Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 16 of 16
Full-Text Articles in Physical Sciences and Mathematics
Better Pay Attention Whilst Fuzzing, Shunkai Zhu, Jingyi Wang, Jun Sun, Jie Yang, Xingwei Lin, Liyi Zhang, Peng Cheng
Better Pay Attention Whilst Fuzzing, Shunkai Zhu, Jingyi Wang, Jun Sun, Jie Yang, Xingwei Lin, Liyi Zhang, Peng Cheng
Research Collection School Of Computing and Information Systems
Fuzzing is one of the prevailing methods for vulnerability detection. However, even state-of-the-art fuzzing methods become ineffective after some period of time, i.e., the coverage hardly improves as existing methods are ineffective to focus the attention of fuzzing on covering the hard-to-trigger program paths. In other words, they cannot generate inputs that can break the bottleneck due to the fundamental difficulty in capturing the complex relations between the test inputs and program coverage. In particular, existing fuzzers suffer from the following main limitations: 1) lacking an overall analysis of the program to identify the most “rewarding” seeds, and 2) lacking …
Detecting C++ Compiler Front-End Bugs Via Grammar Mutation And Differential Testing, Haoxin Tu, He Jiang, Zhide Zhou, Yixuan Tang, Zhilei Ren, Lei Qiao, Lingxiao Jiang
Detecting C++ Compiler Front-End Bugs Via Grammar Mutation And Differential Testing, Haoxin Tu, He Jiang, Zhide Zhou, Yixuan Tang, Zhilei Ren, Lei Qiao, Lingxiao Jiang
Research Collection School Of Computing and Information Systems
C++ is a widely used programming language and the C++ front-end is a critical part of a C++ compiler. Although many techniques have been proposed to test compilers, few studies are devoted to detecting bugs in C++ compiler. In this study, we take the first step to detect bugs in C++ compiler front-ends. To do so, two main challenges need to be addressed, namely, the acquisition of test programs that are more likely to trigger bugs in compiler front-ends and the bug identification from complicated compiler outputs. In this article, we propose a novel framework named Ccoft to detect bugs …
Achieving High Map-Coverage Through Pattern Constraint Reduction, Yingquan Zhao, Zan Wang, Shuang Liu, Jun Sun, Junjie Chen, Xiang Chen
Achieving High Map-Coverage Through Pattern Constraint Reduction, Yingquan Zhao, Zan Wang, Shuang Liu, Jun Sun, Junjie Chen, Xiang Chen
Research Collection School Of Computing and Information Systems
Testing multi-threaded programs is challenging due to the enormous space of thread interleavings. Recently, a code coverage criterion for multi-threaded programs called MAP-coverage has been proposed and shown to be effective for testing concurrent programs. Existing approaches for achieving high MAP-coverage are based on random testing with simple heuristics, which is ineffective in systematically triggering rare thread interleavings. In this study, we propose a novel approach called pattern constraint reduction (PCR), which employs optimized constraint solving to generate thread interleavings for high MAP-coverage. The idea is to iteratively encode and solve path conditions to generate thread interleavings which are guaranteed …
How To Find Actionable Static Analysis Warnings: A Case Study With Findbugs, Rahul Yedida, Hong Jin Kang, Huy Tu, Xueqi Yang, David Lo, Tim Menzies
How To Find Actionable Static Analysis Warnings: A Case Study With Findbugs, Rahul Yedida, Hong Jin Kang, Huy Tu, Xueqi Yang, David Lo, Tim Menzies
Research Collection School Of Computing and Information Systems
Automatically generated static code warnings suffer from a large number of false alarms. Hence, developers only take action on a small percent of those warnings. To better predict which static code warnings should ot be ignored, we suggest that analysts need to look deeper into their algorithms to find choices that better improve the particulars of their specific problem. Specifically, we show here that effective predictors of such warnings can be created by methods that ocally adjust the decision boundary (between actionable warnings and others). These methods yield a new high water-mark for recognizing actionable static code warnings. For eight …
Data Quality Matters: A Case Study On Data Label Correctness For Security Bug Report Prediction, Xiaoxue Wu, Wei Zheng, Xin Xia, David Lo
Data Quality Matters: A Case Study On Data Label Correctness For Security Bug Report Prediction, Xiaoxue Wu, Wei Zheng, Xin Xia, David Lo
Research Collection School Of Computing and Information Systems
In the research of mining software repositories, we need to label a large amount of data to construct a predictive model. The correctness of the labels will affect the performance of a model substantially. However, limited studies have been performed to investigate the impact of mislabeled instances on a predictive model. To bridge the gap, in this article, we perform a case study on the security bug report (SBR) prediction. We found five publicly available datasets for SBR prediction contains many mislabeled instances, which lead to the poor performance of SBR prediction models of recent studies (e.g., the work of …
Just-In-Time Defect Identification And Localization: A Two-Phase Framework, Meng Yan, Xin Xia, Yuanrui Fan, Ahmed E. Hassan, David Lo, Shanping Li
Just-In-Time Defect Identification And Localization: A Two-Phase Framework, Meng Yan, Xin Xia, Yuanrui Fan, Ahmed E. Hassan, David Lo, Shanping Li
