
显示样式: 排序: IF: - GO 导出
-
A Hybrid Approach to Formal Verification of Higher-Order Masked Arithmetic Programs ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-02-11 Pengfei Gao; Hongyi Xie; Fu Song; Taolue Chen
Side-channel attacks, which are capable of breaking secrecy via side-channel information, pose a growing threat to the implementation of cryptographic algorithms. Masking is an effective countermeasure against side-channel attacks by removing the statistical dependence between secrecy and power consumption via randomization. However, designing efficient and effective masked implementations turns out
-
Facet-oriented Modelling ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-02-11 Juan De Lara; Esther Guerra; Jörg Kienzle
Models are the central assets in model-driven engineering (MDE), as they are actively used in all phases of software development. Models are built using metamodel-based languages, and so objects in models are typed by a metamodel class. This typing is static, established at creation time, and cannot be changed later. Therefore, objects in MDE are closed and fixed with respect to the class they conform
-
Are Multi-Language Design Smells Fault-Prone? An Empirical Study ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-02-11 Mouna Abidi; Md Saidur Rahman; Moses Openja; Foutse Khomh
Nowadays, modern applications are developed using components written in different programming languages and technologies. The cost benefits of reuse and the advantages of each programming language are two main incentives behind the proliferation of such systems. However, as the number of languages increases, so do the challenges related to the development and maintenance of these systems. In such situations
-
Beyond Tests: Program Vulnerability Repair via Crash Constraint Extraction ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-02-10 Xiang Gao; Bo Wang; Gregory J. Duck; Ruyi Ji; Yingfei Xiong; Abhik Roychoudhury
Automated program repair is an emerging technology that seeks to automatically rectify program errors and vulnerabilities. Repair techniques are driven by a correctness criterion that is often in the form of a test suite. Such test-based repair may produce overfitting patches, where the patches produced fail on tests outside the test suite driving the repair. In this work, we present a repair method
-
An Empirical Study on Type Annotations: Accuracy, Speed, and Suggestion Effectiveness ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-02-10 John-Paul Ore; Carrick Detweiler; Sebastian Elbaum
Type annotations connect variables to domain-specific types. They enable the power of type checking and can detect faults early. In practice, type annotations have a reputation of being burdensome to developers. We lack, however, an empirical understanding of how and why they are burdensome. Hence, we seek to measure the baseline accuracy and speed for developers making type annotations to previously
-
Are Comments on Stack Overflow Well Organized for Easy Retrieval by Developers? ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-02-10 Haoxiang Zhang; Shaowei Wang; Tse-Hsun (Peter) Chen; Ahmed E. Hassan
Many Stack Overflow answers have associated informative comments that can strengthen them and assist developers. A prior study found that comments can provide additional information to point out issues in their associated answer, such as the obsolescence of an answer. By showing more informative comments (e.g., the ones with higher scores) and hiding less informative ones, developers can more effectively
-
Leveraging the Defects Life Cycle to Label Affected Versions and Defective Classes ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-02-10 Bailey Vandehei; Daniel Alencar Da Costa; Davide Falessi
Two recent studies explicitly recommend labeling defective classes in releases using the affected versions (AV) available in issue trackers (e.g., Jira). This practice is coined as the realistic approach. However, no study has investigated whether it is feasible to rely on AVs. For example, how available and consistent is the AV information on existing issue trackers? Additionally, no study has attempted
-
Why My Code Summarization Model Does Not Work: Code Comment Improvement with Category Prediction ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-02-10 Qiuyuan Chen; Xin Xia; Han Hu; David Lo; Shanping Li
Code summarization aims at generating a code comment given a block of source code and it is normally performed by training machine learning algorithms on existing code block-comment pairs. Code comments in practice have different intentions. For example, some code comments might explain how the methods work, while others explain why some methods are written. Previous works have shown that a relationship
-
Emoji-powered Sentiment and Emotion Detection from Software Developers’ Communication Data ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-01-27 Zhenpeng Chen; Yanbin Cao; Huihan Yao; Xuan Lu; Xin Peng; Hong Mei; Xuanzhe Liu
Sentiment and emotion detection from textual communication records of developers have various application scenarios in software engineering (SE). However, commonly used off-the-shelf sentiment/emotion detection tools cannot obtain reliable results in SE tasks and misunderstanding of technical knowledge is demonstrated to be the main reason. Then researchers start to create labeled SE-related datasets
