ICSE 2013 – Author Index |
Contents -
Abstracts -
Authors
Online Calendar - iCal File |
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Abrahamson, Jenny |
ICSE '13: "Unifying FSM-Inference Algorithms ..."
Unifying FSM-Inference Algorithms through Declarative Specification
Ivan Beschastnikh, Yuriy Brun , Jenny Abrahamson, Michael D. Ernst , and Arvind Krishnamurthy (University of Washington, USA; University of Massachusetts, USA) Logging system behavior is a staple development practice. Numerous powerful model inference algorithms have been proposed to aid developers in log analysis and system understanding. Unfortunately, existing algorithms are difficult to understand, extend, and compare. This paper presents InvariMint, an approach to specify model inference algorithms declaratively. We applied InvariMint to two model inference algorithms and present evaluation results to illustrate that InvariMint (1) leads to new fundamental insights and better understanding of existing algorithms, (2) simplifies creation of new algorithms, including hybrids that extend existing algorithms, and (3) makes it easy to compare and contrast previously published algorithms. Finally, algorithms specified with InvariMint can outperform their procedural versions. @InProceedings{ICSE13p252, author = {Ivan Beschastnikh and Yuriy Brun and Jenny Abrahamson and Michael D. Ernst and Arvind Krishnamurthy}, title = {Unifying FSM-Inference Algorithms through Declarative Specification}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {252--261}, doi = {}, year = {2013}, } |
|
Adams, Bram |
ICSE '13: "Assisting Developers of Big ..."
Assisting Developers of Big Data Analytics Applications When Deploying on Hadoop Clouds
Weiyi Shang, Zhen Ming Jiang, Hadi Hemmati, Bram Adams, Ahmed E. Hassan , and Patrick Martin (Queen's University, Canada; Polytechnique Montréal, Canada) Big data analytics is the process of examining large amounts of data (big data) in an effort to uncover hidden patterns or unknown correlations. Big Data Analytics Applications (BDA Apps) are a new type of software applications, which analyze big data using massive parallel processing frameworks (e.g., Hadoop). Developers of such applications typically develop them using a small sample of data in a pseudo-cloud environment. Afterwards, they deploy the applications in a large-scale cloud environment with considerably more processing power and larger input data (reminiscent of the mainframe days). Working with BDA App developers in industry over the past three years, we noticed that the runtime analysis and debugging of such applications in the deployment phase cannot be easily addressed by traditional monitoring and debugging approaches. In this paper, as a first step in assisting developers of BDA Apps for cloud deployments, we propose a lightweight approach for uncovering differences between pseudo and large-scale cloud deployments. Our approach makes use of the readily-available yet rarely used execution logs from these platforms. Our approach abstracts the execution logs, recovers the execution sequences, and compares the sequences between the pseudo and cloud deployments. Through a case study on three representative Hadoop-based BDA Apps, we show that our approach can rapidly direct the attention of BDA App developers to the major differences between the two deployments. Knowledge of such differences is essential in verifying BDA Apps when analyzing big data in the cloud. Using injected deployment faults, we show that our approach not only significantly reduces the deployment verification effort, but also provides very few false positives when identifying deployment failures. @InProceedings{ICSE13p402, author = {Weiyi Shang and Zhen Ming Jiang and Hadi Hemmati and Bram Adams and Ahmed E. Hassan and Patrick Martin}, title = {Assisting Developers of Big Data Analytics Applications When Deploying on Hadoop Clouds}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {402--411}, doi = {}, year = {2013}, } |
|
Almorsy, Mohamed |
ICSE '13: "Automated Software Architecture ..."
Automated Software Architecture Security Risk Analysis using Formalized Signatures
Mohamed Almorsy, John Grundy, and Amani S. Ibrahim (Swinburne University of Technology, Australia) Reviewing software system architecture to pinpoint potential security flaws before proceeding with system development is a critical milestone in secure software development lifecycles. This includes identifying possible attacks or threat scenarios that target the system and may result in breaching of system security. Additionally we may also assess the strength of the system and its security architecture using well-known security metrics such as system attack surface, Compartmentalization, least-privilege, etc. However, existing efforts are limited to specific, predefined security properties or scenarios that are checked either manually or using limited toolsets. We introduce a new approach to support architecture security analysis using security scenarios and metrics. Our approach is based on formalizing attack scenarios and security metrics signature specification using the Object Constraint Language (OCL). Using formal signatures we analyse a target system to locate signature matches (for attack scenarios), or to take measurements (for security metrics). New scenarios and metrics can be incorporated and calculated provided that a formal signature can be specified. Our approach supports defining security metrics and scenarios at architecture, design, and code levels. We have developed a prototype software system architecture security analysis tool. To the best of our knowledge this is the first extensible architecture security risk analysis tool that supports both metric-based and scenario-based architecture security analysis. We have validated our approach by using it to capture and evaluate signatures from the NIST security principals and attack scenarios defined in the CAPEC database. @InProceedings{ICSE13p662, author = {Mohamed Almorsy and John Grundy and Amani S. Ibrahim}, title = {Automated Software Architecture Security Risk Analysis using Formalized Signatures}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {662--671}, doi = {}, year = {2013}, } Video |
|
Amma, Till |
ICSE '13: "Dynamic Injection of Sketching ..."
Dynamic Injection of Sketching Features into GEF Based Diagram Editors
Andreas Scharf and Till Amma (University of Kassel, Germany) Software Engineering in general is a very creative process, especially in the early stages of development like requirements engineering or architectural design where sketching techniques are used to manifest ideas and share thoughts. On the one hand, a lot of diagram tools with sophisticated editing features exist, aiming to support the engineers for this task. On the other hand, research has shown that most formal tools limit designer’s creativity by restricting input to valid data. This raises the need for combining the flexibility of sketchbased input with the power of formal tools. With an increasing amount of available touch-enabled input devices, plenty of tools supporting these and similar features were created but either they require the developer to use a special diagram editor generation framework or have very limited extension capabilities. In this paper we propose Scribble: A generic, extensible framework which brings sketching functionality to any new or existing GEF based diagram editor in the Eclipse ecosystem. Sketch features can be dynamically injected and used without writing a single line of code. We designed Scribble to be open for new shape recognition algorithms and to provide a great degree of user control. We successfully tested Scribble in three diagram tools, each having a different level of complexity. @InProceedings{ICSE13p822, author = {Andreas Scharf and Till Amma}, title = {Dynamic Injection of Sketching Features into GEF Based Diagram Editors}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {822--831}, doi = {}, year = {2013}, } |
|
Ammar, Hany |
ICSE '13: "On the Value of User Preferences ..."
On the Value of User Preferences in Search-Based Software Engineering: A Case Study in Software Product Lines
Abdel Salam Sayyad, Tim Menzies, and Hany Ammar (West Virginia University, USA) Software design is a process of trading off competing objectives. If the user objective space is rich, then we should use optimizers that can fully exploit that richness. For example, this study configures software product lines (expressed as feature maps) using various search-based software engineering methods. As we increase the number of optimization objectives, we find that methods in widespread use (e.g. NSGA-II, SPEA2) perform much worse than IBEA (Indicator-Based Evolutionary Algorithm). IBEA works best since it makes most use of user preference knowledge. Hence it does better on the standard measures (hypervolume and spread) but it also generates far more products with 0% violations of domain constraints. Our conclusion is that we need to change our methods for search-based software engineering, particularly when studying complex decision spaces. @InProceedings{ICSE13p492, author = {Abdel Salam Sayyad and Tim Menzies and Hany Ammar}, title = {On the Value of User Preferences in Search-Based Software Engineering: A Case Study in Software Product Lines}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {492--501}, doi = {}, year = {2013}, } Video |
|
André, Étienne |
ICSE '13: "Dynamic Synthesis of Local ..."
Dynamic Synthesis of Local Time Requirement for Service Composition
Tian Huat Tan, Étienne André , Jun Sun, Yang Liu, Jin Song Dong, and Manman Chen (National University of Singapore, Singapore; Université Paris 13, France; CNRS, France; Singapore University of Technology and Design, Singapore; Nanyang Technological University, Singapore) Service composition makes use of existing service-based applications as components to achieve a business goal. In time critical business environments, the response time of a service is crucial, which is also reflected as a clause in service level agreements (SLAs) between service providers and service users. To allow the composite service to fulfill the response time requirement as promised, it is important to find a feasible set of component services, such that their response time could collectively allow the satisfaction of the response time of the composite service. In this work, we propose a fully automated approach to synthesize the response time requirement of component services, in the form of a constraint on the local response times, that guarantees the global response time requirement. Our approach is based on parameter synthesis techniques for real-time systems. It has been implemented and evaluated with real-world case studies. @InProceedings{ICSE13p542, author = {Tian Huat Tan and Étienne André and Jun Sun and Yang Liu and Jin Song Dong and Manman Chen}, title = {Dynamic Synthesis of Local Time Requirement for Service Composition}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {542--551}, doi = {}, year = {2013}, } |
|
Andrews, James H. |
ICSE '13: "Comparing Multi-point Stride ..."
Comparing Multi-point Stride Coverage and Dataflow Coverage
Mohammad Mahdi Hassan and James H. Andrews (University of Western Ontario, Canada) We introduce a family of coverage criteria, called Multi-Point Stride Coverage (MPSC). MPSC generalizes branch coverage to coverage of tuples of branches taken from the execution sequence of a program. We investigate its potential as a replacement for dataflow coverage, such as def-use coverage. We find that programs can be instrumented for MPSC easily, that the instrumentation usually incurs less overhead than that for def-use coverage, and that MPSC is comparable in usefulness to def-use in predicting test suite effectiveness. We also find that the space required to collect MPSC can be predicted from the number of branches in the program. @InProceedings{ICSE13p172, author = {Mohammad Mahdi Hassan and James H. Andrews}, title = {Comparing Multi-point Stride Coverage and Dataflow Coverage}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {172--181}, doi = {}, year = {2013}, } |
|
Apel, Sven |
ICSE '13: "Strategies for Product-Line ..."
Strategies for Product-Line Verification: Case Studies and Experiments
Sven Apel, Alexander von Rhein, Philipp Wendler, Armin Größlinger, and Dirk Beyer (University of Passau, Germany) Product-line technology is increasingly used in mission-critical and safety-critical applications. Hence, researchers are developing verification approaches that follow different strategies to cope with the specific properties of product lines. While the research community is discussing the mutual strengths and weaknesses of the different strategies—mostly at a conceptual level—there is a lack of evidence in terms of case studies, tool implementations, and experiments. We have collected and prepared six product lines as subject systems for experimentation. Furthermore, we have developed a model-checking tool chain for C-based and Java-based product lines, called SPLVERIFIER, which we use to compare sample-based and family-based strategies with regard to verification performance and the ability to find defects. Based on the experimental results and an analytical model, we revisit the discussion of the strengths and weaknesses of product-line–verification strategies. @InProceedings{ICSE13p482, author = {Sven Apel and Alexander von Rhein and Philipp Wendler and Armin Größlinger and Dirk Beyer}, title = {Strategies for Product-Line Verification: Case Studies and Experiments}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {482--491}, doi = {}, year = {2013}, } Video |
|
Azim, Tanzirul |
ICSE '13: "RERAN: Timing- and Touch-Sensitive ..."
RERAN: Timing- and Touch-Sensitive Record and Replay for Android
Lorenzo Gomez, Iulian Neamtiu, Tanzirul Azim, and Todd Millstein (UC Los Angeles, USA; UC Riverside, USA) Touchscreen-based devices such as smartphones and tablets are gaining popularity but their rich input capabilities pose new development and testing complications. To alleviate this problem, we present an approach and tool named RERAN that permits record-and-replay for the Android smartphone platform. Existing GUI-level record-and-replay approaches are inadequate due to the expressiveness of the smartphone domain, in which applications support sophisticated GUI gestures, depend on inputs from a variety of sensors on the device, and have precise timing requirements among the various input events. We address these challenges by directly capturing the low-level event stream on the phone, which includes both GUI events and sensor events, and replaying it with microsecond accuracy. Moreover, RERAN does not require access to app source code, perform any app rewriting, or perform any modifications to the virtual machine or Android platform. We demonstrate RERAN’s applicability in a variety of scenarios, including (a) replaying 86 out of the Top-100 Android apps on Google Play; (b) reproducing bugs in popular apps, e.g., Firefox, Facebook, Quickoffice; and (c) fast-forwarding executions. We believe that our versatile approach can help both Android developers and researchers. @InProceedings{ICSE13p72, author = {Lorenzo Gomez and Iulian Neamtiu and Tanzirul Azim and Todd Millstein}, title = {RERAN: Timing- and Touch-Sensitive Record and Replay for Android}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {72--81}, doi = {}, year = {2013}, } |
|
Bacchelli, Alberto |
ICSE '13: "Expectations, Outcomes, and ..."
Expectations, Outcomes, and Challenges of Modern Code Review
Alberto Bacchelli and Christian Bird (University of Lugano, Switzerland; Microsoft Research, USA) Code review is a common software engineering practice employed both in open source and industrial contexts. Review today is less formal and more lightweight than the code inspections performed and studied in the 70s and 80s. We empirically explore the motivations, challenges, and outcomes of tool-based code reviews. We observed, interviewed, and surveyed developers and managers and manually classified hundreds of review comments across diverse teams at Microsoft. Our study reveals that while finding defects remains the main motivation for review, reviews are less about defects than expected and instead provide additional benefits such as knowledge transfer, increased team awareness, and creation of alternative solutions to problems. Moreover, we find that code and change understanding is the key aspect of code reviewing and that developers employ a wide range of mechanisms to meet their understanding needs, most of which are not met by current tools. We provide recommendations for practitioners and researchers. @InProceedings{ICSE13p712, author = {Alberto Bacchelli and Christian Bird}, title = {Expectations, Outcomes, and Challenges of Modern Code Review}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {712--721}, doi = {}, year = {2013}, } |
|
Balakrishnan, Gogul |
ICSE '13: "Feedback-Directed Unit Test ..."
Feedback-Directed Unit Test Generation for C/C++ using Concolic Execution
Pranav Garg, Franjo Ivancic, Gogul Balakrishnan, Naoto Maeda, and Aarti Gupta (University of Illinois at Urbana-Champaign, USA; NEC Labs, USA; NEC, Japan) In industry, software testing and coverage-based metrics are the predominant techniques to check correctness of software. This paper addresses automatic unit test generation for programs written in C/C++. The main idea is to improve the coverage obtained by feedback-directed random test generation methods, by utilizing concolic execution on the generated test drivers. Furthermore, for programs with numeric computations, we employ non-linear solvers in a lazy manner to generate new test inputs. These techniques significantly improve the coverage provided by a feedback-directed random unit testing framework, while retaining the benefits of full automation. We have implemented these techniques in a prototype platform, and describe promising experimental results on a number of C/C++ open source benchmarks. @InProceedings{ICSE13p132, author = {Pranav Garg and Franjo Ivancic and Gogul Balakrishnan and Naoto Maeda and Aarti Gupta}, title = {Feedback-Directed Unit Test Generation for C/C++ using Concolic Execution}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {132--141}, doi = {}, year = {2013}, } |
|
Bartenstein, Thomas W. |
ICSE '13: "Green Streams for Data-Intensive ..."
Green Streams for Data-Intensive Software
Thomas W. Bartenstein and Yu David Liu (SUNY Binghamton, USA) This paper introduces GREEN STREAMS, a novel solution to address a critical but often overlooked property of data-intensive software: energy efficiency. GREEN STREAMS is built around two key insights into data-intensive software. First, energy consumption of data-intensive software is strongly correlated to data volume and data processing, both of which are naturally abstracted in the stream programming paradigm; Second, energy efficiency can be improved if the data processing components of a stream program coordinate in a “balanced” way, much like an assembly line that runs most efficiently when participating workers coordinate their pace. GREEN STREAMS adopts a standard stream programming model, and applies Dynamic Voltage and Frequency Scaling (DVFS) to coordinate the pace of data processing among components, ultimately achieving energy efficiency without degrading performance in a parallel processing environment. At the core of GREEN STREAMS is a novel constraint-based inference to abstract the intrinsic relationships of data flow rates inside a stream program, that uses linear programming to minimize the frequencies – hence the energy consumption – for processing components while still maintaining the maximum output data flow rate. The core algorithm of GREEN STREAMS is formalized, and its optimality is established. The effectiveness of GREEN STREAMS is evaluated on top of the StreamIt framework, and preliminary results show the approach can save CPU energy by an average of 28% with a 7% performance improvement. @InProceedings{ICSE13p532, author = {Thomas W. Bartenstein and Yu David Liu}, title = {Green Streams for Data-Intensive Software}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {532--541}, doi = {}, year = {2013}, } Video |
|
Bavota, Gabriele |
ICSE '13: "Automatic Query Reformulations ..."
Automatic Query Reformulations for Text Retrieval in Software Engineering
Sonia Haiduc, Gabriele Bavota, Andrian Marcus, Rocco Oliveto, Andrea De Lucia , and Tim Menzies (Wayne State University, USA; University of Salerno, Italy; University of Molise, Italy; University of West Virginia, USA) There are more than twenty distinct software engineering tasks addressed with text retrieval (TR) techniques, such as, traceability link recovery, feature location, refactoring, reuse, etc. A common issue with all TR applications is that the results of the retrieval depend largely on the quality of the query. When a query performs poorly, it has to be reformulated and this is a difficult task for someone who had trouble writing a good query in the first place. We propose a recommender (called Refoqus) based on machine learning, which is trained with a sample of queries and relevant results. Then, for a given query, it automatically recommends a reformulation strategy that should improve its performance, based on the properties of the query. We evaluated Refoqus empirically against four baseline approaches that are used in natural language document retrieval. The data used for the evaluation corresponds to changes from five open source systems in Java and C++ and it is used in the context of TR-based concept location in source code. Refoqus outperformed the baselines and its recommendations lead to query performance improvement or preservation in 84% of the cases (in average). @InProceedings{ICSE13p842, author = {Sonia Haiduc and Gabriele Bavota and Andrian Marcus and Rocco Oliveto and Andrea De Lucia and Tim Menzies}, title = {Automatic Query Reformulations for Text Retrieval in Software Engineering}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {842--851}, doi = {}, year = {2013}, } Video ICSE '13: "An Empirical Study on the ..." An Empirical Study on the Developers' Perception of Software Coupling Gabriele Bavota, Bogdan Dit, Rocco Oliveto, Massimiliano Di Penta, Denys Poshyvanyk , and Andrea De Lucia (University of Salerno, Italy; College of William and Mary, USA; University of Molise, Italy; University of Sannio, Italy) Coupling is a fundamental property of software systems, and numerous coupling measures have been proposed to support various development and maintenance activities. However, little is known about how developers actually perceive coupling, what mechanisms constitute coupling, and if existing measures align with this perception. In this paper we bridge this gap, by empirically investigating how class coupling---as captured by structural, dynamic, semantic, and logical coupling measures---aligns with developers' perception of coupling. The study has been conducted on three Java open-source systems---namely ArgoUML, JHotDraw and jEdit---and involved 64 students, academics, and industrial practitioners from around the world, as well as 12 active developers of these three systems. We asked participants to assess the coupling between the given pairs of classes and provide their ratings and some rationale. The results indicate that the peculiarity of the semantic coupling measure allows it to better estimate the mental model of developers than the other coupling measures. This is because, in several cases, the interactions between classes are encapsulated in the source code vocabulary, and cannot be easily derived by only looking at structural relationships, such as method calls. @InProceedings{ICSE13p692, author = {Gabriele Bavota and Bogdan Dit and Rocco Oliveto and Massimiliano Di Penta and Denys Poshyvanyk and Andrea De Lucia}, title = {An Empirical Study on the Developers' Perception of Software Coupling}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {692--701}, doi = {}, year = {2013}, } Video |
|
Bell, Jonathan |
ICSE '13: "Chronicler: Lightweight Recording ..."
Chronicler: Lightweight Recording to Reproduce Field Failures
Jonathan Bell, Nikhil Sarda, and Gail Kaiser (Columbia University, USA) When programs fail in the field, developers are often left with limited information to diagnose the failure. Automated error reporting tools can assist in bug report generation but without precise steps from the end user it is often difficult for developers to recreate the failure. Advanced remote debugging tools aim to capture sufficient information from field executions to recreate failures in the lab but often have too much overhead to practically deploy. We present CHRONICLER, an approach to remote debugging that captures non-deterministic inputs to applications in a lightweight manner, assuring faithful reproduction of client executions. We evaluated CHRONICLER by creating a Java implementation, CHRONICLERJ, and then by using a set of benchmarks mimicking real world applications and workloads, showing its runtime overhead to be under 10% in most cases (worst case 86%), while an existing tool showed overhead over 100% in the same cases (worst case 2,322%). @InProceedings{ICSE13p362, author = {Jonathan Bell and Nikhil Sarda and Gail Kaiser}, title = {Chronicler: Lightweight Recording to Reproduce Field Failures}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {362--371}, doi = {}, year = {2013}, } Video |
|
Bellamy, Rachel K. E. |
ICSE '13: "Human Performance Regression ..."
Human Performance Regression Testing
Amanda Swearngin, Myra B. Cohen, Bonnie E. John, and Rachel K. E. Bellamy (University of Nebraska-Lincoln, USA; IBM Research, USA) As software systems evolve, new interface features such as keyboard shortcuts and toolbars are introduced. While it is common to regression test the new features for functional correctness, there has been less focus on systematic regression testing for usability, due to the effort and time involved in human studies. Cognitive modeling tools such as CogTool provide some help by computing predictions of user performance, but they still require manual effort to describe the user interface and tasks, limiting regression testing efforts. In recent work, we developed CogTool Helper to reduce the effort required to generate human performance models of existing systems. We build on this work by providing task specific test case generation and present our vision for human performance regression testing (HPRT) that generates large numbers of test cases and evaluates a range of human performance predictions for the same task. We examine the feasibility of HPRT on four tasks in LibreOffice, find several regressions, and then discuss how a project team could use this information. We also illustrate that we can increase efficiency with sampling by leveraging an inference algorithm. Samples that take approximately 50% of the runtime lose at most 10% of the performance predictions. @InProceedings{ICSE13p152, author = {Amanda Swearngin and Myra B. Cohen and Bonnie E. John and Rachel K. E. Bellamy}, title = {Human Performance Regression Testing}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {152--161}, doi = {}, year = {2013}, } Video |
|
Belt, Jason |
ICSE '13: "Explicating Symbolic Execution ..."
Explicating Symbolic Execution (xSymExe): An Evidence-Based Verification Framework
John Hatcliff, Robby, Patrice Chalin, and Jason Belt (Kansas State University, USA) Previous applications of symbolic execution (SymExe) have focused on bug-finding and test-case generation. However, SymExe has the potential to significantly improve usability and automation when applied to verification of software contracts in safety-critical systems. Due to the lack of support for processing software contracts and ad hoc approaches for introducing a variety of over/under-approximations and optimizations, most SymExe implementations cannot precisely characterize the verification status of contracts. Moreover, these tools do not provide explicit justifications for their conclusions, and thus they are not aligned with trends toward evidence-based verification and certification. We introduce the concept of "explicating symbolic execution" (xSymExe) that builds on a strong semantic foundation, supports full verification of rich software contracts, explicitly tracks where over/under-approximations are introduced or avoided, precisely characterizes the verification status of each contractual claim, and associates each claim with "explications" for its reported verification status. We report on case studies in the use of Bakar Kiasan, our open source xSymExe tool for SPARK Ada. @InProceedings{ICSE13p222, author = {John Hatcliff and Robby and Patrice Chalin and Jason Belt}, title = {Explicating Symbolic Execution (xSymExe): An Evidence-Based Verification Framework}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {222--231}, doi = {}, year = {2013}, } |
|
Beschastnikh, Ivan |
ICSE '13: "Unifying FSM-Inference Algorithms ..."
Unifying FSM-Inference Algorithms through Declarative Specification
Ivan Beschastnikh, Yuriy Brun , Jenny Abrahamson, Michael D. Ernst , and Arvind Krishnamurthy (University of Washington, USA; University of Massachusetts, USA) Logging system behavior is a staple development practice. Numerous powerful model inference algorithms have been proposed to aid developers in log analysis and system understanding. Unfortunately, existing algorithms are difficult to understand, extend, and compare. This paper presents InvariMint, an approach to specify model inference algorithms declaratively. We applied InvariMint to two model inference algorithms and present evaluation results to illustrate that InvariMint (1) leads to new fundamental insights and better understanding of existing algorithms, (2) simplifies creation of new algorithms, including hybrids that extend existing algorithms, and (3) makes it easy to compare and contrast previously published algorithms. Finally, algorithms specified with InvariMint can outperform their procedural versions. @InProceedings{ICSE13p252, author = {Ivan Beschastnikh and Yuriy Brun and Jenny Abrahamson and Michael D. Ernst and Arvind Krishnamurthy}, title = {Unifying FSM-Inference Algorithms through Declarative Specification}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {252--261}, doi = {}, year = {2013}, } |
|
Beyer, Dirk |
ICSE '13: "Strategies for Product-Line ..."
Strategies for Product-Line Verification: Case Studies and Experiments
Sven Apel, Alexander von Rhein, Philipp Wendler, Armin Größlinger, and Dirk Beyer (University of Passau, Germany) Product-line technology is increasingly used in mission-critical and safety-critical applications. Hence, researchers are developing verification approaches that follow different strategies to cope with the specific properties of product lines. While the research community is discussing the mutual strengths and weaknesses of the different strategies—mostly at a conceptual level—there is a lack of evidence in terms of case studies, tool implementations, and experiments. We have collected and prepared six product lines as subject systems for experimentation. Furthermore, we have developed a model-checking tool chain for C-based and Java-based product lines, called SPLVERIFIER, which we use to compare sample-based and family-based strategies with regard to verification performance and the ability to find defects. Based on the experimental results and an analytical model, we revisit the discussion of the strengths and weaknesses of product-line–verification strategies. @InProceedings{ICSE13p482, author = {Sven Apel and Alexander von Rhein and Philipp Wendler and Armin Größlinger and Dirk Beyer}, title = {Strategies for Product-Line Verification: Case Studies and Experiments}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {482--491}, doi = {}, year = {2013}, } Video |
|
Bird, Christian |
ICSE '13: "Expectations, Outcomes, and ..."
Expectations, Outcomes, and Challenges of Modern Code Review
Alberto Bacchelli and Christian Bird (University of Lugano, Switzerland; Microsoft Research, USA) Code review is a common software engineering practice employed both in open source and industrial contexts. Review today is less formal and more lightweight than the code inspections performed and studied in the 70s and 80s. We empirically explore the motivations, challenges, and outcomes of tool-based code reviews. We observed, interviewed, and surveyed developers and managers and manually classified hundreds of review comments across diverse teams at Microsoft. Our study reveals that while finding defects remains the main motivation for review, reviews are less about defects than expected and instead provide additional benefits such as knowledge transfer, increased team awareness, and creation of alternative solutions to problems. Moreover, we find that code and change understanding is the key aspect of code reviewing and that developers employ a wide range of mechanisms to meet their understanding needs, most of which are not met by current tools. We provide recommendations for practitioners and researchers. @InProceedings{ICSE13p712, author = {Alberto Bacchelli and Christian Bird}, title = {Expectations, Outcomes, and Challenges of Modern Code Review}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {712--721}, doi = {}, year = {2013}, } ICSE '13: "The Design of Bug Fixes ..." The Design of Bug Fixes Emerson Murphy-Hill, Thomas Zimmermann , Christian Bird, and Nachiappan Nagappan (North Carolina State University, USA; Microsoft Research, USA) When software engineers fix bugs, they may have several options as to how to fix those bugs. Which fix they choose has many implications, both for practitioners and researchers: What is the risk of introducing other bugs during the fix? Is the bug fix in the same code that caused the bug? Is the change fixing the cause or just covering a symptom? In this paper, we investigate alternative fixes to bugs and present an empirical study of how engineers make design choices about how to fix bugs. Based on qualitative interviews with 40 engineers working on a variety of products, data from 6 bug triage meetings, and a survey filled out by 326 engineers, we found a number of factors, many of them non-technical, that influence how bugs are fixed, such as how close to release the software is. We also discuss several implications for research and practice, including ways to make bug prediction and localization more accurate. @InProceedings{ICSE13p332, author = {Emerson Murphy-Hill and Thomas Zimmermann and Christian Bird and Nachiappan Nagappan}, title = {The Design of Bug Fixes}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {332--341}, doi = {}, year = {2013}, } |
|
Blue, Dale |
ICSE '13: "Interaction-Based Test-Suite ..."
Interaction-Based Test-Suite Minimization
Dale Blue, Itai Segall, Rachel Tzoref-Brill , and Aviad Zlotnick (IBM, USA; IBM Research, Israel) Combinatorial Test Design (CTD) is an effective test planning technique that reveals faults resulting from feature interactions in a system. The standard application of CTD requires manual modeling of the test space, including a precise definition of restrictions between the test space parameters, and produces a test suite that corresponds to new test cases to be implemented from scratch. In this work, we propose to use Interaction-based Test-Suite Minimization (ITSM) as a complementary approach to standard CTD. ITSM reduces a given test suite without impacting its coverage of feature interactions. ITSM requires much less modeling effort, and does not require a definition of restrictions. It is appealing where there has been a significant investment in an existing test suite, where creating new tests is expensive, and where restrictions are very complex. We discuss the tradeoffs between standard CTD and ITSM, and suggest an efficient algorithm for solving the latter. We also discuss the challenges and additional requirements that arise when applying ITSM to real-life test suites. We introduce solutions to these challenges and demonstrate them through two real-life case studies. @InProceedings{ICSE13p182, author = {Dale Blue and Itai Segall and Rachel Tzoref-Brill and Aviad Zlotnick}, title = {Interaction-Based Test-Suite Minimization}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {182--191}, doi = {}, year = {2013}, } Video |
|
Böhme, Marcel |
ICSE '13: "Partition-Based Regression ..."
Partition-Based Regression Verification
Marcel Böhme, Bruno C. d. S. Oliveira, and Abhik Roychoudhury (National University of Singapore, Singapore) Regression verification (RV) seeks to guarantee the absence of regression errors in a changed program version. This paper presents Partition-based Regression Verification (PRV): an approach to RV based on the gradual exploration of differential input partitions. A differential input partition is a subset of the common input space of two program versions that serves as a unit of verification. Instead of proving the absence of regression for the complete input space at once, PRV verifies differential partitions in a gradual manner. If the exploration is interrupted, PRV retains partial verification guarantees at least for the explored differential partitions. This is crucial in practice as verifying the complete input space can be prohibitively expensive. Experiments show that PRV provides a useful alternative to state-of-the-art regression test generation techniques. During the exploration, PRV generates test cases which can expose different behaviour across two program versions. However, while test cases are generally single points in the common input space, PRV can verify entire partitions and moreover give feedback that allows programmers to relate a behavioral difference to those syntactic changes that contribute to this difference. @InProceedings{ICSE13p302, author = {Marcel Böhme and Bruno C. d. S. Oliveira and Abhik Roychoudhury}, title = {Partition-Based Regression Verification}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {302--311}, doi = {}, year = {2013}, } Video |
|
Bortis, Gerald |
ICSE '13: "PorchLight: A Tag-Based Approach ..."
PorchLight: A Tag-Based Approach to Bug Triaging
Gerald Bortis and André van der Hoek (UC Irvine, USA) Bug triaging is an important activity in any software development project. It involves developers working through the set of unassigned bugs, determining for each of the bugs whether it represents a new issue that should receive attention, and, if so, assigning it to a developer and a milestone. Current tools provide only minimal support for bug triaging and especially break down when developers must triage a large number of bug reports, since those reports can only be viewed one-by-one. This paper presents PorchLight, a novel tool that uses tags, attached to individual bug reports by queries expressed in a specialized bug query language, to organize bug reports into sets so developers can explore, work with, and ultimately assign bugs effectively in meaningful groups. We describe the challenges in supporting bug triaging, the design decisions upon which PorchLight rests, and the technical aspects of the implementation. We conclude with an early evaluation that involved six professional developers who assessed PorchLight and its potential for their day-to-day triaging duties. @InProceedings{ICSE13p342, author = {Gerald Bortis and André van der Hoek}, title = {PorchLight: A Tag-Based Approach to Bug Triaging}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {342--351}, doi = {}, year = {2013}, } |
|
Bounimova, Ella |
ICSE '13: "Billions and Billions of Constraints: ..."
Billions and Billions of Constraints: Whitebox Fuzz Testing in Production
Ella Bounimova, Patrice Godefroid, and David Molnar (Microsoft Research, USA) We report experiences with constraint-based whitebox fuzz testing in production across hundreds of large Windows applications and over 500 machine years of computation from 2007 to 2013. Whitebox fuzzing leverages symbolic execution on binary traces and constraint solving to construct new inputs to a program. These inputs execute previously uncovered paths or trigger security vulnerabilities. Whitebox fuzzing has found one-third of all file fuzzing bugs during the development of Windows 7, saving millions of dollars in potential security vulnerabilities. The technique is in use today across multiple products at Microsoft. We describe key challenges with running whitebox fuzzing in production. We give principles for addressing these challenges and describe two new systems built from these principles: SAGAN, which collects data from every fuzzing run for further analysis, and JobCenter, which controls deployment of our whitebox fuzzing infrastructure across commodity virtual machines. Since June 2010, SAGAN has logged over 3.4 billion constraints solved, millions of symbolic executions, and tens of millions of test cases generated. Our work represents the largest scale deployment of whitebox fuzzing to date, including the largest usage ever for a Satisfiability Modulo Theories (SMT) solver. We present specific data analyses that improved our production use of whitebox fuzzing. Finally we report data on the performance of constraint solving and dynamic test generation that points toward future research problems. @InProceedings{ICSE13p122, author = {Ella Bounimova and Patrice Godefroid and David Molnar}, title = {Billions and Billions of Constraints: Whitebox Fuzz Testing in Production}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {122--131}, doi = {}, year = {2013}, } |
|
Bowdidge, Robert |
ICSE '13: "Why Don't Software Developers ..."
Why Don't Software Developers Use Static Analysis Tools to Find Bugs?
Brittany Johnson, Yoonki Song, Emerson Murphy-Hill, and Robert Bowdidge (North Carolina State University, USA; Google, USA) Using static analysis tools for automating code inspections can be beneficial for software engineers. Such tools can make finding bugs, or software defects, faster and cheaper than manual inspections. Despite the benefits of using static analysis tools to find bugs, research suggests that these tools are underused. In this paper, we investigate why developers are not widely using static analysis tools and how current tools could potentially be improved. We conducted interviews with 20 developers and found that although all of our participants felt that use is beneficial, false positives and the way in which the warnings are presented, among other things, are barriers to use. We discuss several implications of these results, such as the need for an interactive mechanism to help developers fix defects. @InProceedings{ICSE13p672, author = {Brittany Johnson and Yoonki Song and Emerson Murphy-Hill and Robert Bowdidge}, title = {Why Don't Software Developers Use Static Analysis Tools to Find Bugs?}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {672--681}, doi = {}, year = {2013}, } |
|
Boyer, Fabienne |
ICSE '13: "Robust Reconfigurations of ..."
Robust Reconfigurations of Component Assemblies
Fabienne Boyer, Olivier Gruber, and Damien Pous (Université Joseph Fourier, France; CNRS, France) In this paper, we propose a reconfiguration protocol that can handle any number of failures during a reconfiguration, always producing an architecturally-consistent assembly of components that can be safely introspected and further reconfigured. Our protocol is based on the concept of Incrementally Consistent Sequences (ICS), ensuring that any reconfiguration incrementally respects the reconfiguration contract given to component developers: reconfiguration grammar and architectural invariants. We also propose two recovery policies, one rolls back the failed reconfiguration and the other rolls it forward, both going as far as possible, failure permitting. We specified and proved the reconfiguration contract, the protocol, and recovery policies in Coq. @InProceedings{ICSE13p13, author = {Fabienne Boyer and Olivier Gruber and Damien Pous}, title = {Robust Reconfigurations of Component Assemblies}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {13--22}, doi = {}, year = {2013}, } |
|
Braberman, Víctor |
ICSE '13: "Automated Reliability Estimation ..."
Automated Reliability Estimation over Partial Systematic Explorations
Esteban Pavese, Víctor Braberman, and Sebastian Uchitel (Universidad de Buenos Aires, Argentina; Imperial College London, UK) Model-based reliability estimation of software systems can provide useful insights early in the development process. However, computational complexity of estimating reliability metrics such as mean time to first failure (MTTF) can be prohibitive both in time, space and precision. In this paper we present an alternative to exhaustive model exploration-as in probabilistic model checking-and partial random exploration--as in statistical model checking. Our hypothesis is that a (carefully crafted) partial systematic exploration of a system model can provide better bounds for reliability metrics at lower computation cost. We present a novel automated technique for reliability estimation that combines simulation, invariant inference and probabilistic model checking. Simulation produces a probabilistically relevant set of traces from which a state invariant is inferred. The invariant characterises a partial model which is then exhaustively explored using probabilistic model checking. We report on experiments that suggest that reliability estimation using this technique can be more effective than (full model) probabilistic and statistical model checking for system models with rare failures. @InProceedings{ICSE13p602, author = {Esteban Pavese and Víctor Braberman and Sebastian Uchitel}, title = {Automated Reliability Estimation over Partial Systematic Explorations}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {602--611}, doi = {}, year = {2013}, } Video |
|
Bradshaw, Gary |
ICSE '13: "Departures from Optimality: ..."
Departures from Optimality: Understanding Human Analyst's Information Foraging in Assisted Requirements Tracing
Nan Niu, Anas Mahmoud, Zhangji Chen, and Gary Bradshaw (Mississippi State University, USA) Studying human analyst's behavior in automated tracing is a new research thrust. Building on a growing body of work in this area, we offer a novel approach to understanding requirements analyst's information seeking and gathering. We model analysts as predators in pursuit of prey --- the relevant traceability information, and leverage the optimality models to characterize a rational decision process. The behavior of real analysts with that of the optimal information forager is then compared and contrasted. The results show that the analysts' information diets are much wider than the theory's predictions, and their residing in low-profitability information patches is much longer than the optimal residence time. These uncovered discrepancies not only offer concrete insights into the obstacles faced by analysts, but also lead to principled ways to increase practical tool support for overcoming the obstacles. @InProceedings{ICSE13p572, author = {Nan Niu and Anas Mahmoud and Zhangji Chen and Gary Bradshaw}, title = {Departures from Optimality: Understanding Human Analyst's Information Foraging in Assisted Requirements Tracing}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {572--581}, doi = {}, year = {2013}, } |
|
Briand, Lionel C. |
ICSE '13: "Mining SQL Injection and Cross ..."
Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Program Analysis
Lwin Khin Shar, Hee Beng Kuan Tan, and Lionel C. Briand (Nanyang Technological University, Singapore; University of Luxembourg, Luxembourg) In previous work, we proposed a set of static attributes that characterize input validation and input sanitization code patterns. We showed that some of the proposed static attributes are significant predictors of SQL injection and cross site scripting vulnerabilities. Static attributes have the advantage of reflecting general properties of a program. Yet, dynamic attributes collected from execution traces may reflect more specific code characteristics that are complementary to static attributes. Hence, to improve our initial work, in this paper, we propose the use of dynamic attributes to complement static attributes in vulnerability prediction. Furthermore, since existing work relies on supervised learning, it is dependent on the availability of training data labeled with known vulnerabilities. This paper presents prediction models that are based on both classification and clustering in order to predict vulnerabilities, working in the presence or absence of labeled training data, respectively. In our experiments across six applications, our new supervised vulnerability predictors based on hybrid (static and dynamic) attributes achieved, on average, 90% recall and 85% precision, that is a sharp increase in recall when compared to static analysis-based predictions. Though not nearly as accurate, our unsupervised predictors based on clustering achieved, on average, 76% recall and 39% precision, thus suggesting they can be useful in the absence of labeled training data. @InProceedings{ICSE13p642, author = {Lwin Khin Shar and Hee Beng Kuan Tan and Lionel C. Briand}, title = {Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Program Analysis}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {642--651}, doi = {}, year = {2013}, } |
|
Brun, Yuriy |
ICSE '13: "Unifying FSM-Inference Algorithms ..."
Unifying FSM-Inference Algorithms through Declarative Specification
Ivan Beschastnikh, Yuriy Brun , Jenny Abrahamson, Michael D. Ernst , and Arvind Krishnamurthy (University of Washington, USA; University of Massachusetts, USA) Logging system behavior is a staple development practice. Numerous powerful model inference algorithms have been proposed to aid developers in log analysis and system understanding. Unfortunately, existing algorithms are difficult to understand, extend, and compare. This paper presents InvariMint, an approach to specify model inference algorithms declaratively. We applied InvariMint to two model inference algorithms and present evaluation results to illustrate that InvariMint (1) leads to new fundamental insights and better understanding of existing algorithms, (2) simplifies creation of new algorithms, including hybrids that extend existing algorithms, and (3) makes it easy to compare and contrast previously published algorithms. Finally, algorithms specified with InvariMint can outperform their procedural versions. @InProceedings{ICSE13p252, author = {Ivan Beschastnikh and Yuriy Brun and Jenny Abrahamson and Michael D. Ernst and Arvind Krishnamurthy}, title = {Unifying FSM-Inference Algorithms through Declarative Specification}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {252--261}, doi = {}, year = {2013}, } |
|
Cadar, Cristian |
ICSE '13: "Safe Software Updates via ..."
Safe Software Updates via Multi-version Execution
Petr Hosek and Cristian Cadar (Imperial College London, UK) Software systems are constantly evolving, with new versions and patches being released on a continuous basis. Unfortunately, software updates present a high risk, with many releases introducing new bugs and security vulnerabilities. We tackle this problem using a simple but effective multi-version based approach. Whenever a new update becomes available, instead of upgrading the software to the new version, we run the new version in parallel with the old one; by carefully coordinating their executions and selecting the behaviour of the more reliable version when they diverge, we create a more secure and dependable multi-version application. We implemented this technique in Mx, a system targeting Linux applications running on multi-core processors, and show that it can be applied successfully to several real applications such as Coreutils, a set of user-level UNIX applications; Lighttpd, a popular web server used by several high-traffic websites such as Wikipedia and YouTube; and Redis, an advanced key-value data structure server used by many well-known services such as GitHub and Flickr. @InProceedings{ICSE13p612, author = {Petr Hosek and Cristian Cadar}, title = {Safe Software Updates via Multi-version Execution}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {612--621}, doi = {}, year = {2013}, } Video |
|
Carzaniga, Antonio |
ICSE '13: "Automatic Recovery from Runtime ..."