Research Collection School Of Computing and Information Systems
Defect localization aims to locate buggy program elements (e.g., buggy files, methods or lines of code) based on defect symptoms, e.g., bug reports or program spectrum. However, when we receive the defect symptoms, the defect has been exposed and negative impacts have been introduced. Thus, one challenging task is: whether we can locate buggy program prior to appearance of the defect symptom at an early time (e.g., when buggy program elements are being checked-in). We refer to this type of defect localization as “Just-In-Time (JIT) Defect localization”. Although many prior studies have proposed various JIT defect identification methods to identify …
Automatic Solution Summarization For Crash Bugs, Haoye Wang, Xin Xia, David Lo, John C. Grundy, Xinyu Wang
Automatic Solution Summarization For Crash Bugs, Haoye Wang, Xin Xia, David Lo, John C. Grundy, Xinyu Wang
Research Collection School Of Computing and Information Systems
The causes of software crashes can be hidden anywhere in the source code and development environment. When encountering software crashes, recurring bugs that are discussed on Q&A sites could provide developers with solutions to their crashing problems. However, it is difficult for developers to accurately search for relevant content on search engines, and developers have to spend a lot of manual effort to find the right solution from the returned results. In this paper, we present CRASOLVER, an approach that takes into account both the structural information of crash traces and the knowledge of crash-causing bugs to automatically summarize solutions …
Perceptions, Expectations, And Challenges In Defect Prediction, Zhiyuan Wan, Xin Xia, Ahmed E. Hassan, David Lo, Jianwei Yin, Xiaohu Yang
Perceptions, Expectations, And Challenges In Defect Prediction, Zhiyuan Wan, Xin Xia, Ahmed E. Hassan, David Lo, Jianwei Yin, Xiaohu Yang
Research Collection School Of Computing and Information Systems
Defect prediction has been an active research area for over four decades. Despite numerous studies on defect prediction, the potential value of defect prediction in practice remains unclear. To address this issue, we performed a mixed qualitative and quantitative study to investigate what practitioners think, behave and expect in contrast to research findings when it comes to defect prediction. We collected hypotheses from open-ended interviews and a literature review, followed by a validation survey. We received 395 responses from practitioners. Some of our key findings include: 1) Over 90% of respondents are willing to adopt defect prediction techniques. 2) There …
How Practitioners Perceive Automated Bug Report Management Techniques, Weiqin Zou, David Lo, Zhenyu Chen, Xin Xia, Yang Feng, Baowen Xu
How Practitioners Perceive Automated Bug Report Management Techniques, Weiqin Zou, David Lo, Zhenyu Chen, Xin Xia, Yang Feng, Baowen Xu
Research Collection School Of Computing and Information Systems
Bug reports play an important role in the process of debugging and fixing bugs. To reduce the burden of bug report managers and facilitate the process of bug fixing, a great amount of software engineering research has been invested into automated bug report management techniques. However, the verdict is still open whether such techniques are actually required and applicable outside of the theoretical research domain. To fill this gap, in this paper, we conducted a survey among 327 practitioners to gain their insights into various categories of automated bug report management techniques. Specifically, in the survey, we asked them to …
Chaff From The Wheat: Characterizing And Determining Valid Bug Reports, Yuanrui Fan, Xin Xia, David Lo, Ahmed E. Hassan
Chaff From The Wheat: Characterizing And Determining Valid Bug Reports, Yuanrui Fan, Xin Xia, David Lo, Ahmed E. Hassan
Research Collection School Of Computing and Information Systems
Developers use bug reports to triage and fix bugs. When triaging a bug report, developers must decide whether the bug report is valid (i.e., a real bug). A large amount of bug reports are submitted every day, with many of them end up being invalid reports. Manually determining valid bug report is a difficult and tedious task. Thus, an approach that can automatically analyze the validity of a bug report and determine whether a report is valid can help developers prioritize their triaging tasks and avoid wasting time and effort on invalid bug reports. In this study, motivated by the …
Automating Intention Mining, Qiao Huang, Xin Xia, David Lo, Gail C. Murphy
Automating Intention Mining, Qiao Huang, Xin Xia, David Lo, Gail C. Murphy
Research Collection School Of Computing and Information Systems
Developers frequently discuss aspects of the systems they are developing online. The comments they post to discussions form a rich information source about the system. Intention mining, a process introduced by Di Sorbo et al., classifies sentences in developer discussions to enable further analysis. As one example of use, intention mining has been used to help build various recommenders for software developers. The technique introduced by Di Sorbo et al. to categorize sentences is based on linguistic patterns derived from two projects. The limited number of data sources used in this earlier work introduces questions about the comprehensiveness of intention …
