| 1. |
- Baudry, Benoit, et al.
(författare)
-
A Software-Repair Robot Based on Continual Learning
- 2021
-
Ingår i: IEEE Software. - : Institute of Electrical and Electronics Engineers (IEEE). - 0740-7459 .- 1937-4194. ; 38:4, s. 28-35
-
Tidskriftsartikel (refereegranskat)abstract
- Software bugs are common, and correcting them accounts for a significant portion of the costs in the software development and maintenance process. In this article, we discuss R-Hero, our novel system for learning how to fix bugs based on continual training.
|
|
| 2. |
- Baudry, Benoit, et al.
(författare)
-
Science-changing Code
- 2021
-
Annan publikation (populärvet., debatt m.m.)
|
|
| 3. |
- Baudry, Benoit, et al.
(författare)
-
Testing beyond coverage
- 2021
-
Ingår i: Increment. - : Stripe. - 2832-6598. ; Feb:16
-
Tidskriftsartikel (populärvet., debatt m.m.)
|
|
| 4. |
- Cabrera Arteaga, Javier, 1992-, et al.
(författare)
-
CROW: Code Diversification for WebAssembly
- 2021
-
Konferensbidrag (refereegranskat)abstract
- The adoption of WebAssembly increases rapidly, as it provides a fast and safe model for program execution in the browser. However, WebAssembly is not exempt from vulnerabilities that can be exploited by malicious observers. Code diversification can mitigate some of these attacks. In this paper, we present the first fully automated workflow for the diversification of WebAssembly binaries. We present CROW, an open-source tool implementing this workflow through enumerative synthesis of diverse code snippets expressed in the LLVMintermediate representation. We evaluate CROW’s capabilitieson303C programs and study its use on a real-life security-sensitive program: libsodium, a modern cryptographic library. Overall, CROW is able to generate diverse variants for239out of303 (79%)small programs. Furthermore, our experiments show that our approach and tool is able to successfully diversify off-the-shelf cryptographic software (libsodium).
|
|
| 5. |
- Gu, Jian, et al.
(författare)
-
Multimodal Representation for Neural Code Search
- 2021
-
Ingår i: 2021 IEEE international conference on software maintenance and evolution (ICSME 2021). - : Institute of Electrical and Electronics Engineers (IEEE). ; , s. 483-494
-
Konferensbidrag (refereegranskat)abstract
- Semantic code search is about finding semantically relevant code snippets for a given natural language query. In the state-of-the-art approaches, the semantic similarity between code and query is quantified as the distance of their representation in the shared vector space. In this paper, to improve the vector space, we introduce tree-serialization methods on a simplified form of AST and build the multimodal representation for the code data. We conduct extensive experiments using a single corpus that is large-scale and multi-language: CodeSearchNet. Our results show that both our tree-serialized representations and multimodal learning model improve the performance of code search. Last, we define intuitive quantification metrics oriented to the completeness of semantic and syntactic information of the code data, to help understand the experimental findings.
|
|
| 6. |
- Muntean, P., et al.
(författare)
-
IntRepair : Informed Repairing of Integer Overflows
- 2021
-
Ingår i: IEEE Transactions on Software Engineering. - : Institute of Electrical and Electronics Engineers (IEEE). - 0098-5589 .- 1939-3520. ; 47:10, s. 2225-2241
-
Tidskriftsartikel (refereegranskat)abstract
- Integer overflows have threatened software applications for decades. Thus, in this paper, we propose a novel technique to provide automatic repairs of integer overflows in C source code. Our technique, based on static symbolic execution, fuses detection, repair generation and validation. This technique is implemented in a prototype named IntRepair. We applied IntRepair to 2,052 C programs (approx. 1 million lines of code) contained in SAMATE's Juliet test suite and 50 synthesized programs that range up to 20 KLOC. Our experimental results show that IntRepair is able to effectively detect integer overflows and successfully repair them, while only increasing the source code (LOC) and binary (Kb) size by around 1%, respectively. Furthermore, we present the results of a user study with 30 participants showing that IntRepair repairs are more efficient than manual repairs.
|
|
| 7. |
- Simonsson, Jesper, et al.
