List of accepted papers:
Software Clusterings with Vector Semantics and the Call Graph
Marios Papachristou
(National Technical University of Athens, Greece)
In this paper, we propose a novel method to determine a software's modules without knowledge of its architectural structure, and empirically validate the method's performance. We cluster files by combining document embeddings, generated with the Doc2Vec algorithm, and the call graph, provided by Static Graph Analyzers to an augmented graph. We use the Louvain Algorithm to determine its community structure and propose a module-level clustering. Our method performs better in terms of stability, authoritativeness, and extremity over other state-of-the-art clustering methods proposed in the literature and is able to decently recover the ground truth clustering of the Linux Kernel. Finally, we conclude that semantic information from vector semantics as well as the call graph can produce accurate results for software clusterings of large systems.
Article Search
Machine Learning-Assisted Performance Testing
Mahshid Helali Moghadam
(RISE SICS, Sweden; Mälardalen University, Sweden)
Automated testing activities like automated test case generation imply a reduction in human effort and cost, with the potential to impact the test coverage positively. If the optimal policy, i.e., the course of actions adopted, for performing the intended test activity could be learnt by the testing system, i.e., a smart tester agent, then the learnt policy could be reused in analogous situations which leads to even more efficiency in terms of required efforts. Performance testing under stress execution conditions, i.e., stress testing, which involves providing extreme test conditions to find the performance breaking points, remains a challenge, particularly for complex software systems. Some common approaches for generating stress test conditions are based on source code or system model analysis, or use-case based design approaches. However, source code or precise system models might not be easily available for testing. Moreover, drawing a precise performance model is often difficult, particularly for complex systems. In this research, I have used model-free reinforcement learning to build a self-adaptive autonomous stress testing framework which is able to learn the optimal policy for stress test case generation without having a model of the system under test. The conducted experimental analysis shows that the proposed smart framework is able to generate the stress test conditions for different software systems efficiently and adaptively without access to performance models.
Article Search
File Tracing by Intercepting Disk Requests
Vladislav Stepanov
(Novgorod State University, Russia)
Existing file operation tracing methods are always OS-specific. It is a problem for file monitoring in some exotic operating systems and other programs running in privileged mode. We present a file system specific solution that could be work with any guest OS on a virtual machine. This solution works on the basis of intercepting requests to a block device. Our implementation is based on the QEMU emulator and supports ext2 and ext3 file systems.
Article Search
Recommending Related Functions from API Usage-Based Function Clone Structures
Shamsa Abid
(Lahore University of Management Sciences, Pakistan)
Developers need to be able to find reusable code for desired software features in a way that supports opportunistic programming for increased developer productivity. Our objective is to develop a recommendation system that provides a developer with function recommendations having functionality relevant to her development task. We employ a combination of information retrieval, static code analysis and data mining techniques to build the proposed recommendation system called FACER (Feature-driven API usage-based Code Examples Recommender). We performed an experimental evaluation on 122 projects from GitHub from selected categories to determine the accuracy of the retrieved code for related features. FACER recommended functions with a precision of 54% and 75% when evaluated using automated and manual methods respectively.
Article Search
Identifying the Most Valuable Developers using Artifact Traceability Graphs
H. Alperen Cetin
(Bilkent University, Turkey)
Finding the most valuable and indispensable developers is a crucial task in software development. We categorize these valuable developers into two categories: connector and maven. A typical connector represents a developer who connects different groups of developers in a large-scale project. Mavens represent the developers who are the sole experts in specific modules of the project.
To identify the connectors and mavens, we propose an approach using graph centrality metrics and connections of traceability graphs. We conducted a preliminary study on this approach by using two open source projects: QT 3D Studio and Android. Initial results show that the approach leads to identify the essential developers.
Article Search
Automated Patch Porting across Forked Projects
Luyao Ren
(Peking University, China)
Forking projects provides a straightforward method for developers to reuse existing source code and tailor it to their own application scenarios, which can significantly reduce developers' burden. However, this process makes forked projects (upstream projects and their forks) share the same defects on reused code as well. With the independent development of forked projects, some defects can only be repaired in one of them, where the patches need to be ported to others as well. Manually tracking all such activities among them is hard. Previous studies reveal that porting patches across forked projects is imperative and call research in this direction. Targeting at this problem, we conducted an empirical study to analyze the characteristics of patches in forked projects. We found that 20.5% patches need to be ported among all analyzed patches, which is a non-negligible portion. Among all those patches that need to be ported, 73.2% can be easily ported by simple syntactic code transformations. However, it is still challenging for other 26.8% patches since the corresponding code has experienced different modifications in the forked projects. As a result, according to the insights from the study, we proposed a new approach, which aims to automatically identify and port patches across forked projects.