-
StreamGen: Model-driven Development of Distributed Streaming Applications ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-01-20 Michele Guerriero; Damian Andrew Tamburri; Elisabetta Di Nitto
Distributed streaming applications, i.e., applications that process massive streams of data in a distributed fashion, are becoming increasingly popular to tame the velocity and the volume of Big Data. Nevertheless, the widespread adoption of data-intensive processing is still limited by the non-trivial design paradigms involved, which deal with the unboundedness and volume of involved data streams
-
Security Smells in Ansible and Chef Scripts: A Replication Study ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-01-20 Akond Rahman; Md Rayhanur Rahman; Chris Parnin; Laurie Williams
Context: Security smells are recurring coding patterns that are indicative of security weakness and require further inspection. As infrastructure as code (IaC) scripts, such as Ansible and Chef scripts, are used to provision cloud-based servers and systems at scale, security smells in IaC scripts could be used to enable malicious users to exploit vulnerabilities in the provisioned systems. Goal: The
-
Verification of Program Transformations with Inductive Refinement Types ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-01-20 Ahmad Salim Al-Sibahi; Thomas P. Jensen; Aleksandar S. Dimovski; Andrzej Wąsowski
High-level transformation languages like Rascal include expressive features for manipulating large abstract syntax trees: first-class traversals, expressive pattern matching, backtracking, and generalized iterators. We present the design and implementation of an abstract interpretation tool, Rabit, for verifying inductive type and shape properties for transformations written in such languages. We describe
-
Enabledness-based Testing of Object Protocols ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-01-03 Javier Godoy; Juan Pablo Galeotti; Diego Garbervetsky; Sebastián Uchitel
A significant proportion of classes in modern software introduce or use object protocols, prescriptions on the temporal orderings of method calls on objects. This article studies search-based test generation techniques that aim to exploit a particular abstraction of object protocols (enabledness preserving abstractions (EPAs)) to find failures. We define coverage criteria over an extension of EPAs
-
Test Selection for Deep Learning Systems ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-01-03 Wei Ma; Mike Papadakis; Anestis Tsakmalis; Maxime Cordy; Yves Le Traon
Testing of deep learning models is challenging due to the excessive number and complexity of the computations involved. As a result, test data selection is performed manually and in an ad hoc way. This raises the question of how we can automatically select candidate data to test deep learning models. Recent research has focused on defining metrics to measure the thoroughness of a test suite and to
-
History-based Model Repair Recommendations ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-01-03 Manuel Ohrndorf; Christopher Pietsch; Udo Kelter; Lars Grunske; Timo Kehrer
Models in Model-driven Engineering are primary development artifacts that are heavily edited in all stages of software development and that can become temporarily inconsistent during editing. In general, there are many alternatives to resolve an inconsistency, and which one is the most suitable depends on a variety of factors. As also proposed by recent approaches to model repair, it is reasonable
-
Adversarial Specification Mining ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-01-03 Hong Jin Kang; David Lo
There have been numerous studies on mining temporal specifications from execution traces. These approaches learn finite-state automata (FSA) from execution traces when running tests. To learn accurate specifications of a software system, many tests are required. Existing approaches generalize from a limited number of traces or use simple test generation strategies. Unfortunately, these strategies may
-
Test Data Generation for Path Coverage of MPI Programs Using SAEO ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-01-03 Dunwei Gong; Baicai Sun; Xiangjuan Yao; Tian Tian
Message-passing interface (MPI) programs, a typical kind of parallel programs, have been commonly used in various applications. However, it generally takes exhaustive computation to run these programs when generating test data to test them. In this article, we propose a method of test data generation for path coverage of MPI programs using surrogate-assisted evolutionary optimization, which can efficiently
-
Killing Stubborn Mutants with Symbolic Execution ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2021-01-03 Thierry Titcheu Chekam; Mike Papadakis; Maxime Cordy; Yves Le Traon
We introduce SEMu, a Dynamic Symbolic Execution technique that generates test inputs capable of killing stubborn mutants (killable mutants that remain undetected after a reasonable amount of testing). SEMu aims at mutant propagation (triggering erroneous states to the program output) by incrementally searching for divergent program behaviors between the original and the mutant versions. We model the