Automatic Recovery from Runtime Failures
Antonio Carzaniga, Alessandra Gorla, Andrea Mattavelli, Nicolò Perino, and Mauro Pezzè (University of Lugano, Switzerland; Saarland University, Germany) We present a technique to make applications resilient to failures. This technique is intended to maintain a faulty application functional in the field while the developers work on permanent and radical fixes. We target field failures in applications built on reusable components. In particular, the technique exploits the intrinsic redundancy of those components by identifying workarounds consisting of alternative uses of the faulty components that avoid the failure. The technique is currently implemented for Java applications but makes little or no assumptions about the nature of the application, and works without interrupting the execution flow of the application and without restarting its components. We demonstrate and evaluate this technique on four mid-size applications and two popular libraries of reusable components affected by real and seeded faults. In these cases the technique is effective, maintaining the application fully functional with between 19% and 48% of the failure-causing faults, depending on the application. The experiments also show that the technique incurs an acceptable runtime overhead in all cases. @InProceedings{ICSE13p782, author = {Antonio Carzaniga and Alessandra Gorla and Andrea Mattavelli and Nicolò Perino and Mauro Pezzè}, title = {Automatic Recovery from Runtime Failures}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {782--791}, doi = {}, year = {2013}, } Video |
|
Cavallaro, Luca |
ICSE '13: "Engineering Adaptive Privacy: ..."
Engineering Adaptive Privacy: On the Role of Privacy Awareness Requirements
Inah Omoronyia, Luca Cavallaro, Mazeiar Salehie, Liliana Pasquale, and Bashar Nuseibeh (University of Glasgow, UK; Lero, Ireland; University of Limerick, Ireland; Open University, UK) Applications that continuously gather and disclose personal information about users are increasingly common. While disclosing this information may be essential for these applications to function, it may also raise privacy concerns. Partly, this is due to frequently changing context that introduces new privacy threats, and makes it difficult to continuously satisfy privacy requirements. To address this problem, applications may need to adapt in order to manage changing privacy concerns. Thus, we propose a framework that exploits the notion of privacy awareness requirements to identify runtime privacy properties to satisfy. These properties are used to support disclosure decision making by applications. Our evaluations suggest that applications that fail to satisfy privacy awareness requirements cannot regulate users information disclosure. We also observe that the satisfaction of privacy awareness requirements is useful to users aiming to minimise exposure to privacy threats, and to users aiming to maximise functional benefits amidst increasing threat severity. @InProceedings{ICSE13p632, author = {Inah Omoronyia and Luca Cavallaro and Mazeiar Salehie and Liliana Pasquale and Bashar Nuseibeh}, title = {Engineering Adaptive Privacy: On the Role of Privacy Awareness Requirements}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {632--641}, doi = {}, year = {2013}, } |
|
Chalin, Patrice |
ICSE '13: "Explicating Symbolic Execution ..."
Explicating Symbolic Execution (xSymExe): An Evidence-Based Verification Framework
John Hatcliff, Robby, Patrice Chalin, and Jason Belt (Kansas State University, USA) Previous applications of symbolic execution (SymExe) have focused on bug-finding and test-case generation. However, SymExe has the potential to significantly improve usability and automation when applied to verification of software contracts in safety-critical systems. Due to the lack of support for processing software contracts and ad hoc approaches for introducing a variety of over/under-approximations and optimizations, most SymExe implementations cannot precisely characterize the verification status of contracts. Moreover, these tools do not provide explicit justifications for their conclusions, and thus they are not aligned with trends toward evidence-based verification and certification. We introduce the concept of "explicating symbolic execution" (xSymExe) that builds on a strong semantic foundation, supports full verification of rich software contracts, explicitly tracks where over/under-approximations are introduced or avoided, precisely characterizes the verification status of each contractual claim, and associates each claim with "explications" for its reported verification status. We report on case studies in the use of Bakar Kiasan, our open source xSymExe tool for SPARK Ada. @InProceedings{ICSE13p222, author = {John Hatcliff and Robby and Patrice Chalin and Jason Belt}, title = {Explicating Symbolic Execution (xSymExe): An Evidence-Based Verification Framework}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {222--231}, doi = {}, year = {2013}, } |
|
Chandra, Satish |
ICSE '13: "Guided Test Generation for ..."
Guided Test Generation for Web Applications
Suresh Thummalapenta, K. Vasanta Lakshmi, Saurabh Sinha, Nishant Sinha, and Satish Chandra (IBM Research, India; Indian Institute of Science, India; IBM Research, USA) We focus on functional testing of enterprise applications with the goal of exercising an application's interesting behaviors by driving it from its user interface. The difficulty in doing this is focusing on the interesting behaviors among an unbounded number of behaviors. We present a new technique for automatically generating tests that drive a web-based application along interesting behaviors, where the interesting behavior is specified in the form of "business rules." Business rules are a general mechanism for describing business logic, access control, or even navigational properties of an application's GUI. Our technique is black box, in that it does not analyze the application's server-side implementation, but relies on directed crawling via the application's GUI. To handle the unbounded number of GUI states, the technique includes two phases. Phase 1 creates an abstract state-transition diagram using a relaxed notion of equivalence of GUI states without considering rules. Next, Phase 2 identifies rule-relevant abstract paths and refines those paths using a stricter notion of state equivalence. Our technique can be much more effective at covering business rules than an undirected technique, developed as an enhancement of an existing test-generation technique. Our experiments showed that the former was able to cover 92% of the rules, compared to 52% of the rules covered by the latter. @InProceedings{ICSE13p162, author = {Suresh Thummalapenta and K. Vasanta Lakshmi and Saurabh Sinha and Nishant Sinha and Satish Chandra}, title = {Guided Test Generation for Web Applications}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {162--171}, doi = {}, year = {2013}, } ICSE '13: "SemFix: Program Repair via ..." SemFix: Program Repair via Semantic Analysis Hoang Duong Thien Nguyen, Dawei Qi, Abhik Roychoudhury , and Satish Chandra (National University of Singapore, Singapore; IBM Research, USA) Debugging consumes significant time and effort in any major software development project. Moreover, even after the root cause of a bug is identified, fixing the bug is non-trivial. Given this situation, automated program repair methods are of value. In this paper, we present an automated repair method based on symbolic execution, constraint solving and program synthesis. In our approach, the requirement on the repaired code to pass a given set of tests is formulated as a constraint. Such a constraint is then solved by iterating over a layered space of repair expressions, layered by the complexity of the repair code. We compare our method with recently proposed genetic programming based repair on SIR programs with seeded bugs, as well as fragments of GNU Coreutils with real bugs. On these subjects, our approach reports a higher success-rate than genetic programming based repair, and produces a repair faster. @InProceedings{ICSE13p772, author = {Hoang Duong Thien Nguyen and Dawei Qi and Abhik Roychoudhury and Satish Chandra}, title = {SemFix: Program Repair via Semantic Analysis}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {772--781}, doi = {}, year = {2013}, } |
|
Chen, Manman |
ICSE '13: "Dynamic Synthesis of Local ..."
Dynamic Synthesis of Local Time Requirement for Service Composition
Tian Huat Tan, Étienne André , Jun Sun, Yang Liu, Jin Song Dong, and Manman Chen (National University of Singapore, Singapore; Université Paris 13, France; CNRS, France; Singapore University of Technology and Design, Singapore; Nanyang Technological University, Singapore) Service composition makes use of existing service-based applications as components to achieve a business goal. In time critical business environments, the response time of a service is crucial, which is also reflected as a clause in service level agreements (SLAs) between service providers and service users. To allow the composite service to fulfill the response time requirement as promised, it is important to find a feasible set of component services, such that their response time could collectively allow the satisfaction of the response time of the composite service. In this work, we propose a fully automated approach to synthesize the response time requirement of component services, in the form of a constraint on the local response times, that guarantees the global response time requirement. Our approach is based on parameter synthesis techniques for real-time systems. It has been implemented and evaluated with real-world case studies. @InProceedings{ICSE13p542, author = {Tian Huat Tan and Étienne André and Jun Sun and Yang Liu and Jin Song Dong and Manman Chen}, title = {Dynamic Synthesis of Local Time Requirement for Service Composition}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {542--551}, doi = {}, year = {2013}, } |
|
Chen, Nicholas |
ICSE '13: "Drag-and-Drop Refactoring: ..."
Drag-and-Drop Refactoring: Intuitive and Efficient Program Transformation
Yun Young Lee, Nicholas Chen, and Ralph E. Johnson (University of Illinois at Urbana-Champaign, USA) Refactoring is a disciplined technique for restructuring code to improve its readability and maintainability. Almost all modern integrated development environments (IDEs) offer built-in support for automated refactoring tools. However, the user interface for refactoring tools has remained largely unchanged from the menu and dialog approach introduced in the Smalltalk Refactoring Browser, the first automated refactoring tool, more than a decade ago. As the number of supported refactorings and their options increase, invoking and configuring these tools through the traditional methods have become increasingly unintuitive and inefficient. The contribution of this paper is a novel approach that eliminates the use of menus and dialogs altogether. We streamline the invocation and configuration process through direct manipulation of program elements via drag-and-drop. We implemented and evaluated this approach in our tool, Drag-and-Drop Refactoring (DNDRefactoring), which supports up to 12 of 23 refactorings in the Eclipse IDE. Empirical evaluation through surveys and controlled user studies demonstrates that our approach is intuitive, more efficient, and less error-prone compared to traditional methods available in IDEs today. Our results bolster the need for researchers and tool developers to rethink the design of future refactoring tools. @InProceedings{ICSE13p23, author = {Yun Young Lee and Nicholas Chen and Ralph E. Johnson}, title = {Drag-and-Drop Refactoring: Intuitive and Efficient Program Transformation}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {23--32}, doi = {}, year = {2013}, } Video |
|
Chen, Zhangji |
ICSE '13: "Departures from Optimality: ..."
Departures from Optimality: Understanding Human Analyst's Information Foraging in Assisted Requirements Tracing
Nan Niu, Anas Mahmoud, Zhangji Chen, and Gary Bradshaw (Mississippi State University, USA) Studying human analyst's behavior in automated tracing is a new research thrust. Building on a growing body of work in this area, we offer a novel approach to understanding requirements analyst's information seeking and gathering. We model analysts as predators in pursuit of prey --- the relevant traceability information, and leverage the optimality models to characterize a rational decision process. The behavior of real analysts with that of the optimal information forager is then compared and contrasted. The results show that the analysts' information diets are much wider than the theory's predictions, and their residing in low-profitability information patches is much longer than the optimal residence time. These uncovered discrepancies not only offer concrete insights into the obstacles faced by analysts, but also lead to principled ways to increase practical tool support for overcoming the obstacles. @InProceedings{ICSE13p572, author = {Nan Niu and Anas Mahmoud and Zhangji Chen and Gary Bradshaw}, title = {Departures from Optimality: Understanding Human Analyst's Information Foraging in Assisted Requirements Tracing}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {572--581}, doi = {}, year = {2013}, } |
|
Cohen, Myra B. |
ICSE '13: "Human Performance Regression ..."
Human Performance Regression Testing
Amanda Swearngin, Myra B. Cohen, Bonnie E. John, and Rachel K. E. Bellamy (University of Nebraska-Lincoln, USA; IBM Research, USA) As software systems evolve, new interface features such as keyboard shortcuts and toolbars are introduced. While it is common to regression test the new features for functional correctness, there has been less focus on systematic regression testing for usability, due to the effort and time involved in human studies. Cognitive modeling tools such as CogTool provide some help by computing predictions of user performance, but they still require manual effort to describe the user interface and tasks, limiting regression testing efforts. In recent work, we developed CogTool Helper to reduce the effort required to generate human performance models of existing systems. We build on this work by providing task specific test case generation and present our vision for human performance regression testing (HPRT) that generates large numbers of test cases and evaluates a range of human performance predictions for the same task. We examine the feasibility of HPRT on four tasks in LibreOffice, find several regressions, and then discuss how a project team could use this information. We also illustrate that we can increase efficiency with sampling by leveraging an inference algorithm. Samples that take approximately 50% of the runtime lose at most 10% of the performance predictions. @InProceedings{ICSE13p152, author = {Amanda Swearngin and Myra B. Cohen and Bonnie E. John and Rachel K. E. Bellamy}, title = {Human Performance Regression Testing}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {152--161}, doi = {}, year = {2013}, } Video |
|
Coker, Zack |
ICSE '13: "Program Transformations to ..."
Program Transformations to Fix C Integers
Zack Coker and Munawar Hafiz (Auburn University, USA) C makes it easy to misuse integer types; even mature programs harbor many badly-written integer code. Traditional approaches at best detect these problems; they cannot guide developers to write correct code. We describe three program transformations that fix integer problems---one explicitly introduces casts to disambiguate type mismatch, another adds runtime checks to arithmetic operations, and the third one changes the type of a wrongly-declared integer. Together, these transformations fixed all variants of integer problems featured in 7,147 programs of NIST's SAMATE reference dataset, making the changes automatically on over 15 million lines of code. We also applied the transformations automatically on 5 open source software. The transformations made hundreds of changes on over 700,000 lines of code, but did not break the programs. Being integrated with source code and development process, these program transformations can fix integer problems, along with developers' misconceptions about integer usage. @InProceedings{ICSE13p792, author = {Zack Coker and Munawar Hafiz}, title = {Program Transformations to Fix C Integers}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {792--801}, doi = {}, year = {2013}, } Video |
|
Corapi, Domenico |
ICSE '13: "Learning Revised Models for ..."
Learning Revised Models for Planning in Adaptive Systems
Daniel Sykes, Domenico Corapi, Jeff Magee, Jeff Kramer, Alessandra Russo, and Katsumi Inoue (Imperial College London, UK; National Institute of Informatics, Japan) Environment domain models are a key part of the information used by adaptive systems to determine their behaviour. These models can be incomplete or inaccurate. In addition, since adaptive systems generally operate in environments which are subject to change, these models are often also out of date. To update and correct these models, the system should observe how the environment responds to its actions, and compare these responses to those predicted by the model. In this paper, we use a probabilistic rule learning approach, NoMPRoL, to update models using feedback from the running system in the form of execution traces. NoMPRoL is a technique for non-monotonic probabilistic rule learning based on a transformation of an inductive logic programming task into an equivalent abductive one. In essence, it exploits consistent observations by finding general rules which explain observations in terms of the conditions under which they occur. The updated models are then used to generate new behaviour with a greater chance of success in the actual environment encountered. @InProceedings{ICSE13p63, author = {Daniel Sykes and Domenico Corapi and Jeff Magee and Jeff Kramer and Alessandra Russo and Katsumi Inoue}, title = {Learning Revised Models for Planning in Adaptive Systems}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {63--71}, doi = {}, year = {2013}, } Video |
|
Cordy, Maxime |
ICSE '13: "Beyond Boolean Product-Line ..."
Beyond Boolean Product-Line Model Checking: Dealing with Feature Attributes and Multi-features
Maxime Cordy, Pierre-Yves Schobbens, Patrick Heymans, and Axel Legay (University of Namur, Belgium; IRISA, France; INRIA, France; University of Liège, Belgium) Model checking techniques for software product lines (SPL) are actively researched. A major limitation they currently have is the inability to deal efficiently with non-Boolean features and multi-features. An example of a non-Boolean feature is a numeric attribute such as maximum number of users which can take different numeric values across the range of SPL products. Multi-features are features that can appear several times in the same product, such as processing units which number is variable from one product to another and which can be configured independently. Both constructs are extensively used in practice but currently not supported by existing SPL model checking techniques. To overcome this limitation, we formally define a language that integrates these constructs with SPL behavioural specifications. We generalize SPL model checking algorithms correspondingly and evaluate their applicability. Our results show that the algorithms remain efficient despite the generalization. @InProceedings{ICSE13p472, author = {Maxime Cordy and Pierre-Yves Schobbens and Patrick Heymans and Axel Legay}, title = {Beyond Boolean Product-Line Model Checking: Dealing with Feature Attributes and Multi-features}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {472--481}, doi = {}, year = {2013}, } |
|
Cotroneo, Domenico |
ICSE '13: "A Learning-Based Method for ..."
A Learning-Based Method for Combining Testing Techniques
Domenico Cotroneo, Roberto Pietrantuono, and Stefano Russo (Università di Napoli Federico II, Italy; Lab CINI-ITEM Carlo Savy, Italy) This work presents a method to combine testing techniques adaptively during the testing process. It intends to mitigate the sources of uncertainty of software testing processes, by learning from past experience and, at the same time, adapting the technique selection to the current testing session. The method is based on machine learning strategies. It uses offline strategies to take historical information into account about the techniques performance collected in past testing sessions; then, online strategies are used to adapt the selection of test cases to the data observed as the testing proceeds. Experimental results show that techniques performance can be accurately characterized from features of the past testing sessions, by means of machine learning algorithms, and that integrating this result into the online algorithm allows improving the fault detection effectiveness with respect to single testing techniques, as well as to their random combination. @InProceedings{ICSE13p142, author = {Domenico Cotroneo and Roberto Pietrantuono and Stefano Russo}, title = {A Learning-Based Method for Combining Testing Techniques}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {142--151}, doi = {}, year = {2013}, } |
|
Damian, Daniela |
ICSE '13: "The Role of Domain Knowledge ..."
The Role of Domain Knowledge and Cross-Functional Communication in Socio-Technical Coordination
Daniela Damian, Remko Helms, Irwin Kwan, Sabrina Marczak, and Benjamin Koelewijn (University of Victoria, Canada; Utrecht University, Netherlands; Oregon State University, USA; PUCRS, Brazil) Software projects involve diverse roles and artifacts that have dependencies to requirements. Project team members in different roles need to coordinate but their coordination is affected by the availability of domain knowledge, which is distributed among different project members, and organizational structures that control cross-functional communication. Our study examines how information flowed between different roles in two software projects that had contrasting distributions of domain knowledge and different communication structures. Using observations, interviews, and surveys, we examined how diverse roles working on requirements and their related artifacts coordinated along task dependencies. We found that communication only partially matched task dependencies and that team members that are boundary spanners have extensive domain knowledge and hold key positions in the control structure. These findings have implications on how organizational structures interfere with task assignments and influence communication in the project, suggesting how practitioners can adjust team configuration and communication structures. @InProceedings{ICSE13p442, author = {Daniela Damian and Remko Helms and Irwin Kwan and Sabrina Marczak and Benjamin Koelewijn}, title = {The Role of Domain Knowledge and Cross-Functional Communication in Socio-Technical Coordination}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {442--451}, doi = {}, year = {2013}, } |
|
Damitio, Monique |
ICSE '13: "Are Your Incoming Aliases ..."
Are Your Incoming Aliases Really Necessary? Counting the Cost of Object Ownership
Alex Potanin, Monique Damitio, and James Noble (Victoria University of Wellington, New Zealand) Object ownership enforces encapsulation within object-oriented programs by forbidding incoming aliases into objects' representations. Many common data structures, such as collections with iterators, require incoming aliases, so there has been much work on relaxing ownership's encapsulation to permit multiple incoming aliases. This research asks the opposite question: Are your aliases really necessary? In this paper, we count the cost of programming with strong object encapsulation. We refactored the JDK 5.0 collection classes so that they did not use incoming aliases, following either the owner-as-dominator or the owner-as-accessor encapsulation discipline. We measured the performance time overhead the refactored collections impose on a set of microbenchmarks and on the DaCapo, SPECjbb and SPECjvm benchmark suites. While the microbenchmarks show that individual operations and iterations can be significantly slower on encapsulated collection (especially for owner-as-dominator), we found less than 3% slowdown for owner-as-accessor across the large scale benchmarks. As a result, we propose that well-known design patterns such as Iterator commonly used by software engineers around the world need to be adjusted to take ownership into account. As most design patterns are used as a building block in constructing larger pieces of software, a small adjustment to respect ownership will not have any impact on the productivity of programmers but will have a huge impact on the quality of the resulting code with respect to aliasing. @InProceedings{ICSE13p742, author = {Alex Potanin and Monique Damitio and James Noble}, title = {Are Your Incoming Aliases Really Necessary? Counting the Cost of Object Ownership}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {742--751}, doi = {}, year = {2013}, } Video |
|
De Lucia, Andrea |
ICSE '13: "Automatic Query Reformulations ..."
Automatic Query Reformulations for Text Retrieval in Software Engineering
Sonia Haiduc, Gabriele Bavota, Andrian Marcus, Rocco Oliveto, Andrea De Lucia , and Tim Menzies (Wayne State University, USA; University of Salerno, Italy; University of Molise, Italy; University of West Virginia, USA) There are more than twenty distinct software engineering tasks addressed with text retrieval (TR) techniques, such as, traceability link recovery, feature location, refactoring, reuse, etc. A common issue with all TR applications is that the results of the retrieval depend largely on the quality of the query. When a query performs poorly, it has to be reformulated and this is a difficult task for someone who had trouble writing a good query in the first place. We propose a recommender (called Refoqus) based on machine learning, which is trained with a sample of queries and relevant results. Then, for a given query, it automatically recommends a reformulation strategy that should improve its performance, based on the properties of the query. We evaluated Refoqus empirically against four baseline approaches that are used in natural language document retrieval. The data used for the evaluation corresponds to changes from five open source systems in Java and C++ and it is used in the context of TR-based concept location in source code. Refoqus outperformed the baselines and its recommendations lead to query performance improvement or preservation in 84% of the cases (in average). @InProceedings{ICSE13p842, author = {Sonia Haiduc and Gabriele Bavota and Andrian Marcus and Rocco Oliveto and Andrea De Lucia and Tim Menzies}, title = {Automatic Query Reformulations for Text Retrieval in Software Engineering}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {842--851}, doi = {}, year = {2013}, } Video ICSE '13: "An Empirical Study on the ..." An Empirical Study on the Developers' Perception of Software Coupling Gabriele Bavota, Bogdan Dit, Rocco Oliveto, Massimiliano Di Penta, Denys Poshyvanyk , and Andrea De Lucia (University of Salerno, Italy; College of William and Mary, USA; University of Molise, Italy; University of Sannio, Italy) Coupling is a fundamental property of software systems, and numerous coupling measures have been proposed to support various development and maintenance activities. However, little is known about how developers actually perceive coupling, what mechanisms constitute coupling, and if existing measures align with this perception. In this paper we bridge this gap, by empirically investigating how class coupling---as captured by structural, dynamic, semantic, and logical coupling measures---aligns with developers' perception of coupling. The study has been conducted on three Java open-source systems---namely ArgoUML, JHotDraw and jEdit---and involved 64 students, academics, and industrial practitioners from around the world, as well as 12 active developers of these three systems. We asked participants to assess the coupling between the given pairs of classes and provide their ratings and some rationale. The results indicate that the peculiarity of the semantic coupling measure allows it to better estimate the mental model of developers than the other coupling measures. This is because, in several cases, the interactions between classes are encapsulated in the source code vocabulary, and cannot be easily derived by only looking at structural relationships, such as method calls. @InProceedings{ICSE13p692, author = {Gabriele Bavota and Bogdan Dit and Rocco Oliveto and Massimiliano Di Penta and Denys Poshyvanyk and Andrea De Lucia}, title = {An Empirical Study on the Developers' Perception of Software Coupling}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {692--701}, doi = {}, year = {2013}, } Video ICSE '13: "How to Effectively Use Topic ..." How to Effectively Use Topic Models for Software Engineering Tasks? An Approach Based on Genetic Algorithms Annibale Panichella, Bogdan Dit, Rocco Oliveto, Massimiliano Di Penta, Denys Poshyvanyk, and Andrea De Lucia (University of Salerno, Italy; College of William and Mary, USA; University of Molise, Italy; University of Sannio, Italy) Information Retrieval (IR) methods, and in particular topic models, have recently been used to support essential software engineering (SE) tasks, by enabling software textual retrieval and analysis. In all these approaches, topic models have been used on software artifacts in a similar manner as they were used on natural language documents (e.g., using the same settings and parameters) because the underlying assumption was that source code and natural language documents are similar. However, applying topic models on software data using the same settings as for natural language text did not always produce the expected results. Recent research investigated this assumption and showed that source code is much more repetitive and predictable as compared to the natural language text. Our paper builds on this new fundamental finding and proposes a novel solution to adapt, configure and effectively use a topic modeling technique, namely Latent Dirichlet Allocation (LDA), to achieve better (acceptable) performance across various SE tasks. Our paper introduces a novel solution called LDA-GA, which uses Genetic Algorithms (GA) to determine a near-optimal configuration for LDA in the context of three different SE tasks: (1) traceability link recovery, (2) feature location, and (3) software artifact labeling. The results of our empirical studies demonstrate that LDA-GA is ableto identify robust LDA configurations, which lead to a higher accuracy on all the datasets for these SE tasks as compared to previously published results, heuristics, and the results of a combinatorial search. @InProceedings{ICSE13p522, author = {Annibale Panichella and Bogdan Dit and Rocco Oliveto and Massimiliano Di Penta and Denys Poshyvanyk and Andrea De Lucia}, title = {How to Effectively Use Topic Models for Software Engineering Tasks? An Approach Based on Genetic Algorithms}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {522--531}, doi = {}, year = {2013}, } Video |
|
Deursen, Arie van |
ICSE '13: "Data Clone Detection and Visualization ..."
Data Clone Detection and Visualization in Spreadsheets
Felienne Hermans, Ben Sedee, Martin Pinzger, and Arie van Deursen (TU Delft, Netherlands) Spreadsheets are widely used in industry: it is estimated that end-user programmers outnumber programmers by a factor 5. However, spreadsheets are error-prone, numerous companies have lost money because of spreadsheet errors. One of the causes for spreadsheet problems is the prevalence of copy-pasting. In this paper, we study this cloning in spreadsheets. Based on existing text-based clone detection algorithms, we have developed an algorithm to detect data clones in spreadsheets: formulas whose values are copied as plain text in a different location. To evaluate the usefulness of the proposed approach, we conducted two evaluations. A quantitative evaluation in which we analyzed the EUSES corpus and a qualitative evaluation consisting of two case studies. The results of the evaluation clearly indicate that 1) data clones are common, 2) data clones pose threats to spreadsheet quality and 3) our approach supports users in finding and resolving data clones. @InProceedings{ICSE13p292, author = {Felienne Hermans and Ben Sedee and Martin Pinzger and Arie van Deursen}, title = {Data Clone Detection and Visualization in Spreadsheets}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {292--301}, doi = {}, year = {2013}, } |
|
Devanbu, Premkumar |
ICSE '13: "How, and Why, Process Metrics ..."
How, and Why, Process Metrics Are Better
Foyzur Rahman and Premkumar Devanbu (UC Davis, USA) Defect prediction techniques could potentially help us to focus quality-assurance efforts on the most defect-prone files. Modern statistical tools make it very easy to quickly build and deploy prediction models. Software metrics are at the heart of prediction models; understanding how and especially why different types of metrics are effective is very important for successful model deployment. In this paper we analyze the applicability and efficacy of process and code metrics from several different perspectives. We build many prediction models across 85 releases of 12 large open source projects to address the performance, stability, portability and stasis of different sets of metrics. Our results suggest that code metrics, despite widespread use in the defect prediction literature, are generally less useful than process metrics for prediction. Second, we find that code metrics have high stasis; they dont change very much from release to release. This leads to stagnation in the prediction models, leading to the same files being repeatedly predicted as defective; unfortunately, these recurringly defective files turn out to be comparatively less defect-dense. @InProceedings{ICSE13p432, author = {Foyzur Rahman and Premkumar Devanbu}, title = {How, and Why, Process Metrics Are Better}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {432--441}, doi = {}, year = {2013}, } ICSE '13: "Dual Ecological Measures of ..." Dual Ecological Measures of Focus in Software Development Daryl Posnett, Raissa D'Souza, Premkumar Devanbu , and Vladimir Filkov (UC Davis, USA) Work practices vary among software developers. Some are highly focused on a few artifacts; others make wide-ranging contributions. Similarly, some artifacts are mostly authored, or owned, by one or few developers; others have very wide ownership. Focus and ownership are related but different phenomena, both with strong effect on software quality. Prior studies have mostly targeted ownership; the measures of ownership used have generally been based on either simple counts, information-theoretic views of ownership, or social-network views of contribution patterns. We argue for a more general conceptual view that unifies developer focus and artifact ownership. We analogize the developer-artifact contribution network to a predator-prey food web, and draw upon ideas from ecology to produce a novel, and conceptually unified view of measuring focus and ownership. These measures relate to both cross-entropy and Kullback-Liebler divergence, and simultaneously provide two normalized measures of focus from both the developer and artifact perspectives. We argue that these measures are theoretically well-founded, and yield novel predictive, conceptual, and actionable value in software projects. We find that more focused developers introduce fewer defects than defocused developers. In contrast, files that receive narrowly focused activity are more likely to contain defects than other files. @InProceedings{ICSE13p452, author = {Daryl Posnett and Raissa D'Souza and Premkumar Devanbu and Vladimir Filkov}, title = {Dual Ecological Measures of Focus in Software Development}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {452--461}, doi = {}, year = {2013}, } |
|
Di Cosmo, Roberto |
ICSE '13: "Broken Sets in Software Repository ..."
Broken Sets in Software Repository Evolution
Jérôme Vouillon and Roberto Di Cosmo (University of Paris Diderot, France; CNRS, France; INRIA, France) Modern software systems are built by composing components drawn from large repositories, whose size and complexity increase at a fast pace. Software systems built with components from a release of a repository should be seamlessly upgradeable using components from the next release. Unfortunately, users are often confronted with sets of components that were installed together, but cannot be upgraded together to the latest version from the new repository. Identifying these broken sets can be of great help for a quality assurance team, that could examine and fix these issues well before they reach the end user. Building on previous work on component co-installability, we show that it is possible to find these broken sets for any two releases of a component repository, computing extremely efficiently a concise representation of these upgrade issues, together with informative graphical explanations. A tool implementing the algorithm presented in this paper is available as free software, and is able to process the evolution between two major releases of the Debian GNU/Linux distribution in just a few seconds. These results make it possible to integrate seamlessly this analysis in a repository development process. @InProceedings{ICSE13p412, author = {Jérôme Vouillon and Roberto Di Cosmo}, title = {Broken Sets in Software Repository Evolution}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {412--421}, doi = {}, year = {2013}, } |
|
Di Penta, Massimiliano |
ICSE '13: "An Empirical Study on the ..."
An Empirical Study on the Developers' Perception of Software Coupling
Gabriele Bavota, Bogdan Dit, Rocco Oliveto, Massimiliano Di Penta, Denys Poshyvanyk , and Andrea De Lucia (University of Salerno, Italy; College of William and Mary, USA; University of Molise, Italy; University of Sannio, Italy) Coupling is a fundamental property of software systems, and numerous coupling measures have been proposed to support various development and maintenance activities. However, little is known about how developers actually perceive coupling, what mechanisms constitute coupling, and if existing measures align with this perception. In this paper we bridge this gap, by empirically investigating how class coupling---as captured by structural, dynamic, semantic, and logical coupling measures---aligns with developers' perception of coupling. The study has been conducted on three Java open-source systems---namely ArgoUML, JHotDraw and jEdit---and involved 64 students, academics, and industrial practitioners from around the world, as well as 12 active developers of these three systems. We asked participants to assess the coupling between the given pairs of classes and provide their ratings and some rationale. The results indicate that the peculiarity of the semantic coupling measure allows it to better estimate the mental model of developers than the other coupling measures. This is because, in several cases, the interactions between classes are encapsulated in the source code vocabulary, and cannot be easily derived by only looking at structural relationships, such as method calls. @InProceedings{ICSE13p692, author = {Gabriele Bavota and Bogdan Dit and Rocco Oliveto and Massimiliano Di Penta and Denys Poshyvanyk and Andrea De Lucia}, title = {An Empirical Study on the Developers' Perception of Software Coupling}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {692--701}, doi = {}, year = {2013}, } Video ICSE '13: "How to Effectively Use Topic ..." How to Effectively Use Topic Models for Software Engineering Tasks? An Approach Based on Genetic Algorithms Annibale Panichella, Bogdan Dit, Rocco Oliveto, Massimiliano Di Penta, Denys Poshyvanyk, and Andrea De Lucia (University of Salerno, Italy; College of William and Mary, USA; University of Molise, Italy; University of Sannio, Italy) Information Retrieval (IR) methods, and in particular topic models, have recently been used to support essential software engineering (SE) tasks, by enabling software textual retrieval and analysis. In all these approaches, topic models have been used on software artifacts in a similar manner as they were used on natural language documents (e.g., using the same settings and parameters) because the underlying assumption was that source code and natural language documents are similar. However, applying topic models on software data using the same settings as for natural language text did not always produce the expected results. Recent research investigated this assumption and showed that source code is much more repetitive and predictable as compared to the natural language text. Our paper builds on this new fundamental finding and proposes a novel solution to adapt, configure and effectively use a topic modeling technique, namely Latent Dirichlet Allocation (LDA), to achieve better (acceptable) performance across various SE tasks. Our paper introduces a novel solution called LDA-GA, which uses Genetic Algorithms (GA) to determine a near-optimal configuration for LDA in the context of three different SE tasks: (1) traceability link recovery, (2) feature location, and (3) software artifact labeling. The results of our empirical studies demonstrate that LDA-GA is ableto identify robust LDA configurations, which lead to a higher accuracy on all the datasets for these SE tasks as compared to previously published results, heuristics, and the results of a combinatorial search. @InProceedings{ICSE13p522, author = {Annibale Panichella and Bogdan Dit and Rocco Oliveto and Massimiliano Di Penta and Denys Poshyvanyk and Andrea De Lucia}, title = {How to Effectively Use Topic Models for Software Engineering Tasks? An Approach Based on Genetic Algorithms}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {522--531}, doi = {}, year = {2013}, } Video |
|
Dit, Bogdan |
ICSE '13: "An Empirical Study on the ..."
An Empirical Study on the Developers' Perception of Software Coupling
Gabriele Bavota, Bogdan Dit, Rocco Oliveto, Massimiliano Di Penta, Denys Poshyvanyk , and Andrea De Lucia (University of Salerno, Italy; College of William and Mary, USA; University of Molise, Italy; University of Sannio, Italy) Coupling is a fundamental property of software systems, and numerous coupling measures have been proposed to support various development and maintenance activities. However, little is known about how developers actually perceive coupling, what mechanisms constitute coupling, and if existing measures align with this perception. In this paper we bridge this gap, by empirically investigating how class coupling---as captured by structural, dynamic, semantic, and logical coupling measures---aligns with developers' perception of coupling. The study has been conducted on three Java open-source systems---namely ArgoUML, JHotDraw and jEdit---and involved 64 students, academics, and industrial practitioners from around the world, as well as 12 active developers of these three systems. We asked participants to assess the coupling between the given pairs of classes and provide their ratings and some rationale. The results indicate that the peculiarity of the semantic coupling measure allows it to better estimate the mental model of developers than the other coupling measures. This is because, in several cases, the interactions between classes are encapsulated in the source code vocabulary, and cannot be easily derived by only looking at structural relationships, such as method calls. @InProceedings{ICSE13p692, author = {Gabriele Bavota and Bogdan Dit and Rocco Oliveto and Massimiliano Di Penta and Denys Poshyvanyk and Andrea De Lucia}, title = {An Empirical Study on the Developers' Perception of Software Coupling}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {692--701}, doi = {}, year = {2013}, } Video ICSE '13: "How to Effectively Use Topic ..." How to Effectively Use Topic Models for Software Engineering Tasks? An Approach Based on Genetic Algorithms Annibale Panichella, Bogdan Dit, Rocco Oliveto, Massimiliano Di Penta, Denys Poshyvanyk, and Andrea De Lucia (University of Salerno, Italy; College of William and Mary, USA; University of Molise, Italy; University of Sannio, Italy) Information Retrieval (IR) methods, and in particular topic models, have recently been used to support essential software engineering (SE) tasks, by enabling software textual retrieval and analysis. In all these approaches, topic models have been used on software artifacts in a similar manner as they were used on natural language documents (e.g., using the same settings and parameters) because the underlying assumption was that source code and natural language documents are similar. However, applying topic models on software data using the same settings as for natural language text did not always produce the expected results. Recent research investigated this assumption and showed that source code is much more repetitive and predictable as compared to the natural language text. Our paper builds on this new fundamental finding and proposes a novel solution to adapt, configure and effectively use a topic modeling technique, namely Latent Dirichlet Allocation (LDA), to achieve better (acceptable) performance across various SE tasks. Our paper introduces a novel solution called LDA-GA, which uses Genetic Algorithms (GA) to determine a near-optimal configuration for LDA in the context of three different SE tasks: (1) traceability link recovery, (2) feature location, and (3) software artifact labeling. The results of our empirical studies demonstrate that LDA-GA is ableto identify robust LDA configurations, which lead to a higher accuracy on all the datasets for these SE tasks as compared to previously published results, heuristics, and the results of a combinatorial search. @InProceedings{ICSE13p522, author = {Annibale Panichella and Bogdan Dit and Rocco Oliveto and Massimiliano Di Penta and Denys Poshyvanyk and Andrea De Lucia}, title = {How to Effectively Use Topic Models for Software Engineering Tasks? An Approach Based on Genetic Algorithms}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {522--531}, doi = {}, year = {2013}, } Video |
|
Dolby, Julian |
ICSE '13: "Efficient Construction of ..."
Efficient Construction of Approximate Call Graphs for JavaScript IDE Services
Asger Feldthaus, Max Schäfer, Manu Sridharan, Julian Dolby , and Frank Tip (Aarhus University, Denmark; Nanyang Technological University, Singapore; IBM Research, USA; University of Waterloo, Canada) The rapid rise of JavaScript as one of the most popular programming languages of the present day has led to a demand for sophisticated IDE support similar to what is available for Java or C#. However, advanced tooling is hampered by the dynamic nature of the language, which makes any form of static analysis very difficult. We single out efficient call graph construction as a key problem to be solved in order to improve development tools for JavaScript. To address this problem, we present a scalable field-based flow analysis for constructing call graphs. Our evaluation on large real-world programs shows that the analysis, while in principle unsound, produces highly accurate call graphs in practice. Previous analyses do not scale to these programs, but our analysis handles them in a matter of seconds, thus proving its suitability for use in an interactive setting. @InProceedings{ICSE13p752, author = {Asger Feldthaus and Max Schäfer and Manu Sridharan and Julian Dolby and Frank Tip}, title = {Efficient Construction of Approximate Call Graphs for JavaScript IDE Services}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {752--761}, doi = {}, year = {2013}, } ICSE '13: "Detecting Deadlock in Programs ..." Detecting Deadlock in Programs with Data-Centric Synchronization Daniel Marino, Christian Hammer, Julian Dolby , Mandana Vaziri, Frank Tip, and Jan Vitek (Symantec Research Labs, USA; Saarland University, Germany; IBM Research, USA; University of Waterloo, Canada; Purdue University, USA) Previously, we developed a data-centric approach to concurrency control in which programmers specify synchronization constraints declaratively, by grouping shared locations into atomic sets. We implemented our ideas in a Java extension called AJ, using Java locks to implement synchronization. We proved that atomicity violations are prevented by construction, and demonstrated that realistic Java programs can be refactored into AJ without significant loss of performance. This paper presents an algorithm for detecting possible dead- lock in AJ programs by ordering the locks associated with atomic sets. In our approach, a type-based static analysis is extended to handle recursive data structures by considering programmer- supplied, compiler-verified lock ordering annotations. In an eval- uation of the algorithm, all 10 AJ programs under consideration were shown to be deadlock-free. One program needed 4 ordering annotations and 2 others required minor refactorings. For the remaining 7 programs, no programmer intervention of any kind was required. @InProceedings{ICSE13p322, author = {Daniel Marino and Christian Hammer and Julian Dolby and Mandana Vaziri and Frank Tip and Jan Vitek}, title = {Detecting Deadlock in Programs with Data-Centric Synchronization}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {322--331}, doi = {}, year = {2013}, } |
|
Dong, Jin Song |
ICSE '13: "Dynamic Synthesis of Local ..."
Dynamic Synthesis of Local Time Requirement for Service Composition
Tian Huat Tan, Étienne André , Jun Sun, Yang Liu, Jin Song Dong, and Manman Chen (National University of Singapore, Singapore; Université Paris 13, France; CNRS, France; Singapore University of Technology and Design, Singapore; Nanyang Technological University, Singapore) Service composition makes use of existing service-based applications as components to achieve a business goal. In time critical business environments, the response time of a service is crucial, which is also reflected as a clause in service level agreements (SLAs) between service providers and service users. To allow the composite service to fulfill the response time requirement as promised, it is important to find a feasible set of component services, such that their response time could collectively allow the satisfaction of the response time of the composite service. In this work, we propose a fully automated approach to synthesize the response time requirement of component services, in the form of a constraint on the local response times, that guarantees the global response time requirement. Our approach is based on parameter synthesis techniques for real-time systems. It has been implemented and evaluated with real-world case studies. @InProceedings{ICSE13p542, author = {Tian Huat Tan and Étienne André and Jun Sun and Yang Liu and Jin Song Dong and Manman Chen}, title = {Dynamic Synthesis of Local Time Requirement for Service Composition}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {542--551}, doi = {}, year = {2013}, } |
|
Dorn, Christoph |
ICSE '13: "Coupling Software Architecture ..."
Coupling Software Architecture and Human Architecture for Collaboration-Aware System Adaptation
Christoph Dorn and Richard N. Taylor (TU Vienna, Austria; UC Irvine, USA) The emergence of socio-technical systems characterized by significant user collaboration poses a new challenge for system adaptation. People are no longer just the ``users'' of a system but an integral part. Traditional self-adaptation mechanisms, however, consider only the software system and remain unaware of the ramifications arising from collaboration interdependencies. By neglecting collective user behavior, an adaptation mechanism is unfit to appropriately adapt to evolution of user activities, consider side-effects on collaborations during the adaptation process, or anticipate negative consequence upon reconfiguration completion. Inspired by existing architecture-centric system adaptation approaches, we propose linking the runtime software architecture to the human collaboration topology. We introduce a mapping mechanism and corresponding framework that enables a system adaptation manager to reason upon the effect of software-level changes on human interactions and vice versa. We outline the integration of the human architecture in the adaptation process and demonstrate the benefit of our approach in a case study. @InProceedings{ICSE13p53, author = {Christoph Dorn and Richard N. Taylor}, title = {Coupling Software Architecture and Human Architecture for Collaboration-Aware System Adaptation}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {53--62}, doi = {}, year = {2013}, } |
|
Dougherty, Daniel J. |
ICSE '13: "Aluminum: Principled Scenario ..."