Code Coverage And Postrelease Defects: A Large-Scale Study On Open Source Projects, Pavneet Singh Kochhar, David Lo, Julia Lawall, Nachiappan Nagappan
Code Coverage And Postrelease Defects: A Large-Scale Study On Open Source Projects, Pavneet Singh Kochhar, David Lo, Julia Lawall, Nachiappan Nagappan
Research Collection School Of Computing and Information Systems
Testing is a pivotal activity in ensuring the quality of software. Code coverage is a common metric used as a yardstick to measure the efficacy and adequacy of testing. However, does higher coverage actually lead to a decline in postrelease bugs? Do files that have higher test coverage actually have fewer bug reports? The direct relationship between code coverage and actual bug reports has not yet been analyzed via a comprehensive empirical study on real bugs. Past studies only involve a few software systems or artificially injected bugs (mutants). In this empirical study, we examine these questions in the context …
Empirical Study On Synthesis Engines For Semantics-Based Program Repair, Le Dinh Xuan Bach, David Lo, Claire Le Goues
Empirical Study On Synthesis Engines For Semantics-Based Program Repair, Le Dinh Xuan Bach, David Lo, Claire Le Goues
Research Collection School Of Computing and Information Systems
Automatic Program Repair (APR) is an emerging and rapidly growing research area, with many techniques proposed to repair defective software. One notable state-of-the-art line of APR approaches is known as semantics-based techniques, e.g., Angelix, which extract semantics constraints, i.e., specifications, via symbolic execution and test suites, and then generate repairs conforming to these constraints using program synthesis. The repair capability of such approaches-expressive power, output quality, and scalability-naturally depends on the underlying synthesis technique. However, despite recent advances in program synthesis, not much attention has been paid to assess, compare, or leverage the variety of available synthesis engine capabilities in …
Enhancing Automated Program Repair With Deductive Verification, Xuan-Bach D. Le, Quang Loc Le, David Lo, Claire Le Goues
Enhancing Automated Program Repair With Deductive Verification, Xuan-Bach D. Le, Quang Loc Le, David Lo, Claire Le Goues
Research Collection School Of Computing and Information Systems
Automated program repair (APR) is a challenging process of detecting bugs, localizing buggy code, generating fix candidates and validating the fixes. Effectiveness of program repair methods relies on the generated fix candidates, and the methods used to traverse the space of generated candidates to search for the best ones. Existing approaches generate fix candidates based on either syntactic searches over source code or semantic analysis of specification, e.g., test cases. In this paper, we propose to combine both syntactic and semantic fix candidates to enhance the search space of APR, and provide a function to effectively traverse the search space. …
"Automated Debugging Considered Harmful" Considered Harmful: A User Study Revisiting The Usefulness Of Spectra-Based Fault Localization Techniques With Professionals Using Real Bugs From Large Systems, Xin Xia, Lingfeng Bao, David Lo, Shanping Li
"Automated Debugging Considered Harmful" Considered Harmful: A User Study Revisiting The Usefulness Of Spectra-Based Fault Localization Techniques With Professionals Using Real Bugs From Large Systems, Xin Xia, Lingfeng Bao, David Lo, Shanping Li
Research Collection School Of Computing and Information Systems
Due to the complexity of software systems, bugs are inevitable. Software debugging is tedious and time consuming. To help developers perform this crucial task, a number of spectra-based fault localization techniques have been proposed. In general, spectra-based fault localization helps developers to find the location of a bug given its symptoms (e.g., program failures). A previous study by Parnin and Orso however implies that several assumptions made by existing work on spectra-based fault localization do not hold in practice, which hinders the practical usage of these tools. Moreover, a recent study by Xie et al. claims that spectra-based fault localization …
A Large Scale Study Of Multiple Programming Languages And Code Quality, Pavneet Singh Kochhar, Withthige Dinusha Ruchira Wijedasa, David Lo
A Large Scale Study Of Multiple Programming Languages And Code Quality, Pavneet Singh Kochhar, Withthige Dinusha Ruchira Wijedasa, David Lo
Research Collection School Of Computing and Information Systems
Nowadays, most software use multiple programming languages to implement certain functionalities based on the strengths and weaknesses of different languages. Researchers in the past have studied the impact of independent programming languages on software quality, however, there has been little or no research on the impact of multiple languages on the quality of software. Does the use of multiple languages cause more bugs? Are certain languages when used with other languages make software more bug prone? What are the relationships between multi-language usage and various bug categories? In this study, we perform a large scale empirical investigation to shed light …