-
Mastering Variation in Human Studies: The Role of Aggregation ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-12-31 Janet Siegmund; Norman Peitek; Sven Apel; Norbert Siegmund
The human factor is prevalent in empirical software engineering research. However, human studies often do not use the full potential of analysis methods by combining analysis of individual tasks and participants with an analysis that aggregates results over tasks and/or participants. This may hide interesting insights of tasks and participants and may lead to false conclusions by overrating or underrating
-
Uncertainty-wise Requirements Prioritization with Search ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-12-31 Huihui Zhang; Man Zhang; Tao Yue; Shaukat Ali; Yan Li
Requirements review is an effective technique to ensure the quality of requirements in practice, especially in safety-critical domains (e.g., avionics systems, automotive systems). In such contexts, a typical requirements review process often prioritizes requirements, due to limited time and monetary budget, by, for instance, prioritizing requirements with higher implementation cost earlier in the
-
Automated Patch Transplantation ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-12-31 Ridwan Salihin Shariffdeen; Shin Hwei Tan; Mingyuan Gao; Abhik Roychoudhury
Automated program repair is an emerging area that attempts to patch software errors and vulnerabilities. In this article, we formulate and study a problem related to automated repair, namely automated patch transplantation. A patch for an error in a donor program is automatically adapted and inserted into a “similar” target program. We observe that despite standard procedures for vulnerability disclosures
-
RegionTrack: A Trace-Based Sound and Complete Checker to Debug Transactional Atomicity Violations and Non-Serializable Traces ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-12-31 Xiaoxue Ma; Shangru Wu; Ernest Pobee; Xiupei Mei; Hao Zhang; Bo Jiang; Wing-Kwong Chan
Atomicity is a correctness criterion to reason about isolated code regions in a multithreaded program when they are executed concurrently. However, dynamic instances of these code regions, called transactions, may fail to behave atomically, resulting in transactional atomicity violations. Existing dynamic online atomicity checkers incur either false positives or false negatives in detecting transactions
-
An Empirical Study of Developer Discussions in the Gitter Platform ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-12-31 Osama Ehsan; Safwat Hassan; Mariam El Mezouar; Ying Zou
Developer chatrooms (e.g., the Gitter platform) are gaining popularity as a communication channel among developers. In developer chatrooms, a developer (asker) posts questions and other developers (respondents) respond to the posted questions. The interaction between askers and respondents results in a discussion thread. Recent studies show that developers use chatrooms to inquire about issues, discuss
-
A Practical Approach to Verification of Floating-Point C/C++ Programs with math.h/cmath Functions ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-12-31 Roberto Bagnara; Michele Chiari; Roberta Gori; Abramo Bagnara
Verification of C/C++ programs has seen considerable progress in several areas, but not for programs that use these languages’ mathematical libraries. The reason is that all libraries in widespread use come with no guarantees about the computed results. This would seem to prevent any attempt at formal verification of programs that use them: without a specification for the functions, no conclusion can
-
SEADS: Scalable and Cost-effective Dynamic Dependence Analysis of Distributed Systems via Reinforcement Learning ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-12-31 Xiaoqin Fu; Haipeng Cai; Wen Li; Li Li
Distributed software systems are increasingly developed and deployed today. Many of these systems are supposed to run continuously. Given their critical roles in our society and daily lives, assuring the quality of distributed systems is crucial. Analyzing runtime program dependencies has long been a fundamental technique underlying numerous tool support for software quality assurance. Yet conventional
-
Technical Q8A Site Answer Recommendation via Question Boosting ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-12-31 Zhipeng Gao; Xin Xia; David Lo; John Grundy
Software developers have heavily used online question-and-answer platforms to seek help to solve their technical problems. However, a major problem with these technical Q8A sites is “answer hungriness,” i.e., a large number of questions remain unanswered or unresolved, and users have to wait for a long time or painstakingly go through the provided answers with various levels of quality. To alleviate
-
Practical Accuracy Estimation for Efficient Deep Neural Network Testing ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-10-04 Junjie Chen; Zhuo Wu; Zan Wang; Hanmo You; Lingming Zhang; Ming Yan
Deep neural network (DNN) has become increasingly popular and DNN testing is very critical to guarantee the correctness of DNN, i.e., the accuracy of DNN in this work. However, DNN testing suffers from a serious efficiency problem, i.e., it is costly to label each test input to know the DNN accuracy for the testing set, since labeling each test input involves multiple persons (even with domain-specific