Aluminum: Principled Scenario Exploration through Minimality
Tim Nelson, Salman Saghafi, Daniel J. Dougherty, Kathi Fisler, and Shriram Krishnamurthi (Worcester Polytechnic Institute, USA; Brown University, USA) Scenario-finding tools such as Alloy are widely used to understand the consequences of specifications, with applications to software modeling, security analysis, and verification. This paper focuses on the exploration of scenarios: which scenarios are presented first, and how to traverse them in a well-defined way. We present Aluminum, a modification of Alloy that presents only minimal scenarios: those that contain no more than is necessary. Aluminum lets users explore the scenario space by adding to scenarios and backtracking. It also provides the ability to find what can consistently be used to extend each scenario. We describe the semantic basis of Aluminum in terms of minimal models of first-order logic formulas. We show how this theory can be implemented atop existing SAT-solvers and quantify both the benefits of minimality and its small computational overhead. Finally, we offer some qualitative observations about scenario exploration in Aluminum. @InProceedings{ICSE13p232, author = {Tim Nelson and Salman Saghafi and Daniel J. Dougherty and Kathi Fisler and Shriram Krishnamurthi}, title = {Aluminum: Principled Scenario Exploration through Minimality}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {232--241}, doi = {}, year = {2013}, } Video |
|
D'Souza, Raissa |
ICSE '13: "Dual Ecological Measures of ..."
Dual Ecological Measures of Focus in Software Development
Daryl Posnett, Raissa D'Souza, Premkumar Devanbu , and Vladimir Filkov (UC Davis, USA) Work practices vary among software developers. Some are highly focused on a few artifacts; others make wide-ranging contributions. Similarly, some artifacts are mostly authored, or owned, by one or few developers; others have very wide ownership. Focus and ownership are related but different phenomena, both with strong effect on software quality. Prior studies have mostly targeted ownership; the measures of ownership used have generally been based on either simple counts, information-theoretic views of ownership, or social-network views of contribution patterns. We argue for a more general conceptual view that unifies developer focus and artifact ownership. We analogize the developer-artifact contribution network to a predator-prey food web, and draw upon ideas from ecology to produce a novel, and conceptually unified view of measuring focus and ownership. These measures relate to both cross-entropy and Kullback-Liebler divergence, and simultaneously provide two normalized measures of focus from both the developer and artifact perspectives. We argue that these measures are theoretically well-founded, and yield novel predictive, conceptual, and actionable value in software projects. We find that more focused developers introduce fewer defects than defocused developers. In contrast, files that receive narrowly focused activity are more likely to contain defects than other files. @InProceedings{ICSE13p452, author = {Daryl Posnett and Raissa D'Souza and Premkumar Devanbu and Vladimir Filkov}, title = {Dual Ecological Measures of Focus in Software Development}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {452--461}, doi = {}, year = {2013}, } |
|
Duan, Zhenhua |
ICSE '13: "Detecting Spurious Counterexamples ..."
Detecting Spurious Counterexamples Efficiently in Abstract Model Checking
Cong Tian and Zhenhua Duan (Xidian University, China) Abstraction is one of the most important strategies for dealing with the state space explosion problem in model checking. With an abstract model, the state space is largely reduced, however, a counterexample found in such a model that does not satisfy the desired property may not exist in the concrete model. Therefore, how to check whether a reported counterexample is spurious is a key problem in the abstraction-refinement loop. Particularly, there are often thousands of millions of states in systems of industrial scale, how to check spurious counterexamples in these systems practically is a significant problem. In this paper, by re-analyzing spurious counterexamples, a new formal definition of spurious path is given. Based on it, efficient algorithms for detecting spurious counterexamples are presented. By the new algorithms, when dealing with infinite counterexamples, the finite prefix to be analyzed will be polynomially shorter than the one dealt by the existing algorithm. Moreover, in practical terms, the new algorithms can naturally be parallelized that makes multi-core processors contributes more in spurious counterexample checking. In addition, by the new algorithms, the state resulting in a spurious path ({false state}) that is hidden shallower will be reported earlier. Hence, as long as a {false state} is detected, lots of iterations for detecting all the {false states} will be avoided. Experimental results show that the new algorithms perform well along with the growth of system scale. @InProceedings{ICSE13p202, author = {Cong Tian and Zhenhua Duan}, title = {Detecting Spurious Counterexamples Efficiently in Abstract Model Checking}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {202--211}, doi = {}, year = {2013}, } Video |
|
Dyer, Robert |
ICSE '13: "Boa: A Language and Infrastructure ..."
Boa: A Language and Infrastructure for Analyzing Ultra-Large-Scale Software Repositories
Robert Dyer, Hoan Anh Nguyen, Hridesh Rajan , and Tien N. Nguyen (Iowa State University, USA) In today's software-centric world, ultra-large-scale software repositories, e.g. SourceForge (350,000+ projects), GitHub (250,000+ projects), and Google Code (250,000+ projects) are the new library of Alexandria. They contain an enormous corpus of software and information about software. Scientists and engineers alike are interested in analyzing this wealth of information both for curiosity as well as for testing important hypotheses. However, systematic extraction of relevant data from these repositories and analysis of such data for testing hypotheses is hard, and best left for mining software repository (MSR) experts! The goal of Boa, a domain-specific language and infrastructure described here, is to ease testing MSR-related hypotheses. We have implemented Boa and provide a web-based interface to Boa's infrastructure. Our evaluation demonstrates that Boa substantially reduces programming efforts, thus lowering the barrier to entry. We also see drastic improvements in scalability. Last but not least, reproducing an experiment conducted using Boa is just a matter of re-running small Boa programs provided by previous researchers. @InProceedings{ICSE13p422, author = {Robert Dyer and Hoan Anh Nguyen and Hridesh Rajan and Tien N. Nguyen}, title = {Boa: A Language and Infrastructure for Analyzing Ultra-Large-Scale Software Repositories}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {422--431}, doi = {}, year = {2013}, } |
|
Ernst, Michael D. |
ICSE '13: "Automated Diagnosis of Software ..."
Automated Diagnosis of Software Configuration Errors
Sai Zhang and Michael D. Ernst (University of Washington, USA) The behavior of a software system often depends on how that system is configured. Small configuration errors can lead to hard-to-diagnose undesired behaviors. We present a technique (and its tool implementation, called ConfDiagnoser) to identify the root cause of a configuration error a single configuration option that can be changed to produce desired behavior. Our technique uses static analysis, dynamic profiling, and statistical analysis to link the undesired behavior to specific configuration options. It differs from existing approaches in two key aspects: it does not require users to provide a testing oracle (to check whether the software functions correctly) and thus is fully-automated; and it can diagnose both crashing and non-crashing errors. We evaluated ConfDiagnoser on 5 non-crashing configuration errors and 9 crashing configuration errors from 5 configurable software systems written in Java. On average, the root cause was ConfDiagnosers fifth-ranked suggestion; in 10 out of 14 errors, the root cause was one of the top 3 suggestions; and more than half of the time, the root cause was the first suggestion. @InProceedings{ICSE13p312, author = {Sai Zhang and Michael D. Ernst}, title = {Automated Diagnosis of Software Configuration Errors}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {312--321}, doi = {}, year = {2013}, } ICSE '13: "Unifying FSM-Inference Algorithms ..." Unifying FSM-Inference Algorithms through Declarative Specification Ivan Beschastnikh, Yuriy Brun , Jenny Abrahamson, Michael D. Ernst , and Arvind Krishnamurthy (University of Washington, USA; University of Massachusetts, USA) Logging system behavior is a staple development practice. Numerous powerful model inference algorithms have been proposed to aid developers in log analysis and system understanding. Unfortunately, existing algorithms are difficult to understand, extend, and compare. This paper presents InvariMint, an approach to specify model inference algorithms declaratively. We applied InvariMint to two model inference algorithms and present evaluation results to illustrate that InvariMint (1) leads to new fundamental insights and better understanding of existing algorithms, (2) simplifies creation of new algorithms, including hybrids that extend existing algorithms, and (3) makes it easy to compare and contrast previously published algorithms. Finally, algorithms specified with InvariMint can outperform their procedural versions. @InProceedings{ICSE13p252, author = {Ivan Beschastnikh and Yuriy Brun and Jenny Abrahamson and Michael D. Ernst and Arvind Krishnamurthy}, title = {Unifying FSM-Inference Algorithms through Declarative Specification}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {252--261}, doi = {}, year = {2013}, } |
|
Esfahani, Naeem |
ICSE '13: "GuideArch: Guiding the Exploration ..."
GuideArch: Guiding the Exploration of Architectural Solution Space under Uncertainty
Naeem Esfahani, Sam Malek, and Kaveh Razavi (George Mason University, USA) A system's early architectural decisions impact its properties (e.g., scalability, dependability) as well as stakeholder concerns (e.g., cost, time to delivery). Choices made early on are both difficult and costly to change, and thus it is paramount that the engineer gets them "right". This leads to a paradox, as in early design, the engineer is often forced to make these decisions under uncertainty, i.e., not knowing the precise impact of those decisions on the various concerns. How could the engineer make the "right" choices in such circumstances? This is precisely the question we have tackled in this paper. We present GuideArch, a framework aimed at quantitative exploration of the architectural solution space under uncertainty. It provides techniques founded on fuzzy math that help the engineer with making informed decisions. @InProceedings{ICSE13p43, author = {Naeem Esfahani and Sam Malek and Kaveh Razavi}, title = {GuideArch: Guiding the Exploration of Architectural Solution Space under Uncertainty}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {43--52}, doi = {}, year = {2013}, } |
|
Feldthaus, Asger |
ICSE '13: "Efficient Construction of ..."
Efficient Construction of Approximate Call Graphs for JavaScript IDE Services
Asger Feldthaus, Max Schäfer, Manu Sridharan, Julian Dolby , and Frank Tip (Aarhus University, Denmark; Nanyang Technological University, Singapore; IBM Research, USA; University of Waterloo, Canada) The rapid rise of JavaScript as one of the most popular programming languages of the present day has led to a demand for sophisticated IDE support similar to what is available for Java or C#. However, advanced tooling is hampered by the dynamic nature of the language, which makes any form of static analysis very difficult. We single out efficient call graph construction as a key problem to be solved in order to improve development tools for JavaScript. To address this problem, we present a scalable field-based flow analysis for constructing call graphs. Our evaluation on large real-world programs shows that the analysis, while in principle unsound, produces highly accurate call graphs in practice. Previous analyses do not scale to these programs, but our analysis handles them in a matter of seconds, thus proving its suitability for use in an interactive setting. @InProceedings{ICSE13p752, author = {Asger Feldthaus and Max Schäfer and Manu Sridharan and Julian Dolby and Frank Tip}, title = {Efficient Construction of Approximate Call Graphs for JavaScript IDE Services}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {752--761}, doi = {}, year = {2013}, } |
|
Ferrucci, Filomena |
ICSE '13: "Not Going to Take This Anymore: ..."
Not Going to Take This Anymore: Multi-objective Overtime Planning for Software Engineering Projects
Filomena Ferrucci , Mark Harman , Jian Ren, and Federica Sarro (University of Salerno, Italy; University College London, UK) Software Engineering and development is well- known to suffer from unplanned overtime, which causes stress and illness in engineers and can lead to poor quality software with higher defects. In this paper, we introduce a multi-objective decision support approach to help balance project risks and duration against overtime, so that software engineers can better plan overtime. We evaluate our approach on 6 real world software projects, drawn from 3 organisations using 3 standard evaluation measures and 3 different approaches to risk assessment. Our results show that our approach was significantly better (p < 0.05) than standard multi-objective search in 76% of experiments (with high Cohen effect size in 85% of these) and was significantly better than currently used overtime planning strategies in 100% of experiments (with high effect size in all). We also show how our approach provides actionable overtime planning results and inves- tigate the impact of the three different forms of risk assessment. @InProceedings{ICSE13p462, author = {Filomena Ferrucci and Mark Harman and Jian Ren and Federica Sarro}, title = {Not Going to Take This Anymore: Multi-objective Overtime Planning for Software Engineering Projects}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {462--471}, doi = {}, year = {2013}, } Video |
|
Figueira Filho, Fernando |
ICSE '13: "Creating a Shared Understanding ..."
Creating a Shared Understanding of Testing Culture on a Social Coding Site
Raphael Pham, Leif Singer, Olga Liskin, Fernando Figueira Filho, and Kurt Schneider (Leibniz Universität Hannover, Germany; UFRN, Brazil) Many software development projects struggle with creating and communicating a testing culture that is appropriate for the project's needs. This may degrade software quality by leaving defects undiscovered. Previous research suggests that social coding sites such as GitHub provide a collaborative environment with a high degree of social transparency. This makes developers' actions and interactions more visible and traceable. We conducted interviews with 33 active users of GitHub to investigate how the increased transparency found on GitHub influences developers' testing behaviors. Subsequently, we validated our findings with an online questionnaire that was answered by 569 members of GitHub. We found several strategies that software developers and managers can use to positively influence the testing behavior in their projects. However, project owners on GitHub may not be aware of them. We report on the challenges and risks caused by this and suggest guidelines for promoting a sustainable testing culture in software development projects. @InProceedings{ICSE13p112, author = {Raphael Pham and Leif Singer and Olga Liskin and Fernando Figueira Filho and Kurt Schneider}, title = {Creating a Shared Understanding of Testing Culture on a Social Coding Site}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {112--121}, doi = {}, year = {2013}, } |
|
Filieri, Antonio |
ICSE '13: "Reliability Analysis in Symbolic ..."
Reliability Analysis in Symbolic Pathfinder
Antonio Filieri, Corina S. Păsăreanu, and Willem Visser (University of Stuttgart, Germany; Carnegie Mellon Silicon Valley, USA; NASA Ames Research Center, USA; Stellenbosch University, South Africa) Software reliability analysis tackles the problem of predicting the failure probability of software. Most of the current approaches base reliability analysis on architectural abstractions useful at early stages of design, but not directly applicable to source code. In this paper we propose a general methodology that exploit symbolic execution of source code for extracting failure and success paths to be used for probabilistic reliability assessment against relevant usage scenarios. Under the assumption of finite and countable input domains, we provide an efficient implementation based on Symbolic PathFinder that supports the analysis of sequential and parallel programs, even with structured data types, at the desired level of confidence. The tool has been validated on both NASA prototypes and other test cases showing a promising applicability scope. @InProceedings{ICSE13p622, author = {Antonio Filieri and Corina S. Păsăreanu and Willem Visser}, title = {Reliability Analysis in Symbolic Pathfinder}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {622--631}, doi = {}, year = {2013}, } Video |
|
Filkov, Vladimir |
ICSE '13: "Dual Ecological Measures of ..."
Dual Ecological Measures of Focus in Software Development
Daryl Posnett, Raissa D'Souza, Premkumar Devanbu , and Vladimir Filkov (UC Davis, USA) Work practices vary among software developers. Some are highly focused on a few artifacts; others make wide-ranging contributions. Similarly, some artifacts are mostly authored, or owned, by one or few developers; others have very wide ownership. Focus and ownership are related but different phenomena, both with strong effect on software quality. Prior studies have mostly targeted ownership; the measures of ownership used have generally been based on either simple counts, information-theoretic views of ownership, or social-network views of contribution patterns. We argue for a more general conceptual view that unifies developer focus and artifact ownership. We analogize the developer-artifact contribution network to a predator-prey food web, and draw upon ideas from ecology to produce a novel, and conceptually unified view of measuring focus and ownership. These measures relate to both cross-entropy and Kullback-Liebler divergence, and simultaneously provide two normalized measures of focus from both the developer and artifact perspectives. We argue that these measures are theoretically well-founded, and yield novel predictive, conceptual, and actionable value in software projects. We find that more focused developers introduce fewer defects than defocused developers. In contrast, files that receive narrowly focused activity are more likely to contain defects than other files. @InProceedings{ICSE13p452, author = {Daryl Posnett and Raissa D'Souza and Premkumar Devanbu and Vladimir Filkov}, title = {Dual Ecological Measures of Focus in Software Development}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {452--461}, doi = {}, year = {2013}, } |
|
Fisler, Kathi |
ICSE '13: "Aluminum: Principled Scenario ..."
Aluminum: Principled Scenario Exploration through Minimality
Tim Nelson, Salman Saghafi, Daniel J. Dougherty, Kathi Fisler, and Shriram Krishnamurthi (Worcester Polytechnic Institute, USA; Brown University, USA) Scenario-finding tools such as Alloy are widely used to understand the consequences of specifications, with applications to software modeling, security analysis, and verification. This paper focuses on the exploration of scenarios: which scenarios are presented first, and how to traverse them in a well-defined way. We present Aluminum, a modification of Alloy that presents only minimal scenarios: those that contain no more than is necessary. Aluminum lets users explore the scenario space by adding to scenarios and backtracking. It also provides the ability to find what can consistently be used to extend each scenario. We describe the semantic basis of Aluminum in terms of minimal models of first-order logic formulas. We show how this theory can be implemented atop existing SAT-solvers and quantify both the benefits of minimality and its small computational overhead. Finally, we offer some qualitative observations about scenario exploration in Aluminum. @InProceedings{ICSE13p232, author = {Tim Nelson and Salman Saghafi and Daniel J. Dougherty and Kathi Fisler and Shriram Krishnamurthi}, title = {Aluminum: Principled Scenario Exploration through Minimality}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {232--241}, doi = {}, year = {2013}, } Video |
|
Fittkau, Florian |
ICSE '13: "Search-Based Genetic Optimization ..."
Search-Based Genetic Optimization for Deployment and Reconfiguration of Software in the Cloud
Sören Frey, Florian Fittkau, and Wilhelm Hasselbring (Kiel University, Germany) Migrating existing enterprise software to cloud platforms involves the comparison of competing cloud deployment options (CDOs). A CDO comprises a combination of a specific cloud environment, deployment architecture, and runtime reconfiguration rules for dynamic resource scaling. Our simulator CDOSim can evaluate CDOs, e.g., regarding response times and costs. However, the design space to be searched for well-suited solutions is extremely huge. In this paper, we approach this optimization problem with the novel genetic algorithm CDOXplorer. It uses techniques of the search-based software engineering field and CDOSim to assess the fitness of CDOs. An experimental evaluation that employs, among others, the cloud environments Amazon EC2 and Microsoft Windows Azure, shows that CDOXplorer can find solutions that surpass those of other state-of-the-art techniques by up to 60%. Our experiment code and data and an implementation of CDOXplorer are available as open source software. @InProceedings{ICSE13p512, author = {Sören Frey and Florian Fittkau and Wilhelm Hasselbring}, title = {Search-Based Genetic Optimization for Deployment and Reconfiguration of Software in the Cloud}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {512--521}, doi = {}, year = {2013}, } |
|
Foster, Jeffrey S. |
ICSE '13: "Expositor: Scriptable Time-Travel ..."
Expositor: Scriptable Time-Travel Debugging with First-Class Traces
Yit Phang Khoo, Jeffrey S. Foster, and Michael Hicks (University of Maryland, USA) We present Expositor, a new debugging environment that combines scripting and time-travel debugging to allow programmers to automate complex debugging tasks. The fundamental abstraction provided by Expositor is the execution trace, which is a time-indexed sequence of program state snapshots. Programmers can manipulate traces as if they were simple lists with operations such as map and filter. Under the hood, Expositor efficiently implements traces as lazy, sparse interval trees, whose contents are materialized on demand. Expositor also provides a novel data structure, the edit hash array mapped trie, which is a lazy implementation of sets, maps, multisets, and multimaps that enables programmers to maximize the efficiency of their debugging scripts. We have used Expositor to debug a stack overflow and to unravel a subtle data race in Firefox. We believe that Expositor represents an important step forward in improving the technology for diagnosing complex, hard-to-understand bugs. @InProceedings{ICSE13p352, author = {Yit Phang Khoo and Jeffrey S. Foster and Michael Hicks}, title = {Expositor: Scriptable Time-Travel Debugging with First-Class Traces}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {352--361}, doi = {}, year = {2013}, } |
|
Frey, Sören |
ICSE '13: "Search-Based Genetic Optimization ..."
Search-Based Genetic Optimization for Deployment and Reconfiguration of Software in the Cloud
Sören Frey, Florian Fittkau, and Wilhelm Hasselbring (Kiel University, Germany) Migrating existing enterprise software to cloud platforms involves the comparison of competing cloud deployment options (CDOs). A CDO comprises a combination of a specific cloud environment, deployment architecture, and runtime reconfiguration rules for dynamic resource scaling. Our simulator CDOSim can evaluate CDOs, e.g., regarding response times and costs. However, the design space to be searched for well-suited solutions is extremely huge. In this paper, we approach this optimization problem with the novel genetic algorithm CDOXplorer. It uses techniques of the search-based software engineering field and CDOSim to assess the fitness of CDOs. An experimental evaluation that employs, among others, the cloud environments Amazon EC2 and Microsoft Windows Azure, shows that CDOXplorer can find solutions that surpass those of other state-of-the-art techniques by up to 60%. Our experiment code and data and an implementation of CDOXplorer are available as open source software. @InProceedings{ICSE13p512, author = {Sören Frey and Florian Fittkau and Wilhelm Hasselbring}, title = {Search-Based Genetic Optimization for Deployment and Reconfiguration of Software in the Cloud}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {512--521}, doi = {}, year = {2013}, } |
|
Furia, Carlo A. |
ICSE '13: "What Good Are Strong Specifications? ..."
What Good Are Strong Specifications?
Nadia Polikarpova, Carlo A. Furia, Yu Pei, Yi Wei, and Bertrand Meyer (ETH Zurich, Switzerland; ITMO National Research University, Russia) Experience with lightweight formal methods suggests that programmers are willing to write specification if it brings tangible benefits to their usual development activities. This paper considers stronger specifications and studies whether they can be deployed as an incremental practice that brings additional benefits without being unacceptably expensive. We introduce a methodology that extends Design by Contract to write strong specifications of functional properties in the form of preconditions, postconditions, and invariants. The methodology aims at being palatable to developers who are not fluent in formal techniques but are comfortable with writing simple specifications. We evaluate the cost and the benefits of using strong specifications by applying the methodology to testing data structure implementations written in Eiffel and C#. In our extensive experiments, testing against strong specifications detects twice as many bugs as standard contracts, with a reasonable overhead in terms of annotation burden and run-time performance while testing. In the wide spectrum of formal techniques for software quality, testing against strong specifications lies in a "sweet spot" with a favorable benefit to effort ratio. @InProceedings{ICSE13p262, author = {Nadia Polikarpova and Carlo A. Furia and Yu Pei and Yi Wei and Bertrand Meyer}, title = {What Good Are Strong Specifications?}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {262--271}, doi = {}, year = {2013}, } Video |
|
Galvis Carreño, Laura V. |
ICSE '13: "Analysis of User Comments: ..."
Analysis of User Comments: An Approach for Software Requirements Evolution
Laura V. Galvis Carreño and Kristina Winbladh (University of Delaware, USA) User feedback is imperative in improving software quality. In this paper, we explore the rich set of user feedback available for third party mobile applications as a way to extract new/changed requirements for next versions. A potential problem using this data is its volume and the time commitment involved in extracting new/changed requirements. Our goal is to alleviate part of the process through automatic topic extraction. We process user comments to extract the main topics mentioned as well as some sentences representative of those topics. This information can be useful for requirements engineers to revise the requirements for next releases. Our approach relies on adapting information retrieval techniques including topic modeling and evaluating them on different publicly available data sets. Results show that the automatically extracted topics match the manually extracted ones, while also significantly decreasing the manual effort. @InProceedings{ICSE13p582, author = {Laura V. Galvis Carreño and Kristina Winbladh}, title = {Analysis of User Comments: An Approach for Software Requirements Evolution}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {582--591}, doi = {}, year = {2013}, } |
|
Ganapathy, Vinod |
ICSE '13: "Inferring Likely Mappings ..."
Inferring Likely Mappings between APIs
Amruta Gokhale, Vinod Ganapathy, and Yogesh Padmanaban (Rutgers University, USA) Software developers often need to port applications written for a source platform to a target platform. In doing so, a key task is to replace an application's use of methods from the source platform API with corresponding methods from the target platform API. However, this task is challenging because developers must manually identify mappings between methods in the source and target APIs, e.g., using API documentation. We develop a novel approach to the problem of inferring mappings between the APIs of a source and target platform. Our approach is tailored to the case where the source and target platform each have independently-developed applications that implement similar functionality. We observe that in building these applications, developers exercised knowledge of the corresponding APIs. We develop a technique to systematically harvest this knowledge and infer likely mappings between the APIs of the source and target platform. The output of our approach is a ranked list of target API methods or method sequences that likely map to each source API method or method sequence. We have implemented this approach in a prototype tool called Rosetta, and have applied it to infer likely mappings between the Java2 Mobile Edition (JavaME) and Android graphics APIs. @InProceedings{ICSE13p82, author = {Amruta Gokhale and Vinod Ganapathy and Yogesh Padmanaban}, title = {Inferring Likely Mappings between APIs}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {82--91}, doi = {}, year = {2013}, } Video |
|
Garg, Pranav |
ICSE '13: "Feedback-Directed Unit Test ..."
Feedback-Directed Unit Test Generation for C/C++ using Concolic Execution
Pranav Garg, Franjo Ivancic, Gogul Balakrishnan, Naoto Maeda, and Aarti Gupta (University of Illinois at Urbana-Champaign, USA; NEC Labs, USA; NEC, Japan) In industry, software testing and coverage-based metrics are the predominant techniques to check correctness of software. This paper addresses automatic unit test generation for programs written in C/C++. The main idea is to improve the coverage obtained by feedback-directed random test generation methods, by utilizing concolic execution on the generated test drivers. Furthermore, for programs with numeric computations, we employ non-linear solvers in a lazy manner to generate new test inputs. These techniques significantly improve the coverage provided by a feedback-directed random unit testing framework, while retaining the benefits of full automation. We have implemented these techniques in a prototype platform, and describe promising experimental results on a number of C/C++ open source benchmarks. @InProceedings{ICSE13p132, author = {Pranav Garg and Franjo Ivancic and Gogul Balakrishnan and Naoto Maeda and Aarti Gupta}, title = {Feedback-Directed Unit Test Generation for C/C++ using Concolic Execution}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {132--141}, doi = {}, year = {2013}, } |
|
Gay, Gregory |
ICSE '13: "Observable Modified Condition/Decision ..."
Observable Modified Condition/Decision Coverage
Michael Whalen, Gregory Gay , Dongjiang You, Mats P. E. Heimdahl, and Matt Staats (University of Minnesota, USA; KAIST, South Korea) In many critical systems domains, test suite adequacy is currently measured using structural coverage metrics over the source code. Of particular interest is the modified condition/decision coverage (MC/DC) criterion required for, e.g., critical avionics systems. In previous investigations we have found that the efficacy of such test suites is highly dependent on the structure of the program under test and the choice of variables monitored by the oracle. MC/DC adequate tests would frequently exercise faulty code, but the effects of the faults would not propagate to the monitored oracle variables. In this report, we combine the MC/DC coverage metric with a notion of observability that helps ensure that the result of a fault encountered when covering a structural obligation propagates to a monitored variable; we term this new coverage criterion Observable MC/DC (OMC/DC). We hypothesize this path requirement will make structural coverage metrics 1.) more effective at revealing faults, 2.) more robust to changes in program structure, and 3.) more robust to the choice of variables monitored. We assess the efficacy and sensitivity to program structure of OMC/DC as compared to masking MC/DC using four subsystems from the civil avionics domain and the control logic of a microwave. We have found that test suites satisfying OMC/DC are significantly more effective than test suites satisfying MC/DC, revealing up to 88% more faults, and are less sensitive to program structure and the choice of monitored variables. @InProceedings{ICSE13p102, author = {Michael Whalen and Gregory Gay and Dongjiang You and Mats P. E. Heimdahl and Matt Staats}, title = {Observable Modified Condition/Decision Coverage}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {102--111}, doi = {}, year = {2013}, } |
|
Ghezzi, Carlo |
ICSE '13: "Managing Non-functional Uncertainty ..."
Managing Non-functional Uncertainty via Model-Driven Adaptivity
Carlo Ghezzi, Leandro Sales Pinto, Paola Spoletini, and Giordano Tamburrelli (Politecnico di Milano, Italy; Università dell'Insubria, Italy) Modern software systems are often characterized by uncertainty and changes in the environment in which they are embedded. Hence, they must be designed as adaptive systems. We propose a framework that supports adaptation to non-functional manifestations of uncertainty. Our framework allows engineers to derive, from an initial model of the system, a finite state automaton augmented with probabilities. The system is then executed by an interpreter that navigates the automaton and invokes the component implementations associated to the states it traverses. The interpreter adapts the execution by choosing among alternative possible paths of the automaton in order to maximize the system's ability to meet its non-functional requirements. To demonstrate the adaptation capabilities of the proposed approach we implemented an adaptive application inspired by an existing worldwide distributed mobile application and we discussed several adaptation scenarios. @InProceedings{ICSE13p33, author = {Carlo Ghezzi and Leandro Sales Pinto and Paola Spoletini and Giordano Tamburrelli}, title = {Managing Non-functional Uncertainty via Model-Driven Adaptivity}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {33--42}, doi = {}, year = {2013}, } Video |
|
Godefroid, Patrice |
ICSE '13: "Billions and Billions of Constraints: ..."
Billions and Billions of Constraints: Whitebox Fuzz Testing in Production
Ella Bounimova, Patrice Godefroid, and David Molnar (Microsoft Research, USA) We report experiences with constraint-based whitebox fuzz testing in production across hundreds of large Windows applications and over 500 machine years of computation from 2007 to 2013. Whitebox fuzzing leverages symbolic execution on binary traces and constraint solving to construct new inputs to a program. These inputs execute previously uncovered paths or trigger security vulnerabilities. Whitebox fuzzing has found one-third of all file fuzzing bugs during the development of Windows 7, saving millions of dollars in potential security vulnerabilities. The technique is in use today across multiple products at Microsoft. We describe key challenges with running whitebox fuzzing in production. We give principles for addressing these challenges and describe two new systems built from these principles: SAGAN, which collects data from every fuzzing run for further analysis, and JobCenter, which controls deployment of our whitebox fuzzing infrastructure across commodity virtual machines. Since June 2010, SAGAN has logged over 3.4 billion constraints solved, millions of symbolic executions, and tens of millions of test cases generated. Our work represents the largest scale deployment of whitebox fuzzing to date, including the largest usage ever for a Satisfiability Modulo Theories (SMT) solver. We present specific data analyses that improved our production use of whitebox fuzzing. Finally we report data on the performance of constraint solving and dynamic test generation that points toward future research problems. @InProceedings{ICSE13p122, author = {Ella Bounimova and Patrice Godefroid and David Molnar}, title = {Billions and Billions of Constraints: Whitebox Fuzz Testing in Production}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {122--131}, doi = {}, year = {2013}, } |
|
Gokhale, Amruta |
ICSE '13: "Inferring Likely Mappings ..."
Inferring Likely Mappings between APIs
Amruta Gokhale, Vinod Ganapathy, and Yogesh Padmanaban (Rutgers University, USA) Software developers often need to port applications written for a source platform to a target platform. In doing so, a key task is to replace an application's use of methods from the source platform API with corresponding methods from the target platform API. However, this task is challenging because developers must manually identify mappings between methods in the source and target APIs, e.g., using API documentation. We develop a novel approach to the problem of inferring mappings between the APIs of a source and target platform. Our approach is tailored to the case where the source and target platform each have independently-developed applications that implement similar functionality. We observe that in building these applications, developers exercised knowledge of the corresponding APIs. We develop a technique to systematically harvest this knowledge and infer likely mappings between the APIs of the source and target platform. The output of our approach is a ranked list of target API methods or method sequences that likely map to each source API method or method sequence. We have implemented this approach in a prototype tool called Rosetta, and have applied it to infer likely mappings between the Java2 Mobile Edition (JavaME) and Android graphics APIs. @InProceedings{ICSE13p82, author = {Amruta Gokhale and Vinod Ganapathy and Yogesh Padmanaban}, title = {Inferring Likely Mappings between APIs}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {82--91}, doi = {}, year = {2013}, } Video |
|
Gomez, Lorenzo |
ICSE '13: "RERAN: Timing- and Touch-Sensitive ..."
RERAN: Timing- and Touch-Sensitive Record and Replay for Android
Lorenzo Gomez, Iulian Neamtiu, Tanzirul Azim, and Todd Millstein (UC Los Angeles, USA; UC Riverside, USA) Touchscreen-based devices such as smartphones and tablets are gaining popularity but their rich input capabilities pose new development and testing complications. To alleviate this problem, we present an approach and tool named RERAN that permits record-and-replay for the Android smartphone platform. Existing GUI-level record-and-replay approaches are inadequate due to the expressiveness of the smartphone domain, in which applications support sophisticated GUI gestures, depend on inputs from a variety of sensors on the device, and have precise timing requirements among the various input events. We address these challenges by directly capturing the low-level event stream on the phone, which includes both GUI events and sensor events, and replaying it with microsecond accuracy. Moreover, RERAN does not require access to app source code, perform any app rewriting, or perform any modifications to the virtual machine or Android platform. We demonstrate RERAN’s applicability in a variety of scenarios, including (a) replaying 86 out of the Top-100 Android apps on Google Play; (b) reproducing bugs in popular apps, e.g., Firefox, Facebook, Quickoffice; and (c) fast-forwarding executions. We believe that our versatile approach can help both Android developers and researchers. @InProceedings{ICSE13p72, author = {Lorenzo Gomez and Iulian Neamtiu and Tanzirul Azim and Todd Millstein}, title = {RERAN: Timing- and Touch-Sensitive Record and Replay for Android}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {72--81}, doi = {}, year = {2013}, } |
|
Gorla, Alessandra |
ICSE '13: "Automatic Recovery from Runtime ..."
Automatic Recovery from Runtime Failures
Antonio Carzaniga, Alessandra Gorla, Andrea Mattavelli, Nicolò Perino, and Mauro Pezzè (University of Lugano, Switzerland; Saarland University, Germany) We present a technique to make applications resilient to failures. This technique is intended to maintain a faulty application functional in the field while the developers work on permanent and radical fixes. We target field failures in applications built on reusable components. In particular, the technique exploits the intrinsic redundancy of those components by identifying workarounds consisting of alternative uses of the faulty components that avoid the failure. The technique is currently implemented for Java applications but makes little or no assumptions about the nature of the application, and works without interrupting the execution flow of the application and without restarting its components. We demonstrate and evaluate this technique on four mid-size applications and two popular libraries of reusable components affected by real and seeded faults. In these cases the technique is effective, maintaining the application fully functional with between 19% and 48% of the failure-causing faults, depending on the application. The experiments also show that the technique incurs an acceptable runtime overhead in all cases. @InProceedings{ICSE13p782, author = {Antonio Carzaniga and Alessandra Gorla and Andrea Mattavelli and Nicolò Perino and Mauro Pezzè}, title = {Automatic Recovery from Runtime Failures}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {782--791}, doi = {}, year = {2013}, } Video |
|
Govindan, Ramesh |
ICSE '13: "Estimating Mobile Application ..."
Estimating Mobile Application Energy Consumption using Program Analysis
Shuai Hao, Ding Li, William G. J. Halfond , and Ramesh Govindan (University of Southern California, USA) Optimizing the energy efficiency of mobile applications can greatly increase user satisfaction. However, developers lack viable techniques for estimating the energy consumption of their applications. This paper proposes a new approach that is both lightweight in terms of its developer requirements and provides fine-grained estimates of energy consumption at the code level. It achieves this using a novel combination of program analysis and per-instruction energy modeling. In evaluation, our approach is able to estimate energy consumption to within 10% of the ground truth for a set of mobile applications from the Google Play store. Additionally, it provides useful and meaningful feedback to developers that helps them to understand application energy consumption behavior. @InProceedings{ICSE13p92, author = {Shuai Hao and Ding Li and William G. J. Halfond and Ramesh Govindan}, title = {Estimating Mobile Application Energy Consumption using Program Analysis}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {92--101}, doi = {}, year = {2013}, } |
|
Größlinger, Armin |
ICSE '13: "Strategies for Product-Line ..."
Strategies for Product-Line Verification: Case Studies and Experiments
Sven Apel, Alexander von Rhein, Philipp Wendler, Armin Größlinger, and Dirk Beyer (University of Passau, Germany) Product-line technology is increasingly used in mission-critical and safety-critical applications. Hence, researchers are developing verification approaches that follow different strategies to cope with the specific properties of product lines. While the research community is discussing the mutual strengths and weaknesses of the different strategies—mostly at a conceptual level—there is a lack of evidence in terms of case studies, tool implementations, and experiments. We have collected and prepared six product lines as subject systems for experimentation. Furthermore, we have developed a model-checking tool chain for C-based and Java-based product lines, called SPLVERIFIER, which we use to compare sample-based and family-based strategies with regard to verification performance and the ability to find defects. Based on the experimental results and an analytical model, we revisit the discussion of the strengths and weaknesses of product-line–verification strategies. @InProceedings{ICSE13p482, author = {Sven Apel and Alexander von Rhein and Philipp Wendler and Armin Größlinger and Dirk Beyer}, title = {Strategies for Product-Line Verification: Case Studies and Experiments}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {482--491}, doi = {}, year = {2013}, } Video |
|
Gross, Thomas R. |
ICSE '13: "Automatic Testing of Sequential ..."
Automatic Testing of Sequential and Concurrent Substitutability
Michael Pradel and Thomas R. Gross (ETH Zurich, Switzerland) Languages with inheritance and polymorphism assume that a subclass instance can substitute a superclass instance without causing behavioral differences for clients of the superclass. However, programmers may accidentally create subclasses that are semantically incompatible with their superclasses. Such subclasses lead to bugs, because a programmer may assign a subclass instance to a superclass reference. This paper presents an automatic testing technique to reveal subclasses that cannot safely substitute their superclasses. The key idea is to generate generic tests that analyze the behavior of both the subclass and its superclass. If using the subclass leads to behavior that cannot occur with the superclass, the analysis reports a warning. We find a high percentage of widely used Java classes, including classes from JBoss, Eclipse, and Apache Commons Collections, to be unsafe substitutes for their superclasses: 30% of these classes lead to crashes, and even more have other behavioral differences. @InProceedings{ICSE13p282, author = {Michael Pradel and Thomas R. Gross}, title = {Automatic Testing of Sequential and Concurrent Substitutability}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {282--291}, doi = {}, year = {2013}, } |
|
Gruber, Olivier |
ICSE '13: "Robust Reconfigurations of ..."
Robust Reconfigurations of Component Assemblies
Fabienne Boyer, Olivier Gruber, and Damien Pous (Université Joseph Fourier, France; CNRS, France) In this paper, we propose a reconfiguration protocol that can handle any number of failures during a reconfiguration, always producing an architecturally-consistent assembly of components that can be safely introspected and further reconfigured. Our protocol is based on the concept of Incrementally Consistent Sequences (ICS), ensuring that any reconfiguration incrementally respects the reconfiguration contract given to component developers: reconfiguration grammar and architectural invariants. We also propose two recovery policies, one rolls back the failed reconfiguration and the other rolls it forward, both going as far as possible, failure permitting. We specified and proved the reconfiguration contract, the protocol, and recovery policies in Coq. @InProceedings{ICSE13p13, author = {Fabienne Boyer and Olivier Gruber and Damien Pous}, title = {Robust Reconfigurations of Component Assemblies}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {13--22}, doi = {}, year = {2013}, } |
|
Grundy, John |
ICSE '13: "Automated Software Architecture ..."
Automated Software Architecture Security Risk Analysis using Formalized Signatures
Mohamed Almorsy, John Grundy, and Amani S. Ibrahim (Swinburne University of Technology, Australia) Reviewing software system architecture to pinpoint potential security flaws before proceeding with system development is a critical milestone in secure software development lifecycles. This includes identifying possible attacks or threat scenarios that target the system and may result in breaching of system security. Additionally we may also assess the strength of the system and its security architecture using well-known security metrics such as system attack surface, Compartmentalization, least-privilege, etc. However, existing efforts are limited to specific, predefined security properties or scenarios that are checked either manually or using limited toolsets. We introduce a new approach to support architecture security analysis using security scenarios and metrics. Our approach is based on formalizing attack scenarios and security metrics signature specification using the Object Constraint Language (OCL). Using formal signatures we analyse a target system to locate signature matches (for attack scenarios), or to take measurements (for security metrics). New scenarios and metrics can be incorporated and calculated provided that a formal signature can be specified. Our approach supports defining security metrics and scenarios at architecture, design, and code levels. We have developed a prototype software system architecture security analysis tool. To the best of our knowledge this is the first extensible architecture security risk analysis tool that supports both metric-based and scenario-based architecture security analysis. We have validated our approach by using it to capture and evaluate signatures from the NIST security principals and attack scenarios defined in the CAPEC database. @InProceedings{ICSE13p662, author = {Mohamed Almorsy and John Grundy and Amani S. Ibrahim}, title = {Automated Software Architecture Security Risk Analysis using Formalized Signatures}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {662--671}, doi = {}, year = {2013}, } Video |
|
Gupta, Aarti |
ICSE '13: "Feedback-Directed Unit Test ..."
Feedback-Directed Unit Test Generation for C/C++ using Concolic Execution
Pranav Garg, Franjo Ivancic, Gogul Balakrishnan, Naoto Maeda, and Aarti Gupta (University of Illinois at Urbana-Champaign, USA; NEC Labs, USA; NEC, Japan) In industry, software testing and coverage-based metrics are the predominant techniques to check correctness of software. This paper addresses automatic unit test generation for programs written in C/C++. The main idea is to improve the coverage obtained by feedback-directed random test generation methods, by utilizing concolic execution on the generated test drivers. Furthermore, for programs with numeric computations, we employ non-linear solvers in a lazy manner to generate new test inputs. These techniques significantly improve the coverage provided by a feedback-directed random unit testing framework, while retaining the benefits of full automation. We have implemented these techniques in a prototype platform, and describe promising experimental results on a number of C/C++ open source benchmarks. @InProceedings{ICSE13p132, author = {Pranav Garg and Franjo Ivancic and Gogul Balakrishnan and Naoto Maeda and Aarti Gupta}, title = {Feedback-Directed Unit Test Generation for C/C++ using Concolic Execution}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {132--141}, doi = {}, year = {2013}, } |
|
Hafiz, Munawar |
ICSE '13: "Program Transformations to ..."
