| 1. |
- Kehoe, Laura, et al.
(författare)
-
Make EU trade with Brazil sustainable
- 2019
-
Ingår i: Science. - : American Association for the Advancement of Science (AAAS). - 0036-8075 .- 1095-9203. ; 364:6438, s. 341-
-
Tidskriftsartikel (övrigt vetenskapligt/konstnärligt)
|
|
| 2. |
-
Browser Chance Music
- 2021
-
Konstnärligt arbete (mjukvara/multimedium)abstract
- Browser Chance Music lets the audience experience the high-frequency, invisible software activity that occurs in our mobile devices when we browse the web. Billions of citizens browse the web every day, everywhere. This activity is powered by billions of software operations that take care of connecting devices to the web and transporting the information from one side of the world to another. Yet, this amazing software activity is invisible, intangible and unknown by most users.Browser Chance Music explores interactive, spatialized sonification to let users experience this software activity. Through sound, we embody the rich software execution, which is usually disembodied and invisible on a regular interaction with software applications. One challenge we face in this project relates to the significant gap of temporality between the two phenomena: the visible act of browsing is performed at the speed of humans clicking buttons or swiping screens; meanwhile, software that runs in the browser to let humans access the world wide web, operates at a radically different speed, up to thousands of operations per second.
|
|
| 3. |
- Durieux, Thomas, et al.
(författare)
-
DUETS : A Dataset of Reproducible Pairs of Java Library-Clients
- 2021
-
Ingår i: 2021 IEEE/Acm 18Th International Conference On Mining Software Repositories (MSR 2021). - : Institute of Electrical and Electronics Engineers (IEEE). ; , s. 545-549
-
Konferensbidrag (refereegranskat)abstract
- Software engineering researchers look for software artifacts to study their characteristics or to evaluate new techniques. In this paper, we introduce DUETS, a new dataset of software libraries and their clients. This dataset can be exploited to gain many different insights, such as API usage, usage inputs, or novel observations about the test suites of clients and libraries. DUETS is meant to support both static and dynamic analysis. This means that the libraries and the clients compile correctly, they are executable and their test suites pass. The dataset is composed of open-source projects that have more than five stars on GitHub. The final dataset contains 395 libraries and 2;874 clients. Additionally, we provide the raw data that we use to create this dataset, such as 34;560 pom.xml files or the complete file list from 34;560 projects. This dataset can be used to study how libraries are used by their clients or as a list of software projects that successfully build. The client's test suite can be used as an additional verification step for code transformation techniques that modify the libraries.
|
|
| 4. |
- Durieux, Thomas, et al.
(författare)
-
Exhaustive Exploration of the Failure-oblivious Computing Search Space
- 2018
-
Ingår i: 2018 IEEE 11TH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION (ICST). - : IEEE Press. - 9781538650127 ; , s. 139-149
-
Konferensbidrag (refereegranskat)abstract
- High-availability of software systems requires automated handling of crashes in presence of errors. Failure-oblivious computing is one technique that aims to achieve high availability. We note that failure-obliviousness has not been studied in depth yet, and there is very few study that helps understand why failure-oblivious techniques work. In order to make failure-oblivious computing to have an impact in practice, we need to deeply understand failure-oblivious behaviors in software. In this paper, we study, design and perform an experiment that analyzes the size and the diversity of the failure-oblivious behaviors. Our experiment consists of exhaustively computing the search space of 16 field failures of large-scale open-source Java software. The outcome of this experiment is a much better understanding of what really happens when failure-oblivious computing is used, and this opens new promising research directions.
|
|
| 5. |
- Durieux, Thomas, et al.
(författare)
-
Fully Automated HTML and Javascript Rewriting for Constructing a Self-healing Web Proxy
- 2018
-
Ingår i: 2018 29TH IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE). - : IEEE. - 9781538683217 ; , s. 1-12
-
Konferensbidrag (refereegranskat)abstract
- Over the last few years, the complexity of web applications has increased to provide more dynamic web applications to users. The drawback of this complexity is the growing number of errors in the front-end applications. In this paper, we present BikiniProxy, a novel technique to provide self-healing for the web. BikiniProxy is designed as an HTTP proxy that uses five self-healing strategies to rewrite the buggy HTML and Javascript code. We evaluate BikiniProxy with a new benchmark of 555 reproducible Javascript errors of which 31.76% can be automatically self-healed.
|
|
| 6. |
- Durieux, Thomas, et al.
(författare)
-
Fully Automated HTML and JavaScript Rewriting for Constructing a Self-healing Web Proxy
- 2020
-
Ingår i: Software testing, verification & reliability. - : WILEY. - 0960-0833 .- 1099-1689. ; 30:2
-
Tidskriftsartikel (refereegranskat)abstract
- Over the last few years, the complexity of web applications has increased to provide more dynamic web applications to users. The drawback of this complexity is the growing number of errors in the front-end applications. In this paper, we present an approach to provide self-healing for the web. We implemented this approach in two different tools: (i) BikiniProxy, an HTTP repair proxy, and (ii) BugBlock, a browser extension. They use five self-healing strategies to rewrite the buggy HTML and JavaScript code to handle errors in web pages. We evaluate BikiniProxy and BugBlock with a new benchmark of 555 reproducible JavaScript errors of which 31.76% can be automatically self-healed by BikiniProxy and 15.67% by BugBlock.
|
|
| 7. |
- Ferreira, Joao F., et al.