-
Generating Question Titles for Stack Overflow from Mined Code Snippets ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-09-26 Zhipeng Gao; Xin Xia; John Grundy; David Lo; Yuan-Fang Li
Stack Overflow has been heavily used by software developers as a popular way to seek programming-related information from peers via the internet. The Stack Overflow community recommends users to provide the related code snippet when they are creating a question to help others better understand it and offer their help. Previous studies have shown that a significant number of these questions are of low-quality
-
Smart Contract Repair ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-09-26 Xiao Liang Yu; Omar Al-Bataineh; David Lo; Abhik Roychoudhury
Smart contracts are automated or self-enforcing contracts that can be used to exchange assets without having to place trust in third parties. Many commercial transactions use smart contracts due to their potential benefits in terms of secure peer-to-peer transactions independent of external parties. Experience shows that many commonly used smart contracts are vulnerable to serious malicious attacks
-
Using Relative Lines of Code to Guide Automated Test Generation for Python ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-09-26 Josie Holmes; Iftekhar Ahmed; Caius Brindescu; Rahul Gopinath; He Zhang; Alex Groce
Raw lines of code (LOC) is a metric that does not, at first glance, seem extremely useful for automated test generation. It is both highly language-dependent and not extremely meaningful, semantically, within a language: one coder can produce the same effect with many fewer lines than another. However, relative LOC, between components of the same project, turns out to be a highly useful metric for
-
Why Developers Refactor Source Code: A Mining-based Study ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-09-26 Jevgenija Pantiuchina; Fiorella Zampetti; Simone Scalabrino; Valentina Piantadosi; Rocco Oliveto; Gabriele Bavota; Massimiliano Di Penta
Refactoring aims at improving code non-functional attributes without modifying its external behavior. Previous studies investigated the motivations behind refactoring by surveying developers. With the aim of generalizing and complementing their findings, we present a large-scale study quantitatively and qualitatively investigating why developers perform refactoring in open source projects. First, we
-
Modular Tree Network for Source Code Representation Learning ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-09-26 Wenhan Wang; Ge Li; Sijie Shen; Xin Xia; Zhi Jin
Learning representation for source code is a foundation of many program analysis tasks. In recent years, neural networks have already shown success in this area, but most existing models did not make full use of the unique structural information of programs. Although abstract syntax tree (AST)-based neural models can handle the tree structure in the source code, they cannot capture the richness of
-
Editorial ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-07-04 Mauro Pezzè
No abstract available.
-
Wireframe-based UI Design Search through Image Autoencoder ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-06-16 Jieshan Chen; Chunyang Chen; Zhenchang Xing; Xin Xia; Liming Zhu; John Grundy; Jinshui Wang
UI design is an integral part of software development. For many developers who do not have much UI design experience, exposing them to a large database of real-application UI designs can help them quickly build up a realistic understanding of the design space for a software feature and get design inspirations from existing applications. However, existing keyword-based, image-similarity-based, and
-
Fine-grained Code Coverage Measurement in Automated Black-box Android Testing ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-07-06 Aleksandr Pilgun; Olga Gadyatskaya; Yury Zhauniarovich; Stanislav Dashevskyi; Artsiom Kushniarou; Sjouke Mauw
Today, there are millions of third-party Android applications. Some of them are buggy or even malicious. To identify such applications, novel frameworks for automated black-box testing and dynamic analysis are being developed by the Android community. Code coverage is one of the most common metrics for evaluating effectiveness of these frameworks. Furthermore, code coverage is used as a fitness function
-
Measuring Task Conflict and Person Conflict in Software Testing ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-07-06 Xihui Zhang; Thomas F. Stafford; Tao Hu; Hua Dai
Task-related conflict and person-related conflict in software testing are inevitable and can impact the effectiveness and efficiency of the software development process. The dimensionality of conflict in software testing is reasonably well understood, although in past research both types of conflict have frequently been modeled as reflective constructs that can obstruct the effectiveness of their use
-
iSENSE2.0: Improving Completion-aware Crowdtesting Management with Duplicate Tagger and Sanity Checker ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-07-06 Junjie Wang; Ye Yang; Tim Menzies; Qing Wang