Program Transformations to Fix C Integers
Zack Coker and Munawar Hafiz (Auburn University, USA) C makes it easy to misuse integer types; even mature programs harbor many badly-written integer code. Traditional approaches at best detect these problems; they cannot guide developers to write correct code. We describe three program transformations that fix integer problems---one explicitly introduces casts to disambiguate type mismatch, another adds runtime checks to arithmetic operations, and the third one changes the type of a wrongly-declared integer. Together, these transformations fixed all variants of integer problems featured in 7,147 programs of NIST's SAMATE reference dataset, making the changes automatically on over 15 million lines of code. We also applied the transformations automatically on 5 open source software. The transformations made hundreds of changes on over 700,000 lines of code, but did not break the programs. Being integrated with source code and development process, these program transformations can fix integer problems, along with developers' misconceptions about integer usage. @InProceedings{ICSE13p792, author = {Zack Coker and Munawar Hafiz}, title = {Program Transformations to Fix C Integers}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {792--801}, doi = {}, year = {2013}, } Video |
|
Haiduc, Sonia |
ICSE '13: "Automatic Query Reformulations ..."
Automatic Query Reformulations for Text Retrieval in Software Engineering
Sonia Haiduc, Gabriele Bavota, Andrian Marcus, Rocco Oliveto, Andrea De Lucia , and Tim Menzies (Wayne State University, USA; University of Salerno, Italy; University of Molise, Italy; University of West Virginia, USA) There are more than twenty distinct software engineering tasks addressed with text retrieval (TR) techniques, such as, traceability link recovery, feature location, refactoring, reuse, etc. A common issue with all TR applications is that the results of the retrieval depend largely on the quality of the query. When a query performs poorly, it has to be reformulated and this is a difficult task for someone who had trouble writing a good query in the first place. We propose a recommender (called Refoqus) based on machine learning, which is trained with a sample of queries and relevant results. Then, for a given query, it automatically recommends a reformulation strategy that should improve its performance, based on the properties of the query. We evaluated Refoqus empirically against four baseline approaches that are used in natural language document retrieval. The data used for the evaluation corresponds to changes from five open source systems in Java and C++ and it is used in the context of TR-based concept location in source code. Refoqus outperformed the baselines and its recommendations lead to query performance improvement or preservation in 84% of the cases (in average). @InProceedings{ICSE13p842, author = {Sonia Haiduc and Gabriele Bavota and Andrian Marcus and Rocco Oliveto and Andrea De Lucia and Tim Menzies}, title = {Automatic Query Reformulations for Text Retrieval in Software Engineering}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {842--851}, doi = {}, year = {2013}, } Video |
|
Halfond, William G. J. |
ICSE '13: "Estimating Mobile Application ..."
Estimating Mobile Application Energy Consumption using Program Analysis
Shuai Hao, Ding Li, William G. J. Halfond , and Ramesh Govindan (University of Southern California, USA) Optimizing the energy efficiency of mobile applications can greatly increase user satisfaction. However, developers lack viable techniques for estimating the energy consumption of their applications. This paper proposes a new approach that is both lightweight in terms of its developer requirements and provides fine-grained estimates of energy consumption at the code level. It achieves this using a novel combination of program analysis and per-instruction energy modeling. In evaluation, our approach is able to estimate energy consumption to within 10% of the ground truth for a set of mobile applications from the Google Play store. Additionally, it provides useful and meaningful feedback to developers that helps them to understand application energy consumption behavior. @InProceedings{ICSE13p92, author = {Shuai Hao and Ding Li and William G. J. Halfond and Ramesh Govindan}, title = {Estimating Mobile Application Energy Consumption using Program Analysis}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {92--101}, doi = {}, year = {2013}, } |
|
Hammer, Christian |
ICSE '13: "Detecting Deadlock in Programs ..."
Detecting Deadlock in Programs with Data-Centric Synchronization
Daniel Marino, Christian Hammer, Julian Dolby , Mandana Vaziri, Frank Tip, and Jan Vitek (Symantec Research Labs, USA; Saarland University, Germany; IBM Research, USA; University of Waterloo, Canada; Purdue University, USA) Previously, we developed a data-centric approach to concurrency control in which programmers specify synchronization constraints declaratively, by grouping shared locations into atomic sets. We implemented our ideas in a Java extension called AJ, using Java locks to implement synchronization. We proved that atomicity violations are prevented by construction, and demonstrated that realistic Java programs can be refactored into AJ without significant loss of performance. This paper presents an algorithm for detecting possible dead- lock in AJ programs by ordering the locks associated with atomic sets. In our approach, a type-based static analysis is extended to handle recursive data structures by considering programmer- supplied, compiler-verified lock ordering annotations. In an eval- uation of the algorithm, all 10 AJ programs under consideration were shown to be deadlock-free. One program needed 4 ordering annotations and 2 others required minor refactorings. For the remaining 7 programs, no programmer intervention of any kind was required. @InProceedings{ICSE13p322, author = {Daniel Marino and Christian Hammer and Julian Dolby and Mandana Vaziri and Frank Tip and Jan Vitek}, title = {Detecting Deadlock in Programs with Data-Centric Synchronization}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {322--331}, doi = {}, year = {2013}, } |
|
Hao, Dan |
ICSE '13: "Bridging the Gap between the ..."
Bridging the Gap between the Total and Additional Test-Case Prioritization Strategies
Lingming Zhang, Dan Hao, Lu Zhang, Gregg Rothermel, and Hong Mei (Peking University, China; University of Texas at Austin, USA; University of Nebraska-Lincoln, USA) In recent years, researchers have intensively investigated various topics in test-case prioritization, which aims to re-order test cases to increase the rate of fault detection during regression testing. The total and additional prioritization strategies, which prioritize based on total numbers of elements covered per test, and numbers of additional (not-yet-covered) elements covered per test, are two widely-adopted generic strategies used for such prioritization. This paper proposes a basic model and an extended model that unify the total strategy and the additional strategy. Our models yield a spectrum of generic strategies ranging between the total and additional strategies, depending on a parameter referred to as the p value. We also propose four heuristics to obtain differentiated p values for different methods under test. We performed an empirical study on 19 versions of four Java programs to explore our results. Our results demonstrate that wide ranges of strategies in our basic and extended models with uniform p values can significantly outperform both the total and additional strategies. In addition, our results also demonstrate that using differentiated p values for both the basic and extended models with method coverage can even outperform the additional strategy using statement coverage. @InProceedings{ICSE13p192, author = {Lingming Zhang and Dan Hao and Lu Zhang and Gregg Rothermel and Hong Mei}, title = {Bridging the Gap between the Total and Additional Test-Case Prioritization Strategies}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {192--201}, doi = {}, year = {2013}, } |
|
Hao, Shuai |
ICSE '13: "Estimating Mobile Application ..."
Estimating Mobile Application Energy Consumption using Program Analysis
Shuai Hao, Ding Li, William G. J. Halfond , and Ramesh Govindan (University of Southern California, USA) Optimizing the energy efficiency of mobile applications can greatly increase user satisfaction. However, developers lack viable techniques for estimating the energy consumption of their applications. This paper proposes a new approach that is both lightweight in terms of its developer requirements and provides fine-grained estimates of energy consumption at the code level. It achieves this using a novel combination of program analysis and per-instruction energy modeling. In evaluation, our approach is able to estimate energy consumption to within 10% of the ground truth for a set of mobile applications from the Google Play store. Additionally, it provides useful and meaningful feedback to developers that helps them to understand application energy consumption behavior. @InProceedings{ICSE13p92, author = {Shuai Hao and Ding Li and William G. J. Halfond and Ramesh Govindan}, title = {Estimating Mobile Application Energy Consumption using Program Analysis}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {92--101}, doi = {}, year = {2013}, } |
|
Happe, Jens |
ICSE '13: "Supporting Swift Reaction: ..."
Supporting Swift Reaction: Automatically Uncovering Performance Problems by Systematic Experiments
Alexander Wert, Jens Happe, and Lucia Happe (KIT, Germany; SAP Research, Germany) Performance problems pose a significant risk to software vendors. If left undetected, they can lead to lost customers, increased operational costs, and damaged reputation. Despite all efforts, software engineers cannot fully prevent performance problems being introduced into an application. Detecting and resolving such problems as early as possible with minimal effort is still an open challenge in software performance engineering. In this paper, we present a novel approach for Performance Problem Diagnostics (PPD) that systematically searches for well-known performance problems (also called performance antipatterns) within an application. PPD automatically isolates the problem's root cause, hence facilitating problem solving. We applied PPD to a well established transactional web e-Commerce benchmark (TPC-W) in two deployment scenarios. PPD automatically identified four performance problems in the benchmark implementation and its deployment environment. By fixing the problems, we increased the maximum throughput of the benchmark from 1800 requests per second to more than 3500. @InProceedings{ICSE13p552, author = {Alexander Wert and Jens Happe and Lucia Happe}, title = {Supporting Swift Reaction: Automatically Uncovering Performance Problems by Systematic Experiments}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {552--561}, doi = {}, year = {2013}, } |
|
Happe, Lucia |
ICSE '13: "Supporting Swift Reaction: ..."
Supporting Swift Reaction: Automatically Uncovering Performance Problems by Systematic Experiments
Alexander Wert, Jens Happe, and Lucia Happe (KIT, Germany; SAP Research, Germany) Performance problems pose a significant risk to software vendors. If left undetected, they can lead to lost customers, increased operational costs, and damaged reputation. Despite all efforts, software engineers cannot fully prevent performance problems being introduced into an application. Detecting and resolving such problems as early as possible with minimal effort is still an open challenge in software performance engineering. In this paper, we present a novel approach for Performance Problem Diagnostics (PPD) that systematically searches for well-known performance problems (also called performance antipatterns) within an application. PPD automatically isolates the problem's root cause, hence facilitating problem solving. We applied PPD to a well established transactional web e-Commerce benchmark (TPC-W) in two deployment scenarios. PPD automatically identified four performance problems in the benchmark implementation and its deployment environment. By fixing the problems, we increased the maximum throughput of the benchmark from 1800 requests per second to more than 3500. @InProceedings{ICSE13p552, author = {Alexander Wert and Jens Happe and Lucia Happe}, title = {Supporting Swift Reaction: Automatically Uncovering Performance Problems by Systematic Experiments}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {552--561}, doi = {}, year = {2013}, } |
|
Harman, Mark |
ICSE '13: "Not Going to Take This Anymore: ..."
Not Going to Take This Anymore: Multi-objective Overtime Planning for Software Engineering Projects
Filomena Ferrucci , Mark Harman , Jian Ren, and Federica Sarro (University of Salerno, Italy; University College London, UK) Software Engineering and development is well- known to suffer from unplanned overtime, which causes stress and illness in engineers and can lead to poor quality software with higher defects. In this paper, we introduce a multi-objective decision support approach to help balance project risks and duration against overtime, so that software engineers can better plan overtime. We evaluate our approach on 6 real world software projects, drawn from 3 organisations using 3 standard evaluation measures and 3 different approaches to risk assessment. Our results show that our approach was significantly better (p < 0.05) than standard multi-objective search in 76% of experiments (with high Cohen effect size in 85% of these) and was significantly better than currently used overtime planning strategies in 100% of experiments (with high effect size in all). We also show how our approach provides actionable overtime planning results and inves- tigate the impact of the three different forms of risk assessment. @InProceedings{ICSE13p462, author = {Filomena Ferrucci and Mark Harman and Jian Ren and Federica Sarro}, title = {Not Going to Take This Anymore: Multi-objective Overtime Planning for Software Engineering Projects}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {462--471}, doi = {}, year = {2013}, } Video |
|
Hassan, Ahmed E. |
ICSE '13: "Assisting Developers of Big ..."
Assisting Developers of Big Data Analytics Applications When Deploying on Hadoop Clouds
Weiyi Shang, Zhen Ming Jiang, Hadi Hemmati, Bram Adams, Ahmed E. Hassan , and Patrick Martin (Queen's University, Canada; Polytechnique Montréal, Canada) Big data analytics is the process of examining large amounts of data (big data) in an effort to uncover hidden patterns or unknown correlations. Big Data Analytics Applications (BDA Apps) are a new type of software applications, which analyze big data using massive parallel processing frameworks (e.g., Hadoop). Developers of such applications typically develop them using a small sample of data in a pseudo-cloud environment. Afterwards, they deploy the applications in a large-scale cloud environment with considerably more processing power and larger input data (reminiscent of the mainframe days). Working with BDA App developers in industry over the past three years, we noticed that the runtime analysis and debugging of such applications in the deployment phase cannot be easily addressed by traditional monitoring and debugging approaches. In this paper, as a first step in assisting developers of BDA Apps for cloud deployments, we propose a lightweight approach for uncovering differences between pseudo and large-scale cloud deployments. Our approach makes use of the readily-available yet rarely used execution logs from these platforms. Our approach abstracts the execution logs, recovers the execution sequences, and compares the sequences between the pseudo and cloud deployments. Through a case study on three representative Hadoop-based BDA Apps, we show that our approach can rapidly direct the attention of BDA App developers to the major differences between the two deployments. Knowledge of such differences is essential in verifying BDA Apps when analyzing big data in the cloud. Using injected deployment faults, we show that our approach not only significantly reduces the deployment verification effort, but also provides very few false positives when identifying deployment failures. @InProceedings{ICSE13p402, author = {Weiyi Shang and Zhen Ming Jiang and Hadi Hemmati and Bram Adams and Ahmed E. Hassan and Patrick Martin}, title = {Assisting Developers of Big Data Analytics Applications When Deploying on Hadoop Clouds}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {402--411}, doi = {}, year = {2013}, } |
|
Hassan, Mohammad Mahdi |
ICSE '13: "Comparing Multi-point Stride ..."
Comparing Multi-point Stride Coverage and Dataflow Coverage
Mohammad Mahdi Hassan and James H. Andrews (University of Western Ontario, Canada) We introduce a family of coverage criteria, called Multi-Point Stride Coverage (MPSC). MPSC generalizes branch coverage to coverage of tuples of branches taken from the execution sequence of a program. We investigate its potential as a replacement for dataflow coverage, such as def-use coverage. We find that programs can be instrumented for MPSC easily, that the instrumentation usually incurs less overhead than that for def-use coverage, and that MPSC is comparable in usefulness to def-use in predicting test suite effectiveness. We also find that the space required to collect MPSC can be predicted from the number of branches in the program. @InProceedings{ICSE13p172, author = {Mohammad Mahdi Hassan and James H. Andrews}, title = {Comparing Multi-point Stride Coverage and Dataflow Coverage}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {172--181}, doi = {}, year = {2013}, } |
|
Hasselbring, Wilhelm |
ICSE '13: "Search-Based Genetic Optimization ..."
Search-Based Genetic Optimization for Deployment and Reconfiguration of Software in the Cloud
Sören Frey, Florian Fittkau, and Wilhelm Hasselbring (Kiel University, Germany) Migrating existing enterprise software to cloud platforms involves the comparison of competing cloud deployment options (CDOs). A CDO comprises a combination of a specific cloud environment, deployment architecture, and runtime reconfiguration rules for dynamic resource scaling. Our simulator CDOSim can evaluate CDOs, e.g., regarding response times and costs. However, the design space to be searched for well-suited solutions is extremely huge. In this paper, we approach this optimization problem with the novel genetic algorithm CDOXplorer. It uses techniques of the search-based software engineering field and CDOSim to assess the fitness of CDOs. An experimental evaluation that employs, among others, the cloud environments Amazon EC2 and Microsoft Windows Azure, shows that CDOXplorer can find solutions that surpass those of other state-of-the-art techniques by up to 60%. Our experiment code and data and an implementation of CDOXplorer are available as open source software. @InProceedings{ICSE13p512, author = {Sören Frey and Florian Fittkau and Wilhelm Hasselbring}, title = {Search-Based Genetic Optimization for Deployment and Reconfiguration of Software in the Cloud}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {512--521}, doi = {}, year = {2013}, } |
|
Hatcliff, John |
ICSE '13: "Explicating Symbolic Execution ..."
Explicating Symbolic Execution (xSymExe): An Evidence-Based Verification Framework
John Hatcliff, Robby, Patrice Chalin, and Jason Belt (Kansas State University, USA) Previous applications of symbolic execution (SymExe) have focused on bug-finding and test-case generation. However, SymExe has the potential to significantly improve usability and automation when applied to verification of software contracts in safety-critical systems. Due to the lack of support for processing software contracts and ad hoc approaches for introducing a variety of over/under-approximations and optimizations, most SymExe implementations cannot precisely characterize the verification status of contracts. Moreover, these tools do not provide explicit justifications for their conclusions, and thus they are not aligned with trends toward evidence-based verification and certification. We introduce the concept of "explicating symbolic execution" (xSymExe) that builds on a strong semantic foundation, supports full verification of rich software contracts, explicitly tracks where over/under-approximations are introduced or avoided, precisely characterizes the verification status of each contractual claim, and associates each claim with "explications" for its reported verification status. We report on case studies in the use of Bakar Kiasan, our open source xSymExe tool for SPARK Ada. @InProceedings{ICSE13p222, author = {John Hatcliff and Robby and Patrice Chalin and Jason Belt}, title = {Explicating Symbolic Execution (xSymExe): An Evidence-Based Verification Framework}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {222--231}, doi = {}, year = {2013}, } |
|
Heaven, William |
ICSE '13: "Requirements Modelling by ..."
Requirements Modelling by Synthesis of Deontic Input-Output Automata
Emmanuel Letier and William Heaven (University College London, UK) Requirements modelling helps software engineers understand a system’s required behaviour and explore alternative system designs. It also generates a formal software specification that can be used for testing, verification, and debugging. However, elaborating such models requires expertise and significant human effort. The paper aims at reducing this effort by automating an essential activity of requirements modelling which consists in deriving a machine specification satisfying a set of goals in a domain. It introduces deontic input-output automata —an extension of input-output automata with permissions and obligations— and an automated synthesis technique over this formalism to support such derivation. This technique helps modellers identifying early when a goal is not realizable in a domain and can guide the exploration of alternative models to make goals realizable. Synthesis techniques for input-output or interface automata are not adequate for requirements modelling. @InProceedings{ICSE13p592, author = {Emmanuel Letier and William Heaven}, title = {Requirements Modelling by Synthesis of Deontic Input-Output Automata}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {592--601}, doi = {}, year = {2013}, } |
|
Heimdahl, Mats P. E. |
ICSE '13: "Observable Modified Condition/Decision ..."
Observable Modified Condition/Decision Coverage
Michael Whalen, Gregory Gay , Dongjiang You, Mats P. E. Heimdahl, and Matt Staats (University of Minnesota, USA; KAIST, South Korea) In many critical systems domains, test suite adequacy is currently measured using structural coverage metrics over the source code. Of particular interest is the modified condition/decision coverage (MC/DC) criterion required for, e.g., critical avionics systems. In previous investigations we have found that the efficacy of such test suites is highly dependent on the structure of the program under test and the choice of variables monitored by the oracle. MC/DC adequate tests would frequently exercise faulty code, but the effects of the faults would not propagate to the monitored oracle variables. In this report, we combine the MC/DC coverage metric with a notion of observability that helps ensure that the result of a fault encountered when covering a structural obligation propagates to a monitored variable; we term this new coverage criterion Observable MC/DC (OMC/DC). We hypothesize this path requirement will make structural coverage metrics 1.) more effective at revealing faults, 2.) more robust to changes in program structure, and 3.) more robust to the choice of variables monitored. We assess the efficacy and sensitivity to program structure of OMC/DC as compared to masking MC/DC using four subsystems from the civil avionics domain and the control logic of a microwave. We have found that test suites satisfying OMC/DC are significantly more effective than test suites satisfying MC/DC, revealing up to 88% more faults, and are less sensitive to program structure and the choice of monitored variables. @InProceedings{ICSE13p102, author = {Michael Whalen and Gregory Gay and Dongjiang You and Mats P. E. Heimdahl and Matt Staats}, title = {Observable Modified Condition/Decision Coverage}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {102--111}, doi = {}, year = {2013}, } |
|
Helms, Remko |
ICSE '13: "The Role of Domain Knowledge ..."
The Role of Domain Knowledge and Cross-Functional Communication in Socio-Technical Coordination
Daniela Damian, Remko Helms, Irwin Kwan, Sabrina Marczak, and Benjamin Koelewijn (University of Victoria, Canada; Utrecht University, Netherlands; Oregon State University, USA; PUCRS, Brazil) Software projects involve diverse roles and artifacts that have dependencies to requirements. Project team members in different roles need to coordinate but their coordination is affected by the availability of domain knowledge, which is distributed among different project members, and organizational structures that control cross-functional communication. Our study examines how information flowed between different roles in two software projects that had contrasting distributions of domain knowledge and different communication structures. Using observations, interviews, and surveys, we examined how diverse roles working on requirements and their related artifacts coordinated along task dependencies. We found that communication only partially matched task dependencies and that team members that are boundary spanners have extensive domain knowledge and hold key positions in the control structure. These findings have implications on how organizational structures interfere with task assignments and influence communication in the project, suggesting how practitioners can adjust team configuration and communication structures. @InProceedings{ICSE13p442, author = {Daniela Damian and Remko Helms and Irwin Kwan and Sabrina Marczak and Benjamin Koelewijn}, title = {The Role of Domain Knowledge and Cross-Functional Communication in Socio-Technical Coordination}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {442--451}, doi = {}, year = {2013}, } |
|
Hemmati, Hadi |
ICSE '13: "Assisting Developers of Big ..."
Assisting Developers of Big Data Analytics Applications When Deploying on Hadoop Clouds
Weiyi Shang, Zhen Ming Jiang, Hadi Hemmati, Bram Adams, Ahmed E. Hassan , and Patrick Martin (Queen's University, Canada; Polytechnique Montréal, Canada) Big data analytics is the process of examining large amounts of data (big data) in an effort to uncover hidden patterns or unknown correlations. Big Data Analytics Applications (BDA Apps) are a new type of software applications, which analyze big data using massive parallel processing frameworks (e.g., Hadoop). Developers of such applications typically develop them using a small sample of data in a pseudo-cloud environment. Afterwards, they deploy the applications in a large-scale cloud environment with considerably more processing power and larger input data (reminiscent of the mainframe days). Working with BDA App developers in industry over the past three years, we noticed that the runtime analysis and debugging of such applications in the deployment phase cannot be easily addressed by traditional monitoring and debugging approaches. In this paper, as a first step in assisting developers of BDA Apps for cloud deployments, we propose a lightweight approach for uncovering differences between pseudo and large-scale cloud deployments. Our approach makes use of the readily-available yet rarely used execution logs from these platforms. Our approach abstracts the execution logs, recovers the execution sequences, and compares the sequences between the pseudo and cloud deployments. Through a case study on three representative Hadoop-based BDA Apps, we show that our approach can rapidly direct the attention of BDA App developers to the major differences between the two deployments. Knowledge of such differences is essential in verifying BDA Apps when analyzing big data in the cloud. Using injected deployment faults, we show that our approach not only significantly reduces the deployment verification effort, but also provides very few false positives when identifying deployment failures. @InProceedings{ICSE13p402, author = {Weiyi Shang and Zhen Ming Jiang and Hadi Hemmati and Bram Adams and Ahmed E. Hassan and Patrick Martin}, title = {Assisting Developers of Big Data Analytics Applications When Deploying on Hadoop Clouds}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {402--411}, doi = {}, year = {2013}, } |
|
Hermans, Felienne |
ICSE '13: "Data Clone Detection and Visualization ..."
Data Clone Detection and Visualization in Spreadsheets
Felienne Hermans, Ben Sedee, Martin Pinzger, and Arie van Deursen (TU Delft, Netherlands) Spreadsheets are widely used in industry: it is estimated that end-user programmers outnumber programmers by a factor 5. However, spreadsheets are error-prone, numerous companies have lost money because of spreadsheet errors. One of the causes for spreadsheet problems is the prevalence of copy-pasting. In this paper, we study this cloning in spreadsheets. Based on existing text-based clone detection algorithms, we have developed an algorithm to detect data clones in spreadsheets: formulas whose values are copied as plain text in a different location. To evaluate the usefulness of the proposed approach, we conducted two evaluations. A quantitative evaluation in which we analyzed the EUSES corpus and a qualitative evaluation consisting of two case studies. The results of the evaluation clearly indicate that 1) data clones are common, 2) data clones pose threats to spreadsheet quality and 3) our approach supports users in finding and resolving data clones. @InProceedings{ICSE13p292, author = {Felienne Hermans and Ben Sedee and Martin Pinzger and Arie van Deursen}, title = {Data Clone Detection and Visualization in Spreadsheets}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {292--301}, doi = {}, year = {2013}, } |
|
Herzig, Kim |
ICSE '13: "It's Not a Bug, It's ..."
It's Not a Bug, It's a Feature: How Misclassification Impacts Bug Prediction
Kim Herzig, Sascha Just, and Andreas Zeller (Saarland University, Germany) In a manual examination of more than 7,000 issue reports from the bug databases of five open-source projects, we found 33.8% of all bug reports to be misclassified---that is, rather than referring to a code fix, they resulted in a new feature, an update to documentation, or an internal refactoring. This misclassification introduces bias in bug prediction models, confusing bugs and features: On average, 39% of files marked as defective actually never had a bug. We discuss the impact of this misclassification on earlier studies and recommend manual data validation for future studies. @InProceedings{ICSE13p392, author = {Kim Herzig and Sascha Just and Andreas Zeller}, title = {It's Not a Bug, It's a Feature: How Misclassification Impacts Bug Prediction}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {392--401}, doi = {}, year = {2013}, } |
|
Heymans, Patrick |
ICSE '13: "Beyond Boolean Product-Line ..."
Beyond Boolean Product-Line Model Checking: Dealing with Feature Attributes and Multi-features
Maxime Cordy, Pierre-Yves Schobbens, Patrick Heymans, and Axel Legay (University of Namur, Belgium; IRISA, France; INRIA, France; University of Liège, Belgium) Model checking techniques for software product lines (SPL) are actively researched. A major limitation they currently have is the inability to deal efficiently with non-Boolean features and multi-features. An example of a non-Boolean feature is a numeric attribute such as maximum number of users which can take different numeric values across the range of SPL products. Multi-features are features that can appear several times in the same product, such as processing units which number is variable from one product to another and which can be configured independently. Both constructs are extensively used in practice but currently not supported by existing SPL model checking techniques. To overcome this limitation, we formally define a language that integrates these constructs with SPL behavioural specifications. We generalize SPL model checking algorithms correspondingly and evaluate their applicability. Our results show that the algorithms remain efficient despite the generalization. @InProceedings{ICSE13p472, author = {Maxime Cordy and Pierre-Yves Schobbens and Patrick Heymans and Axel Legay}, title = {Beyond Boolean Product-Line Model Checking: Dealing with Feature Attributes and Multi-features}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {472--481}, doi = {}, year = {2013}, } |
|
Hicks, Michael |
ICSE '13: "Expositor: Scriptable Time-Travel ..."
Expositor: Scriptable Time-Travel Debugging with First-Class Traces
Yit Phang Khoo, Jeffrey S. Foster, and Michael Hicks (University of Maryland, USA) We present Expositor, a new debugging environment that combines scripting and time-travel debugging to allow programmers to automate complex debugging tasks. The fundamental abstraction provided by Expositor is the execution trace, which is a time-indexed sequence of program state snapshots. Programmers can manipulate traces as if they were simple lists with operations such as map and filter. Under the hood, Expositor efficiently implements traces as lazy, sparse interval trees, whose contents are materialized on demand. Expositor also provides a novel data structure, the edit hash array mapped trie, which is a lazy implementation of sets, maps, multisets, and multimaps that enables programmers to maximize the efficiency of their debugging scripts. We have used Expositor to debug a stack overflow and to unravel a subtle data race in Firefox. We believe that Expositor represents an important step forward in improving the technology for diagnosing complex, hard-to-understand bugs. @InProceedings{ICSE13p352, author = {Yit Phang Khoo and Jeffrey S. Foster and Michael Hicks}, title = {Expositor: Scriptable Time-Travel Debugging with First-Class Traces}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {352--361}, doi = {}, year = {2013}, } |
|
Hoek, André van der |
ICSE '13: "PorchLight: A Tag-Based Approach ..."
PorchLight: A Tag-Based Approach to Bug Triaging
Gerald Bortis and André van der Hoek (UC Irvine, USA) Bug triaging is an important activity in any software development project. It involves developers working through the set of unassigned bugs, determining for each of the bugs whether it represents a new issue that should receive attention, and, if so, assigning it to a developer and a milestone. Current tools provide only minimal support for bug triaging and especially break down when developers must triage a large number of bug reports, since those reports can only be viewed one-by-one. This paper presents PorchLight, a novel tool that uses tags, attached to individual bug reports by queries expressed in a specialized bug query language, to organize bug reports into sets so developers can explore, work with, and ultimately assign bugs effectively in meaningful groups. We describe the challenges in supporting bug triaging, the design decisions upon which PorchLight rests, and the technical aspects of the implementation. We conclude with an early evaluation that involved six professional developers who assessed PorchLight and its potential for their day-to-day triaging duties. @InProceedings{ICSE13p342, author = {Gerald Bortis and André van der Hoek}, title = {PorchLight: A Tag-Based Approach to Bug Triaging}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {342--351}, doi = {}, year = {2013}, } |
|
Hosek, Petr |
ICSE '13: "Safe Software Updates via ..."
Safe Software Updates via Multi-version Execution
Petr Hosek and Cristian Cadar (Imperial College London, UK) Software systems are constantly evolving, with new versions and patches being released on a continuous basis. Unfortunately, software updates present a high risk, with many releases introducing new bugs and security vulnerabilities. We tackle this problem using a simple but effective multi-version based approach. Whenever a new update becomes available, instead of upgrading the software to the new version, we run the new version in parallel with the old one; by carefully coordinating their executions and selecting the behaviour of the more reliable version when they diverge, we create a more secure and dependable multi-version application. We implemented this technique in Mx, a system targeting Linux applications running on multi-core processors, and show that it can be applied successfully to several real applications such as Coreutils, a set of user-level UNIX applications; Lighttpd, a popular web server used by several high-traffic websites such as Wikipedia and YouTube; and Redis, an advanced key-value data structure server used by many well-known services such as GitHub and Flickr. @InProceedings{ICSE13p612, author = {Petr Hosek and Cristian Cadar}, title = {Safe Software Updates via Multi-version Execution}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {612--621}, doi = {}, year = {2013}, } Video |
|
Ibrahim, Amani S. |
ICSE '13: "Automated Software Architecture ..."
Automated Software Architecture Security Risk Analysis using Formalized Signatures
Mohamed Almorsy, John Grundy, and Amani S. Ibrahim (Swinburne University of Technology, Australia) Reviewing software system architecture to pinpoint potential security flaws before proceeding with system development is a critical milestone in secure software development lifecycles. This includes identifying possible attacks or threat scenarios that target the system and may result in breaching of system security. Additionally we may also assess the strength of the system and its security architecture using well-known security metrics such as system attack surface, Compartmentalization, least-privilege, etc. However, existing efforts are limited to specific, predefined security properties or scenarios that are checked either manually or using limited toolsets. We introduce a new approach to support architecture security analysis using security scenarios and metrics. Our approach is based on formalizing attack scenarios and security metrics signature specification using the Object Constraint Language (OCL). Using formal signatures we analyse a target system to locate signature matches (for attack scenarios), or to take measurements (for security metrics). New scenarios and metrics can be incorporated and calculated provided that a formal signature can be specified. Our approach supports defining security metrics and scenarios at architecture, design, and code levels. We have developed a prototype software system architecture security analysis tool. To the best of our knowledge this is the first extensible architecture security risk analysis tool that supports both metric-based and scenario-based architecture security analysis. We have validated our approach by using it to capture and evaluate signatures from the NIST security principals and attack scenarios defined in the CAPEC database. @InProceedings{ICSE13p662, author = {Mohamed Almorsy and John Grundy and Amani S. Ibrahim}, title = {Automated Software Architecture Security Risk Analysis using Formalized Signatures}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {662--671}, doi = {}, year = {2013}, } Video |
|
Inoue, Katsumi |
ICSE '13: "Learning Revised Models for ..."
Learning Revised Models for Planning in Adaptive Systems
Daniel Sykes, Domenico Corapi, Jeff Magee, Jeff Kramer, Alessandra Russo, and Katsumi Inoue (Imperial College London, UK; National Institute of Informatics, Japan) Environment domain models are a key part of the information used by adaptive systems to determine their behaviour. These models can be incomplete or inaccurate. In addition, since adaptive systems generally operate in environments which are subject to change, these models are often also out of date. To update and correct these models, the system should observe how the environment responds to its actions, and compare these responses to those predicted by the model. In this paper, we use a probabilistic rule learning approach, NoMPRoL, to update models using feedback from the running system in the form of execution traces. NoMPRoL is a technique for non-monotonic probabilistic rule learning based on a transformation of an inductive logic programming task into an equivalent abductive one. In essence, it exploits consistent observations by finding general rules which explain observations in terms of the conditions under which they occur. The updated models are then used to generate new behaviour with a greater chance of success in the actual environment encountered. @InProceedings{ICSE13p63, author = {Daniel Sykes and Domenico Corapi and Jeff Magee and Jeff Kramer and Alessandra Russo and Katsumi Inoue}, title = {Learning Revised Models for Planning in Adaptive Systems}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {63--71}, doi = {}, year = {2013}, } Video |
|
Inverardi, Paola |
ICSE '13: "Automatic Synthesis of Modular ..."
Automatic Synthesis of Modular Connectors via Composition of Protocol Mediation Patterns
Paola Inverardi and Massimo Tivoli (University of L'Aquila, Italy) Ubiquitous and pervasive computing promotes the creation of an environment where Networked Systems (NSs) eternally provide connectivity and services without requiring explicit awareness of the underlying communications and computing technologies. In this context, achieving interoperability among heterogeneous NSs represents an important issue. In order to mediate the NSs interaction protocol and solve possible mismatches, connectors are often built. However, connector development is a never-ending and error-prone task and prevents the eternality of NSs. For this reason, in the literature, many approaches propose the automatic synthesis of connectors. However, solving the connector synthesis problem in general is hard and, when possible, it results in a monolithic connector hence preventing its evolution. In this paper, we define a method for the automatic synthesis of modular connectors, each of them expressed as the composition of independent mediators. A modular connector, as synthesized by our method, supports connector evolution and performs correct mediation. @InProceedings{ICSE13p3, author = {Paola Inverardi and Massimo Tivoli}, title = {Automatic Synthesis of Modular Connectors via Composition of Protocol Mediation Patterns}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {3--12}, doi = {}, year = {2013}, } Video |
|
Ivancic, Franjo |
ICSE '13: "Feedback-Directed Unit Test ..."
Feedback-Directed Unit Test Generation for C/C++ using Concolic Execution
Pranav Garg, Franjo Ivancic, Gogul Balakrishnan, Naoto Maeda, and Aarti Gupta (University of Illinois at Urbana-Champaign, USA; NEC Labs, USA; NEC, Japan) In industry, software testing and coverage-based metrics are the predominant techniques to check correctness of software. This paper addresses automatic unit test generation for programs written in C/C++. The main idea is to improve the coverage obtained by feedback-directed random test generation methods, by utilizing concolic execution on the generated test drivers. Furthermore, for programs with numeric computations, we employ non-linear solvers in a lazy manner to generate new test inputs. These techniques significantly improve the coverage provided by a feedback-directed random unit testing framework, while retaining the benefits of full automation. We have implemented these techniques in a prototype platform, and describe promising experimental results on a number of C/C++ open source benchmarks. @InProceedings{ICSE13p132, author = {Pranav Garg and Franjo Ivancic and Gogul Balakrishnan and Naoto Maeda and Aarti Gupta}, title = {Feedback-Directed Unit Test Generation for C/C++ using Concolic Execution}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {132--141}, doi = {}, year = {2013}, } |
|
Jiang, Zhen Ming |
ICSE '13: "Assisting Developers of Big ..."
Assisting Developers of Big Data Analytics Applications When Deploying on Hadoop Clouds
Weiyi Shang, Zhen Ming Jiang, Hadi Hemmati, Bram Adams, Ahmed E. Hassan , and Patrick Martin (Queen's University, Canada; Polytechnique Montréal, Canada) Big data analytics is the process of examining large amounts of data (big data) in an effort to uncover hidden patterns or unknown correlations. Big Data Analytics Applications (BDA Apps) are a new type of software applications, which analyze big data using massive parallel processing frameworks (e.g., Hadoop). Developers of such applications typically develop them using a small sample of data in a pseudo-cloud environment. Afterwards, they deploy the applications in a large-scale cloud environment with considerably more processing power and larger input data (reminiscent of the mainframe days). Working with BDA App developers in industry over the past three years, we noticed that the runtime analysis and debugging of such applications in the deployment phase cannot be easily addressed by traditional monitoring and debugging approaches. In this paper, as a first step in assisting developers of BDA Apps for cloud deployments, we propose a lightweight approach for uncovering differences between pseudo and large-scale cloud deployments. Our approach makes use of the readily-available yet rarely used execution logs from these platforms. Our approach abstracts the execution logs, recovers the execution sequences, and compares the sequences between the pseudo and cloud deployments. Through a case study on three representative Hadoop-based BDA Apps, we show that our approach can rapidly direct the attention of BDA App developers to the major differences between the two deployments. Knowledge of such differences is essential in verifying BDA Apps when analyzing big data in the cloud. Using injected deployment faults, we show that our approach not only significantly reduces the deployment verification effort, but also provides very few false positives when identifying deployment failures. @InProceedings{ICSE13p402, author = {Weiyi Shang and Zhen Ming Jiang and Hadi Hemmati and Bram Adams and Ahmed E. Hassan and Patrick Martin}, title = {Assisting Developers of Big Data Analytics Applications When Deploying on Hadoop Clouds}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {402--411}, doi = {}, year = {2013}, } |
|
Jiresal, Rahul |
ICSE '13: "Reverb: Recommending Code-Related ..."
Reverb: Recommending Code-Related Web Pages
Nicholas Sawadsky, Gail C. Murphy, and Rahul Jiresal (University of British Columbia, Canada) The web is an important source of development-related resources, such as code examples, tutorials, and API documentation. Yet existing development environments are largely disconnected from these resources. In this work, we explore how to provide useful web page recommendations to developers by focusing on the problem of refinding web pages that a developer has previously used. We present the results of a study about developer browsing activity in which we found that 13.7% of developers visits to code-related pages are revisits and that only a small fraction (7.4%) of these were initiated through a low-cost mechanism, such as a bookmark. To assist with code-related revisits, we introduce Reverb, a tool which recommends previously visited web pages that pertain to the code visible in the developer's editor. Through a field study, we found that, on average, Reverb can recommend a useful web page in 51% of revisitation cases. @InProceedings{ICSE13p812, author = {Nicholas Sawadsky and Gail C. Murphy and Rahul Jiresal}, title = {Reverb: Recommending Code-Related Web Pages}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {812--821}, doi = {}, year = {2013}, } Video |
|
John, Bonnie E. |
ICSE '13: "Human Performance Regression ..."
Human Performance Regression Testing
Amanda Swearngin, Myra B. Cohen, Bonnie E. John, and Rachel K. E. Bellamy (University of Nebraska-Lincoln, USA; IBM Research, USA) As software systems evolve, new interface features such as keyboard shortcuts and toolbars are introduced. While it is common to regression test the new features for functional correctness, there has been less focus on systematic regression testing for usability, due to the effort and time involved in human studies. Cognitive modeling tools such as CogTool provide some help by computing predictions of user performance, but they still require manual effort to describe the user interface and tasks, limiting regression testing efforts. In recent work, we developed CogTool Helper to reduce the effort required to generate human performance models of existing systems. We build on this work by providing task specific test case generation and present our vision for human performance regression testing (HPRT) that generates large numbers of test cases and evaluates a range of human performance predictions for the same task. We examine the feasibility of HPRT on four tasks in LibreOffice, find several regressions, and then discuss how a project team could use this information. We also illustrate that we can increase efficiency with sampling by leveraging an inference algorithm. Samples that take approximately 50% of the runtime lose at most 10% of the performance predictions. @InProceedings{ICSE13p152, author = {Amanda Swearngin and Myra B. Cohen and Bonnie E. John and Rachel K. E. Bellamy}, title = {Human Performance Regression Testing}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {152--161}, doi = {}, year = {2013}, } Video |
|
Johnson, Brittany |
ICSE '13: "Why Don't Software Developers ..."
Why Don't Software Developers Use Static Analysis Tools to Find Bugs?
Brittany Johnson, Yoonki Song, Emerson Murphy-Hill, and Robert Bowdidge (North Carolina State University, USA; Google, USA) Using static analysis tools for automating code inspections can be beneficial for software engineers. Such tools can make finding bugs, or software defects, faster and cheaper than manual inspections. Despite the benefits of using static analysis tools to find bugs, research suggests that these tools are underused. In this paper, we investigate why developers are not widely using static analysis tools and how current tools could potentially be improved. We conducted interviews with 20 developers and found that although all of our participants felt that use is beneficial, false positives and the way in which the warnings are presented, among other things, are barriers to use. We discuss several implications of these results, such as the need for an interactive mechanism to help developers fix defects. @InProceedings{ICSE13p672, author = {Brittany Johnson and Yoonki Song and Emerson Murphy-Hill and Robert Bowdidge}, title = {Why Don't Software Developers Use Static Analysis Tools to Find Bugs?}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {672--681}, doi = {}, year = {2013}, } |
|
Johnson, Ralph E. |
ICSE '13: "Drag-and-Drop Refactoring: ..."
Drag-and-Drop Refactoring: Intuitive and Efficient Program Transformation
Yun Young Lee, Nicholas Chen, and Ralph E. Johnson (University of Illinois at Urbana-Champaign, USA) Refactoring is a disciplined technique for restructuring code to improve its readability and maintainability. Almost all modern integrated development environments (IDEs) offer built-in support for automated refactoring tools. However, the user interface for refactoring tools has remained largely unchanged from the menu and dialog approach introduced in the Smalltalk Refactoring Browser, the first automated refactoring tool, more than a decade ago. As the number of supported refactorings and their options increase, invoking and configuring these tools through the traditional methods have become increasingly unintuitive and inefficient. The contribution of this paper is a novel approach that eliminates the use of menus and dialogs altogether. We streamline the invocation and configuration process through direct manipulation of program elements via drag-and-drop. We implemented and evaluated this approach in our tool, Drag-and-Drop Refactoring (DNDRefactoring), which supports up to 12 of 23 refactorings in the Eclipse IDE. Empirical evaluation through surveys and controlled user studies demonstrates that our approach is intuitive, more efficient, and less error-prone compared to traditional methods available in IDEs today. Our results bolster the need for researchers and tool developers to rethink the design of future refactoring tools. @InProceedings{ICSE13p23, author = {Yun Young Lee and Nicholas Chen and Ralph E. Johnson}, title = {Drag-and-Drop Refactoring: Intuitive and Efficient Program Transformation}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {23--32}, doi = {}, year = {2013}, } Video |
|
Just, Sascha |
ICSE '13: "It's Not a Bug, It's ..."