(författare)
-
SmartBugs : A Framework to Analyze Solidity Smart Contracts
- 2020
-
Ingår i: 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020, 22 September 2020 - 25 September 2020. - New York, NY, USA : Association for Computing Machinery (ACM). ; , s. 1349-1352
-
Konferensbidrag (refereegranskat)abstract
- Over the last few years, there has been substantial research on automated analysis, testing, and debugging of Ethereum smart contracts. However, it is not trivial to compare and reproduce that research. To address this, we present SmartBugs, an extensible and easy-to-use execution framework that simplifies the execution of analysis tools on smart contracts written in Solidity, the primary language used in Ethereum. SmartBugs is currently distributed with support for 10 tools and two datasets of Solidity contracts. The first dataset can be used to evaluate the precision of analysis tools, as it contains 143 annotated vulnerable contracts with 208 tagged vulnerabilities. The second dataset contains 47,518 unique contracts collected through Etherscan. We discuss how SmartBugs supported the largest experimental setup to date both in the number of tools and in execution time. Moreover, we show how it enables easy integration and comparison of analysis tools by presenting a new extension to the tool SmartCheck that improves substantially the detection of vulnerabilities related to the DASP10 categories Bad Randomness, Time Manipulation, and Access Control (identified vulnerabilities increased from 11% to 24%).
|
|
| 8. |
- Harrand, Nicolas, et al.
(författare)
-
Automatic Diversity in the Software Supply Chain
- 2021
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- Despite its obvious benefits, the increased adoption of package managers to automate the reuse of libraries has opened the door to a new class of hazards: supply chain attacks. By injecting malicious code in one library, an attacker may compromise all instances of all applications that depend on the library. To mitigate the impact of supply chain attacks, we propose the concept of Library Substitution Framework. This novel concept leverages one key observation: when an application depends on a library, it is very likely that there exists other libraries that provide similar features. The key objective of Library Substitution Framework is to enable the developers of an application to harness this diversity of libraries in their supply chain. The framework lets them generate a population of application variants, each depending on a different alternative library that provides similar functionalities. To investigate the relevance of this concept, we develop ARGO, a proof-of-concept implementation of this framework that harnesses the diversity of JSON suppliers. We study the feasibility of library substitution and its impact on a set of 368 clients. Our empirical results show that for 195 of the 368 java applications tested, we can substitute the original JSON library used by the client by at least 15 other JSON libraries without modifying the client's code. These results show the capacity of a Library Substitution Framework to diversify the supply chain of the client applications of the libraries it targets.
|
|
| 9. |
- Harrand, Nicolas, et al.
(författare)
-
The Behavioral Diversity of Java JSON Libraries
- 2021
-
Ingår i: 2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE). - : Institute of Electrical and Electronics Engineers (IEEE).
-
Konferensbidrag (refereegranskat)abstract
- JSON is an essential file and data format in domains that span scientific computing, web APIs or configuration management. Its popularity has motivated significant software development effort to build multiple libraries to process JSON data. Previous studies focus on performance comparison among these libraries and lack a software engineering perspective. We present the first systematic analysis and comparison of the input / output behavior of 20 JSON libraries, in a single software ecosystem: Java/Maven. We assess behavior diversity by running each library against a curated set of 473 JSON files, including both well-formed and ill-formed files. The main design differences, which influence the behavior of the libraries, relate to the choice of data structure to represent JSON objects and to the encoding of numbers. We observe a remarkable behavioral diversity with ill-formed files, or corner cases such as large numbers or duplicate data. Our unique behavioral assessment of JSON libraries paves the way for a robust processing of ill-formed files, through a multi-version architecture.
|
|
| 10. |
- Madeiral Delfim, Fernanda, et al.
(författare)
-
A large-scale study on human-cloned changes for automated program repair
- 2021
-
Ingår i: 2021 IEEE/ACM 18Th International Conference On Mining Software Repositories (Msr 2021). - : Institute of Electrical and Electronics Engineers (IEEE). ; , s. 510-514
-
Konferensbidrag (refereegranskat)abstract
- Research in automatic program repair has shown that real bugs can be automatically fixed. However, there are several challenges involved in such a task that are not yet fully addressed. As an example, consider that a test-suite-based repair tool performs a change in a program to fix a bug spotted by a failing test case, but then the same or another test case fails. This could mean that the change is a partial fix for the bug or that another bug was manifested. However, the repair tool discards the change and possibly performs other repair attempts. One might wonder if the applied change should be also applied in other locations in the program so that the bug is fully fixed. In this paper, we are interested in investigating the extent of bug fix changes being cloned by developers within patches. Our goal is to investigate the need of multi-location repair by using identical or similar changes in identical or similar contexts. To do so, we analyzed 3,049 multi-hunk patches from the ManySStuBs4J dataset, which is a large dataset of single statement bug fix changes. We found out that 68% of the multi-hunk patches contain at least one change clone group. Moreover, most of these patches (70%) are strictly-cloned ones, which are patches fully composed of changes belonging to one single change clone group. Finally, most of the strictly-cloned patches (89%) contain change clones with identical changes, independently of their contexts. We conclude that automated solutions for creating patches composed of identical or similar changes can be useful for fixing bugs.
|
|