Software engineers get questions of “how much testing is enough” on a regular basis. Existing approaches in software testing management employ experience-, risk-, or value-based analysis to prioritize and manage testing processes. However, very few is applicable to the emerging crowdtesting paradigm to cope with extremely limited information and control over unknown, online crowdworkers. In practice
-
Handling SQL Databases in Automated System Test Generation ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-07-06 Andrea Arcuri; Juan P. Galeotti
Automated system test generation for web/enterprise systems requires either a sequence of actions on a GUI (e.g., clicking on HTML links and form buttons) or direct HTTP calls when dealing with web services (e.g., REST and SOAP). When doing white-box testing of such systems, their code can be analyzed, and the same type of heuristics (e.g., the branch distance) used in search-based unit testing can
-
KLEESpectre: Detecting Information Leakage through Speculative Cache Attacks via Symbolic Execution ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-06-01 Guanhua Wang; Sudipta Chattopadhyay; Arnab Kumar Biswas; Tulika Mitra; Abhik Roychoudhury
Spectre-style attacks disclosed in early 2018 expose data leakage scenarios via cache side channels. Specifically, speculatively executed paths due to branch mis-prediction may bring secret data into the cache, which are then exposed via cache side channels even after the speculative execution is squashed. Symbolic execution is a well-known test generation method to cover program paths at the level
-
Computing Alignments of Well-Formed Process Models using Local Search ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-06-01 Farbod Taymouri; Josep Carmona
The alignment of observed and modeled behavior is an essential element for organizations, since it opens the door for conformance checking and enhancement of processes. The state-of-the-art technique for computing alignments has exponential time and space complexity, hindering its applicability for medium and large instances. In this article, a novel approach is presented to tackle the challenge of
-
Unveiling Elite Developers’ Activities in Open Source Projects ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-06-01 Zhendong Wang; Yang Feng; Yi Wang; James A. Jones; David Redmiles
Open source developers, particularly the elite developers who own the administrative privileges for a project, maintain a diverse portfolio of contributing activities. They not only commit source code but also exert significant efforts on other communicative, organizational, and supportive activities. However, almost all prior research focuses on specific activities and fails to analyze elite developers’
-
Monotone Precision and Recall Measures for Comparing Executions and Specifications of Dynamic Systems ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-06-01 Artem Polyvyanyy; Andreas Solti; Matthias Weidlich; Claudio Di Ciccio; Jan Mendling
The behavioural comparison of systems is an important concern of software engineering research. For example, the areas of specification discovery and specification mining are concerned with measuring the consistency between a collection of execution traces and a program specification. This problem is also tackled in process mining with the help of measures that describe the quality of a process specification
-
Testing Relative to Usage Scope: Revisiting Software Coverage Criteria ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-06-01 Breno Miranda; Antonia Bertolino
Coverage criteria provide a useful and widely used means to guide software testing; however, indiscriminately pursuing full coverage may not always be convenient or meaningful, as not all entities are of interest in any usage context. We aim at introducing a more meaningful notion of coverage that takes into account how the software is going to be used. Entities that are not going to be exercised by
-
Multi-objective Integer Programming Approaches for Solving the Multi-criteria Test-suite Minimization Problem: Towards Sound and Complete Solutions of a Particular Search-based Software-engineering Problem ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-06-01 Yinxing Xue; Yan-Fu Li
Test-suite minimization is one key technique for optimizing the software testing process. Due to the need to balance multiple factors, multi-criteria test-suite minimization (MCTSM) becomes a popular research topic in the recent decade. The MCTSM problem is typically modeled as integer linear programming (ILP) problem and solved with weighted-sum single objective approach. However, there is no existing
-
psc2code: Denoising Code Extraction from Programming Screencasts ACM Trans. Softw. Eng. Methodol. (IF 2.057) Pub Date : 2020-06-01 Lingfeng Bao; Zhenchang Xing; Xin Xia; David Lo; Minghui Wu; Xiaohu Yang
Programming screencasts have become a pervasive resource on the Internet, which help developers learn new programming technologies or skills. The source code in programming screencasts is an important and valuable information for developers. But the streaming nature of programming screencasts (i.e., a sequence of screen-captured images) limits the ways that developers can interact with the source code