It's Not a Bug, It's a Feature: How Misclassification Impacts Bug Prediction
Kim Herzig, Sascha Just, and Andreas Zeller (Saarland University, Germany) In a manual examination of more than 7,000 issue reports from the bug databases of five open-source projects, we found 33.8% of all bug reports to be misclassified---that is, rather than referring to a code fix, they resulted in a new feature, an update to documentation, or an internal refactoring. This misclassification introduces bias in bug prediction models, confusing bugs and features: On average, 39% of files marked as defective actually never had a bug. We discuss the impact of this misclassification on earlier studies and recommend manual data validation for future studies. @InProceedings{ICSE13p392, author = {Kim Herzig and Sascha Just and Andreas Zeller}, title = {It's Not a Bug, It's a Feature: How Misclassification Impacts Bug Prediction}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {392--401}, doi = {}, year = {2013}, } |
|
Kaiser, Gail |
ICSE '13: "Chronicler: Lightweight Recording ..."
Chronicler: Lightweight Recording to Reproduce Field Failures
Jonathan Bell, Nikhil Sarda, and Gail Kaiser (Columbia University, USA) When programs fail in the field, developers are often left with limited information to diagnose the failure. Automated error reporting tools can assist in bug report generation but without precise steps from the end user it is often difficult for developers to recreate the failure. Advanced remote debugging tools aim to capture sufficient information from field executions to recreate failures in the lab but often have too much overhead to practically deploy. We present CHRONICLER, an approach to remote debugging that captures non-deterministic inputs to applications in a lightweight manner, assuring faithful reproduction of client executions. We evaluated CHRONICLER by creating a Java implementation, CHRONICLERJ, and then by using a set of benchmarks mimicking real world applications and workloads, showing its runtime overhead to be under 10% in most cases (worst case 86%), while an existing tool showed overhead over 100% in the same cases (worst case 2,322%). @InProceedings{ICSE13p362, author = {Jonathan Bell and Nikhil Sarda and Gail Kaiser}, title = {Chronicler: Lightweight Recording to Reproduce Field Failures}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {362--371}, doi = {}, year = {2013}, } Video |
|
Kasi, Bakhtiar Khan |
ICSE '13: "Cassandra: Proactive Conflict ..."
Cassandra: Proactive Conflict Minimization through Optimized Task Scheduling
Bakhtiar Khan Kasi and Anita Sarma (University of Nebraska-Lincoln, USA) Software conflicts arising because of conflicting changes are a regular occurrence and delay projects. The main precept of workspace awareness tools has been to identify potential conflicts early, while changes are still small and easier to resolve. However, in this approach conflicts still occur and require developer time and effort to resolve. We present a novel conflict minimization technique that proactively identifies potential conflicts, encodes them as constraints, and solves the constraint space to recommend a set of conflict-minimal development paths for the team. Here we present a study of four open source projects to characterize the distribution of conflicts and their resolution efforts. We then explain our conflict minimization technique and the design and implementation of this technique in our prototype, Cassandra. We show that Cassandra would have successfully avoided a majority of conflicts in the four open source test subjects. We demonstrate the efficiency of our approach by applying the technique to a simulated set of scenarios with higher than normal incidence of conflicts. @InProceedings{ICSE13p732, author = {Bakhtiar Khan Kasi and Anita Sarma}, title = {Cassandra: Proactive Conflict Minimization through Optimized Task Scheduling}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {732--741}, doi = {}, year = {2013}, } Video |
|
Khoo, Yit Phang |
ICSE '13: "Expositor: Scriptable Time-Travel ..."
Expositor: Scriptable Time-Travel Debugging with First-Class Traces
Yit Phang Khoo, Jeffrey S. Foster, and Michael Hicks (University of Maryland, USA) We present Expositor, a new debugging environment that combines scripting and time-travel debugging to allow programmers to automate complex debugging tasks. The fundamental abstraction provided by Expositor is the execution trace, which is a time-indexed sequence of program state snapshots. Programmers can manipulate traces as if they were simple lists with operations such as map and filter. Under the hood, Expositor efficiently implements traces as lazy, sparse interval trees, whose contents are materialized on demand. Expositor also provides a novel data structure, the edit hash array mapped trie, which is a lazy implementation of sets, maps, multisets, and multimaps that enables programmers to maximize the efficiency of their debugging scripts. We have used Expositor to debug a stack overflow and to unravel a subtle data race in Firefox. We believe that Expositor represents an important step forward in improving the technology for diagnosing complex, hard-to-understand bugs. @InProceedings{ICSE13p352, author = {Yit Phang Khoo and Jeffrey S. Foster and Michael Hicks}, title = {Expositor: Scriptable Time-Travel Debugging with First-Class Traces}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {352--361}, doi = {}, year = {2013}, } |
|
Kim, Dongsun |
ICSE '13: "Automatic Patch Generation ..."
Automatic Patch Generation Learned from Human-Written Patches
Dongsun Kim, Jaechang Nam, Jaewoo Song, and Sunghun Kim (Hong Kong University of Science and Technology, China) Patch generation is an essential software maintenance task because most software systems inevitably have bugs that need to be fixed. Unfortunately, human resources are often insufficient to fix all reported and known bugs. To address this issue, several automated patch generation techniques have been proposed. In particular, a genetic-programming-based patch generation technique, GenProg, proposed by Weimer et al., has shown promising results. However, these techniques can generate nonsensical patches due to the randomness of their mutation operations. To address this limitation, we propose a novel patch generation approach, Pattern-based Automatic program Repair (PAR), using fix patterns learned from existing human-written patches. We manually inspected more than 60,000 human-written patches and found there are several common fix patterns. Our approach leverages these fix patterns to generate program patches automatically. We experimentally evaluated PAR on 119 real bugs. In addition, a user study involving 89 students and 164 developers confirmed that patches generated by our approach are more acceptable than those generated by GenProg. PAR successfully generated patches for 27 out of 119 bugs, while GenProg was successful for only 16 bugs. @InProceedings{ICSE13p802, author = {Dongsun Kim and Jaechang Nam and Jaewoo Song and Sunghun Kim}, title = {Automatic Patch Generation Learned from Human-Written Patches}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {802--811}, doi = {}, year = {2013}, } |
|
Kim, Miryung |
ICSE '13: "LASE: Locating and Applying ..."
LASE: Locating and Applying Systematic Edits by Learning from Examples
Na Meng, Miryung Kim, and Kathryn S. McKinley (University of Texas at Austin, USA; Microsoft Research, USA) Adding features and fixing bugs often require sys- tematic edits that make similar, but not identical, changes to many code locations. Finding all the relevant locations and making the correct edits is a tedious and error-prone process for developers. This paper addresses both problems using edit scripts learned from multiple examples. We design and implement a tool called LASE that (1) creates a context-aware edit script from two or more examples, and uses the script to (2) automatically identify edit locations and to (3) transform the code. We evaluate LASE on an oracle test suite of systematic edits from Eclipse JDT and SWT. LASE finds edit locations with 99% precision and 89% recall, and transforms them with 91% accuracy. We also evaluate LASE on 37 example systematic edits from other open source programs and find LASE is accurate and effective. Furthermore, we confirmed with developers that LASE found edit locations which they missed. Our novel algorithm that learns from multiple examples is critical to achieving high precision and recall; edit scripts created from only one example produce too many false positives, false negatives, or both. Our results indicate that LASE should help developers in automating systematic editing. Whereas most prior work either suggests edit locations or performs simple edits, LASE is the first to do both for nontrivial program edits. @InProceedings{ICSE13p502, author = {Na Meng and Miryung Kim and Kathryn S. McKinley}, title = {LASE: Locating and Applying Systematic Edits by Learning from Examples}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {502--511}, doi = {}, year = {2013}, } |
|
Kim, Sunghun |
ICSE '13: "Transfer Defect Learning ..."
Transfer Defect Learning
Jaechang Nam, Sinno Jialin Pan, and Sunghun Kim (Hong Kong University of Science and Technology, China; Institute for Infocomm Research, Singapore) Many software defect prediction approaches have been proposed and most are effective in within-project prediction settings. However, for new projects or projects with limited training data, it is desirable to learn a prediction model by using sufficient training data from existing source projects and then apply the model to some target projects (cross-project defect prediction). Unfortunately, the performance of cross-project defect prediction is generally poor, largely because of feature distribution differences between the source and target projects. In this paper, we apply a state-of-the-art transfer learning approach, TCA, to make feature distributions in source and target projects similar. In addition, we propose a novel transfer defect learning approach, TCA+, by extending TCA. Our experimental results for eight open-source projects show that TCA+ significantly improves cross-project prediction performance. @InProceedings{ICSE13p382, author = {Jaechang Nam and Sinno Jialin Pan and Sunghun Kim}, title = {Transfer Defect Learning}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {382--391}, doi = {}, year = {2013}, } ICSE '13: "Automatic Patch Generation ..." Automatic Patch Generation Learned from Human-Written Patches Dongsun Kim, Jaechang Nam, Jaewoo Song, and Sunghun Kim (Hong Kong University of Science and Technology, China) Patch generation is an essential software maintenance task because most software systems inevitably have bugs that need to be fixed. Unfortunately, human resources are often insufficient to fix all reported and known bugs. To address this issue, several automated patch generation techniques have been proposed. In particular, a genetic-programming-based patch generation technique, GenProg, proposed by Weimer et al., has shown promising results. However, these techniques can generate nonsensical patches due to the randomness of their mutation operations. To address this limitation, we propose a novel patch generation approach, Pattern-based Automatic program Repair (PAR), using fix patterns learned from existing human-written patches. We manually inspected more than 60,000 human-written patches and found there are several common fix patterns. Our approach leverages these fix patterns to generate program patches automatically. We experimentally evaluated PAR on 119 real bugs. In addition, a user study involving 89 students and 164 developers confirmed that patches generated by our approach are more acceptable than those generated by GenProg. PAR successfully generated patches for 27 out of 119 bugs, while GenProg was successful for only 16 bugs. @InProceedings{ICSE13p802, author = {Dongsun Kim and Jaechang Nam and Jaewoo Song and Sunghun Kim}, title = {Automatic Patch Generation Learned from Human-Written Patches}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {802--811}, doi = {}, year = {2013}, } |
|
Koelewijn, Benjamin |
ICSE '13: "The Role of Domain Knowledge ..."
The Role of Domain Knowledge and Cross-Functional Communication in Socio-Technical Coordination
Daniela Damian, Remko Helms, Irwin Kwan, Sabrina Marczak, and Benjamin Koelewijn (University of Victoria, Canada; Utrecht University, Netherlands; Oregon State University, USA; PUCRS, Brazil) Software projects involve diverse roles and artifacts that have dependencies to requirements. Project team members in different roles need to coordinate but their coordination is affected by the availability of domain knowledge, which is distributed among different project members, and organizational structures that control cross-functional communication. Our study examines how information flowed between different roles in two software projects that had contrasting distributions of domain knowledge and different communication structures. Using observations, interviews, and surveys, we examined how diverse roles working on requirements and their related artifacts coordinated along task dependencies. We found that communication only partially matched task dependencies and that team members that are boundary spanners have extensive domain knowledge and hold key positions in the control structure. These findings have implications on how organizational structures interfere with task assignments and influence communication in the project, suggesting how practitioners can adjust team configuration and communication structures. @InProceedings{ICSE13p442, author = {Daniela Damian and Remko Helms and Irwin Kwan and Sabrina Marczak and Benjamin Koelewijn}, title = {The Role of Domain Knowledge and Cross-Functional Communication in Socio-Technical Coordination}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {442--451}, doi = {}, year = {2013}, } |
|
Kramer, Jeff |
ICSE '13: "Learning Revised Models for ..."
Learning Revised Models for Planning in Adaptive Systems
Daniel Sykes, Domenico Corapi, Jeff Magee, Jeff Kramer, Alessandra Russo, and Katsumi Inoue (Imperial College London, UK; National Institute of Informatics, Japan) Environment domain models are a key part of the information used by adaptive systems to determine their behaviour. These models can be incomplete or inaccurate. In addition, since adaptive systems generally operate in environments which are subject to change, these models are often also out of date. To update and correct these models, the system should observe how the environment responds to its actions, and compare these responses to those predicted by the model. In this paper, we use a probabilistic rule learning approach, NoMPRoL, to update models using feedback from the running system in the form of execution traces. NoMPRoL is a technique for non-monotonic probabilistic rule learning based on a transformation of an inductive logic programming task into an equivalent abductive one. In essence, it exploits consistent observations by finding general rules which explain observations in terms of the conditions under which they occur. The updated models are then used to generate new behaviour with a greater chance of success in the actual environment encountered. @InProceedings{ICSE13p63, author = {Daniel Sykes and Domenico Corapi and Jeff Magee and Jeff Kramer and Alessandra Russo and Katsumi Inoue}, title = {Learning Revised Models for Planning in Adaptive Systems}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {63--71}, doi = {}, year = {2013}, } Video |
|
Krishnamurthi, Shriram |
ICSE '13: "Aluminum: Principled Scenario ..."
Aluminum: Principled Scenario Exploration through Minimality
Tim Nelson, Salman Saghafi, Daniel J. Dougherty, Kathi Fisler, and Shriram Krishnamurthi (Worcester Polytechnic Institute, USA; Brown University, USA) Scenario-finding tools such as Alloy are widely used to understand the consequences of specifications, with applications to software modeling, security analysis, and verification. This paper focuses on the exploration of scenarios: which scenarios are presented first, and how to traverse them in a well-defined way. We present Aluminum, a modification of Alloy that presents only minimal scenarios: those that contain no more than is necessary. Aluminum lets users explore the scenario space by adding to scenarios and backtracking. It also provides the ability to find what can consistently be used to extend each scenario. We describe the semantic basis of Aluminum in terms of minimal models of first-order logic formulas. We show how this theory can be implemented atop existing SAT-solvers and quantify both the benefits of minimality and its small computational overhead. Finally, we offer some qualitative observations about scenario exploration in Aluminum. @InProceedings{ICSE13p232, author = {Tim Nelson and Salman Saghafi and Daniel J. Dougherty and Kathi Fisler and Shriram Krishnamurthi}, title = {Aluminum: Principled Scenario Exploration through Minimality}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {232--241}, doi = {}, year = {2013}, } Video |
|
Krishnamurthy, Arvind |
ICSE '13: "Unifying FSM-Inference Algorithms ..."
Unifying FSM-Inference Algorithms through Declarative Specification
Ivan Beschastnikh, Yuriy Brun , Jenny Abrahamson, Michael D. Ernst , and Arvind Krishnamurthy (University of Washington, USA; University of Massachusetts, USA) Logging system behavior is a staple development practice. Numerous powerful model inference algorithms have been proposed to aid developers in log analysis and system understanding. Unfortunately, existing algorithms are difficult to understand, extend, and compare. This paper presents InvariMint, an approach to specify model inference algorithms declaratively. We applied InvariMint to two model inference algorithms and present evaluation results to illustrate that InvariMint (1) leads to new fundamental insights and better understanding of existing algorithms, (2) simplifies creation of new algorithms, including hybrids that extend existing algorithms, and (3) makes it easy to compare and contrast previously published algorithms. Finally, algorithms specified with InvariMint can outperform their procedural versions. @InProceedings{ICSE13p252, author = {Ivan Beschastnikh and Yuriy Brun and Jenny Abrahamson and Michael D. Ernst and Arvind Krishnamurthy}, title = {Unifying FSM-Inference Algorithms through Declarative Specification}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {252--261}, doi = {}, year = {2013}, } |
|
Kwan, Irwin |
ICSE '13: "The Role of Domain Knowledge ..."
The Role of Domain Knowledge and Cross-Functional Communication in Socio-Technical Coordination
Daniela Damian, Remko Helms, Irwin Kwan, Sabrina Marczak, and Benjamin Koelewijn (University of Victoria, Canada; Utrecht University, Netherlands; Oregon State University, USA; PUCRS, Brazil) Software projects involve diverse roles and artifacts that have dependencies to requirements. Project team members in different roles need to coordinate but their coordination is affected by the availability of domain knowledge, which is distributed among different project members, and organizational structures that control cross-functional communication. Our study examines how information flowed between different roles in two software projects that had contrasting distributions of domain knowledge and different communication structures. Using observations, interviews, and surveys, we examined how diverse roles working on requirements and their related artifacts coordinated along task dependencies. We found that communication only partially matched task dependencies and that team members that are boundary spanners have extensive domain knowledge and hold key positions in the control structure. These findings have implications on how organizational structures interfere with task assignments and influence communication in the project, suggesting how practitioners can adjust team configuration and communication structures. @InProceedings{ICSE13p442, author = {Daniela Damian and Remko Helms and Irwin Kwan and Sabrina Marczak and Benjamin Koelewijn}, title = {The Role of Domain Knowledge and Cross-Functional Communication in Socio-Technical Coordination}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {442--451}, doi = {}, year = {2013}, } |
|
Lakshmi, K. Vasanta |
ICSE '13: "Guided Test Generation for ..."
Guided Test Generation for Web Applications
Suresh Thummalapenta, K. Vasanta Lakshmi, Saurabh Sinha, Nishant Sinha, and Satish Chandra (IBM Research, India; Indian Institute of Science, India; IBM Research, USA) We focus on functional testing of enterprise applications with the goal of exercising an application's interesting behaviors by driving it from its user interface. The difficulty in doing this is focusing on the interesting behaviors among an unbounded number of behaviors. We present a new technique for automatically generating tests that drive a web-based application along interesting behaviors, where the interesting behavior is specified in the form of "business rules." Business rules are a general mechanism for describing business logic, access control, or even navigational properties of an application's GUI. Our technique is black box, in that it does not analyze the application's server-side implementation, but relies on directed crawling via the application's GUI. To handle the unbounded number of GUI states, the technique includes two phases. Phase 1 creates an abstract state-transition diagram using a relaxed notion of equivalence of GUI states without considering rules. Next, Phase 2 identifies rule-relevant abstract paths and refines those paths using a stricter notion of state equivalence. Our technique can be much more effective at covering business rules than an undirected technique, developed as an enhancement of an existing test-generation technique. Our experiments showed that the former was able to cover 92% of the rules, compared to 52% of the rules covered by the latter. @InProceedings{ICSE13p162, author = {Suresh Thummalapenta and K. Vasanta Lakshmi and Saurabh Sinha and Nishant Sinha and Satish Chandra}, title = {Guided Test Generation for Web Applications}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {162--171}, doi = {}, year = {2013}, } |
|
Le, Wei |
ICSE '13: "Segmented Symbolic Analysis ..."
Segmented Symbolic Analysis
Wei Le (Rochester Institute of Technology, USA) Symbolic analysis is indispensable for software tools that require program semantic information at compile time. However, determining symbolic values for program variables related to loops and library calls is challenging, as the computation and data related to loops can have statically unknown bounds, and the library sources are typically not available at compile time. In this paper, we propose segmented symbolic analysis, a hybrid technique that enables fully automatic symbolic analysis even for the traditionally challenging code of library calls and loops. The novelties of this work are threefold: 1) we flexibly weave symbolic and concrete executions on the selected parts of the program based on demand; 2) dynamic executions are performed on the unit tests constructed from the code segments to infer program semantics needed by static analysis; and 3) the dynamic information from multiple runs is aggregated via regression analysis. We developed the Helium framework, consisting of a static component that performs symbolic analysis and partitions a program, a dynamic analysis that synthesizes unit tests and automatically infers symbolic values for program variables, and a protocol that enables static and dynamic analyses to be run interactively and concurrently. Our experimental results show that by handling loops and library calls that a traditional symbolic analysis cannot process, segmented symbolic analysis detects 5 times more buffer overflows. The technique is scalable for real-world programs such as putty, tightvnc and snort. @InProceedings{ICSE13p212, author = {Wei Le}, title = {Segmented Symbolic Analysis}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {212--221}, doi = {}, year = {2013}, } |
|
Lee, Yun Young |
ICSE '13: "Drag-and-Drop Refactoring: ..."
Drag-and-Drop Refactoring: Intuitive and Efficient Program Transformation
Yun Young Lee, Nicholas Chen, and Ralph E. Johnson (University of Illinois at Urbana-Champaign, USA) Refactoring is a disciplined technique for restructuring code to improve its readability and maintainability. Almost all modern integrated development environments (IDEs) offer built-in support for automated refactoring tools. However, the user interface for refactoring tools has remained largely unchanged from the menu and dialog approach introduced in the Smalltalk Refactoring Browser, the first automated refactoring tool, more than a decade ago. As the number of supported refactorings and their options increase, invoking and configuring these tools through the traditional methods have become increasingly unintuitive and inefficient. The contribution of this paper is a novel approach that eliminates the use of menus and dialogs altogether. We streamline the invocation and configuration process through direct manipulation of program elements via drag-and-drop. We implemented and evaluated this approach in our tool, Drag-and-Drop Refactoring (DNDRefactoring), which supports up to 12 of 23 refactorings in the Eclipse IDE. Empirical evaluation through surveys and controlled user studies demonstrates that our approach is intuitive, more efficient, and less error-prone compared to traditional methods available in IDEs today. Our results bolster the need for researchers and tool developers to rethink the design of future refactoring tools. @InProceedings{ICSE13p23, author = {Yun Young Lee and Nicholas Chen and Ralph E. Johnson}, title = {Drag-and-Drop Refactoring: Intuitive and Efficient Program Transformation}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {23--32}, doi = {}, year = {2013}, } Video |
|
Legay, Axel |
ICSE '13: "Beyond Boolean Product-Line ..."
Beyond Boolean Product-Line Model Checking: Dealing with Feature Attributes and Multi-features
Maxime Cordy, Pierre-Yves Schobbens, Patrick Heymans, and Axel Legay (University of Namur, Belgium; IRISA, France; INRIA, France; University of Liège, Belgium) Model checking techniques for software product lines (SPL) are actively researched. A major limitation they currently have is the inability to deal efficiently with non-Boolean features and multi-features. An example of a non-Boolean feature is a numeric attribute such as maximum number of users which can take different numeric values across the range of SPL products. Multi-features are features that can appear several times in the same product, such as processing units which number is variable from one product to another and which can be configured independently. Both constructs are extensively used in practice but currently not supported by existing SPL model checking techniques. To overcome this limitation, we formally define a language that integrates these constructs with SPL behavioural specifications. We generalize SPL model checking algorithms correspondingly and evaluate their applicability. Our results show that the algorithms remain efficient despite the generalization. @InProceedings{ICSE13p472, author = {Maxime Cordy and Pierre-Yves Schobbens and Patrick Heymans and Axel Legay}, title = {Beyond Boolean Product-Line Model Checking: Dealing with Feature Attributes and Multi-features}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {472--481}, doi = {}, year = {2013}, } |
|
Letier, Emmanuel |
ICSE '13: "Requirements Modelling by ..."
Requirements Modelling by Synthesis of Deontic Input-Output Automata
Emmanuel Letier and William Heaven (University College London, UK) Requirements modelling helps software engineers understand a system’s required behaviour and explore alternative system designs. It also generates a formal software specification that can be used for testing, verification, and debugging. However, elaborating such models requires expertise and significant human effort. The paper aims at reducing this effort by automating an essential activity of requirements modelling which consists in deriving a machine specification satisfying a set of goals in a domain. It introduces deontic input-output automata —an extension of input-output automata with permissions and obligations— and an automated synthesis technique over this formalism to support such derivation. This technique helps modellers identifying early when a goal is not realizable in a domain and can guide the exploration of alternative models to make goals realizable. Synthesis techniques for input-output or interface automata are not adequate for requirements modelling. @InProceedings{ICSE13p592, author = {Emmanuel Letier and William Heaven}, title = {Requirements Modelling by Synthesis of Deontic Input-Output Automata}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {592--601}, doi = {}, year = {2013}, } |
|
Lewis, Chris |
ICSE '13: "Does Bug Prediction Support ..."
Does Bug Prediction Support Human Developers? Findings from a Google Case Study
Chris Lewis, Zhongpeng Lin, Caitlin Sadowski, Xiaoyan Zhu, Rong Ou, and E. James Whitehead Jr. (UC Santa Cruz, USA; Google, USA; Xi'an Jiaotong University, China) While many bug prediction algorithms have been developed by academia, they're often only tested and verified in the lab using automated means. We do not have a strong idea about whether such algorithms are useful to guide human developers. We deployed a bug prediction algorithm across Google, and found no identifiable change in developer behavior. Using our experience, we provide several characteristics that bug prediction algorithms need to meet in order to be accepted by human developers and truly change how developers evaluate their code. @InProceedings{ICSE13p372, author = {Chris Lewis and Zhongpeng Lin and Caitlin Sadowski and Xiaoyan Zhu and Rong Ou and E. James Whitehead Jr.}, title = {Does Bug Prediction Support Human Developers? Findings from a Google Case Study}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {372--381}, doi = {}, year = {2013}, } |
|
Li, Ding |
ICSE '13: "Estimating Mobile Application ..."
Estimating Mobile Application Energy Consumption using Program Analysis
Shuai Hao, Ding Li, William G. J. Halfond , and Ramesh Govindan (University of Southern California, USA) Optimizing the energy efficiency of mobile applications can greatly increase user satisfaction. However, developers lack viable techniques for estimating the energy consumption of their applications. This paper proposes a new approach that is both lightweight in terms of its developer requirements and provides fine-grained estimates of energy consumption at the code level. It achieves this using a novel combination of program analysis and per-instruction energy modeling. In evaluation, our approach is able to estimate energy consumption to within 10% of the ground truth for a set of mobile applications from the Google Play store. Additionally, it provides useful and meaningful feedback to developers that helps them to understand application energy consumption behavior. @InProceedings{ICSE13p92, author = {Shuai Hao and Ding Li and William G. J. Halfond and Ramesh Govindan}, title = {Estimating Mobile Application Energy Consumption using Program Analysis}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {92--101}, doi = {}, year = {2013}, } |
|
Lin, Zhongpeng |
ICSE '13: "Does Bug Prediction Support ..."
Does Bug Prediction Support Human Developers? Findings from a Google Case Study
Chris Lewis, Zhongpeng Lin, Caitlin Sadowski, Xiaoyan Zhu, Rong Ou, and E. James Whitehead Jr. (UC Santa Cruz, USA; Google, USA; Xi'an Jiaotong University, China) While many bug prediction algorithms have been developed by academia, they're often only tested and verified in the lab using automated means. We do not have a strong idea about whether such algorithms are useful to guide human developers. We deployed a bug prediction algorithm across Google, and found no identifiable change in developer behavior. Using our experience, we provide several characteristics that bug prediction algorithms need to meet in order to be accepted by human developers and truly change how developers evaluate their code. @InProceedings{ICSE13p372, author = {Chris Lewis and Zhongpeng Lin and Caitlin Sadowski and Xiaoyan Zhu and Rong Ou and E. James Whitehead Jr.}, title = {Does Bug Prediction Support Human Developers? Findings from a Google Case Study}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {372--381}, doi = {}, year = {2013}, } |
|
Liskin, Olga |
ICSE '13: "Creating a Shared Understanding ..."
Creating a Shared Understanding of Testing Culture on a Social Coding Site
Raphael Pham, Leif Singer, Olga Liskin, Fernando Figueira Filho, and Kurt Schneider (Leibniz Universität Hannover, Germany; UFRN, Brazil) Many software development projects struggle with creating and communicating a testing culture that is appropriate for the project's needs. This may degrade software quality by leaving defects undiscovered. Previous research suggests that social coding sites such as GitHub provide a collaborative environment with a high degree of social transparency. This makes developers' actions and interactions more visible and traceable. We conducted interviews with 33 active users of GitHub to investigate how the increased transparency found on GitHub influences developers' testing behaviors. Subsequently, we validated our findings with an online questionnaire that was answered by 569 members of GitHub. We found several strategies that software developers and managers can use to positively influence the testing behavior in their projects. However, project owners on GitHub may not be aware of them. We report on the challenges and risks caused by this and suggest guidelines for promoting a sustainable testing culture in software development projects. @InProceedings{ICSE13p112, author = {Raphael Pham and Leif Singer and Olga Liskin and Fernando Figueira Filho and Kurt Schneider}, title = {Creating a Shared Understanding of Testing Culture on a Social Coding Site}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {112--121}, doi = {}, year = {2013}, } |
|
Liu, Yang |
ICSE '13: "Dynamic Synthesis of Local ..."
Dynamic Synthesis of Local Time Requirement for Service Composition
Tian Huat Tan, Étienne André , Jun Sun, Yang Liu, Jin Song Dong, and Manman Chen (National University of Singapore, Singapore; Université Paris 13, France; CNRS, France; Singapore University of Technology and Design, Singapore; Nanyang Technological University, Singapore) Service composition makes use of existing service-based applications as components to achieve a business goal. In time critical business environments, the response time of a service is crucial, which is also reflected as a clause in service level agreements (SLAs) between service providers and service users. To allow the composite service to fulfill the response time requirement as promised, it is important to find a feasible set of component services, such that their response time could collectively allow the satisfaction of the response time of the composite service. In this work, we propose a fully automated approach to synthesize the response time requirement of component services, in the form of a constraint on the local response times, that guarantees the global response time requirement. Our approach is based on parameter synthesis techniques for real-time systems. It has been implemented and evaluated with real-world case studies. @InProceedings{ICSE13p542, author = {Tian Huat Tan and Étienne André and Jun Sun and Yang Liu and Jin Song Dong and Manman Chen}, title = {Dynamic Synthesis of Local Time Requirement for Service Composition}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {542--551}, doi = {}, year = {2013}, } |
|
Liu, Yu David |
ICSE '13: "Green Streams for Data-Intensive ..."
Green Streams for Data-Intensive Software
Thomas W. Bartenstein and Yu David Liu (SUNY Binghamton, USA) This paper introduces GREEN STREAMS, a novel solution to address a critical but often overlooked property of data-intensive software: energy efficiency. GREEN STREAMS is built around two key insights into data-intensive software. First, energy consumption of data-intensive software is strongly correlated to data volume and data processing, both of which are naturally abstracted in the stream programming paradigm; Second, energy efficiency can be improved if the data processing components of a stream program coordinate in a “balanced” way, much like an assembly line that runs most efficiently when participating workers coordinate their pace. GREEN STREAMS adopts a standard stream programming model, and applies Dynamic Voltage and Frequency Scaling (DVFS) to coordinate the pace of data processing among components, ultimately achieving energy efficiency without degrading performance in a parallel processing environment. At the core of GREEN STREAMS is a novel constraint-based inference to abstract the intrinsic relationships of data flow rates inside a stream program, that uses linear programming to minimize the frequencies – hence the energy consumption – for processing components while still maintaining the maximum output data flow rate. The core algorithm of GREEN STREAMS is formalized, and its optimality is established. The effectiveness of GREEN STREAMS is evaluated on top of the StreamIt framework, and preliminary results show the approach can save CPU energy by an average of 28% with a 7% performance improvement. @InProceedings{ICSE13p532, author = {Thomas W. Bartenstein and Yu David Liu}, title = {Green Streams for Data-Intensive Software}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {532--541}, doi = {}, year = {2013}, } Video |
|
Lu, Shan |
ICSE '13: "Toddler: Detecting Performance ..."
Toddler: Detecting Performance Problems via Similar Memory-Access Patterns
Adrian Nistor, Linhai Song, Darko Marinov , and Shan Lu (University of Illinois at Urbana-Champaign, USA; University of Wisconsin-Madison, USA) Performance bugs are programming errors that create significant performance degradation. While developers often use automated oracles for detecting functional bugs, detecting performance bugs usually requires time-consuming, manual analysis of execution profiles. The human effort for performance analysis limits the number of performance tests analyzed and enables performance bugs to easily escape to production. Unfortunately, while profilers can successfully localize slow executing code, profilers cannot be effectively used as automated oracles. This paper presents TODDLER, a novel automated oracle for performance bugs, which enables testing for performance bugs to use the well established and automated process of testing for functional bugs. TODDLER reports code loops whose computation has repetitive and partially similar memory-access patterns across loop iterations. Such repetitive work is likely unnecessary and can be done faster. We implement TODDLER for Java and evaluate it on 9 popular Java codebases. Our experiments with 11 previously known, real-world performance bugs show that TODDLER finds these bugs with a higher accuracy than the standard Java profiler. Using TODDLER, we also found 42 new bugs in six Java projects: Ant, Google Core Libraries, JUnit, Apache Collections, JDK, and JFreeChart. Based on our bug reports, developers so far fixed 10 bugs and confirmed 6 more as real bugs. @InProceedings{ICSE13p562, author = {Adrian Nistor and Linhai Song and Darko Marinov and Shan Lu}, title = {Toddler: Detecting Performance Problems via Similar Memory-Access Patterns}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {562--571}, doi = {}, year = {2013}, } |
|
Maeda, Naoto |
ICSE '13: "Feedback-Directed Unit Test ..."
Feedback-Directed Unit Test Generation for C/C++ using Concolic Execution
Pranav Garg, Franjo Ivancic, Gogul Balakrishnan, Naoto Maeda, and Aarti Gupta (University of Illinois at Urbana-Champaign, USA; NEC Labs, USA; NEC, Japan) In industry, software testing and coverage-based metrics are the predominant techniques to check correctness of software. This paper addresses automatic unit test generation for programs written in C/C++. The main idea is to improve the coverage obtained by feedback-directed random test generation methods, by utilizing concolic execution on the generated test drivers. Furthermore, for programs with numeric computations, we employ non-linear solvers in a lazy manner to generate new test inputs. These techniques significantly improve the coverage provided by a feedback-directed random unit testing framework, while retaining the benefits of full automation. We have implemented these techniques in a prototype platform, and describe promising experimental results on a number of C/C++ open source benchmarks. @InProceedings{ICSE13p132, author = {Pranav Garg and Franjo Ivancic and Gogul Balakrishnan and Naoto Maeda and Aarti Gupta}, title = {Feedback-Directed Unit Test Generation for C/C++ using Concolic Execution}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {132--141}, doi = {}, year = {2013}, } |
|
Magee, Jeff |
ICSE '13: "Learning Revised Models for ..."
Learning Revised Models for Planning in Adaptive Systems
Daniel Sykes, Domenico Corapi, Jeff Magee, Jeff Kramer, Alessandra Russo, and Katsumi Inoue (Imperial College London, UK; National Institute of Informatics, Japan) Environment domain models are a key part of the information used by adaptive systems to determine their behaviour. These models can be incomplete or inaccurate. In addition, since adaptive systems generally operate in environments which are subject to change, these models are often also out of date. To update and correct these models, the system should observe how the environment responds to its actions, and compare these responses to those predicted by the model. In this paper, we use a probabilistic rule learning approach, NoMPRoL, to update models using feedback from the running system in the form of execution traces. NoMPRoL is a technique for non-monotonic probabilistic rule learning based on a transformation of an inductive logic programming task into an equivalent abductive one. In essence, it exploits consistent observations by finding general rules which explain observations in terms of the conditions under which they occur. The updated models are then used to generate new behaviour with a greater chance of success in the actual environment encountered. @InProceedings{ICSE13p63, author = {Daniel Sykes and Domenico Corapi and Jeff Magee and Jeff Kramer and Alessandra Russo and Katsumi Inoue}, title = {Learning Revised Models for Planning in Adaptive Systems}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {63--71}, doi = {}, year = {2013}, } Video |
|
Mahmoud, Anas |
ICSE '13: "Departures from Optimality: ..."
Departures from Optimality: Understanding Human Analyst's Information Foraging in Assisted Requirements Tracing
Nan Niu, Anas Mahmoud, Zhangji Chen, and Gary Bradshaw (Mississippi State University, USA) Studying human analyst's behavior in automated tracing is a new research thrust. Building on a growing body of work in this area, we offer a novel approach to understanding requirements analyst's information seeking and gathering. We model analysts as predators in pursuit of prey --- the relevant traceability information, and leverage the optimality models to characterize a rational decision process. The behavior of real analysts with that of the optimal information forager is then compared and contrasted. The results show that the analysts' information diets are much wider than the theory's predictions, and their residing in low-profitability information patches is much longer than the optimal residence time. These uncovered discrepancies not only offer concrete insights into the obstacles faced by analysts, but also lead to principled ways to increase practical tool support for overcoming the obstacles. @InProceedings{ICSE13p572, author = {Nan Niu and Anas Mahmoud and Zhangji Chen and Gary Bradshaw}, title = {Departures from Optimality: Understanding Human Analyst's Information Foraging in Assisted Requirements Tracing}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {572--581}, doi = {}, year = {2013}, } |
|
Malek, Sam |
ICSE '13: "GuideArch: Guiding the Exploration ..."
GuideArch: Guiding the Exploration of Architectural Solution Space under Uncertainty
Naeem Esfahani, Sam Malek, and Kaveh Razavi (George Mason University, USA) A system's early architectural decisions impact its properties (e.g., scalability, dependability) as well as stakeholder concerns (e.g., cost, time to delivery). Choices made early on are both difficult and costly to change, and thus it is paramount that the engineer gets them "right". This leads to a paradox, as in early design, the engineer is often forced to make these decisions under uncertainty, i.e., not knowing the precise impact of those decisions on the various concerns. How could the engineer make the "right" choices in such circumstances? This is precisely the question we have tackled in this paper. We present GuideArch, a framework aimed at quantitative exploration of the architectural solution space under uncertainty. It provides techniques founded on fuzzy math that help the engineer with making informed decisions. @InProceedings{ICSE13p43, author = {Naeem Esfahani and Sam Malek and Kaveh Razavi}, title = {GuideArch: Guiding the Exploration of Architectural Solution Space under Uncertainty}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {43--52}, doi = {}, year = {2013}, } |
|
Maoz, Shahar |
ICSE '13: "Counter Play-Out: Executing ..."
Counter Play-Out: Executing Unrealizable Scenario-Based Specifications
Shahar Maoz and Yaniv Sa'ar (Tel Aviv University, Israel; Weizmann Institute of Science, Israel) The scenario-based approach to the specification and simulation of reactive systems has attracted much research efforts in recent years. While the problem of synthesizing a controller or a transition system from a scenario-based specification has been studied extensively, no work has yet effectively addressed the case where the specification is unrealizable and a controller cannot be synthesized. This has limited the effectiveness of using scenario-based specifications in requirements analysis and simulation. In this paper we present counter play-out, an interactive debugging method for unrealizable scenario-based specifications. When we identify an unrealizable specification, we generate a controller that plays the role of the environment and lets the engineer play the role of the system. During execution, the former chooses environment's moves such that the latter is forced to eventually fail in satisfying the system's requirements. This results in an interactive, guided execution, leading to the root causes of unrealizability. The generated controller constitutes a proof that the specification is conflicting and cannot be realized. Counter play-out is based on a counter strategy, which we compute by solving a Rabin game using a symbolic, BDD-based algorithm. The work is implemented and integrated with PlayGo, an IDE for scenario-based programming developed at the Weizmann Institute of Science. Case studies show the contribution of our work to the state-of-the-art in the scenario-based approach to specification and simulation. @InProceedings{ICSE13p242, author = {Shahar Maoz and Yaniv Sa'ar}, title = {Counter Play-Out: Executing Unrealizable Scenario-Based Specifications}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {242--251}, doi = {}, year = {2013}, } |
|
Marcus, Andrian |
ICSE '13: "Automatic Query Reformulations ..."
Automatic Query Reformulations for Text Retrieval in Software Engineering
Sonia Haiduc, Gabriele Bavota, Andrian Marcus, Rocco Oliveto, Andrea De Lucia , and Tim Menzies (Wayne State University, USA; University of Salerno, Italy; University of Molise, Italy; University of West Virginia, USA) There are more than twenty distinct software engineering tasks addressed with text retrieval (TR) techniques, such as, traceability link recovery, feature location, refactoring, reuse, etc. A common issue with all TR applications is that the results of the retrieval depend largely on the quality of the query. When a query performs poorly, it has to be reformulated and this is a difficult task for someone who had trouble writing a good query in the first place. We propose a recommender (called Refoqus) based on machine learning, which is trained with a sample of queries and relevant results. Then, for a given query, it automatically recommends a reformulation strategy that should improve its performance, based on the properties of the query. We evaluated Refoqus empirically against four baseline approaches that are used in natural language document retrieval. The data used for the evaluation corresponds to changes from five open source systems in Java and C++ and it is used in the context of TR-based concept location in source code. Refoqus outperformed the baselines and its recommendations lead to query performance improvement or preservation in 84% of the cases (in average). @InProceedings{ICSE13p842, author = {Sonia Haiduc and Gabriele Bavota and Andrian Marcus and Rocco Oliveto and Andrea De Lucia and Tim Menzies}, title = {Automatic Query Reformulations for Text Retrieval in Software Engineering}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {842--851}, doi = {}, year = {2013}, } Video |
|
Marczak, Sabrina |
ICSE '13: "The Role of Domain Knowledge ..."
The Role of Domain Knowledge and Cross-Functional Communication in Socio-Technical Coordination
Daniela Damian, Remko Helms, Irwin Kwan, Sabrina Marczak, and Benjamin Koelewijn (University of Victoria, Canada; Utrecht University, Netherlands; Oregon State University, USA; PUCRS, Brazil) Software projects involve diverse roles and artifacts that have dependencies to requirements. Project team members in different roles need to coordinate but their coordination is affected by the availability of domain knowledge, which is distributed among different project members, and organizational structures that control cross-functional communication. Our study examines how information flowed between different roles in two software projects that had contrasting distributions of domain knowledge and different communication structures. Using observations, interviews, and surveys, we examined how diverse roles working on requirements and their related artifacts coordinated along task dependencies. We found that communication only partially matched task dependencies and that team members that are boundary spanners have extensive domain knowledge and hold key positions in the control structure. These findings have implications on how organizational structures interfere with task assignments and influence communication in the project, suggesting how practitioners can adjust team configuration and communication structures. @InProceedings{ICSE13p442, author = {Daniela Damian and Remko Helms and Irwin Kwan and Sabrina Marczak and Benjamin Koelewijn}, title = {The Role of Domain Knowledge and Cross-Functional Communication in Socio-Technical Coordination}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {442--451}, doi = {}, year = {2013}, } |
|
Marino, Daniel |
ICSE '13: "Detecting Deadlock in Programs ..."
