly.
多线程程序的并发性bug可能只有在一定的调度下才会出现,也就是说,它们是heisenbugs,只有在我们多次使用相同的输入执行同一个程序时才会不时地观察到。它们是出了名的难以修复。在这项工作中,我们提出了一种自动修复并发错误的方法。与以前的方法相比,我们的关键思想是通过从导致失败的内存访问模式推断锁定策略来系统地修复并发错误。也就是说,我们自动识别与错误表现相关的内存访问模式,然后推测程序的预期锁定策略是什么。然后,我们通过实现锁策略来修复程序,使导致内存访问模式失败的情况不可能发生。我们已经在一个名为PFix的工具包中实现了我们的方法,该工具包支持Java程序。我们将PFix应用于一组23个并发性错误,并能够自动修复其中的19个。相比之下,修复Java程序中并发性错误的最先进工具Grail只能正确修复其中的3个。
{"title":"PFix: Fixing Concurrency Bugs Based on Memory Access Patterns","authors":"Huarui Lin, Zan Wang, Shuang Liu, Jun Sun, Dongdi Zhang, Guangning Wei","doi":"10.1145/3238147.3238198","DOIUrl":"https://doi.org/10.1145/3238147.3238198","url":null,"abstract":"Concurrency bugs of a multi-threaded program may only manifest with certain scheduling, i.e., they are heisenbugs which are observed only from time to time if we execute the same program with the same input multiple times. They are notoriously hard to fix. In this work, we propose an approach to automatically fix concurrency bugs. Compared to previous approaches, our key idea is to systematically fix concurrency bugs by inferring locking policies from failure inducing memory-access patterns. That is, we automatically identify memory-access patterns which are correlated with the manifestation of the bug, and then conjecture what is the intended locking policy of the program. Afterwards, we fix the program by implementing the locking policy so that the failure inducing memory-access patterns are made impossible. We have implemented our approach in a toolkit called PFix which supports Java programs. We applied PFix to a set of 23 concurrency bugs and are able to automatically fix 19 of them. In comparison, Grail which is the state-of-the-art tool for fixing concurrency bugs in Java programs can only fix 3 of them correctly.","PeriodicalId":6622,"journal":{"name":"2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)","volume":"37 1","pages":"1-12"},"PeriodicalIF":0.0,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76056951","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
ClDiff: Generating Concise Linked Code Differences ClDiff:生成简洁的链接代码差异
Kaifeng Huang, Bihuan Chen, Xin Peng, Daihong Zhou, Y. Wang, Yang Liu, Wenyun Zhao
Analyzing and understanding source code changes is important in a variety of software maintenance tasks. To this end, many code differencing and code change summarization methods have been proposed. For some tasks (e.g. code review and software merging), however, those differencing methods generate too fine-grained a representation of code changes, and those summarization methods generate too coarse-grained a representation of code changes. Moreover, they do not consider the relationships among code changes. Therefore, the generated differences or summaries make it not easy to analyze and understand code changes in some software maintenance tasks. In this paper, we propose a code differencing approach, named ClDiff, to generate concise linked code differences whose granularity is in between the existing code differencing and code change summarization methods. The goal of ClDiff is to generate more easily understandable code differences. ClDiff takes source code files before and after changes as inputs, and consists of three steps. First, it pre-processes the source code files by pruning unchanged declarations from the parsed abstract syntax trees. Second, it generates concise code differences by grouping fine-grained code differences at or above the statement level and describing high-level changes in each group. Third, it links the related concise code differences according to five pre-defined links. Experiments with 12 Java projects (74,387 commits) and a human study with 10 participants have indicated the accuracy, conciseness, performance and usefulness of ClDiff.