Article Search
Employing Different Program Analysis Methods to Study Bug Evolution
Charalambos Mitropoulos
(Athens University of Economics and Business, Greece)
The evolution of software bugs has been a well-studied topic in software engineering. We used three different program analysis tools to examine the different versions of two popular sets of programming tools (gnu Binary and Core utilities), and check if their bugs increase or decrease over time. Each tool is based on a different approach, namely: static analysis, symbolic execution, and fuzzing. In this way we can observe potential differences on the kinds of bugs that each tool detects and examine their effectiveness. To do so, we have performed a qualitative analysis on the results. Overall, our results indicate that we cannot say if bugs either decrease or increase over time and that the tools identify different bug types based on the method they follow.
Article Search
Reducing the Workload of the Linux Kernel Maintainers: Multiple-Committer Model
Xin Tan
(Peking University, China)
With the increasing scale and complexity of software, the traditional development workflow may be inapplicable, which is harmful to the sustainable development of projects. In this study, we explored a new workflow — multiple-committer model that was applied by a subsystem of the Linux kernel to confront the heavy workload of the maintainers. We designed four dimensions of metrics toevaluate the model effect and found that this model conspicuouslyreduces the workload of the maintainers. We also obtained thecrucial factors for implementing this model.
Article Search
Efficient Computing in a Safe Environment
Michail Loukeris
(Athens University of Economics and Business, Greece)
Modern computer systems are facing security challenges and thus
are forced to employ various encryption, mitigation mechanisms,
and other measures that affect significantly their performance. In
this study, we aim to identify the energy and run-time performance
implications of Meltdown and Spectre mitigation mechanisms. To
achieve our goal, we experiment on server platform using different
test cases. Our results highlight that request handling and memory
operations are noticeably affected from mitigation mechanisms,
both in terms of energy and run-time performance.
Article Search
The Lessons Software Engineers Can Extract from Painters to Improve the Software Development Process
Milana Nurgalieva
(Innopolis University, Russia)
The way software is produced is very similar to an artistic and creative process. This fact is well known and has been acknowledged from the very early era of computers.
Moreover, there are even further similarities between the software development process and painting. This similarity can consequently lead to the assumption that software engineers can utilise the knowledge the artists employ, since the people have created artistic works for centuries. This paper focuses on the following questions: what similarities exist between the software development process and painting, what artistic practices could be profitably transferred to software development, and, in particular, with reference to pair programming, how do artists paint together and is there something that could be learned by software developers and engineers.
The uniqueness of the proposed approach lies in the exploration of the novel idea with the use of a complex way to examine the topic, and considering developers primarily as creative people, not ordinary industrial workers.
Article Search
An Industrial Application of Test Selection using Test Suite Diagnosability
Daniel Correia
(University of Lisbon, Portugal; Instituto Superior Técnico, Portugal)
Performing full regression testing every time a change is made on large software systems tends to be unfeasible as it takes too long to run all the test cases. The main motivation of this work was to provide a shorter and earlier feedback loop to the developers at OutSystems when a change is made (instead of having to wait for slower feedback from a CI pipeline). The developed tool, MOTSD, implements a multi-objective test selection approach in a C# code base using a test suite diagnosability metric and historical metrics as objectives and it is powered by a particle swarm optimization algorithm. This paper presents implementation challenges, current experimental results and limitations of the developed approach when applied in an industrial context.
Article Search
Understanding Source Code Comments at Large-Scale
Hao He
(Peking University, China)
Source code comments are important for any software, but the basic patterns of writing comments across domains and programming languages remain unclear. In this paper, we take a first step toward understanding differences in commenting practices by analyzing the comment density of 150 projects in 5 different programming languages. We have found that there are noticeable differences in comment density, which may be related to the programming language used in the project and the purpose of the project.
Article Search
A Graph-Based Framework for Analysing the Design of Smart Contracts
Bram Vandenbogaerde
(Vrije Universiteit Brussel, Belgium)
Used as a platform for executing smart contracts, Blockchain technology has yielded new programming languages. We propose a graph-based framework for computing software design metrics for the Solidity programming language, and use this framework in a preliminary study on 505 smart contracts mined from GitHub. The results show that most of the smart contracts are rather straightforward from an objected-oriented point of view and that new design metrics specific to smart contracts should be developed.
Article Search
Finding the Shortest Path to Reproduce a Failure Found by TESTAR
Olivia Rodriguez Valdes
(Technological University of Havana, Cuba)
TESTAR is a tool for automated testing via the GUI. It uses dynamic analysis during automated GUI exploration and generates the test sequences during the execution.
TESTAR saves all kind of information about the tests in a Graph database that can be queried or traversed during or after the tests using a traversal language.
Test sequences leading to a failure can be excessively long, making the root-cause analysis of the failure difficult.