Detecting Deadlock in Programs with Data-Centric Synchronization
Daniel Marino, Christian Hammer, Julian Dolby , Mandana Vaziri, Frank Tip, and Jan Vitek (Symantec Research Labs, USA; Saarland University, Germany; IBM Research, USA; University of Waterloo, Canada; Purdue University, USA) Previously, we developed a data-centric approach to concurrency control in which programmers specify synchronization constraints declaratively, by grouping shared locations into atomic sets. We implemented our ideas in a Java extension called AJ, using Java locks to implement synchronization. We proved that atomicity violations are prevented by construction, and demonstrated that realistic Java programs can be refactored into AJ without significant loss of performance. This paper presents an algorithm for detecting possible dead- lock in AJ programs by ordering the locks associated with atomic sets. In our approach, a type-based static analysis is extended to handle recursive data structures by considering programmer- supplied, compiler-verified lock ordering annotations. In an eval- uation of the algorithm, all 10 AJ programs under consideration were shown to be deadlock-free. One program needed 4 ordering annotations and 2 others required minor refactorings. For the remaining 7 programs, no programmer intervention of any kind was required. @InProceedings{ICSE13p322, author = {Daniel Marino and Christian Hammer and Julian Dolby and Mandana Vaziri and Frank Tip and Jan Vitek}, title = {Detecting Deadlock in Programs with Data-Centric Synchronization}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {322--331}, doi = {}, year = {2013}, } |
|
Marinov, Darko |
ICSE '13: "Toddler: Detecting Performance ..."
Toddler: Detecting Performance Problems via Similar Memory-Access Patterns
Adrian Nistor, Linhai Song, Darko Marinov , and Shan Lu (University of Illinois at Urbana-Champaign, USA; University of Wisconsin-Madison, USA) Performance bugs are programming errors that create significant performance degradation. While developers often use automated oracles for detecting functional bugs, detecting performance bugs usually requires time-consuming, manual analysis of execution profiles. The human effort for performance analysis limits the number of performance tests analyzed and enables performance bugs to easily escape to production. Unfortunately, while profilers can successfully localize slow executing code, profilers cannot be effectively used as automated oracles. This paper presents TODDLER, a novel automated oracle for performance bugs, which enables testing for performance bugs to use the well established and automated process of testing for functional bugs. TODDLER reports code loops whose computation has repetitive and partially similar memory-access patterns across loop iterations. Such repetitive work is likely unnecessary and can be done faster. We implement TODDLER for Java and evaluate it on 9 popular Java codebases. Our experiments with 11 previously known, real-world performance bugs show that TODDLER finds these bugs with a higher accuracy than the standard Java profiler. Using TODDLER, we also found 42 new bugs in six Java projects: Ant, Google Core Libraries, JUnit, Apache Collections, JDK, and JFreeChart. Based on our bug reports, developers so far fixed 10 bugs and confirmed 6 more as real bugs. @InProceedings{ICSE13p562, author = {Adrian Nistor and Linhai Song and Darko Marinov and Shan Lu}, title = {Toddler: Detecting Performance Problems via Similar Memory-Access Patterns}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {562--571}, doi = {}, year = {2013}, } |
|
Martin, Patrick |
ICSE '13: "Assisting Developers of Big ..."
Assisting Developers of Big Data Analytics Applications When Deploying on Hadoop Clouds
Weiyi Shang, Zhen Ming Jiang, Hadi Hemmati, Bram Adams, Ahmed E. Hassan , and Patrick Martin (Queen's University, Canada; Polytechnique Montréal, Canada) Big data analytics is the process of examining large amounts of data (big data) in an effort to uncover hidden patterns or unknown correlations. Big Data Analytics Applications (BDA Apps) are a new type of software applications, which analyze big data using massive parallel processing frameworks (e.g., Hadoop). Developers of such applications typically develop them using a small sample of data in a pseudo-cloud environment. Afterwards, they deploy the applications in a large-scale cloud environment with considerably more processing power and larger input data (reminiscent of the mainframe days). Working with BDA App developers in industry over the past three years, we noticed that the runtime analysis and debugging of such applications in the deployment phase cannot be easily addressed by traditional monitoring and debugging approaches. In this paper, as a first step in assisting developers of BDA Apps for cloud deployments, we propose a lightweight approach for uncovering differences between pseudo and large-scale cloud deployments. Our approach makes use of the readily-available yet rarely used execution logs from these platforms. Our approach abstracts the execution logs, recovers the execution sequences, and compares the sequences between the pseudo and cloud deployments. Through a case study on three representative Hadoop-based BDA Apps, we show that our approach can rapidly direct the attention of BDA App developers to the major differences between the two deployments. Knowledge of such differences is essential in verifying BDA Apps when analyzing big data in the cloud. Using injected deployment faults, we show that our approach not only significantly reduces the deployment verification effort, but also provides very few false positives when identifying deployment failures. @InProceedings{ICSE13p402, author = {Weiyi Shang and Zhen Ming Jiang and Hadi Hemmati and Bram Adams and Ahmed E. Hassan and Patrick Martin}, title = {Assisting Developers of Big Data Analytics Applications When Deploying on Hadoop Clouds}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {402--411}, doi = {}, year = {2013}, } |
|
Mattavelli, Andrea |
ICSE '13: "Automatic Recovery from Runtime ..."
Automatic Recovery from Runtime Failures
Antonio Carzaniga, Alessandra Gorla, Andrea Mattavelli, Nicolò Perino, and Mauro Pezzè (University of Lugano, Switzerland; Saarland University, Germany) We present a technique to make applications resilient to failures. This technique is intended to maintain a faulty application functional in the field while the developers work on permanent and radical fixes. We target field failures in applications built on reusable components. In particular, the technique exploits the intrinsic redundancy of those components by identifying workarounds consisting of alternative uses of the faulty components that avoid the failure. The technique is currently implemented for Java applications but makes little or no assumptions about the nature of the application, and works without interrupting the execution flow of the application and without restarting its components. We demonstrate and evaluate this technique on four mid-size applications and two popular libraries of reusable components affected by real and seeded faults. In these cases the technique is effective, maintaining the application fully functional with between 19% and 48% of the failure-causing faults, depending on the application. The experiments also show that the technique incurs an acceptable runtime overhead in all cases. @InProceedings{ICSE13p782, author = {Antonio Carzaniga and Alessandra Gorla and Andrea Mattavelli and Nicolò Perino and Mauro Pezzè}, title = {Automatic Recovery from Runtime Failures}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {782--791}, doi = {}, year = {2013}, } Video |
|
McKinley, Kathryn S. |
ICSE '13: "LASE: Locating and Applying ..."
LASE: Locating and Applying Systematic Edits by Learning from Examples
Na Meng, Miryung Kim, and Kathryn S. McKinley (University of Texas at Austin, USA; Microsoft Research, USA) Adding features and fixing bugs often require sys- tematic edits that make similar, but not identical, changes to many code locations. Finding all the relevant locations and making the correct edits is a tedious and error-prone process for developers. This paper addresses both problems using edit scripts learned from multiple examples. We design and implement a tool called LASE that (1) creates a context-aware edit script from two or more examples, and uses the script to (2) automatically identify edit locations and to (3) transform the code. We evaluate LASE on an oracle test suite of systematic edits from Eclipse JDT and SWT. LASE finds edit locations with 99% precision and 89% recall, and transforms them with 91% accuracy. We also evaluate LASE on 37 example systematic edits from other open source programs and find LASE is accurate and effective. Furthermore, we confirmed with developers that LASE found edit locations which they missed. Our novel algorithm that learns from multiple examples is critical to achieving high precision and recall; edit scripts created from only one example produce too many false positives, false negatives, or both. Our results indicate that LASE should help developers in automating systematic editing. Whereas most prior work either suggests edit locations or performs simple edits, LASE is the first to do both for nontrivial program edits. @InProceedings{ICSE13p502, author = {Na Meng and Miryung Kim and Kathryn S. McKinley}, title = {LASE: Locating and Applying Systematic Edits by Learning from Examples}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {502--511}, doi = {}, year = {2013}, } |
|
Mei, Hong |
ICSE '13: "Bridging the Gap between the ..."
Bridging the Gap between the Total and Additional Test-Case Prioritization Strategies
Lingming Zhang, Dan Hao, Lu Zhang, Gregg Rothermel, and Hong Mei (Peking University, China; University of Texas at Austin, USA; University of Nebraska-Lincoln, USA) In recent years, researchers have intensively investigated various topics in test-case prioritization, which aims to re-order test cases to increase the rate of fault detection during regression testing. The total and additional prioritization strategies, which prioritize based on total numbers of elements covered per test, and numbers of additional (not-yet-covered) elements covered per test, are two widely-adopted generic strategies used for such prioritization. This paper proposes a basic model and an extended model that unify the total strategy and the additional strategy. Our models yield a spectrum of generic strategies ranging between the total and additional strategies, depending on a parameter referred to as the p value. We also propose four heuristics to obtain differentiated p values for different methods under test. We performed an empirical study on 19 versions of four Java programs to explore our results. Our results demonstrate that wide ranges of strategies in our basic and extended models with uniform p values can significantly outperform both the total and additional strategies. In addition, our results also demonstrate that using differentiated p values for both the basic and extended models with method coverage can even outperform the additional strategy using statement coverage. @InProceedings{ICSE13p192, author = {Lingming Zhang and Dan Hao and Lu Zhang and Gregg Rothermel and Hong Mei}, title = {Bridging the Gap between the Total and Additional Test-Case Prioritization Strategies}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {192--201}, doi = {}, year = {2013}, } |
|
Meng, Na |
ICSE '13: "LASE: Locating and Applying ..."
LASE: Locating and Applying Systematic Edits by Learning from Examples
Na Meng, Miryung Kim, and Kathryn S. McKinley (University of Texas at Austin, USA; Microsoft Research, USA) Adding features and fixing bugs often require sys- tematic edits that make similar, but not identical, changes to many code locations. Finding all the relevant locations and making the correct edits is a tedious and error-prone process for developers. This paper addresses both problems using edit scripts learned from multiple examples. We design and implement a tool called LASE that (1) creates a context-aware edit script from two or more examples, and uses the script to (2) automatically identify edit locations and to (3) transform the code. We evaluate LASE on an oracle test suite of systematic edits from Eclipse JDT and SWT. LASE finds edit locations with 99% precision and 89% recall, and transforms them with 91% accuracy. We also evaluate LASE on 37 example systematic edits from other open source programs and find LASE is accurate and effective. Furthermore, we confirmed with developers that LASE found edit locations which they missed. Our novel algorithm that learns from multiple examples is critical to achieving high precision and recall; edit scripts created from only one example produce too many false positives, false negatives, or both. Our results indicate that LASE should help developers in automating systematic editing. Whereas most prior work either suggests edit locations or performs simple edits, LASE is the first to do both for nontrivial program edits. @InProceedings{ICSE13p502, author = {Na Meng and Miryung Kim and Kathryn S. McKinley}, title = {LASE: Locating and Applying Systematic Edits by Learning from Examples}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {502--511}, doi = {}, year = {2013}, } |
|
Menzies, Tim |
ICSE '13: "Automatic Query Reformulations ..."
Automatic Query Reformulations for Text Retrieval in Software Engineering
Sonia Haiduc, Gabriele Bavota, Andrian Marcus, Rocco Oliveto, Andrea De Lucia , and Tim Menzies (Wayne State University, USA; University of Salerno, Italy; University of Molise, Italy; University of West Virginia, USA) There are more than twenty distinct software engineering tasks addressed with text retrieval (TR) techniques, such as, traceability link recovery, feature location, refactoring, reuse, etc. A common issue with all TR applications is that the results of the retrieval depend largely on the quality of the query. When a query performs poorly, it has to be reformulated and this is a difficult task for someone who had trouble writing a good query in the first place. We propose a recommender (called Refoqus) based on machine learning, which is trained with a sample of queries and relevant results. Then, for a given query, it automatically recommends a reformulation strategy that should improve its performance, based on the properties of the query. We evaluated Refoqus empirically against four baseline approaches that are used in natural language document retrieval. The data used for the evaluation corresponds to changes from five open source systems in Java and C++ and it is used in the context of TR-based concept location in source code. Refoqus outperformed the baselines and its recommendations lead to query performance improvement or preservation in 84% of the cases (in average). @InProceedings{ICSE13p842, author = {Sonia Haiduc and Gabriele Bavota and Andrian Marcus and Rocco Oliveto and Andrea De Lucia and Tim Menzies}, title = {Automatic Query Reformulations for Text Retrieval in Software Engineering}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {842--851}, doi = {}, year = {2013}, } Video ICSE '13: "On the Value of User Preferences ..." On the Value of User Preferences in Search-Based Software Engineering: A Case Study in Software Product Lines Abdel Salam Sayyad, Tim Menzies, and Hany Ammar (West Virginia University, USA) Software design is a process of trading off competing objectives. If the user objective space is rich, then we should use optimizers that can fully exploit that richness. For example, this study configures software product lines (expressed as feature maps) using various search-based software engineering methods. As we increase the number of optimization objectives, we find that methods in widespread use (e.g. NSGA-II, SPEA2) perform much worse than IBEA (Indicator-Based Evolutionary Algorithm). IBEA works best since it makes most use of user preference knowledge. Hence it does better on the standard measures (hypervolume and spread) but it also generates far more products with 0% violations of domain constraints. Our conclusion is that we need to change our methods for search-based software engineering, particularly when studying complex decision spaces. @InProceedings{ICSE13p492, author = {Abdel Salam Sayyad and Tim Menzies and Hany Ammar}, title = {On the Value of User Preferences in Search-Based Software Engineering: A Case Study in Software Product Lines}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {492--501}, doi = {}, year = {2013}, } Video |
|
Meyer, Bertrand |
ICSE '13: "What Good Are Strong Specifications? ..."
What Good Are Strong Specifications?
Nadia Polikarpova, Carlo A. Furia, Yu Pei, Yi Wei, and Bertrand Meyer (ETH Zurich, Switzerland; ITMO National Research University, Russia) Experience with lightweight formal methods suggests that programmers are willing to write specification if it brings tangible benefits to their usual development activities. This paper considers stronger specifications and studies whether they can be deployed as an incremental practice that brings additional benefits without being unacceptably expensive. We introduce a methodology that extends Design by Contract to write strong specifications of functional properties in the form of preconditions, postconditions, and invariants. The methodology aims at being palatable to developers who are not fluent in formal techniques but are comfortable with writing simple specifications. We evaluate the cost and the benefits of using strong specifications by applying the methodology to testing data structure implementations written in Eiffel and C#. In our extensive experiments, testing against strong specifications detects twice as many bugs as standard contracts, with a reasonable overhead in terms of annotation burden and run-time performance while testing. In the wide spectrum of formal techniques for software quality, testing against strong specifications lies in a "sweet spot" with a favorable benefit to effort ratio. @InProceedings{ICSE13p262, author = {Nadia Polikarpova and Carlo A. Furia and Yu Pei and Yi Wei and Bertrand Meyer}, title = {What Good Are Strong Specifications?}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {262--271}, doi = {}, year = {2013}, } Video |
|
Millstein, Todd |
ICSE '13: "RERAN: Timing- and Touch-Sensitive ..."
RERAN: Timing- and Touch-Sensitive Record and Replay for Android
Lorenzo Gomez, Iulian Neamtiu, Tanzirul Azim, and Todd Millstein (UC Los Angeles, USA; UC Riverside, USA) Touchscreen-based devices such as smartphones and tablets are gaining popularity but their rich input capabilities pose new development and testing complications. To alleviate this problem, we present an approach and tool named RERAN that permits record-and-replay for the Android smartphone platform. Existing GUI-level record-and-replay approaches are inadequate due to the expressiveness of the smartphone domain, in which applications support sophisticated GUI gestures, depend on inputs from a variety of sensors on the device, and have precise timing requirements among the various input events. We address these challenges by directly capturing the low-level event stream on the phone, which includes both GUI events and sensor events, and replaying it with microsecond accuracy. Moreover, RERAN does not require access to app source code, perform any app rewriting, or perform any modifications to the virtual machine or Android platform. We demonstrate RERAN’s applicability in a variety of scenarios, including (a) replaying 86 out of the Top-100 Android apps on Google Play; (b) reproducing bugs in popular apps, e.g., Firefox, Facebook, Quickoffice; and (c) fast-forwarding executions. We believe that our versatile approach can help both Android developers and researchers. @InProceedings{ICSE13p72, author = {Lorenzo Gomez and Iulian Neamtiu and Tanzirul Azim and Todd Millstein}, title = {RERAN: Timing- and Touch-Sensitive Record and Replay for Android}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {72--81}, doi = {}, year = {2013}, } |
|
Molnar, David |
ICSE '13: "Billions and Billions of Constraints: ..."
Billions and Billions of Constraints: Whitebox Fuzz Testing in Production
Ella Bounimova, Patrice Godefroid, and David Molnar (Microsoft Research, USA) We report experiences with constraint-based whitebox fuzz testing in production across hundreds of large Windows applications and over 500 machine years of computation from 2007 to 2013. Whitebox fuzzing leverages symbolic execution on binary traces and constraint solving to construct new inputs to a program. These inputs execute previously uncovered paths or trigger security vulnerabilities. Whitebox fuzzing has found one-third of all file fuzzing bugs during the development of Windows 7, saving millions of dollars in potential security vulnerabilities. The technique is in use today across multiple products at Microsoft. We describe key challenges with running whitebox fuzzing in production. We give principles for addressing these challenges and describe two new systems built from these principles: SAGAN, which collects data from every fuzzing run for further analysis, and JobCenter, which controls deployment of our whitebox fuzzing infrastructure across commodity virtual machines. Since June 2010, SAGAN has logged over 3.4 billion constraints solved, millions of symbolic executions, and tens of millions of test cases generated. Our work represents the largest scale deployment of whitebox fuzzing to date, including the largest usage ever for a Satisfiability Modulo Theories (SMT) solver. We present specific data analyses that improved our production use of whitebox fuzzing. Finally we report data on the performance of constraint solving and dynamic test generation that points toward future research problems. @InProceedings{ICSE13p122, author = {Ella Bounimova and Patrice Godefroid and David Molnar}, title = {Billions and Billions of Constraints: Whitebox Fuzz Testing in Production}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {122--131}, doi = {}, year = {2013}, } |
|
Moonen, Leon |
ICSE '13: "Exploring the Impact of Inter-smell ..."
Exploring the Impact of Inter-smell Relations on Software Maintainability: An Empirical Study
Aiko Yamashita and Leon Moonen (Simula Research Laboratory, Norway) Code smells are indicators of issues with source code quality that may hinder evolution. While previous studies mainly focused on the effects of individual code smells on maintainability, we conjecture that not only the individual code smells but also the interactions between code smells affect maintenance. We empirically investigate the interactions amongst 12 code smells and analyze how those interactions relate to maintenance problems. Professional developers were hired for a period of four weeks to implement change requests on four medium-sized Java systems with known smells. On a daily basis, we recorded what specific problems they faced and which artifacts were associated with them. Code smells were automatically detected in the pre-maintenance versions of the systems and analyzed using Principal Component Analysis (PCA) to identify patterns of co-located code smells. Analysis of these factors with the observed maintenance problems revealed how smells that were co-located in the same artifact interacted with each other, and affected maintainability. Moreover, we found that code smell interactions occurred across coupled artifacts, with comparable negative effects as same-artifact co-location. We argue that future studies into the effects of code smells on maintainability should integrate dependency analysis in their process so that they can obtain a more complete understanding by including such coupled interactions. @InProceedings{ICSE13p682, author = {Aiko Yamashita and Leon Moonen}, title = {Exploring the Impact of Inter-smell Relations on Software Maintainability: An Empirical Study}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {682--691}, doi = {}, year = {2013}, } |
|
Murphy, Gail C. |
ICSE '13: "Reverb: Recommending Code-Related ..."
Reverb: Recommending Code-Related Web Pages
Nicholas Sawadsky, Gail C. Murphy, and Rahul Jiresal (University of British Columbia, Canada) The web is an important source of development-related resources, such as code examples, tutorials, and API documentation. Yet existing development environments are largely disconnected from these resources. In this work, we explore how to provide useful web page recommendations to developers by focusing on the problem of refinding web pages that a developer has previously used. We present the results of a study about developer browsing activity in which we found that 13.7% of developers visits to code-related pages are revisits and that only a small fraction (7.4%) of these were initiated through a low-cost mechanism, such as a bookmark. To assist with code-related revisits, we introduce Reverb, a tool which recommends previously visited web pages that pertain to the code visible in the developer's editor. Through a field study, we found that, on average, Reverb can recommend a useful web page in 51% of revisitation cases. @InProceedings{ICSE13p812, author = {Nicholas Sawadsky and Gail C. Murphy and Rahul Jiresal}, title = {Reverb: Recommending Code-Related Web Pages}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {812--821}, doi = {}, year = {2013}, } Video |
|
Murphy-Hill, Emerson |
ICSE '13: "Why Don't Software Developers ..."
Why Don't Software Developers Use Static Analysis Tools to Find Bugs?
Brittany Johnson, Yoonki Song, Emerson Murphy-Hill, and Robert Bowdidge (North Carolina State University, USA; Google, USA) Using static analysis tools for automating code inspections can be beneficial for software engineers. Such tools can make finding bugs, or software defects, faster and cheaper than manual inspections. Despite the benefits of using static analysis tools to find bugs, research suggests that these tools are underused. In this paper, we investigate why developers are not widely using static analysis tools and how current tools could potentially be improved. We conducted interviews with 20 developers and found that although all of our participants felt that use is beneficial, false positives and the way in which the warnings are presented, among other things, are barriers to use. We discuss several implications of these results, such as the need for an interactive mechanism to help developers fix defects. @InProceedings{ICSE13p672, author = {Brittany Johnson and Yoonki Song and Emerson Murphy-Hill and Robert Bowdidge}, title = {Why Don't Software Developers Use Static Analysis Tools to Find Bugs?}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {672--681}, doi = {}, year = {2013}, } ICSE '13: "The Design of Bug Fixes ..." The Design of Bug Fixes Emerson Murphy-Hill, Thomas Zimmermann , Christian Bird, and Nachiappan Nagappan (North Carolina State University, USA; Microsoft Research, USA) When software engineers fix bugs, they may have several options as to how to fix those bugs. Which fix they choose has many implications, both for practitioners and researchers: What is the risk of introducing other bugs during the fix? Is the bug fix in the same code that caused the bug? Is the change fixing the cause or just covering a symptom? In this paper, we investigate alternative fixes to bugs and present an empirical study of how engineers make design choices about how to fix bugs. Based on qualitative interviews with 40 engineers working on a variety of products, data from 6 bug triage meetings, and a survey filled out by 326 engineers, we found a number of factors, many of them non-technical, that influence how bugs are fixed, such as how close to release the software is. We also discuss several implications for research and practice, including ways to make bug prediction and localization more accurate. @InProceedings{ICSE13p332, author = {Emerson Murphy-Hill and Thomas Zimmermann and Christian Bird and Nachiappan Nagappan}, title = {The Design of Bug Fixes}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {332--341}, doi = {}, year = {2013}, } |
|
Nagappan, Nachiappan |
ICSE '13: "The Design of Bug Fixes ..."
The Design of Bug Fixes
Emerson Murphy-Hill, Thomas Zimmermann , Christian Bird, and Nachiappan Nagappan (North Carolina State University, USA; Microsoft Research, USA) When software engineers fix bugs, they may have several options as to how to fix those bugs. Which fix they choose has many implications, both for practitioners and researchers: What is the risk of introducing other bugs during the fix? Is the bug fix in the same code that caused the bug? Is the change fixing the cause or just covering a symptom? In this paper, we investigate alternative fixes to bugs and present an empirical study of how engineers make design choices about how to fix bugs. Based on qualitative interviews with 40 engineers working on a variety of products, data from 6 bug triage meetings, and a survey filled out by 326 engineers, we found a number of factors, many of them non-technical, that influence how bugs are fixed, such as how close to release the software is. We also discuss several implications for research and practice, including ways to make bug prediction and localization more accurate. @InProceedings{ICSE13p332, author = {Emerson Murphy-Hill and Thomas Zimmermann and Christian Bird and Nachiappan Nagappan}, title = {The Design of Bug Fixes}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {332--341}, doi = {}, year = {2013}, } |
|
Nam, Jaechang |
ICSE '13: "Transfer Defect Learning ..."
Transfer Defect Learning
Jaechang Nam, Sinno Jialin Pan, and Sunghun Kim (Hong Kong University of Science and Technology, China; Institute for Infocomm Research, Singapore) Many software defect prediction approaches have been proposed and most are effective in within-project prediction settings. However, for new projects or projects with limited training data, it is desirable to learn a prediction model by using sufficient training data from existing source projects and then apply the model to some target projects (cross-project defect prediction). Unfortunately, the performance of cross-project defect prediction is generally poor, largely because of feature distribution differences between the source and target projects. In this paper, we apply a state-of-the-art transfer learning approach, TCA, to make feature distributions in source and target projects similar. In addition, we propose a novel transfer defect learning approach, TCA+, by extending TCA. Our experimental results for eight open-source projects show that TCA+ significantly improves cross-project prediction performance. @InProceedings{ICSE13p382, author = {Jaechang Nam and Sinno Jialin Pan and Sunghun Kim}, title = {Transfer Defect Learning}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {382--391}, doi = {}, year = {2013}, } ICSE '13: "Automatic Patch Generation ..." Automatic Patch Generation Learned from Human-Written Patches Dongsun Kim, Jaechang Nam, Jaewoo Song, and Sunghun Kim (Hong Kong University of Science and Technology, China) Patch generation is an essential software maintenance task because most software systems inevitably have bugs that need to be fixed. Unfortunately, human resources are often insufficient to fix all reported and known bugs. To address this issue, several automated patch generation techniques have been proposed. In particular, a genetic-programming-based patch generation technique, GenProg, proposed by Weimer et al., has shown promising results. However, these techniques can generate nonsensical patches due to the randomness of their mutation operations. To address this limitation, we propose a novel patch generation approach, Pattern-based Automatic program Repair (PAR), using fix patterns learned from existing human-written patches. We manually inspected more than 60,000 human-written patches and found there are several common fix patterns. Our approach leverages these fix patterns to generate program patches automatically. We experimentally evaluated PAR on 119 real bugs. In addition, a user study involving 89 students and 164 developers confirmed that patches generated by our approach are more acceptable than those generated by GenProg. PAR successfully generated patches for 27 out of 119 bugs, while GenProg was successful for only 16 bugs. @InProceedings{ICSE13p802, author = {Dongsun Kim and Jaechang Nam and Jaewoo Song and Sunghun Kim}, title = {Automatic Patch Generation Learned from Human-Written Patches}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {802--811}, doi = {}, year = {2013}, } |
|
Neamtiu, Iulian |
ICSE '13: "RERAN: Timing- and Touch-Sensitive ..."
RERAN: Timing- and Touch-Sensitive Record and Replay for Android
Lorenzo Gomez, Iulian Neamtiu, Tanzirul Azim, and Todd Millstein (UC Los Angeles, USA; UC Riverside, USA) Touchscreen-based devices such as smartphones and tablets are gaining popularity but their rich input capabilities pose new development and testing complications. To alleviate this problem, we present an approach and tool named RERAN that permits record-and-replay for the Android smartphone platform. Existing GUI-level record-and-replay approaches are inadequate due to the expressiveness of the smartphone domain, in which applications support sophisticated GUI gestures, depend on inputs from a variety of sensors on the device, and have precise timing requirements among the various input events. We address these challenges by directly capturing the low-level event stream on the phone, which includes both GUI events and sensor events, and replaying it with microsecond accuracy. Moreover, RERAN does not require access to app source code, perform any app rewriting, or perform any modifications to the virtual machine or Android platform. We demonstrate RERAN’s applicability in a variety of scenarios, including (a) replaying 86 out of the Top-100 Android apps on Google Play; (b) reproducing bugs in popular apps, e.g., Firefox, Facebook, Quickoffice; and (c) fast-forwarding executions. We believe that our versatile approach can help both Android developers and researchers. @InProceedings{ICSE13p72, author = {Lorenzo Gomez and Iulian Neamtiu and Tanzirul Azim and Todd Millstein}, title = {RERAN: Timing- and Touch-Sensitive Record and Replay for Android}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {72--81}, doi = {}, year = {2013}, } |
|
Nelson, Tim |
ICSE '13: "Aluminum: Principled Scenario ..."
Aluminum: Principled Scenario Exploration through Minimality
Tim Nelson, Salman Saghafi, Daniel J. Dougherty, Kathi Fisler, and Shriram Krishnamurthi (Worcester Polytechnic Institute, USA; Brown University, USA) Scenario-finding tools such as Alloy are widely used to understand the consequences of specifications, with applications to software modeling, security analysis, and verification. This paper focuses on the exploration of scenarios: which scenarios are presented first, and how to traverse them in a well-defined way. We present Aluminum, a modification of Alloy that presents only minimal scenarios: those that contain no more than is necessary. Aluminum lets users explore the scenario space by adding to scenarios and backtracking. It also provides the ability to find what can consistently be used to extend each scenario. We describe the semantic basis of Aluminum in terms of minimal models of first-order logic formulas. We show how this theory can be implemented atop existing SAT-solvers and quantify both the benefits of minimality and its small computational overhead. Finally, we offer some qualitative observations about scenario exploration in Aluminum. @InProceedings{ICSE13p232, author = {Tim Nelson and Salman Saghafi and Daniel J. Dougherty and Kathi Fisler and Shriram Krishnamurthi}, title = {Aluminum: Principled Scenario Exploration through Minimality}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {232--241}, doi = {}, year = {2013}, } Video |
|
Nguyen, Hoan Anh |
ICSE '13: "Boa: A Language and Infrastructure ..."
Boa: A Language and Infrastructure for Analyzing Ultra-Large-Scale Software Repositories
Robert Dyer, Hoan Anh Nguyen, Hridesh Rajan , and Tien N. Nguyen (Iowa State University, USA) In today's software-centric world, ultra-large-scale software repositories, e.g. SourceForge (350,000+ projects), GitHub (250,000+ projects), and Google Code (250,000+ projects) are the new library of Alexandria. They contain an enormous corpus of software and information about software. Scientists and engineers alike are interested in analyzing this wealth of information both for curiosity as well as for testing important hypotheses. However, systematic extraction of relevant data from these repositories and analysis of such data for testing hypotheses is hard, and best left for mining software repository (MSR) experts! The goal of Boa, a domain-specific language and infrastructure described here, is to ease testing MSR-related hypotheses. We have implemented Boa and provide a web-based interface to Boa's infrastructure. Our evaluation demonstrates that Boa substantially reduces programming efforts, thus lowering the barrier to entry. We also see drastic improvements in scalability. Last but not least, reproducing an experiment conducted using Boa is just a matter of re-running small Boa programs provided by previous researchers. @InProceedings{ICSE13p422, author = {Robert Dyer and Hoan Anh Nguyen and Hridesh Rajan and Tien N. Nguyen}, title = {Boa: A Language and Infrastructure for Analyzing Ultra-Large-Scale Software Repositories}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {422--431}, doi = {}, year = {2013}, } |
|
Nguyen, Hoang Duong Thien |
ICSE '13: "SemFix: Program Repair via ..."
SemFix: Program Repair via Semantic Analysis
Hoang Duong Thien Nguyen, Dawei Qi, Abhik Roychoudhury , and Satish Chandra (National University of Singapore, Singapore; IBM Research, USA) Debugging consumes significant time and effort in any major software development project. Moreover, even after the root cause of a bug is identified, fixing the bug is non-trivial. Given this situation, automated program repair methods are of value. In this paper, we present an automated repair method based on symbolic execution, constraint solving and program synthesis. In our approach, the requirement on the repaired code to pass a given set of tests is formulated as a constraint. Such a constraint is then solved by iterating over a layered space of repair expressions, layered by the complexity of the repair code. We compare our method with recently proposed genetic programming based repair on SIR programs with seeded bugs, as well as fragments of GNU Coreutils with real bugs. On these subjects, our approach reports a higher success-rate than genetic programming based repair, and produces a repair faster. @InProceedings{ICSE13p772, author = {Hoang Duong Thien Nguyen and Dawei Qi and Abhik Roychoudhury and Satish Chandra}, title = {SemFix: Program Repair via Semantic Analysis}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {772--781}, doi = {}, year = {2013}, } |
|
Nguyen, Tien N. |
ICSE '13: "Boa: A Language and Infrastructure ..."
Boa: A Language and Infrastructure for Analyzing Ultra-Large-Scale Software Repositories
Robert Dyer, Hoan Anh Nguyen, Hridesh Rajan , and Tien N. Nguyen (Iowa State University, USA) In today's software-centric world, ultra-large-scale software repositories, e.g. SourceForge (350,000+ projects), GitHub (250,000+ projects), and Google Code (250,000+ projects) are the new library of Alexandria. They contain an enormous corpus of software and information about software. Scientists and engineers alike are interested in analyzing this wealth of information both for curiosity as well as for testing important hypotheses. However, systematic extraction of relevant data from these repositories and analysis of such data for testing hypotheses is hard, and best left for mining software repository (MSR) experts! The goal of Boa, a domain-specific language and infrastructure described here, is to ease testing MSR-related hypotheses. We have implemented Boa and provide a web-based interface to Boa's infrastructure. Our evaluation demonstrates that Boa substantially reduces programming efforts, thus lowering the barrier to entry. We also see drastic improvements in scalability. Last but not least, reproducing an experiment conducted using Boa is just a matter of re-running small Boa programs provided by previous researchers. @InProceedings{ICSE13p422, author = {Robert Dyer and Hoan Anh Nguyen and Hridesh Rajan and Tien N. Nguyen}, title = {Boa: A Language and Infrastructure for Analyzing Ultra-Large-Scale Software Repositories}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {422--431}, doi = {}, year = {2013}, } |
|
Nistor, Adrian |
ICSE '13: "Toddler: Detecting Performance ..."
Toddler: Detecting Performance Problems via Similar Memory-Access Patterns
Adrian Nistor, Linhai Song, Darko Marinov , and Shan Lu (University of Illinois at Urbana-Champaign, USA; University of Wisconsin-Madison, USA) Performance bugs are programming errors that create significant performance degradation. While developers often use automated oracles for detecting functional bugs, detecting performance bugs usually requires time-consuming, manual analysis of execution profiles. The human effort for performance analysis limits the number of performance tests analyzed and enables performance bugs to easily escape to production. Unfortunately, while profilers can successfully localize slow executing code, profilers cannot be effectively used as automated oracles. This paper presents TODDLER, a novel automated oracle for performance bugs, which enables testing for performance bugs to use the well established and automated process of testing for functional bugs. TODDLER reports code loops whose computation has repetitive and partially similar memory-access patterns across loop iterations. Such repetitive work is likely unnecessary and can be done faster. We implement TODDLER for Java and evaluate it on 9 popular Java codebases. Our experiments with 11 previously known, real-world performance bugs show that TODDLER finds these bugs with a higher accuracy than the standard Java profiler. Using TODDLER, we also found 42 new bugs in six Java projects: Ant, Google Core Libraries, JUnit, Apache Collections, JDK, and JFreeChart. Based on our bug reports, developers so far fixed 10 bugs and confirmed 6 more as real bugs. @InProceedings{ICSE13p562, author = {Adrian Nistor and Linhai Song and Darko Marinov and Shan Lu}, title = {Toddler: Detecting Performance Problems via Similar Memory-Access Patterns}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {562--571}, doi = {}, year = {2013}, } |
|
Niu, Nan |
ICSE '13: "Departures from Optimality: ..."
Departures from Optimality: Understanding Human Analyst's Information Foraging in Assisted Requirements Tracing
Nan Niu, Anas Mahmoud, Zhangji Chen, and Gary Bradshaw (Mississippi State University, USA) Studying human analyst's behavior in automated tracing is a new research thrust. Building on a growing body of work in this area, we offer a novel approach to understanding requirements analyst's information seeking and gathering. We model analysts as predators in pursuit of prey --- the relevant traceability information, and leverage the optimality models to characterize a rational decision process. The behavior of real analysts with that of the optimal information forager is then compared and contrasted. The results show that the analysts' information diets are much wider than the theory's predictions, and their residing in low-profitability information patches is much longer than the optimal residence time. These uncovered discrepancies not only offer concrete insights into the obstacles faced by analysts, but also lead to principled ways to increase practical tool support for overcoming the obstacles. @InProceedings{ICSE13p572, author = {Nan Niu and Anas Mahmoud and Zhangji Chen and Gary Bradshaw}, title = {Departures from Optimality: Understanding Human Analyst's Information Foraging in Assisted Requirements Tracing}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {572--581}, doi = {}, year = {2013}, } |
|
Noble, James |
ICSE '13: "Are Your Incoming Aliases ..."
Are Your Incoming Aliases Really Necessary? Counting the Cost of Object Ownership
Alex Potanin, Monique Damitio, and James Noble (Victoria University of Wellington, New Zealand) Object ownership enforces encapsulation within object-oriented programs by forbidding incoming aliases into objects' representations. Many common data structures, such as collections with iterators, require incoming aliases, so there has been much work on relaxing ownership's encapsulation to permit multiple incoming aliases. This research asks the opposite question: Are your aliases really necessary? In this paper, we count the cost of programming with strong object encapsulation. We refactored the JDK 5.0 collection classes so that they did not use incoming aliases, following either the owner-as-dominator or the owner-as-accessor encapsulation discipline. We measured the performance time overhead the refactored collections impose on a set of microbenchmarks and on the DaCapo, SPECjbb and SPECjvm benchmark suites. While the microbenchmarks show that individual operations and iterations can be significantly slower on encapsulated collection (especially for owner-as-dominator), we found less than 3% slowdown for owner-as-accessor across the large scale benchmarks. As a result, we propose that well-known design patterns such as Iterator commonly used by software engineers around the world need to be adjusted to take ownership into account. As most design patterns are used as a building block in constructing larger pieces of software, a small adjustment to respect ownership will not have any impact on the productivity of programmers but will have a huge impact on the quality of the resulting code with respect to aliasing. @InProceedings{ICSE13p742, author = {Alex Potanin and Monique Damitio and James Noble}, title = {Are Your Incoming Aliases Really Necessary? Counting the Cost of Object Ownership}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {742--751}, doi = {}, year = {2013}, } Video |
|
Nuseibeh, Bashar |
ICSE '13: "Engineering Adaptive Privacy: ..."
Engineering Adaptive Privacy: On the Role of Privacy Awareness Requirements
Inah Omoronyia, Luca Cavallaro, Mazeiar Salehie, Liliana Pasquale, and Bashar Nuseibeh (University of Glasgow, UK; Lero, Ireland; University of Limerick, Ireland; Open University, UK) Applications that continuously gather and disclose personal information about users are increasingly common. While disclosing this information may be essential for these applications to function, it may also raise privacy concerns. Partly, this is due to frequently changing context that introduces new privacy threats, and makes it difficult to continuously satisfy privacy requirements. To address this problem, applications may need to adapt in order to manage changing privacy concerns. Thus, we propose a framework that exploits the notion of privacy awareness requirements to identify runtime privacy properties to satisfy. These properties are used to support disclosure decision making by applications. Our evaluations suggest that applications that fail to satisfy privacy awareness requirements cannot regulate users information disclosure. We also observe that the satisfaction of privacy awareness requirements is useful to users aiming to minimise exposure to privacy threats, and to users aiming to maximise functional benefits amidst increasing threat severity. @InProceedings{ICSE13p632, author = {Inah Omoronyia and Luca Cavallaro and Mazeiar Salehie and Liliana Pasquale and Bashar Nuseibeh}, title = {Engineering Adaptive Privacy: On the Role of Privacy Awareness Requirements}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {632--641}, doi = {}, year = {2013}, } |
|
Oliveira, Bruno C. d. S. |
ICSE '13: "Partition-Based Regression ..."
Partition-Based Regression Verification
Marcel Böhme, Bruno C. d. S. Oliveira, and Abhik Roychoudhury (National University of Singapore, Singapore) Regression verification (RV) seeks to guarantee the absence of regression errors in a changed program version. This paper presents Partition-based Regression Verification (PRV): an approach to RV based on the gradual exploration of differential input partitions. A differential input partition is a subset of the common input space of two program versions that serves as a unit of verification. Instead of proving the absence of regression for the complete input space at once, PRV verifies differential partitions in a gradual manner. If the exploration is interrupted, PRV retains partial verification guarantees at least for the explored differential partitions. This is crucial in practice as verifying the complete input space can be prohibitively expensive. Experiments show that PRV provides a useful alternative to state-of-the-art regression test generation techniques. During the exploration, PRV generates test cases which can expose different behaviour across two program versions. However, while test cases are generally single points in the common input space, PRV can verify entire partitions and moreover give feedback that allows programmers to relate a behavioral difference to those syntactic changes that contribute to this difference. @InProceedings{ICSE13p302, author = {Marcel Böhme and Bruno C. d. S. Oliveira and Abhik Roychoudhury}, title = {Partition-Based Regression Verification}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {302--311}, doi = {}, year = {2013}, } Video |
|
Oliveto, Rocco |
ICSE '13: "Automatic Query Reformulations ..."