在各种软件维护任务中,分析和理解源代码更改非常重要。为此,人们提出了许多代码区分和代码变更汇总方法。然而,对于某些任务(例如代码审查和软件合并),那些差异方法生成的代码更改表示过于细粒度,而那些汇总方法生成的代码更改表示过于粗粒度。此外,它们没有考虑代码变更之间的关系。因此,在一些软件维护任务中,生成的差异或汇总使得分析和理解代码更改变得不容易。在本文中,我们提出了一种名为ClDiff的代码差异方法来生成简洁的链接代码差异,其粒度介于现有的代码差异和代码变化汇总方法之间。ClDiff的目标是生成更容易理解的代码差异。ClDiff将更改前后的源代码文件作为输入,它由三个步骤组成。首先,它通过从解析的抽象语法树中修剪未更改的声明来预处理源代码文件。其次,它通过在语句级别或语句级别以上对细粒度的代码差异进行分组,并描述每组中的高级更改,从而生成简洁的代码差异。第三,根据五个预定义的链接链接相关的简洁代码差异。12个Java项目(74,387次提交)的实验和10个参与者的人类研究表明了ClDiff的准确性、简洁性、性能和实用性。
{"title":"ClDiff: Generating Concise Linked Code Differences","authors":"Kaifeng Huang, Bihuan Chen, Xin Peng, Daihong Zhou, Y. Wang, Yang Liu, Wenyun Zhao","doi":"10.1145/3238147.3238219","DOIUrl":"https://doi.org/10.1145/3238147.3238219","url":null,"abstract":"Analyzing and understanding source code changes is important in a variety of software maintenance tasks. To this end, many code differencing and code change summarization methods have been proposed. For some tasks (e.g. code review and software merging), however, those differencing methods generate too fine-grained a representation of code changes, and those summarization methods generate too coarse-grained a representation of code changes. Moreover, they do not consider the relationships among code changes. Therefore, the generated differences or summaries make it not easy to analyze and understand code changes in some software maintenance tasks. In this paper, we propose a code differencing approach, named ClDiff, to generate concise linked code differences whose granularity is in between the existing code differencing and code change summarization methods. The goal of ClDiff is to generate more easily understandable code differences. ClDiff takes source code files before and after changes as inputs, and consists of three steps. First, it pre-processes the source code files by pruning unchanged declarations from the parsed abstract syntax trees. Second, it generates concise code differences by grouping fine-grained code differences at or above the statement level and describing high-level changes in each group. Third, it links the related concise code differences according to five pre-defined links. Experiments with 12 Java projects (74,387 commits) and a human study with 10 participants have indicated the accuracy, conciseness, performance and usefulness of ClDiff.","PeriodicalId":6622,"journal":{"name":"2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)","volume":"17 1","pages":"679-690"},"PeriodicalIF":0.0,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79666117","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
Model-Driven Run-Time Enforcement of Complex Role-Based Access Control Policies 基于角色的复杂访问控制策略的模型驱动运行时实施
Ameni ben Fadhel, D. Bianculli, L. Briand
A Role-based Access Control (RBAC) mechanism prevents unauthorized users to perform an operation, according to authorization policies which are defined on the user's role within an enterprise. Several models have been proposed to specify complex RBAC policies. However, existing approaches for policy enforcement do not fully support all the types of policies that can be expressed in these models, which hinders their adoption among practitioners. In this paper we propose a model-driven enforcement framework for complex policies captured by GemRBAC+CTX, a comprehensive RBAC model proposed in the literature. We reduce the problem of making an access decision to checking whether a system state (from an RBAC point of view), expressed as an instance of the GEMRBAC+CTX model, satisfies the constraints corresponding to the RBAC policies to be enforced at run time. We provide enforcement algorithms for various types of access requests and events, and a prototype tool (MORRO) implementing them. We also show how to integrate MORRO into an industrial Web application. The evaluation results show the applicability of our approach on a industrial system and its scalability with respect to the various parameters characterizing an AC configuration.
基于角色的访问控制(role -based Access Control, RBAC)机制根据企业中用户角色定义的授权策略,阻止未经授权的用户执行操作。已经提出了几个模型来指定复杂的RBAC策略。然而,现有的策略实施方法并不能完全支持可以在这些模型中表达的所有类型的策略,这阻碍了它们在实践者中的采用。在本文中,我们为GemRBAC+CTX捕获的复杂策略提出了一个模型驱动的执行框架,GemRBAC+CTX是文献中提出的一个综合RBAC模型。我们将做出访问决策的问题简化为检查系统状态(从RBAC的角度)(表示为GEMRBAC+CTX模型的实例)是否满足与在运行时执行的RBAC策略相对应的约束。我们为各种类型的访问请求和事件提供了强制算法,以及实现它们的原型工具(MORRO)。我们还将展示如何将MORRO集成到工业Web应用程序中。评估结果表明我们的方法在工业系统上的适用性,以及它在交流配置的各种参数方面的可扩展性。
{"title":"Model-Driven Run-Time Enforcement of Complex Role-Based Access Control Policies","authors":"Ameni ben Fadhel, D. Bianculli, L. Briand","doi":"10.1145/3238147.3238167","DOIUrl":"https://doi.org/10.1145/3238147.3238167","url":null,"abstract":"A Role-based Access Control (RBAC) mechanism prevents unauthorized users to perform an operation, according to authorization policies which are defined on the user's role within an enterprise. Several models have been proposed to specify complex RBAC policies. However, existing approaches for policy enforcement do not fully support all the types of policies that can be expressed in these models, which hinders their adoption among practitioners. In this paper we propose a model-driven enforcement framework for complex policies captured by GemRBAC+CTX, a comprehensive RBAC model proposed in the literature. We reduce the problem of making an access decision to checking whether a system state (from an RBAC point of view), expressed as an instance of the GEMRBAC+CTX model, satisfies the constraints corresponding to the RBAC policies to be enforced at run time. We provide enforcement algorithms for various types of access requests and events, and a prototype tool (MORRO) implementing them. We also show how to integrate MORRO into an industrial Web application. The evaluation results show the applicability of our approach on a industrial system and its scalability with respect to the various parameters characterizing an AC configuration.","PeriodicalId":6622,"journal":{"name":"2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)","volume":"260 1","pages":"248-258"},"PeriodicalIF":0.0,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79625097","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
期刊
2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1