This paper proposes an initial approach to find the shortest path to reproduce an error found by TESTAR
Article Search
Analysing Socio-technical Congruence in the Package Dependency Network of Cargo
Mehdi Golzadeh
(University of Mons, Belgium)
Software package distributions form large dependency networks maintained by large communities of contributors. My PhD research will consist of analysing the evolution of the socio-technical congruence of these package dependency networks, and studying its impact on the health of the ecosystem and its community.
I have started a longitudinal empirical study of Cargo's dependency network and the social (commenting) and technical (development) activities in Cargo's package repositories on GitHub, and present some preliminary findings.
Article Search
Tuning Backfired? Not (Always) Your Fault: Understanding and Detecting Configuration-Related Performance Bugs
Haochen He
(National University of Defense Technology, China)
Performance bugs (PBugs) are often hard to detect due to their non fail-stop symptoms. Existing debugging techniques can only detect PBugs with known patterns (e.g. inefficient loops). The key reason behind this incapability is the lack of a general test oracle. Here, we argue that the configuration tuning can serve as a strong candidate for PBugs detection. First, prior work shows that most performance bugs are related to configurations. Second, the tuning reflects users’ expectation of performance changes. If the actual performance behaves differently from the users’ intuition, the related code segment is likely to be problematic.
In this paper, we first conduct a comprehensive study on configuration related performance bugs(CPBugs) from 7 representative softwares (i.e., MySQL, MariaDB, MongoDB, RocksDB, PostgreSQL, Apache and Nginx) and collect 135 real-world CPBugs. Next, by further analyzing the symptoms and root causes of the collected bugs, we identify 7 counter-intuitive patterns. Finally, by integrating the counter-intuitive patterns, we build a general test framework for detecting performance bugs.
Article Search
On the Use of Lambda Expressions in 760 Open Source Python Projects
Shubham Sangle and Sandeep Muvva
(IIT Tirupati, India)
Lambdas as anonymous functions have gained significant prominence in programming languages such as Java, C++, Python and so on as developers tend to use them. With the dominant use of Python as backend language in many projects and large number of open source projects available, we set out to investigate the use of lambdas in Python projects and obtained 19 categories to classify lambda usages as preliminary results. Our study could help language designers to improve the state of the art libraries for lambda expressions and developers to use lambda expressions effectively.
Article Search
Test-Related Factors and Post-release Defects: An Empirical Study
Fabiano Pecorelli
(University of Salerno, Italy)
Testing is a very important activity whose purpose is to ensure software quality. Recent studies have studied the effects of test-related factors (e.g., code coverage) on software code quality, showing that they have good predictive power on post-release defects.
Despite these studies demonstrated the existence of a relation between test-related factors and software code quality, they considered different factors separately. That led us to conduct an additional empirical study in which we considered these factors all together.
The key findings of the study show that, while post-release defects are strongly related to process and code metrics of the production classes, test-related factors have a limited prediction impact.
Article Search
Static Deep Neural Network Analysis for Robustness
Rangeet Pan
(Iowa State University, USA)
This work studies the static structure of deep neural network models using white box based approach and utilizes that knowledge to find the susceptible classes which can be misclassified easily. With the knowledge of susceptible classes, our work has proposed to retrain the model for those classes to achieve increased robustness. Our preliminary result has been evaluated on MNIST, F-MNIST, and CIFAR-10 (ImageNet and ResNet-32 model) based datasets and have been compared with two state-of-the-art detectors.
Article Search
Are Existing Code Smells Relevant in Web Games? An Empirical Study
Vaishali Khanve
(IIT Tirupati, India)
In software applications, code smells are considered as bad coding practices acquired at the time of development. The presence of such code smells in games may affect the process of game development adversely. Our preliminary study aims at investigating the existence of code smells in the games. To achieve this, we used JavaScript code smells detection tool JSNose against 361 JavaScript web games to find occurrences of JavaScript smells in games. Further, we conducted a manual study to find violations of known game programming patterns in 8 web games to verify the necessity of game-specific code smells detection tool. Our results shows that existing JavaScript code smells detection tool is not sufficient to find game-specific code smells in web games.
Article Search
Tackling Knowledge Needs during Software Evolution
Jacob Krüger
(University of Magdeburg, Germany)
Developers use a large amount of their time to understand the system they work on, an activity referred to as program comprehension. Especially software evolution and forgetting over time lead to developers becoming unfamiliar with a system. To support them during program comprehension, we can employ knowledge recovery to reverse engineer implicit information from the system and the platform (e.g., GitHub) it is hosted on. However, to recover useful knowledge and to provide it in a useful way, we first need to understand what knowledge developers forget to what extent, what sources are reliable to recover knowledge, and how to trace knowledge to the features in a system. We tackle these three issues, aiming to provide empirical insights and tooling to support developers during software evolution and maintenance. The results help practitioners, as we support the analysis and understanding of systems, as well as researchers, showing opportunities to automate, for example, reverse-engineering techniques.