Automatic Query Reformulations for Text Retrieval in Software Engineering
Sonia Haiduc, Gabriele Bavota, Andrian Marcus, Rocco Oliveto, Andrea De Lucia , and Tim Menzies (Wayne State University, USA; University of Salerno, Italy; University of Molise, Italy; University of West Virginia, USA) There are more than twenty distinct software engineering tasks addressed with text retrieval (TR) techniques, such as, traceability link recovery, feature location, refactoring, reuse, etc. A common issue with all TR applications is that the results of the retrieval depend largely on the quality of the query. When a query performs poorly, it has to be reformulated and this is a difficult task for someone who had trouble writing a good query in the first place. We propose a recommender (called Refoqus) based on machine learning, which is trained with a sample of queries and relevant results. Then, for a given query, it automatically recommends a reformulation strategy that should improve its performance, based on the properties of the query. We evaluated Refoqus empirically against four baseline approaches that are used in natural language document retrieval. The data used for the evaluation corresponds to changes from five open source systems in Java and C++ and it is used in the context of TR-based concept location in source code. Refoqus outperformed the baselines and its recommendations lead to query performance improvement or preservation in 84% of the cases (in average). @InProceedings{ICSE13p842, author = {Sonia Haiduc and Gabriele Bavota and Andrian Marcus and Rocco Oliveto and Andrea De Lucia and Tim Menzies}, title = {Automatic Query Reformulations for Text Retrieval in Software Engineering}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {842--851}, doi = {}, year = {2013}, } Video ICSE '13: "An Empirical Study on the ..." An Empirical Study on the Developers' Perception of Software Coupling Gabriele Bavota, Bogdan Dit, Rocco Oliveto, Massimiliano Di Penta, Denys Poshyvanyk , and Andrea De Lucia (University of Salerno, Italy; College of William and Mary, USA; University of Molise, Italy; University of Sannio, Italy) Coupling is a fundamental property of software systems, and numerous coupling measures have been proposed to support various development and maintenance activities. However, little is known about how developers actually perceive coupling, what mechanisms constitute coupling, and if existing measures align with this perception. In this paper we bridge this gap, by empirically investigating how class coupling---as captured by structural, dynamic, semantic, and logical coupling measures---aligns with developers' perception of coupling. The study has been conducted on three Java open-source systems---namely ArgoUML, JHotDraw and jEdit---and involved 64 students, academics, and industrial practitioners from around the world, as well as 12 active developers of these three systems. We asked participants to assess the coupling between the given pairs of classes and provide their ratings and some rationale. The results indicate that the peculiarity of the semantic coupling measure allows it to better estimate the mental model of developers than the other coupling measures. This is because, in several cases, the interactions between classes are encapsulated in the source code vocabulary, and cannot be easily derived by only looking at structural relationships, such as method calls. @InProceedings{ICSE13p692, author = {Gabriele Bavota and Bogdan Dit and Rocco Oliveto and Massimiliano Di Penta and Denys Poshyvanyk and Andrea De Lucia}, title = {An Empirical Study on the Developers' Perception of Software Coupling}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {692--701}, doi = {}, year = {2013}, } Video ICSE '13: "How to Effectively Use Topic ..." How to Effectively Use Topic Models for Software Engineering Tasks? An Approach Based on Genetic Algorithms Annibale Panichella, Bogdan Dit, Rocco Oliveto, Massimiliano Di Penta, Denys Poshyvanyk, and Andrea De Lucia (University of Salerno, Italy; College of William and Mary, USA; University of Molise, Italy; University of Sannio, Italy) Information Retrieval (IR) methods, and in particular topic models, have recently been used to support essential software engineering (SE) tasks, by enabling software textual retrieval and analysis. In all these approaches, topic models have been used on software artifacts in a similar manner as they were used on natural language documents (e.g., using the same settings and parameters) because the underlying assumption was that source code and natural language documents are similar. However, applying topic models on software data using the same settings as for natural language text did not always produce the expected results. Recent research investigated this assumption and showed that source code is much more repetitive and predictable as compared to the natural language text. Our paper builds on this new fundamental finding and proposes a novel solution to adapt, configure and effectively use a topic modeling technique, namely Latent Dirichlet Allocation (LDA), to achieve better (acceptable) performance across various SE tasks. Our paper introduces a novel solution called LDA-GA, which uses Genetic Algorithms (GA) to determine a near-optimal configuration for LDA in the context of three different SE tasks: (1) traceability link recovery, (2) feature location, and (3) software artifact labeling. The results of our empirical studies demonstrate that LDA-GA is ableto identify robust LDA configurations, which lead to a higher accuracy on all the datasets for these SE tasks as compared to previously published results, heuristics, and the results of a combinatorial search. @InProceedings{ICSE13p522, author = {Annibale Panichella and Bogdan Dit and Rocco Oliveto and Massimiliano Di Penta and Denys Poshyvanyk and Andrea De Lucia}, title = {How to Effectively Use Topic Models for Software Engineering Tasks? An Approach Based on Genetic Algorithms}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {522--531}, doi = {}, year = {2013}, } Video |
|
Omoronyia, Inah |
ICSE '13: "Engineering Adaptive Privacy: ..."
Engineering Adaptive Privacy: On the Role of Privacy Awareness Requirements
Inah Omoronyia, Luca Cavallaro, Mazeiar Salehie, Liliana Pasquale, and Bashar Nuseibeh (University of Glasgow, UK; Lero, Ireland; University of Limerick, Ireland; Open University, UK) Applications that continuously gather and disclose personal information about users are increasingly common. While disclosing this information may be essential for these applications to function, it may also raise privacy concerns. Partly, this is due to frequently changing context that introduces new privacy threats, and makes it difficult to continuously satisfy privacy requirements. To address this problem, applications may need to adapt in order to manage changing privacy concerns. Thus, we propose a framework that exploits the notion of privacy awareness requirements to identify runtime privacy properties to satisfy. These properties are used to support disclosure decision making by applications. Our evaluations suggest that applications that fail to satisfy privacy awareness requirements cannot regulate users information disclosure. We also observe that the satisfaction of privacy awareness requirements is useful to users aiming to minimise exposure to privacy threats, and to users aiming to maximise functional benefits amidst increasing threat severity. @InProceedings{ICSE13p632, author = {Inah Omoronyia and Luca Cavallaro and Mazeiar Salehie and Liliana Pasquale and Bashar Nuseibeh}, title = {Engineering Adaptive Privacy: On the Role of Privacy Awareness Requirements}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {632--641}, doi = {}, year = {2013}, } |
|
Orso, Alessandro |
ICSE '13: "X-PERT: Accurate Identification ..."
X-PERT: Accurate Identification of Cross-Browser Issues in Web Applications
Shauvik Roy Choudhary, Mukul R. Prasad, and Alessandro Orso (Georgia Tech, USA; Fujitsu Labs, USA) Due to the increasing popularity of web applications, and the number of browsers and platforms on which such applications can be executed, cross-browser incompatibilities (XBIs) are becoming a serious concern for organizations that develop web-based software. Most of the techniques for XBI detection developed to date are either manual, and thus costly and error-prone, or partial and imprecise, and thus prone to generating both false positives and false negatives. To address these limitations of existing techniques, we developed X-PERT, a new automated, precise, and comprehensive approach for XBI detection. X-PERT combines several new and existing differencing techniques and is based on our findings from an extensive study of XBIs in real-world web applications. The key strength of our approach is that it handles each aspects of a web application using the differencing technique that is best suited to accurately detect XBIs related to that aspect. Our empirical evaluation shows that X-PERT is effective in detecting real-world XBIs, improves on the state of the art, and can provide useful support to developers for the diagnosis and (eventually) elimination of XBIs. @InProceedings{ICSE13p702, author = {Shauvik Roy Choudhary and Mukul R. Prasad and Alessandro Orso}, title = {X-PERT: Accurate Identification of Cross-Browser Issues in Web Applications}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {702--711}, doi = {}, year = {2013}, } Video |
|
Ou, Rong |
ICSE '13: "Does Bug Prediction Support ..."
Does Bug Prediction Support Human Developers? Findings from a Google Case Study
Chris Lewis, Zhongpeng Lin, Caitlin Sadowski, Xiaoyan Zhu, Rong Ou, and E. James Whitehead Jr. (UC Santa Cruz, USA; Google, USA; Xi'an Jiaotong University, China) While many bug prediction algorithms have been developed by academia, they're often only tested and verified in the lab using automated means. We do not have a strong idea about whether such algorithms are useful to guide human developers. We deployed a bug prediction algorithm across Google, and found no identifiable change in developer behavior. Using our experience, we provide several characteristics that bug prediction algorithms need to meet in order to be accepted by human developers and truly change how developers evaluate their code. @InProceedings{ICSE13p372, author = {Chris Lewis and Zhongpeng Lin and Caitlin Sadowski and Xiaoyan Zhu and Rong Ou and E. James Whitehead Jr.}, title = {Does Bug Prediction Support Human Developers? Findings from a Google Case Study}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {372--381}, doi = {}, year = {2013}, } |
|
Padmanaban, Yogesh |
ICSE '13: "Inferring Likely Mappings ..."
Inferring Likely Mappings between APIs
Amruta Gokhale, Vinod Ganapathy, and Yogesh Padmanaban (Rutgers University, USA) Software developers often need to port applications written for a source platform to a target platform. In doing so, a key task is to replace an application's use of methods from the source platform API with corresponding methods from the target platform API. However, this task is challenging because developers must manually identify mappings between methods in the source and target APIs, e.g., using API documentation. We develop a novel approach to the problem of inferring mappings between the APIs of a source and target platform. Our approach is tailored to the case where the source and target platform each have independently-developed applications that implement similar functionality. We observe that in building these applications, developers exercised knowledge of the corresponding APIs. We develop a technique to systematically harvest this knowledge and infer likely mappings between the APIs of the source and target platform. The output of our approach is a ranked list of target API methods or method sequences that likely map to each source API method or method sequence. We have implemented this approach in a prototype tool called Rosetta, and have applied it to infer likely mappings between the Java2 Mobile Edition (JavaME) and Android graphics APIs. @InProceedings{ICSE13p82, author = {Amruta Gokhale and Vinod Ganapathy and Yogesh Padmanaban}, title = {Inferring Likely Mappings between APIs}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {82--91}, doi = {}, year = {2013}, } Video |
|
Pan, Sinno Jialin |
ICSE '13: "Transfer Defect Learning ..."
Transfer Defect Learning
Jaechang Nam, Sinno Jialin Pan, and Sunghun Kim (Hong Kong University of Science and Technology, China; Institute for Infocomm Research, Singapore) Many software defect prediction approaches have been proposed and most are effective in within-project prediction settings. However, for new projects or projects with limited training data, it is desirable to learn a prediction model by using sufficient training data from existing source projects and then apply the model to some target projects (cross-project defect prediction). Unfortunately, the performance of cross-project defect prediction is generally poor, largely because of feature distribution differences between the source and target projects. In this paper, we apply a state-of-the-art transfer learning approach, TCA, to make feature distributions in source and target projects similar. In addition, we propose a novel transfer defect learning approach, TCA+, by extending TCA. Our experimental results for eight open-source projects show that TCA+ significantly improves cross-project prediction performance. @InProceedings{ICSE13p382, author = {Jaechang Nam and Sinno Jialin Pan and Sunghun Kim}, title = {Transfer Defect Learning}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {382--391}, doi = {}, year = {2013}, } |
|
Panichella, Annibale |
ICSE '13: "How to Effectively Use Topic ..."
How to Effectively Use Topic Models for Software Engineering Tasks? An Approach Based on Genetic Algorithms
Annibale Panichella, Bogdan Dit, Rocco Oliveto, Massimiliano Di Penta, Denys Poshyvanyk, and Andrea De Lucia (University of Salerno, Italy; College of William and Mary, USA; University of Molise, Italy; University of Sannio, Italy) Information Retrieval (IR) methods, and in particular topic models, have recently been used to support essential software engineering (SE) tasks, by enabling software textual retrieval and analysis. In all these approaches, topic models have been used on software artifacts in a similar manner as they were used on natural language documents (e.g., using the same settings and parameters) because the underlying assumption was that source code and natural language documents are similar. However, applying topic models on software data using the same settings as for natural language text did not always produce the expected results. Recent research investigated this assumption and showed that source code is much more repetitive and predictable as compared to the natural language text. Our paper builds on this new fundamental finding and proposes a novel solution to adapt, configure and effectively use a topic modeling technique, namely Latent Dirichlet Allocation (LDA), to achieve better (acceptable) performance across various SE tasks. Our paper introduces a novel solution called LDA-GA, which uses Genetic Algorithms (GA) to determine a near-optimal configuration for LDA in the context of three different SE tasks: (1) traceability link recovery, (2) feature location, and (3) software artifact labeling. The results of our empirical studies demonstrate that LDA-GA is ableto identify robust LDA configurations, which lead to a higher accuracy on all the datasets for these SE tasks as compared to previously published results, heuristics, and the results of a combinatorial search. @InProceedings{ICSE13p522, author = {Annibale Panichella and Bogdan Dit and Rocco Oliveto and Massimiliano Di Penta and Denys Poshyvanyk and Andrea De Lucia}, title = {How to Effectively Use Topic Models for Software Engineering Tasks? An Approach Based on Genetic Algorithms}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {522--531}, doi = {}, year = {2013}, } Video |
|
Păsăreanu, Corina S. |
ICSE '13: "Reliability Analysis in Symbolic ..."
Reliability Analysis in Symbolic Pathfinder
Antonio Filieri, Corina S. Păsăreanu, and Willem Visser (University of Stuttgart, Germany; Carnegie Mellon Silicon Valley, USA; NASA Ames Research Center, USA; Stellenbosch University, South Africa) Software reliability analysis tackles the problem of predicting the failure probability of software. Most of the current approaches base reliability analysis on architectural abstractions useful at early stages of design, but not directly applicable to source code. In this paper we propose a general methodology that exploit symbolic execution of source code for extracting failure and success paths to be used for probabilistic reliability assessment against relevant usage scenarios. Under the assumption of finite and countable input domains, we provide an efficient implementation based on Symbolic PathFinder that supports the analysis of sequential and parallel programs, even with structured data types, at the desired level of confidence. The tool has been validated on both NASA prototypes and other test cases showing a promising applicability scope. @InProceedings{ICSE13p622, author = {Antonio Filieri and Corina S. Păsăreanu and Willem Visser}, title = {Reliability Analysis in Symbolic Pathfinder}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {622--631}, doi = {}, year = {2013}, } Video |
|
Pasquale, Liliana |
ICSE '13: "Engineering Adaptive Privacy: ..."
Engineering Adaptive Privacy: On the Role of Privacy Awareness Requirements
Inah Omoronyia, Luca Cavallaro, Mazeiar Salehie, Liliana Pasquale, and Bashar Nuseibeh (University of Glasgow, UK; Lero, Ireland; University of Limerick, Ireland; Open University, UK) Applications that continuously gather and disclose personal information about users are increasingly common. While disclosing this information may be essential for these applications to function, it may also raise privacy concerns. Partly, this is due to frequently changing context that introduces new privacy threats, and makes it difficult to continuously satisfy privacy requirements. To address this problem, applications may need to adapt in order to manage changing privacy concerns. Thus, we propose a framework that exploits the notion of privacy awareness requirements to identify runtime privacy properties to satisfy. These properties are used to support disclosure decision making by applications. Our evaluations suggest that applications that fail to satisfy privacy awareness requirements cannot regulate users information disclosure. We also observe that the satisfaction of privacy awareness requirements is useful to users aiming to minimise exposure to privacy threats, and to users aiming to maximise functional benefits amidst increasing threat severity. @InProceedings{ICSE13p632, author = {Inah Omoronyia and Luca Cavallaro and Mazeiar Salehie and Liliana Pasquale and Bashar Nuseibeh}, title = {Engineering Adaptive Privacy: On the Role of Privacy Awareness Requirements}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {632--641}, doi = {}, year = {2013}, } |
|
Pavese, Esteban |
ICSE '13: "Automated Reliability Estimation ..."
Automated Reliability Estimation over Partial Systematic Explorations
Esteban Pavese, Víctor Braberman, and Sebastian Uchitel (Universidad de Buenos Aires, Argentina; Imperial College London, UK) Model-based reliability estimation of software systems can provide useful insights early in the development process. However, computational complexity of estimating reliability metrics such as mean time to first failure (MTTF) can be prohibitive both in time, space and precision. In this paper we present an alternative to exhaustive model exploration-as in probabilistic model checking-and partial random exploration--as in statistical model checking. Our hypothesis is that a (carefully crafted) partial systematic exploration of a system model can provide better bounds for reliability metrics at lower computation cost. We present a novel automated technique for reliability estimation that combines simulation, invariant inference and probabilistic model checking. Simulation produces a probabilistically relevant set of traces from which a state invariant is inferred. The invariant characterises a partial model which is then exhaustively explored using probabilistic model checking. We report on experiments that suggest that reliability estimation using this technique can be more effective than (full model) probabilistic and statistical model checking for system models with rare failures. @InProceedings{ICSE13p602, author = {Esteban Pavese and Víctor Braberman and Sebastian Uchitel}, title = {Automated Reliability Estimation over Partial Systematic Explorations}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {602--611}, doi = {}, year = {2013}, } Video |
|
Pei, Yu |
ICSE '13: "What Good Are Strong Specifications? ..."
What Good Are Strong Specifications?
Nadia Polikarpova, Carlo A. Furia, Yu Pei, Yi Wei, and Bertrand Meyer (ETH Zurich, Switzerland; ITMO National Research University, Russia) Experience with lightweight formal methods suggests that programmers are willing to write specification if it brings tangible benefits to their usual development activities. This paper considers stronger specifications and studies whether they can be deployed as an incremental practice that brings additional benefits without being unacceptably expensive. We introduce a methodology that extends Design by Contract to write strong specifications of functional properties in the form of preconditions, postconditions, and invariants. The methodology aims at being palatable to developers who are not fluent in formal techniques but are comfortable with writing simple specifications. We evaluate the cost and the benefits of using strong specifications by applying the methodology to testing data structure implementations written in Eiffel and C#. In our extensive experiments, testing against strong specifications detects twice as many bugs as standard contracts, with a reasonable overhead in terms of annotation burden and run-time performance while testing. In the wide spectrum of formal techniques for software quality, testing against strong specifications lies in a "sweet spot" with a favorable benefit to effort ratio. @InProceedings{ICSE13p262, author = {Nadia Polikarpova and Carlo A. Furia and Yu Pei and Yi Wei and Bertrand Meyer}, title = {What Good Are Strong Specifications?}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {262--271}, doi = {}, year = {2013}, } Video |
|
Peng, Xin |
ICSE '13: "Improving Feature Location ..."
Improving Feature Location Practice with Multi-faceted Interactive Exploration
Jinshui Wang, Xin Peng , Zhenchang Xing, and Wenyun Zhao (Fudan University, China; Nanyang Technological University, Singapore) Feature location is a human-oriented and information-intensive process. When performing feature location tasks with existing tools, developers often feel it difficult to formulate an accurate feature query (e.g., keywords) and determine the relevance of returned results. In this paper, we propose a feature location approach that supports multi-faceted interactive program exploration. Our approach automatically extracts and mines multiple syntactic and semantic facets from candidate program elements. Furthermore, it allows developers to interactively group, sort, and filter feature location results in a centralized, multi-faceted, and intelligent search User Interface (UI). We have implemented our approach as a web-based tool MFIE and conducted an experimental study. The results show that the developers using MFIE can accomplish their feature location tasks 32% faster and the quality of their feature location results (in terms of F-measure) is 51% higher than that of the developers using regular Eclipse IDE. @InProceedings{ICSE13p762, author = {Jinshui Wang and Xin Peng and Zhenchang Xing and Wenyun Zhao}, title = {Improving Feature Location Practice with Multi-faceted Interactive Exploration}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {762--771}, doi = {}, year = {2013}, } Video |
|
Perino, Nicolò |
ICSE '13: "Automatic Recovery from Runtime ..."
Automatic Recovery from Runtime Failures
Antonio Carzaniga, Alessandra Gorla, Andrea Mattavelli, Nicolò Perino, and Mauro Pezzè (University of Lugano, Switzerland; Saarland University, Germany) We present a technique to make applications resilient to failures. This technique is intended to maintain a faulty application functional in the field while the developers work on permanent and radical fixes. We target field failures in applications built on reusable components. In particular, the technique exploits the intrinsic redundancy of those components by identifying workarounds consisting of alternative uses of the faulty components that avoid the failure. The technique is currently implemented for Java applications but makes little or no assumptions about the nature of the application, and works without interrupting the execution flow of the application and without restarting its components. We demonstrate and evaluate this technique on four mid-size applications and two popular libraries of reusable components affected by real and seeded faults. In these cases the technique is effective, maintaining the application fully functional with between 19% and 48% of the failure-causing faults, depending on the application. The experiments also show that the technique incurs an acceptable runtime overhead in all cases. @InProceedings{ICSE13p782, author = {Antonio Carzaniga and Alessandra Gorla and Andrea Mattavelli and Nicolò Perino and Mauro Pezzè}, title = {Automatic Recovery from Runtime Failures}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {782--791}, doi = {}, year = {2013}, } Video |
|
Petre, Marian |
ICSE '13: "UML in Practice ..."
UML in Practice
Marian Petre (Open University, UK) UML has been described by some as "the lingua franca" of software engineering. Evidence from industry does not necessarily support such endorsements. How exactly is UML being used in industry if it is? This paper presents a corpus of interviews with 50 professional software engineers in 50 companies and identifies 5 patterns of UML use. @InProceedings{ICSE13p722, author = {Marian Petre}, title = {UML in Practice}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {722--731}, doi = {}, year = {2013}, } |
|
Pezzè, Mauro |
ICSE '13: "Automatic Recovery from Runtime ..."
Automatic Recovery from Runtime Failures
Antonio Carzaniga, Alessandra Gorla, Andrea Mattavelli, Nicolò Perino, and Mauro Pezzè (University of Lugano, Switzerland; Saarland University, Germany) We present a technique to make applications resilient to failures. This technique is intended to maintain a faulty application functional in the field while the developers work on permanent and radical fixes. We target field failures in applications built on reusable components. In particular, the technique exploits the intrinsic redundancy of those components by identifying workarounds consisting of alternative uses of the faulty components that avoid the failure. The technique is currently implemented for Java applications but makes little or no assumptions about the nature of the application, and works without interrupting the execution flow of the application and without restarting its components. We demonstrate and evaluate this technique on four mid-size applications and two popular libraries of reusable components affected by real and seeded faults. In these cases the technique is effective, maintaining the application fully functional with between 19% and 48% of the failure-causing faults, depending on the application. The experiments also show that the technique incurs an acceptable runtime overhead in all cases. @InProceedings{ICSE13p782, author = {Antonio Carzaniga and Alessandra Gorla and Andrea Mattavelli and Nicolò Perino and Mauro Pezzè}, title = {Automatic Recovery from Runtime Failures}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {782--791}, doi = {}, year = {2013}, } Video |
|
Pham, Raphael |
ICSE '13: "Creating a Shared Understanding ..."
Creating a Shared Understanding of Testing Culture on a Social Coding Site
Raphael Pham, Leif Singer, Olga Liskin, Fernando Figueira Filho, and Kurt Schneider (Leibniz Universität Hannover, Germany; UFRN, Brazil) Many software development projects struggle with creating and communicating a testing culture that is appropriate for the project's needs. This may degrade software quality by leaving defects undiscovered. Previous research suggests that social coding sites such as GitHub provide a collaborative environment with a high degree of social transparency. This makes developers' actions and interactions more visible and traceable. We conducted interviews with 33 active users of GitHub to investigate how the increased transparency found on GitHub influences developers' testing behaviors. Subsequently, we validated our findings with an online questionnaire that was answered by 569 members of GitHub. We found several strategies that software developers and managers can use to positively influence the testing behavior in their projects. However, project owners on GitHub may not be aware of them. We report on the challenges and risks caused by this and suggest guidelines for promoting a sustainable testing culture in software development projects. @InProceedings{ICSE13p112, author = {Raphael Pham and Leif Singer and Olga Liskin and Fernando Figueira Filho and Kurt Schneider}, title = {Creating a Shared Understanding of Testing Culture on a Social Coding Site}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {112--121}, doi = {}, year = {2013}, } |
|
Pietrantuono, Roberto |
ICSE '13: "A Learning-Based Method for ..."
A Learning-Based Method for Combining Testing Techniques
Domenico Cotroneo, Roberto Pietrantuono, and Stefano Russo (Università di Napoli Federico II, Italy; Lab CINI-ITEM Carlo Savy, Italy) This work presents a method to combine testing techniques adaptively during the testing process. It intends to mitigate the sources of uncertainty of software testing processes, by learning from past experience and, at the same time, adapting the technique selection to the current testing session. The method is based on machine learning strategies. It uses offline strategies to take historical information into account about the techniques performance collected in past testing sessions; then, online strategies are used to adapt the selection of test cases to the data observed as the testing proceeds. Experimental results show that techniques performance can be accurately characterized from features of the past testing sessions, by means of machine learning algorithms, and that integrating this result into the online algorithm allows improving the fault detection effectiveness with respect to single testing techniques, as well as to their random combination. @InProceedings{ICSE13p142, author = {Domenico Cotroneo and Roberto Pietrantuono and Stefano Russo}, title = {A Learning-Based Method for Combining Testing Techniques}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {142--151}, doi = {}, year = {2013}, } |
|
Pinto, Leandro Sales |
ICSE '13: "Managing Non-functional Uncertainty ..."
Managing Non-functional Uncertainty via Model-Driven Adaptivity
Carlo Ghezzi, Leandro Sales Pinto, Paola Spoletini, and Giordano Tamburrelli (Politecnico di Milano, Italy; Università dell'Insubria, Italy) Modern software systems are often characterized by uncertainty and changes in the environment in which they are embedded. Hence, they must be designed as adaptive systems. We propose a framework that supports adaptation to non-functional manifestations of uncertainty. Our framework allows engineers to derive, from an initial model of the system, a finite state automaton augmented with probabilities. The system is then executed by an interpreter that navigates the automaton and invokes the component implementations associated to the states it traverses. The interpreter adapts the execution by choosing among alternative possible paths of the automaton in order to maximize the system's ability to meet its non-functional requirements. To demonstrate the adaptation capabilities of the proposed approach we implemented an adaptive application inspired by an existing worldwide distributed mobile application and we discussed several adaptation scenarios. @InProceedings{ICSE13p33, author = {Carlo Ghezzi and Leandro Sales Pinto and Paola Spoletini and Giordano Tamburrelli}, title = {Managing Non-functional Uncertainty via Model-Driven Adaptivity}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {33--42}, doi = {}, year = {2013}, } Video |
|
Pinzger, Martin |
ICSE '13: "Data Clone Detection and Visualization ..."
Data Clone Detection and Visualization in Spreadsheets
Felienne Hermans, Ben Sedee, Martin Pinzger, and Arie van Deursen (TU Delft, Netherlands) Spreadsheets are widely used in industry: it is estimated that end-user programmers outnumber programmers by a factor 5. However, spreadsheets are error-prone, numerous companies have lost money because of spreadsheet errors. One of the causes for spreadsheet problems is the prevalence of copy-pasting. In this paper, we study this cloning in spreadsheets. Based on existing text-based clone detection algorithms, we have developed an algorithm to detect data clones in spreadsheets: formulas whose values are copied as plain text in a different location. To evaluate the usefulness of the proposed approach, we conducted two evaluations. A quantitative evaluation in which we analyzed the EUSES corpus and a qualitative evaluation consisting of two case studies. The results of the evaluation clearly indicate that 1) data clones are common, 2) data clones pose threats to spreadsheet quality and 3) our approach supports users in finding and resolving data clones. @InProceedings{ICSE13p292, author = {Felienne Hermans and Ben Sedee and Martin Pinzger and Arie van Deursen}, title = {Data Clone Detection and Visualization in Spreadsheets}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {292--301}, doi = {}, year = {2013}, } |
|
Polikarpova, Nadia |
ICSE '13: "What Good Are Strong Specifications? ..."
What Good Are Strong Specifications?
Nadia Polikarpova, Carlo A. Furia, Yu Pei, Yi Wei, and Bertrand Meyer (ETH Zurich, Switzerland; ITMO National Research University, Russia) Experience with lightweight formal methods suggests that programmers are willing to write specification if it brings tangible benefits to their usual development activities. This paper considers stronger specifications and studies whether they can be deployed as an incremental practice that brings additional benefits without being unacceptably expensive. We introduce a methodology that extends Design by Contract to write strong specifications of functional properties in the form of preconditions, postconditions, and invariants. The methodology aims at being palatable to developers who are not fluent in formal techniques but are comfortable with writing simple specifications. We evaluate the cost and the benefits of using strong specifications by applying the methodology to testing data structure implementations written in Eiffel and C#. In our extensive experiments, testing against strong specifications detects twice as many bugs as standard contracts, with a reasonable overhead in terms of annotation burden and run-time performance while testing. In the wide spectrum of formal techniques for software quality, testing against strong specifications lies in a "sweet spot" with a favorable benefit to effort ratio. @InProceedings{ICSE13p262, author = {Nadia Polikarpova and Carlo A. Furia and Yu Pei and Yi Wei and Bertrand Meyer}, title = {What Good Are Strong Specifications?}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {262--271}, doi = {}, year = {2013}, } Video |
|
Poshyvanyk, Denys |
ICSE '13: "An Empirical Study on the ..."
An Empirical Study on the Developers' Perception of Software Coupling
Gabriele Bavota, Bogdan Dit, Rocco Oliveto, Massimiliano Di Penta, Denys Poshyvanyk , and Andrea De Lucia (University of Salerno, Italy; College of William and Mary, USA; University of Molise, Italy; University of Sannio, Italy) Coupling is a fundamental property of software systems, and numerous coupling measures have been proposed to support various development and maintenance activities. However, little is known about how developers actually perceive coupling, what mechanisms constitute coupling, and if existing measures align with this perception. In this paper we bridge this gap, by empirically investigating how class coupling---as captured by structural, dynamic, semantic, and logical coupling measures---aligns with developers' perception of coupling. The study has been conducted on three Java open-source systems---namely ArgoUML, JHotDraw and jEdit---and involved 64 students, academics, and industrial practitioners from around the world, as well as 12 active developers of these three systems. We asked participants to assess the coupling between the given pairs of classes and provide their ratings and some rationale. The results indicate that the peculiarity of the semantic coupling measure allows it to better estimate the mental model of developers than the other coupling measures. This is because, in several cases, the interactions between classes are encapsulated in the source code vocabulary, and cannot be easily derived by only looking at structural relationships, such as method calls. @InProceedings{ICSE13p692, author = {Gabriele Bavota and Bogdan Dit and Rocco Oliveto and Massimiliano Di Penta and Denys Poshyvanyk and Andrea De Lucia}, title = {An Empirical Study on the Developers' Perception of Software Coupling}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {692--701}, doi = {}, year = {2013}, } Video ICSE '13: "How to Effectively Use Topic ..." How to Effectively Use Topic Models for Software Engineering Tasks? An Approach Based on Genetic Algorithms Annibale Panichella, Bogdan Dit, Rocco Oliveto, Massimiliano Di Penta, Denys Poshyvanyk, and Andrea De Lucia (University of Salerno, Italy; College of William and Mary, USA; University of Molise, Italy; University of Sannio, Italy) Information Retrieval (IR) methods, and in particular topic models, have recently been used to support essential software engineering (SE) tasks, by enabling software textual retrieval and analysis. In all these approaches, topic models have been used on software artifacts in a similar manner as they were used on natural language documents (e.g., using the same settings and parameters) because the underlying assumption was that source code and natural language documents are similar. However, applying topic models on software data using the same settings as for natural language text did not always produce the expected results. Recent research investigated this assumption and showed that source code is much more repetitive and predictable as compared to the natural language text. Our paper builds on this new fundamental finding and proposes a novel solution to adapt, configure and effectively use a topic modeling technique, namely Latent Dirichlet Allocation (LDA), to achieve better (acceptable) performance across various SE tasks. Our paper introduces a novel solution called LDA-GA, which uses Genetic Algorithms (GA) to determine a near-optimal configuration for LDA in the context of three different SE tasks: (1) traceability link recovery, (2) feature location, and (3) software artifact labeling. The results of our empirical studies demonstrate that LDA-GA is ableto identify robust LDA configurations, which lead to a higher accuracy on all the datasets for these SE tasks as compared to previously published results, heuristics, and the results of a combinatorial search. @InProceedings{ICSE13p522, author = {Annibale Panichella and Bogdan Dit and Rocco Oliveto and Massimiliano Di Penta and Denys Poshyvanyk and Andrea De Lucia}, title = {How to Effectively Use Topic Models for Software Engineering Tasks? An Approach Based on Genetic Algorithms}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {522--531}, doi = {}, year = {2013}, } Video |
|
Posnett, Daryl |
ICSE '13: "Dual Ecological Measures of ..."
Dual Ecological Measures of Focus in Software Development
Daryl Posnett, Raissa D'Souza, Premkumar Devanbu , and Vladimir Filkov (UC Davis, USA) Work practices vary among software developers. Some are highly focused on a few artifacts; others make wide-ranging contributions. Similarly, some artifacts are mostly authored, or owned, by one or few developers; others have very wide ownership. Focus and ownership are related but different phenomena, both with strong effect on software quality. Prior studies have mostly targeted ownership; the measures of ownership used have generally been based on either simple counts, information-theoretic views of ownership, or social-network views of contribution patterns. We argue for a more general conceptual view that unifies developer focus and artifact ownership. We analogize the developer-artifact contribution network to a predator-prey food web, and draw upon ideas from ecology to produce a novel, and conceptually unified view of measuring focus and ownership. These measures relate to both cross-entropy and Kullback-Liebler divergence, and simultaneously provide two normalized measures of focus from both the developer and artifact perspectives. We argue that these measures are theoretically well-founded, and yield novel predictive, conceptual, and actionable value in software projects. We find that more focused developers introduce fewer defects than defocused developers. In contrast, files that receive narrowly focused activity are more likely to contain defects than other files. @InProceedings{ICSE13p452, author = {Daryl Posnett and Raissa D'Souza and Premkumar Devanbu and Vladimir Filkov}, title = {Dual Ecological Measures of Focus in Software Development}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {452--461}, doi = {}, year = {2013}, } |
|
Potanin, Alex |
ICSE '13: "Are Your Incoming Aliases ..."
Are Your Incoming Aliases Really Necessary? Counting the Cost of Object Ownership
Alex Potanin, Monique Damitio, and James Noble (Victoria University of Wellington, New Zealand) Object ownership enforces encapsulation within object-oriented programs by forbidding incoming aliases into objects' representations. Many common data structures, such as collections with iterators, require incoming aliases, so there has been much work on relaxing ownership's encapsulation to permit multiple incoming aliases. This research asks the opposite question: Are your aliases really necessary? In this paper, we count the cost of programming with strong object encapsulation. We refactored the JDK 5.0 collection classes so that they did not use incoming aliases, following either the owner-as-dominator or the owner-as-accessor encapsulation discipline. We measured the performance time overhead the refactored collections impose on a set of microbenchmarks and on the DaCapo, SPECjbb and SPECjvm benchmark suites. While the microbenchmarks show that individual operations and iterations can be significantly slower on encapsulated collection (especially for owner-as-dominator), we found less than 3% slowdown for owner-as-accessor across the large scale benchmarks. As a result, we propose that well-known design patterns such as Iterator commonly used by software engineers around the world need to be adjusted to take ownership into account. As most design patterns are used as a building block in constructing larger pieces of software, a small adjustment to respect ownership will not have any impact on the productivity of programmers but will have a huge impact on the quality of the resulting code with respect to aliasing. @InProceedings{ICSE13p742, author = {Alex Potanin and Monique Damitio and James Noble}, title = {Are Your Incoming Aliases Really Necessary? Counting the Cost of Object Ownership}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {742--751}, doi = {}, year = {2013}, } Video |
|
Pous, Damien |
ICSE '13: "Robust Reconfigurations of ..."
Robust Reconfigurations of Component Assemblies
Fabienne Boyer, Olivier Gruber, and Damien Pous (Université Joseph Fourier, France; CNRS, France) In this paper, we propose a reconfiguration protocol that can handle any number of failures during a reconfiguration, always producing an architecturally-consistent assembly of components that can be safely introspected and further reconfigured. Our protocol is based on the concept of Incrementally Consistent Sequences (ICS), ensuring that any reconfiguration incrementally respects the reconfiguration contract given to component developers: reconfiguration grammar and architectural invariants. We also propose two recovery policies, one rolls back the failed reconfiguration and the other rolls it forward, both going as far as possible, failure permitting. We specified and proved the reconfiguration contract, the protocol, and recovery policies in Coq. @InProceedings{ICSE13p13, author = {Fabienne Boyer and Olivier Gruber and Damien Pous}, title = {Robust Reconfigurations of Component Assemblies}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {13--22}, doi = {}, year = {2013}, } |
|
Pradel, Michael |
ICSE '13: "Automatic Testing of Sequential ..."
Automatic Testing of Sequential and Concurrent Substitutability
Michael Pradel and Thomas R. Gross (ETH Zurich, Switzerland) Languages with inheritance and polymorphism assume that a subclass instance can substitute a superclass instance without causing behavioral differences for clients of the superclass. However, programmers may accidentally create subclasses that are semantically incompatible with their superclasses. Such subclasses lead to bugs, because a programmer may assign a subclass instance to a superclass reference. This paper presents an automatic testing technique to reveal subclasses that cannot safely substitute their superclasses. The key idea is to generate generic tests that analyze the behavior of both the subclass and its superclass. If using the subclass leads to behavior that cannot occur with the superclass, the analysis reports a warning. We find a high percentage of widely used Java classes, including classes from JBoss, Eclipse, and Apache Commons Collections, to be unsafe substitutes for their superclasses: 30% of these classes lead to crashes, and even more have other behavioral differences. @InProceedings{ICSE13p282, author = {Michael Pradel and Thomas R. Gross}, title = {Automatic Testing of Sequential and Concurrent Substitutability}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {282--291}, doi = {}, year = {2013}, } |
|
Prasad, Mukul R. |
ICSE '13: "X-PERT: Accurate Identification ..."
X-PERT: Accurate Identification of Cross-Browser Issues in Web Applications
Shauvik Roy Choudhary, Mukul R. Prasad, and Alessandro Orso (Georgia Tech, USA; Fujitsu Labs, USA) Due to the increasing popularity of web applications, and the number of browsers and platforms on which such applications can be executed, cross-browser incompatibilities (XBIs) are becoming a serious concern for organizations that develop web-based software. Most of the techniques for XBI detection developed to date are either manual, and thus costly and error-prone, or partial and imprecise, and thus prone to generating both false positives and false negatives. To address these limitations of existing techniques, we developed X-PERT, a new automated, precise, and comprehensive approach for XBI detection. X-PERT combines several new and existing differencing techniques and is based on our findings from an extensive study of XBIs in real-world web applications. The key strength of our approach is that it handles each aspects of a web application using the differencing technique that is best suited to accurately detect XBIs related to that aspect. Our empirical evaluation shows that X-PERT is effective in detecting real-world XBIs, improves on the state of the art, and can provide useful support to developers for the diagnosis and (eventually) elimination of XBIs. @InProceedings{ICSE13p702, author = {Shauvik Roy Choudhary and Mukul R. Prasad and Alessandro Orso}, title = {X-PERT: Accurate Identification of Cross-Browser Issues in Web Applications}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {702--711}, doi = {}, year = {2013}, } Video |
|
Qi, Dawei |
ICSE '13: "SemFix: Program Repair via ..."
SemFix: Program Repair via Semantic Analysis
Hoang Duong Thien Nguyen, Dawei Qi, Abhik Roychoudhury , and Satish Chandra (National University of Singapore, Singapore; IBM Research, USA) Debugging consumes significant time and effort in any major software development project. Moreover, even after the root cause of a bug is identified, fixing the bug is non-trivial. Given this situation, automated program repair methods are of value. In this paper, we present an automated repair method based on symbolic execution, constraint solving and program synthesis. In our approach, the requirement on the repaired code to pass a given set of tests is formulated as a constraint. Such a constraint is then solved by iterating over a layered space of repair expressions, layered by the complexity of the repair code. We compare our method with recently proposed genetic programming based repair on SIR programs with seeded bugs, as well as fragments of GNU Coreutils with real bugs. On these subjects, our approach reports a higher success-rate than genetic programming based repair, and produces a repair faster. @InProceedings{ICSE13p772, author = {Hoang Duong Thien Nguyen and Dawei Qi and Abhik Roychoudhury and Satish Chandra}, title = {SemFix: Program Repair via Semantic Analysis}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {772--781}, doi = {}, year = {2013}, } |
|
Rahman, Foyzur |
ICSE '13: "How, and Why, Process Metrics ..."
How, and Why, Process Metrics Are Better
Foyzur Rahman and Premkumar Devanbu (UC Davis, USA) Defect prediction techniques could potentially help us to focus quality-assurance efforts on the most defect-prone files. Modern statistical tools make it very easy to quickly build and deploy prediction models. Software metrics are at the heart of prediction models; understanding how and especially why different types of metrics are effective is very important for successful model deployment. In this paper we analyze the applicability and efficacy of process and code metrics from several different perspectives. We build many prediction models across 85 releases of 12 large open source projects to address the performance, stability, portability and stasis of different sets of metrics. Our results suggest that code metrics, despite widespread use in the defect prediction literature, are generally less useful than process metrics for prediction. Second, we find that code metrics have high stasis; they dont change very much from release to release. This leads to stagnation in the prediction models, leading to the same files being repeatedly predicted as defective; unfortunately, these recurringly defective files turn out to be comparatively less defect-dense. @InProceedings{ICSE13p432, author = {Foyzur Rahman and Premkumar Devanbu}, title = {How, and Why, Process Metrics Are Better}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {432--441}, doi = {}, year = {2013}, } |
|
Rajan, Hridesh |
ICSE '13: "Boa: A Language and Infrastructure ..."
Boa: A Language and Infrastructure for Analyzing Ultra-Large-Scale Software Repositories
Robert Dyer, Hoan Anh Nguyen, Hridesh Rajan , and Tien N. Nguyen (Iowa State University, USA) In today's software-centric world, ultra-large-scale software repositories, e.g. SourceForge (350,000+ projects), GitHub (250,000+ projects), and Google Code (250,000+ projects) are the new library of Alexandria. They contain an enormous corpus of software and information about software. Scientists and engineers alike are interested in analyzing this wealth of information both for curiosity as well as for testing important hypotheses. However, systematic extraction of relevant data from these repositories and analysis of such data for testing hypotheses is hard, and best left for mining software repository (MSR) experts! The goal of Boa, a domain-specific language and infrastructure described here, is to ease testing MSR-related hypotheses. We have implemented Boa and provide a web-based interface to Boa's infrastructure. Our evaluation demonstrates that Boa substantially reduces programming efforts, thus lowering the barrier to entry. We also see drastic improvements in scalability. Last but not least, reproducing an experiment conducted using Boa is just a matter of re-running small Boa programs provided by previous researchers. @InProceedings{ICSE13p422, author = {Robert Dyer and Hoan Anh Nguyen and Hridesh Rajan and Tien N. Nguyen}, title = {Boa: A Language and Infrastructure for Analyzing Ultra-Large-Scale Software Repositories}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {422--431}, doi = {}, year = {2013}, } |
|
Razavi, Kaveh |
ICSE '13: "GuideArch: Guiding the Exploration ..."