(författare)
-
Observability and Chaos Engineering on System Calls for Containerized Applications in Docker
- 2021
-
Ingår i: Future generations computer systems. - : Elsevier BV. - 0167-739X .- 1872-7115. ; 122, s. 117-129
-
Tidskriftsartikel (refereegranskat)abstract
- In this paper, we present a novel fault injection system called ChaosOrca for system calls in containerized applications. ChaosOrca aims at evaluating a given application's self-protection capability with respect to system call errors. The unique feature of ChaosOrca is that it conducts experiments under production-like workload without instrumenting the application. We exhaustively analyze all kinds of system calls and utilize different levels of monitoring techniques to reason about the behaviour under perturbation. We evaluate ChaosOrca on three real-world applications: a file transfer client, a reverse proxy server and a micro-service oriented web application. Our results show that it is promising to detect weaknesses of resilience mechanisms related to system calls issues.
|
|
| 8. |
- Soto Valero, Cesar, et al.
(författare)
-
A comprehensive study of bloated dependencies in the Maven ecosystem
- 2021
-
Ingår i: Empirical Software Engineering. - : Springer Nature. - 1382-3256 .- 1573-7616. ; 26:3
-
Tidskriftsartikel (refereegranskat)abstract
- Build automation tools and package managers have a profound influence on software development. They facilitate the reuse of third-party libraries, support a clear separation between the application's code and its external dependencies, and automate several software development tasks. However, the wide adoption of these tools introduces new challenges related to dependency management. In this paper, we propose an original study of one such challenge: the emergence of bloated dependencies. Bloated dependencies are libraries that are packaged with the application's compiled code but that are actually not necessary to build and run the application. They artificially grow the size of the built binary and increase maintenance effort. We propose DepClean, a tool to determine the presence of bloated dependencies in Maven artifacts. We analyze 9,639 Java artifacts hosted on Maven Central, which include a total of 723,444 dependency relationships. Our key result is as follows: 2.7% of the dependencies directly declared are bloated, 15.4% of the inherited dependencies are bloated, and 57% of the transitive dependencies of the studied artifacts are bloated. In other words, it is feasible to reduce the number of dependencies of Maven artifacts to 1/4 of its current count. Our qualitative assessment with 30 notable open-source projects indicates that developers pay attention to their dependencies when they are notified of the problem. They are willing to remove bloated dependencies: 21/26 answered pull requests were accepted and merged by developers, removing 140 dependencies in total: 75 direct and 65 transitive.
|
|
| 9. |
- Tan, Shin Hwei, et al.
(författare)
-
Foreword
- 2021
-
Ingår i: Proceedings - 2021 IEEE/ACM International Workshop on Automated Program Repair, APR 2021. - : Institute of Electrical and Electronics Engineers (IEEE).
-
Konferensbidrag (refereegranskat)abstract
- Presents the introductory welcome message from the conference proceedings. May include the conference officers' congratulations to all involved with the conference event and publication of the proceedings record.
|
|
| 10. |
- Tiwari, Deepika, et al.
(författare)
-
Production Monitoring to Improve Test Suites
- 2021
-
Ingår i: IEEE Transactions on Reliability. - : Institute of Electrical and Electronics Engineers (IEEE). - 0018-9529 .- 1558-1721. ; , s. 1-17
-
Tidskriftsartikel (refereegranskat)abstract
- In this article, we propose to use production executions to improve the quality of testing for certain methods of interest for developers. These methods can be methods that are not covered by the existing test suite or methods that are poorly tested. We devise an approach called pankti which monitors applications as they execute in production and then automatically generates differential unit tests, as well as derived oracles, from the collected data. pankti’s monitoring and generation focuses on one single programming language, Java. We evaluate it on three real-world, open-source projects: a videoconferencing system, a PDF manipulation library, and an e-commerce application. We show that pankti is able to generate differential unit tests by monitoring target methods in production and that the generated tests improve the quality of the test suite of the application under consideration.
|
|