Article Search
On the Scalable Dynamic Taint Analysis for Distributed Systems
Xiaoqin Fu
(Washington State University, USA)
To protect the privacy and search sensitive data leaks, we must solve multiple challenges (e.g., applicability, portability, and scalability) for developing an appropriate taint analysis for distributed systems.We hence present DistTaint, a dynamic taint analysis for
distributed systems against these challenges. It could infer implicit dependencies from partial-ordering method events in executions to resolve the applicability challenge. DistTaint fully works at application-level without any customization of platforms to overcome the portability challenge. It exploits a multi-phase analysis to achieve scalability. By proposing a pre-analysis, DistTaint narrows down the following fine-grained analysis’ scope to reduce the overall
cost significantly. Empirical results showed DistTaint’s practical applicability, portability, and scalability to industry-scale distributed programs, and its capability of discovering security vulnerabilities in real-world distributed systems. The tool package can be
downloaded here: https://www.dropbox.com/sh/kfr9ixucyny1jp2/AAC00aI-I8O-d4ywZCqwZ1uaa?dl=0
Article Search
Suggesting Reviewers of Software Artifacts using Traceability Graphs
Emre Sülün
(Bilkent University, Turkey)
During the lifecycle of a software project, software artifacts constantly change. A change should be peer-reviewed to ensure the software quality. To maximize the benefit of review, the reviewer(s) should be chosen appropriately. However, choosing the right reviewer(s) might not be trivial especially in large projects. Researchers developed different methods to recommend reviewers. In this study, we introduce a novel approach for reviewer recommendation problem. Our approach utilizes the traceability graph of a software project and assigns a know-about score to each developer, then recommends the developers who have the maximum know-about score for an artifact. We tested our approach on an open source project and achieved top-3 recall of 0.85 with an MRR (mean reciprocal ranking) of 0.73.
Article Search
Using Software Testing to Repair Models
Marco Radavelli
(University of Bergamo, Italy)
Software testing is an important phase in the software development process, aiming at locating faults in artifacts, and achieve some confidence that the software behaves according to specification.
There exists many software testing techniques applied to debugging, fault-localization, and repair of code, however, to the best of our knowledge, the application of software testing to locating faults in models and automatically repair them, is still an open issue.
We present a project that investigates the use of software testing methods to automatically repair model artifacts, to support engineers in maintaining them consistent with the implementation and specification.
We describe the research approach, the structure of the devised test-driven repair processes, present results in the cases of combinatorial models and feature models, and finally discuss future work of applying testing to repair models for other scenarios, such as timed automata.
Article Search
Rethinking Regex Engines to Address ReDoS
James C. Davis
(Virginia Tech, USA)
Regular expressions (regexes) are a powerful string manipulation
tool. Unfortunately, in programming languages like Python, Java,
and JavaScript, they are unnecessarily dangerous, implemented
with worst-case exponential matching behavior. This high time
complexity exposes software services to regular expression denial
of service (ReDoS) attacks.
We propose a data-driven redesign of regex engines, to reflect
how regexes are used and what they typically look like. We report
that about 95% of regexes in popular programming languages
can be evaluated in linear time. The regex engine is a fundamental
component of a programming language, and any changes risk
introducing compatibility problems. We believe a full redesign is
therefore impractical, and so we describe how the vast majority
of regex matches can be made linear-time with minor, not major,
changes to existing algorithms. Our prototype shows that on a
kernel of the regex language, we can trade space for time to make
regex matches safe
Article Search
Context-Aware Test Case Adaptation
Peiyi Sun
(Peking University, China)
During software evolution, both production code and test cases evolve frequently. To assure software quality, test cases should evolve in time. However, test case evolution is usually delayed and error-prone. To facilitate this process, this paper proposes a context-aware test case adaptation approach (CAT), which first identifies and generalizes test case adaptation patterns, and then applies these patterns to automatically evolve test cases by analyzing their context. We conducted a preliminary study on three open-source projects and found that CAT correctly adapts 71.91% of test cases.
Article Search
Empirical Study of Customer Communication Problem in Agile Requirements Engineering
Ilyuza Gizzatullina
(Innopolis University, Russia)
As Agile principles and values become an integral part of the soft-ware development culture, development processes experience significant changes. Requirements engineering, an individual phase occurring at the beginning of the traditional development, is distributed between various activities according to agile. However, how customer communication related problems are solved within the context of agile requirements engineering (RE)? Empirical study of that problem is done using 2 methods: systematic literature review and semi-structured interviews. Problems related to customer communication in agile RE are revealed and composed into patterns. Patterns are to be supplemented with the solutions in the further research.
Article Search