GuideArch: Guiding the Exploration of Architectural Solution Space under Uncertainty
Naeem Esfahani, Sam Malek, and Kaveh Razavi (George Mason University, USA) A system's early architectural decisions impact its properties (e.g., scalability, dependability) as well as stakeholder concerns (e.g., cost, time to delivery). Choices made early on are both difficult and costly to change, and thus it is paramount that the engineer gets them "right". This leads to a paradox, as in early design, the engineer is often forced to make these decisions under uncertainty, i.e., not knowing the precise impact of those decisions on the various concerns. How could the engineer make the "right" choices in such circumstances? This is precisely the question we have tackled in this paper. We present GuideArch, a framework aimed at quantitative exploration of the architectural solution space under uncertainty. It provides techniques founded on fuzzy math that help the engineer with making informed decisions. @InProceedings{ICSE13p43, author = {Naeem Esfahani and Sam Malek and Kaveh Razavi}, title = {GuideArch: Guiding the Exploration of Architectural Solution Space under Uncertainty}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {43--52}, doi = {}, year = {2013}, } |
|
Ren, Jian |
ICSE '13: "Not Going to Take This Anymore: ..."
Not Going to Take This Anymore: Multi-objective Overtime Planning for Software Engineering Projects
Filomena Ferrucci , Mark Harman , Jian Ren, and Federica Sarro (University of Salerno, Italy; University College London, UK) Software Engineering and development is well- known to suffer from unplanned overtime, which causes stress and illness in engineers and can lead to poor quality software with higher defects. In this paper, we introduce a multi-objective decision support approach to help balance project risks and duration against overtime, so that software engineers can better plan overtime. We evaluate our approach on 6 real world software projects, drawn from 3 organisations using 3 standard evaluation measures and 3 different approaches to risk assessment. Our results show that our approach was significantly better (p < 0.05) than standard multi-objective search in 76% of experiments (with high Cohen effect size in 85% of these) and was significantly better than currently used overtime planning strategies in 100% of experiments (with high effect size in all). We also show how our approach provides actionable overtime planning results and inves- tigate the impact of the three different forms of risk assessment. @InProceedings{ICSE13p462, author = {Filomena Ferrucci and Mark Harman and Jian Ren and Federica Sarro}, title = {Not Going to Take This Anymore: Multi-objective Overtime Planning for Software Engineering Projects}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {462--471}, doi = {}, year = {2013}, } Video |
|
Rhein, Alexander von |
ICSE '13: "Strategies for Product-Line ..."
Strategies for Product-Line Verification: Case Studies and Experiments
Sven Apel, Alexander von Rhein, Philipp Wendler, Armin Größlinger, and Dirk Beyer (University of Passau, Germany) Product-line technology is increasingly used in mission-critical and safety-critical applications. Hence, researchers are developing verification approaches that follow different strategies to cope with the specific properties of product lines. While the research community is discussing the mutual strengths and weaknesses of the different strategies—mostly at a conceptual level—there is a lack of evidence in terms of case studies, tool implementations, and experiments. We have collected and prepared six product lines as subject systems for experimentation. Furthermore, we have developed a model-checking tool chain for C-based and Java-based product lines, called SPLVERIFIER, which we use to compare sample-based and family-based strategies with regard to verification performance and the ability to find defects. Based on the experimental results and an analytical model, we revisit the discussion of the strengths and weaknesses of product-line–verification strategies. @InProceedings{ICSE13p482, author = {Sven Apel and Alexander von Rhein and Philipp Wendler and Armin Größlinger and Dirk Beyer}, title = {Strategies for Product-Line Verification: Case Studies and Experiments}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {482--491}, doi = {}, year = {2013}, } Video |
|
Rigby, Peter C. |
ICSE '13: "Discovering Essential Code ..."
Discovering Essential Code Elements in Informal Documentation
Peter C. Rigby and Martin P. Robillard (Concordia University, Canada; McGill University, Canada) To access the knowledge contained in developer communication, such as forum posts, it is useful to determine automatically the code elements referred to in the discussions. We propose a novel traceability recovery approach to extract the code elements contained in various documents. As opposed to previous work, our approach does not require an index of code elements to find links, which makes it particularly well-suited for the analysis of informal documentation. When evaluated on 188 StackOverflow answer posts containing 993 code elements, the technique performs with average 0.92 precision and 0.90 recall. As a major refinement on traditional traceability approaches, we also propose to detect which of the code elements in a document are salient, or germane, to the topic of the post. To this end we developed a three-feature decision tree classifier that performs with a precision of 0.65-0.74 and recall of 0.30-0.65, depending on the subject of the document. @InProceedings{ICSE13p832, author = {Peter C. Rigby and Martin P. Robillard}, title = {Discovering Essential Code Elements in Informal Documentation}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {832--841}, doi = {}, year = {2013}, } |
|
Robby |
ICSE '13: "Explicating Symbolic Execution ..."
Explicating Symbolic Execution (xSymExe): An Evidence-Based Verification Framework
John Hatcliff, Robby, Patrice Chalin, and Jason Belt (Kansas State University, USA) Previous applications of symbolic execution (SymExe) have focused on bug-finding and test-case generation. However, SymExe has the potential to significantly improve usability and automation when applied to verification of software contracts in safety-critical systems. Due to the lack of support for processing software contracts and ad hoc approaches for introducing a variety of over/under-approximations and optimizations, most SymExe implementations cannot precisely characterize the verification status of contracts. Moreover, these tools do not provide explicit justifications for their conclusions, and thus they are not aligned with trends toward evidence-based verification and certification. We introduce the concept of "explicating symbolic execution" (xSymExe) that builds on a strong semantic foundation, supports full verification of rich software contracts, explicitly tracks where over/under-approximations are introduced or avoided, precisely characterizes the verification status of each contractual claim, and associates each claim with "explications" for its reported verification status. We report on case studies in the use of Bakar Kiasan, our open source xSymExe tool for SPARK Ada. @InProceedings{ICSE13p222, author = {John Hatcliff and Robby and Patrice Chalin and Jason Belt}, title = {Explicating Symbolic Execution (xSymExe): An Evidence-Based Verification Framework}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {222--231}, doi = {}, year = {2013}, } |
|
Robillard, Martin P. |
ICSE '13: "Discovering Essential Code ..."
Discovering Essential Code Elements in Informal Documentation
Peter C. Rigby and Martin P. Robillard (Concordia University, Canada; McGill University, Canada) To access the knowledge contained in developer communication, such as forum posts, it is useful to determine automatically the code elements referred to in the discussions. We propose a novel traceability recovery approach to extract the code elements contained in various documents. As opposed to previous work, our approach does not require an index of code elements to find links, which makes it particularly well-suited for the analysis of informal documentation. When evaluated on 188 StackOverflow answer posts containing 993 code elements, the technique performs with average 0.92 precision and 0.90 recall. As a major refinement on traditional traceability approaches, we also propose to detect which of the code elements in a document are salient, or germane, to the topic of the post. To this end we developed a three-feature decision tree classifier that performs with a precision of 0.65-0.74 and recall of 0.30-0.65, depending on the subject of the document. @InProceedings{ICSE13p832, author = {Peter C. Rigby and Martin P. Robillard}, title = {Discovering Essential Code Elements in Informal Documentation}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {832--841}, doi = {}, year = {2013}, } |
|
Rothermel, Gregg |
ICSE '13: "Bridging the Gap between the ..."
Bridging the Gap between the Total and Additional Test-Case Prioritization Strategies
Lingming Zhang, Dan Hao, Lu Zhang, Gregg Rothermel, and Hong Mei (Peking University, China; University of Texas at Austin, USA; University of Nebraska-Lincoln, USA) In recent years, researchers have intensively investigated various topics in test-case prioritization, which aims to re-order test cases to increase the rate of fault detection during regression testing. The total and additional prioritization strategies, which prioritize based on total numbers of elements covered per test, and numbers of additional (not-yet-covered) elements covered per test, are two widely-adopted generic strategies used for such prioritization. This paper proposes a basic model and an extended model that unify the total strategy and the additional strategy. Our models yield a spectrum of generic strategies ranging between the total and additional strategies, depending on a parameter referred to as the p value. We also propose four heuristics to obtain differentiated p values for different methods under test. We performed an empirical study on 19 versions of four Java programs to explore our results. Our results demonstrate that wide ranges of strategies in our basic and extended models with uniform p values can significantly outperform both the total and additional strategies. In addition, our results also demonstrate that using differentiated p values for both the basic and extended models with method coverage can even outperform the additional strategy using statement coverage. @InProceedings{ICSE13p192, author = {Lingming Zhang and Dan Hao and Lu Zhang and Gregg Rothermel and Hong Mei}, title = {Bridging the Gap between the Total and Additional Test-Case Prioritization Strategies}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {192--201}, doi = {}, year = {2013}, } |
|
Roy Choudhary, Shauvik |
ICSE '13: "X-PERT: Accurate Identification ..."
X-PERT: Accurate Identification of Cross-Browser Issues in Web Applications
Shauvik Roy Choudhary, Mukul R. Prasad, and Alessandro Orso (Georgia Tech, USA; Fujitsu Labs, USA) Due to the increasing popularity of web applications, and the number of browsers and platforms on which such applications can be executed, cross-browser incompatibilities (XBIs) are becoming a serious concern for organizations that develop web-based software. Most of the techniques for XBI detection developed to date are either manual, and thus costly and error-prone, or partial and imprecise, and thus prone to generating both false positives and false negatives. To address these limitations of existing techniques, we developed X-PERT, a new automated, precise, and comprehensive approach for XBI detection. X-PERT combines several new and existing differencing techniques and is based on our findings from an extensive study of XBIs in real-world web applications. The key strength of our approach is that it handles each aspects of a web application using the differencing technique that is best suited to accurately detect XBIs related to that aspect. Our empirical evaluation shows that X-PERT is effective in detecting real-world XBIs, improves on the state of the art, and can provide useful support to developers for the diagnosis and (eventually) elimination of XBIs. @InProceedings{ICSE13p702, author = {Shauvik Roy Choudhary and Mukul R. Prasad and Alessandro Orso}, title = {X-PERT: Accurate Identification of Cross-Browser Issues in Web Applications}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {702--711}, doi = {}, year = {2013}, } Video |
|
Roychoudhury, Abhik |
ICSE '13: "Partition-Based Regression ..."
Partition-Based Regression Verification
Marcel Böhme, Bruno C. d. S. Oliveira, and Abhik Roychoudhury (National University of Singapore, Singapore) Regression verification (RV) seeks to guarantee the absence of regression errors in a changed program version. This paper presents Partition-based Regression Verification (PRV): an approach to RV based on the gradual exploration of differential input partitions. A differential input partition is a subset of the common input space of two program versions that serves as a unit of verification. Instead of proving the absence of regression for the complete input space at once, PRV verifies differential partitions in a gradual manner. If the exploration is interrupted, PRV retains partial verification guarantees at least for the explored differential partitions. This is crucial in practice as verifying the complete input space can be prohibitively expensive. Experiments show that PRV provides a useful alternative to state-of-the-art regression test generation techniques. During the exploration, PRV generates test cases which can expose different behaviour across two program versions. However, while test cases are generally single points in the common input space, PRV can verify entire partitions and moreover give feedback that allows programmers to relate a behavioral difference to those syntactic changes that contribute to this difference. @InProceedings{ICSE13p302, author = {Marcel Böhme and Bruno C. d. S. Oliveira and Abhik Roychoudhury}, title = {Partition-Based Regression Verification}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {302--311}, doi = {}, year = {2013}, } Video ICSE '13: "SemFix: Program Repair via ..." SemFix: Program Repair via Semantic Analysis Hoang Duong Thien Nguyen, Dawei Qi, Abhik Roychoudhury , and Satish Chandra (National University of Singapore, Singapore; IBM Research, USA) Debugging consumes significant time and effort in any major software development project. Moreover, even after the root cause of a bug is identified, fixing the bug is non-trivial. Given this situation, automated program repair methods are of value. In this paper, we present an automated repair method based on symbolic execution, constraint solving and program synthesis. In our approach, the requirement on the repaired code to pass a given set of tests is formulated as a constraint. Such a constraint is then solved by iterating over a layered space of repair expressions, layered by the complexity of the repair code. We compare our method with recently proposed genetic programming based repair on SIR programs with seeded bugs, as well as fragments of GNU Coreutils with real bugs. On these subjects, our approach reports a higher success-rate than genetic programming based repair, and produces a repair faster. @InProceedings{ICSE13p772, author = {Hoang Duong Thien Nguyen and Dawei Qi and Abhik Roychoudhury and Satish Chandra}, title = {SemFix: Program Repair via Semantic Analysis}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {772--781}, doi = {}, year = {2013}, } |
|
Russo, Alessandra |
ICSE '13: "Learning Revised Models for ..."
Learning Revised Models for Planning in Adaptive Systems
Daniel Sykes, Domenico Corapi, Jeff Magee, Jeff Kramer, Alessandra Russo, and Katsumi Inoue (Imperial College London, UK; National Institute of Informatics, Japan) Environment domain models are a key part of the information used by adaptive systems to determine their behaviour. These models can be incomplete or inaccurate. In addition, since adaptive systems generally operate in environments which are subject to change, these models are often also out of date. To update and correct these models, the system should observe how the environment responds to its actions, and compare these responses to those predicted by the model. In this paper, we use a probabilistic rule learning approach, NoMPRoL, to update models using feedback from the running system in the form of execution traces. NoMPRoL is a technique for non-monotonic probabilistic rule learning based on a transformation of an inductive logic programming task into an equivalent abductive one. In essence, it exploits consistent observations by finding general rules which explain observations in terms of the conditions under which they occur. The updated models are then used to generate new behaviour with a greater chance of success in the actual environment encountered. @InProceedings{ICSE13p63, author = {Daniel Sykes and Domenico Corapi and Jeff Magee and Jeff Kramer and Alessandra Russo and Katsumi Inoue}, title = {Learning Revised Models for Planning in Adaptive Systems}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {63--71}, doi = {}, year = {2013}, } Video |
|
Russo, Stefano |
ICSE '13: "A Learning-Based Method for ..."
A Learning-Based Method for Combining Testing Techniques
Domenico Cotroneo, Roberto Pietrantuono, and Stefano Russo (Università di Napoli Federico II, Italy; Lab CINI-ITEM Carlo Savy, Italy) This work presents a method to combine testing techniques adaptively during the testing process. It intends to mitigate the sources of uncertainty of software testing processes, by learning from past experience and, at the same time, adapting the technique selection to the current testing session. The method is based on machine learning strategies. It uses offline strategies to take historical information into account about the techniques performance collected in past testing sessions; then, online strategies are used to adapt the selection of test cases to the data observed as the testing proceeds. Experimental results show that techniques performance can be accurately characterized from features of the past testing sessions, by means of machine learning algorithms, and that integrating this result into the online algorithm allows improving the fault detection effectiveness with respect to single testing techniques, as well as to their random combination. @InProceedings{ICSE13p142, author = {Domenico Cotroneo and Roberto Pietrantuono and Stefano Russo}, title = {A Learning-Based Method for Combining Testing Techniques}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {142--151}, doi = {}, year = {2013}, } |
|
Sa'ar, Yaniv |
ICSE '13: "Counter Play-Out: Executing ..."
Counter Play-Out: Executing Unrealizable Scenario-Based Specifications
Shahar Maoz and Yaniv Sa'ar (Tel Aviv University, Israel; Weizmann Institute of Science, Israel) The scenario-based approach to the specification and simulation of reactive systems has attracted much research efforts in recent years. While the problem of synthesizing a controller or a transition system from a scenario-based specification has been studied extensively, no work has yet effectively addressed the case where the specification is unrealizable and a controller cannot be synthesized. This has limited the effectiveness of using scenario-based specifications in requirements analysis and simulation. In this paper we present counter play-out, an interactive debugging method for unrealizable scenario-based specifications. When we identify an unrealizable specification, we generate a controller that plays the role of the environment and lets the engineer play the role of the system. During execution, the former chooses environment's moves such that the latter is forced to eventually fail in satisfying the system's requirements. This results in an interactive, guided execution, leading to the root causes of unrealizability. The generated controller constitutes a proof that the specification is conflicting and cannot be realized. Counter play-out is based on a counter strategy, which we compute by solving a Rabin game using a symbolic, BDD-based algorithm. The work is implemented and integrated with PlayGo, an IDE for scenario-based programming developed at the Weizmann Institute of Science. Case studies show the contribution of our work to the state-of-the-art in the scenario-based approach to specification and simulation. @InProceedings{ICSE13p242, author = {Shahar Maoz and Yaniv Sa'ar}, title = {Counter Play-Out: Executing Unrealizable Scenario-Based Specifications}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {242--251}, doi = {}, year = {2013}, } |
|
Sadowski, Caitlin |
ICSE '13: "Does Bug Prediction Support ..."
Does Bug Prediction Support Human Developers? Findings from a Google Case Study
Chris Lewis, Zhongpeng Lin, Caitlin Sadowski, Xiaoyan Zhu, Rong Ou, and E. James Whitehead Jr. (UC Santa Cruz, USA; Google, USA; Xi'an Jiaotong University, China) While many bug prediction algorithms have been developed by academia, they're often only tested and verified in the lab using automated means. We do not have a strong idea about whether such algorithms are useful to guide human developers. We deployed a bug prediction algorithm across Google, and found no identifiable change in developer behavior. Using our experience, we provide several characteristics that bug prediction algorithms need to meet in order to be accepted by human developers and truly change how developers evaluate their code. @InProceedings{ICSE13p372, author = {Chris Lewis and Zhongpeng Lin and Caitlin Sadowski and Xiaoyan Zhu and Rong Ou and E. James Whitehead Jr.}, title = {Does Bug Prediction Support Human Developers? Findings from a Google Case Study}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {372--381}, doi = {}, year = {2013}, } |
|
Saghafi, Salman |
ICSE '13: "Aluminum: Principled Scenario ..."
Aluminum: Principled Scenario Exploration through Minimality
Tim Nelson, Salman Saghafi, Daniel J. Dougherty, Kathi Fisler, and Shriram Krishnamurthi (Worcester Polytechnic Institute, USA; Brown University, USA) Scenario-finding tools such as Alloy are widely used to understand the consequences of specifications, with applications to software modeling, security analysis, and verification. This paper focuses on the exploration of scenarios: which scenarios are presented first, and how to traverse them in a well-defined way. We present Aluminum, a modification of Alloy that presents only minimal scenarios: those that contain no more than is necessary. Aluminum lets users explore the scenario space by adding to scenarios and backtracking. It also provides the ability to find what can consistently be used to extend each scenario. We describe the semantic basis of Aluminum in terms of minimal models of first-order logic formulas. We show how this theory can be implemented atop existing SAT-solvers and quantify both the benefits of minimality and its small computational overhead. Finally, we offer some qualitative observations about scenario exploration in Aluminum. @InProceedings{ICSE13p232, author = {Tim Nelson and Salman Saghafi and Daniel J. Dougherty and Kathi Fisler and Shriram Krishnamurthi}, title = {Aluminum: Principled Scenario Exploration through Minimality}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {232--241}, doi = {}, year = {2013}, } Video |
|
Salehie, Mazeiar |
ICSE '13: "Engineering Adaptive Privacy: ..."
Engineering Adaptive Privacy: On the Role of Privacy Awareness Requirements
Inah Omoronyia, Luca Cavallaro, Mazeiar Salehie, Liliana Pasquale, and Bashar Nuseibeh (University of Glasgow, UK; Lero, Ireland; University of Limerick, Ireland; Open University, UK) Applications that continuously gather and disclose personal information about users are increasingly common. While disclosing this information may be essential for these applications to function, it may also raise privacy concerns. Partly, this is due to frequently changing context that introduces new privacy threats, and makes it difficult to continuously satisfy privacy requirements. To address this problem, applications may need to adapt in order to manage changing privacy concerns. Thus, we propose a framework that exploits the notion of privacy awareness requirements to identify runtime privacy properties to satisfy. These properties are used to support disclosure decision making by applications. Our evaluations suggest that applications that fail to satisfy privacy awareness requirements cannot regulate users information disclosure. We also observe that the satisfaction of privacy awareness requirements is useful to users aiming to minimise exposure to privacy threats, and to users aiming to maximise functional benefits amidst increasing threat severity. @InProceedings{ICSE13p632, author = {Inah Omoronyia and Luca Cavallaro and Mazeiar Salehie and Liliana Pasquale and Bashar Nuseibeh}, title = {Engineering Adaptive Privacy: On the Role of Privacy Awareness Requirements}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {632--641}, doi = {}, year = {2013}, } |
|
Sarda, Nikhil |
ICSE '13: "Chronicler: Lightweight Recording ..."
Chronicler: Lightweight Recording to Reproduce Field Failures
Jonathan Bell, Nikhil Sarda, and Gail Kaiser (Columbia University, USA) When programs fail in the field, developers are often left with limited information to diagnose the failure. Automated error reporting tools can assist in bug report generation but without precise steps from the end user it is often difficult for developers to recreate the failure. Advanced remote debugging tools aim to capture sufficient information from field executions to recreate failures in the lab but often have too much overhead to practically deploy. We present CHRONICLER, an approach to remote debugging that captures non-deterministic inputs to applications in a lightweight manner, assuring faithful reproduction of client executions. We evaluated CHRONICLER by creating a Java implementation, CHRONICLERJ, and then by using a set of benchmarks mimicking real world applications and workloads, showing its runtime overhead to be under 10% in most cases (worst case 86%), while an existing tool showed overhead over 100% in the same cases (worst case 2,322%). @InProceedings{ICSE13p362, author = {Jonathan Bell and Nikhil Sarda and Gail Kaiser}, title = {Chronicler: Lightweight Recording to Reproduce Field Failures}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {362--371}, doi = {}, year = {2013}, } Video |
|
Sarma, Anita |
ICSE '13: "Cassandra: Proactive Conflict ..."
Cassandra: Proactive Conflict Minimization through Optimized Task Scheduling
Bakhtiar Khan Kasi and Anita Sarma (University of Nebraska-Lincoln, USA) Software conflicts arising because of conflicting changes are a regular occurrence and delay projects. The main precept of workspace awareness tools has been to identify potential conflicts early, while changes are still small and easier to resolve. However, in this approach conflicts still occur and require developer time and effort to resolve. We present a novel conflict minimization technique that proactively identifies potential conflicts, encodes them as constraints, and solves the constraint space to recommend a set of conflict-minimal development paths for the team. Here we present a study of four open source projects to characterize the distribution of conflicts and their resolution efforts. We then explain our conflict minimization technique and the design and implementation of this technique in our prototype, Cassandra. We show that Cassandra would have successfully avoided a majority of conflicts in the four open source test subjects. We demonstrate the efficiency of our approach by applying the technique to a simulated set of scenarios with higher than normal incidence of conflicts. @InProceedings{ICSE13p732, author = {Bakhtiar Khan Kasi and Anita Sarma}, title = {Cassandra: Proactive Conflict Minimization through Optimized Task Scheduling}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {732--741}, doi = {}, year = {2013}, } Video |
|
Sarro, Federica |
ICSE '13: "Not Going to Take This Anymore: ..."
Not Going to Take This Anymore: Multi-objective Overtime Planning for Software Engineering Projects
Filomena Ferrucci , Mark Harman , Jian Ren, and Federica Sarro (University of Salerno, Italy; University College London, UK) Software Engineering and development is well- known to suffer from unplanned overtime, which causes stress and illness in engineers and can lead to poor quality software with higher defects. In this paper, we introduce a multi-objective decision support approach to help balance project risks and duration against overtime, so that software engineers can better plan overtime. We evaluate our approach on 6 real world software projects, drawn from 3 organisations using 3 standard evaluation measures and 3 different approaches to risk assessment. Our results show that our approach was significantly better (p < 0.05) than standard multi-objective search in 76% of experiments (with high Cohen effect size in 85% of these) and was significantly better than currently used overtime planning strategies in 100% of experiments (with high effect size in all). We also show how our approach provides actionable overtime planning results and inves- tigate the impact of the three different forms of risk assessment. @InProceedings{ICSE13p462, author = {Filomena Ferrucci and Mark Harman and Jian Ren and Federica Sarro}, title = {Not Going to Take This Anymore: Multi-objective Overtime Planning for Software Engineering Projects}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {462--471}, doi = {}, year = {2013}, } Video |
|
Sawadsky, Nicholas |
ICSE '13: "Reverb: Recommending Code-Related ..."
Reverb: Recommending Code-Related Web Pages
Nicholas Sawadsky, Gail C. Murphy, and Rahul Jiresal (University of British Columbia, Canada) The web is an important source of development-related resources, such as code examples, tutorials, and API documentation. Yet existing development environments are largely disconnected from these resources. In this work, we explore how to provide useful web page recommendations to developers by focusing on the problem of refinding web pages that a developer has previously used. We present the results of a study about developer browsing activity in which we found that 13.7% of developers visits to code-related pages are revisits and that only a small fraction (7.4%) of these were initiated through a low-cost mechanism, such as a bookmark. To assist with code-related revisits, we introduce Reverb, a tool which recommends previously visited web pages that pertain to the code visible in the developer's editor. Through a field study, we found that, on average, Reverb can recommend a useful web page in 51% of revisitation cases. @InProceedings{ICSE13p812, author = {Nicholas Sawadsky and Gail C. Murphy and Rahul Jiresal}, title = {Reverb: Recommending Code-Related Web Pages}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {812--821}, doi = {}, year = {2013}, } Video |
|
Sayyad, Abdel Salam |
ICSE '13: "On the Value of User Preferences ..."
On the Value of User Preferences in Search-Based Software Engineering: A Case Study in Software Product Lines
Abdel Salam Sayyad, Tim Menzies, and Hany Ammar (West Virginia University, USA) Software design is a process of trading off competing objectives. If the user objective space is rich, then we should use optimizers that can fully exploit that richness. For example, this study configures software product lines (expressed as feature maps) using various search-based software engineering methods. As we increase the number of optimization objectives, we find that methods in widespread use (e.g. NSGA-II, SPEA2) perform much worse than IBEA (Indicator-Based Evolutionary Algorithm). IBEA works best since it makes most use of user preference knowledge. Hence it does better on the standard measures (hypervolume and spread) but it also generates far more products with 0% violations of domain constraints. Our conclusion is that we need to change our methods for search-based software engineering, particularly when studying complex decision spaces. @InProceedings{ICSE13p492, author = {Abdel Salam Sayyad and Tim Menzies and Hany Ammar}, title = {On the Value of User Preferences in Search-Based Software Engineering: A Case Study in Software Product Lines}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {492--501}, doi = {}, year = {2013}, } Video |
|
Schäfer, Max |
ICSE '13: "Efficient Construction of ..."
Efficient Construction of Approximate Call Graphs for JavaScript IDE Services
Asger Feldthaus, Max Schäfer, Manu Sridharan, Julian Dolby , and Frank Tip (Aarhus University, Denmark; Nanyang Technological University, Singapore; IBM Research, USA; University of Waterloo, Canada) The rapid rise of JavaScript as one of the most popular programming languages of the present day has led to a demand for sophisticated IDE support similar to what is available for Java or C#. However, advanced tooling is hampered by the dynamic nature of the language, which makes any form of static analysis very difficult. We single out efficient call graph construction as a key problem to be solved in order to improve development tools for JavaScript. To address this problem, we present a scalable field-based flow analysis for constructing call graphs. Our evaluation on large real-world programs shows that the analysis, while in principle unsound, produces highly accurate call graphs in practice. Previous analyses do not scale to these programs, but our analysis handles them in a matter of seconds, thus proving its suitability for use in an interactive setting. @InProceedings{ICSE13p752, author = {Asger Feldthaus and Max Schäfer and Manu Sridharan and Julian Dolby and Frank Tip}, title = {Efficient Construction of Approximate Call Graphs for JavaScript IDE Services}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {752--761}, doi = {}, year = {2013}, } |
|
Scharf, Andreas |
ICSE '13: "Dynamic Injection of Sketching ..."
Dynamic Injection of Sketching Features into GEF Based Diagram Editors
Andreas Scharf and Till Amma (University of Kassel, Germany) Software Engineering in general is a very creative process, especially in the early stages of development like requirements engineering or architectural design where sketching techniques are used to manifest ideas and share thoughts. On the one hand, a lot of diagram tools with sophisticated editing features exist, aiming to support the engineers for this task. On the other hand, research has shown that most formal tools limit designer’s creativity by restricting input to valid data. This raises the need for combining the flexibility of sketchbased input with the power of formal tools. With an increasing amount of available touch-enabled input devices, plenty of tools supporting these and similar features were created but either they require the developer to use a special diagram editor generation framework or have very limited extension capabilities. In this paper we propose Scribble: A generic, extensible framework which brings sketching functionality to any new or existing GEF based diagram editor in the Eclipse ecosystem. Sketch features can be dynamically injected and used without writing a single line of code. We designed Scribble to be open for new shape recognition algorithms and to provide a great degree of user control. We successfully tested Scribble in three diagram tools, each having a different level of complexity. @InProceedings{ICSE13p822, author = {Andreas Scharf and Till Amma}, title = {Dynamic Injection of Sketching Features into GEF Based Diagram Editors}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {822--831}, doi = {}, year = {2013}, } |
|
Schneider, Kurt |
ICSE '13: "Creating a Shared Understanding ..."
Creating a Shared Understanding of Testing Culture on a Social Coding Site
Raphael Pham, Leif Singer, Olga Liskin, Fernando Figueira Filho, and Kurt Schneider (Leibniz Universität Hannover, Germany; UFRN, Brazil) Many software development projects struggle with creating and communicating a testing culture that is appropriate for the project's needs. This may degrade software quality by leaving defects undiscovered. Previous research suggests that social coding sites such as GitHub provide a collaborative environment with a high degree of social transparency. This makes developers' actions and interactions more visible and traceable. We conducted interviews with 33 active users of GitHub to investigate how the increased transparency found on GitHub influences developers' testing behaviors. Subsequently, we validated our findings with an online questionnaire that was answered by 569 members of GitHub. We found several strategies that software developers and managers can use to positively influence the testing behavior in their projects. However, project owners on GitHub may not be aware of them. We report on the challenges and risks caused by this and suggest guidelines for promoting a sustainable testing culture in software development projects. @InProceedings{ICSE13p112, author = {Raphael Pham and Leif Singer and Olga Liskin and Fernando Figueira Filho and Kurt Schneider}, title = {Creating a Shared Understanding of Testing Culture on a Social Coding Site}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {112--121}, doi = {}, year = {2013}, } |
|
Schobbens, Pierre-Yves |
ICSE '13: "Beyond Boolean Product-Line ..."
Beyond Boolean Product-Line Model Checking: Dealing with Feature Attributes and Multi-features
Maxime Cordy, Pierre-Yves Schobbens, Patrick Heymans, and Axel Legay (University of Namur, Belgium; IRISA, France; INRIA, France; University of Liège, Belgium) Model checking techniques for software product lines (SPL) are actively researched. A major limitation they currently have is the inability to deal efficiently with non-Boolean features and multi-features. An example of a non-Boolean feature is a numeric attribute such as maximum number of users which can take different numeric values across the range of SPL products. Multi-features are features that can appear several times in the same product, such as processing units which number is variable from one product to another and which can be configured independently. Both constructs are extensively used in practice but currently not supported by existing SPL model checking techniques. To overcome this limitation, we formally define a language that integrates these constructs with SPL behavioural specifications. We generalize SPL model checking algorithms correspondingly and evaluate their applicability. Our results show that the algorithms remain efficient despite the generalization. @InProceedings{ICSE13p472, author = {Maxime Cordy and Pierre-Yves Schobbens and Patrick Heymans and Axel Legay}, title = {Beyond Boolean Product-Line Model Checking: Dealing with Feature Attributes and Multi-features}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {472--481}, doi = {}, year = {2013}, } |
|
Sedee, Ben |
ICSE '13: "Data Clone Detection and Visualization ..."
Data Clone Detection and Visualization in Spreadsheets
Felienne Hermans, Ben Sedee, Martin Pinzger, and Arie van Deursen (TU Delft, Netherlands) Spreadsheets are widely used in industry: it is estimated that end-user programmers outnumber programmers by a factor 5. However, spreadsheets are error-prone, numerous companies have lost money because of spreadsheet errors. One of the causes for spreadsheet problems is the prevalence of copy-pasting. In this paper, we study this cloning in spreadsheets. Based on existing text-based clone detection algorithms, we have developed an algorithm to detect data clones in spreadsheets: formulas whose values are copied as plain text in a different location. To evaluate the usefulness of the proposed approach, we conducted two evaluations. A quantitative evaluation in which we analyzed the EUSES corpus and a qualitative evaluation consisting of two case studies. The results of the evaluation clearly indicate that 1) data clones are common, 2) data clones pose threats to spreadsheet quality and 3) our approach supports users in finding and resolving data clones. @InProceedings{ICSE13p292, author = {Felienne Hermans and Ben Sedee and Martin Pinzger and Arie van Deursen}, title = {Data Clone Detection and Visualization in Spreadsheets}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {292--301}, doi = {}, year = {2013}, } |
|
Segall, Itai |
ICSE '13: "Interaction-Based Test-Suite ..."
Interaction-Based Test-Suite Minimization
Dale Blue, Itai Segall, Rachel Tzoref-Brill , and Aviad Zlotnick (IBM, USA; IBM Research, Israel) Combinatorial Test Design (CTD) is an effective test planning technique that reveals faults resulting from feature interactions in a system. The standard application of CTD requires manual modeling of the test space, including a precise definition of restrictions between the test space parameters, and produces a test suite that corresponds to new test cases to be implemented from scratch. In this work, we propose to use Interaction-based Test-Suite Minimization (ITSM) as a complementary approach to standard CTD. ITSM reduces a given test suite without impacting its coverage of feature interactions. ITSM requires much less modeling effort, and does not require a definition of restrictions. It is appealing where there has been a significant investment in an existing test suite, where creating new tests is expensive, and where restrictions are very complex. We discuss the tradeoffs between standard CTD and ITSM, and suggest an efficient algorithm for solving the latter. We also discuss the challenges and additional requirements that arise when applying ITSM to real-life test suites. We introduce solutions to these challenges and demonstrate them through two real-life case studies. @InProceedings{ICSE13p182, author = {Dale Blue and Itai Segall and Rachel Tzoref-Brill and Aviad Zlotnick}, title = {Interaction-Based Test-Suite Minimization}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {182--191}, doi = {}, year = {2013}, } Video |
|
Shang, Weiyi |
ICSE '13: "Assisting Developers of Big ..."
Assisting Developers of Big Data Analytics Applications When Deploying on Hadoop Clouds
Weiyi Shang, Zhen Ming Jiang, Hadi Hemmati, Bram Adams, Ahmed E. Hassan , and Patrick Martin (Queen's University, Canada; Polytechnique Montréal, Canada) Big data analytics is the process of examining large amounts of data (big data) in an effort to uncover hidden patterns or unknown correlations. Big Data Analytics Applications (BDA Apps) are a new type of software applications, which analyze big data using massive parallel processing frameworks (e.g., Hadoop). Developers of such applications typically develop them using a small sample of data in a pseudo-cloud environment. Afterwards, they deploy the applications in a large-scale cloud environment with considerably more processing power and larger input data (reminiscent of the mainframe days). Working with BDA App developers in industry over the past three years, we noticed that the runtime analysis and debugging of such applications in the deployment phase cannot be easily addressed by traditional monitoring and debugging approaches. In this paper, as a first step in assisting developers of BDA Apps for cloud deployments, we propose a lightweight approach for uncovering differences between pseudo and large-scale cloud deployments. Our approach makes use of the readily-available yet rarely used execution logs from these platforms. Our approach abstracts the execution logs, recovers the execution sequences, and compares the sequences between the pseudo and cloud deployments. Through a case study on three representative Hadoop-based BDA Apps, we show that our approach can rapidly direct the attention of BDA App developers to the major differences between the two deployments. Knowledge of such differences is essential in verifying BDA Apps when analyzing big data in the cloud. Using injected deployment faults, we show that our approach not only significantly reduces the deployment verification effort, but also provides very few false positives when identifying deployment failures. @InProceedings{ICSE13p402, author = {Weiyi Shang and Zhen Ming Jiang and Hadi Hemmati and Bram Adams and Ahmed E. Hassan and Patrick Martin}, title = {Assisting Developers of Big Data Analytics Applications When Deploying on Hadoop Clouds}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {402--411}, doi = {}, year = {2013}, } |
|
Shar, Lwin Khin |
ICSE '13: "Mining SQL Injection and Cross ..."
Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Program Analysis
Lwin Khin Shar, Hee Beng Kuan Tan, and Lionel C. Briand (Nanyang Technological University, Singapore; University of Luxembourg, Luxembourg) In previous work, we proposed a set of static attributes that characterize input validation and input sanitization code patterns. We showed that some of the proposed static attributes are significant predictors of SQL injection and cross site scripting vulnerabilities. Static attributes have the advantage of reflecting general properties of a program. Yet, dynamic attributes collected from execution traces may reflect more specific code characteristics that are complementary to static attributes. Hence, to improve our initial work, in this paper, we propose the use of dynamic attributes to complement static attributes in vulnerability prediction. Furthermore, since existing work relies on supervised learning, it is dependent on the availability of training data labeled with known vulnerabilities. This paper presents prediction models that are based on both classification and clustering in order to predict vulnerabilities, working in the presence or absence of labeled training data, respectively. In our experiments across six applications, our new supervised vulnerability predictors based on hybrid (static and dynamic) attributes achieved, on average, 90% recall and 85% precision, that is a sharp increase in recall when compared to static analysis-based predictions. Though not nearly as accurate, our unsupervised predictors based on clustering achieved, on average, 76% recall and 39% precision, thus suggesting they can be useful in the absence of labeled training data. @InProceedings{ICSE13p642, author = {Lwin Khin Shar and Hee Beng Kuan Tan and Lionel C. Briand}, title = {Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Program Analysis}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {642--651}, doi = {}, year = {2013}, } |
|
Singer, Leif |
ICSE '13: "Creating a Shared Understanding ..."
Creating a Shared Understanding of Testing Culture on a Social Coding Site
Raphael Pham, Leif Singer, Olga Liskin, Fernando Figueira Filho, and Kurt Schneider (Leibniz Universität Hannover, Germany; UFRN, Brazil) Many software development projects struggle with creating and communicating a testing culture that is appropriate for the project's needs. This may degrade software quality by leaving defects undiscovered. Previous research suggests that social coding sites such as GitHub provide a collaborative environment with a high degree of social transparency. This makes developers' actions and interactions more visible and traceable. We conducted interviews with 33 active users of GitHub to investigate how the increased transparency found on GitHub influences developers' testing behaviors. Subsequently, we validated our findings with an online questionnaire that was answered by 569 members of GitHub. We found several strategies that software developers and managers can use to positively influence the testing behavior in their projects. However, project owners on GitHub may not be aware of them. We report on the challenges and risks caused by this and suggest guidelines for promoting a sustainable testing culture in software development projects. @InProceedings{ICSE13p112, author = {Raphael Pham and Leif Singer and Olga Liskin and Fernando Figueira Filho and Kurt Schneider}, title = {Creating a Shared Understanding of Testing Culture on a Social Coding Site}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {112--121}, doi = {}, year = {2013}, } |
|
Sinha, Nishant |
ICSE '13: "Guided Test Generation for ..."
Guided Test Generation for Web Applications
Suresh Thummalapenta, K. Vasanta Lakshmi, Saurabh Sinha, Nishant Sinha, and Satish Chandra (IBM Research, India; Indian Institute of Science, India; IBM Research, USA) We focus on functional testing of enterprise applications with the goal of exercising an application's interesting behaviors by driving it from its user interface. The difficulty in doing this is focusing on the interesting behaviors among an unbounded number of behaviors. We present a new technique for automatically generating tests that drive a web-based application along interesting behaviors, where the interesting behavior is specified in the form of "business rules." Business rules are a general mechanism for describing business logic, access control, or even navigational properties of an application's GUI. Our technique is black box, in that it does not analyze the application's server-side implementation, but relies on directed crawling via the application's GUI. To handle the unbounded number of GUI states, the technique includes two phases. Phase 1 creates an abstract state-transition diagram using a relaxed notion of equivalence of GUI states without considering rules. Next, Phase 2 identifies rule-relevant abstract paths and refines those paths using a stricter notion of state equivalence. Our technique can be much more effective at covering business rules than an undirected technique, developed as an enhancement of an existing test-generation technique. Our experiments showed that the former was able to cover 92% of the rules, compared to 52% of the rules covered by the latter. @InProceedings{ICSE13p162, author = {Suresh Thummalapenta and K. Vasanta Lakshmi and Saurabh Sinha and Nishant Sinha and Satish Chandra}, title = {Guided Test Generation for Web Applications}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {162--171}, doi = {}, year = {2013}, } |
|
Sinha, Saurabh |
ICSE '13: "Guided Test Generation for ..."
Guided Test Generation for Web Applications
Suresh Thummalapenta, K. Vasanta Lakshmi, Saurabh Sinha, Nishant Sinha, and Satish Chandra (IBM Research, India; Indian Institute of Science, India; IBM Research, USA) We focus on functional testing of enterprise applications with the goal of exercising an application's interesting behaviors by driving it from its user interface. The difficulty in doing this is focusing on the interesting behaviors among an unbounded number of behaviors. We present a new technique for automatically generating tests that drive a web-based application along interesting behaviors, where the interesting behavior is specified in the form of "business rules." Business rules are a general mechanism for describing business logic, access control, or even navigational properties of an application's GUI. Our technique is black box, in that it does not analyze the application's server-side implementation, but relies on directed crawling via the application's GUI. To handle the unbounded number of GUI states, the technique includes two phases. Phase 1 creates an abstract state-transition diagram using a relaxed notion of equivalence of GUI states without considering rules. Next, Phase 2 identifies rule-relevant abstract paths and refines those paths using a stricter notion of state equivalence. Our technique can be much more effective at covering business rules than an undirected technique, developed as an enhancement of an existing test-generation technique. Our experiments showed that the former was able to cover 92% of the rules, compared to 52% of the rules covered by the latter. @InProceedings{ICSE13p162, author = {Suresh Thummalapenta and K. Vasanta Lakshmi and Saurabh Sinha and Nishant Sinha and Satish Chandra}, title = {Guided Test Generation for Web Applications}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {162--171}, doi = {}, year = {2013}, } |
|
Song, Jaewoo |
ICSE '13: "Automatic Patch Generation ..."
Automatic Patch Generation Learned from Human-Written Patches
Dongsun Kim, Jaechang Nam, Jaewoo Song, and Sunghun Kim (Hong Kong University of Science and Technology, China) Patch generation is an essential software maintenance task because most software systems inevitably have bugs that need to be fixed. Unfortunately, human resources are often insufficient to fix all reported and known bugs. To address this issue, several automated patch generation techniques have been proposed. In particular, a genetic-programming-based patch generation technique, GenProg, proposed by Weimer et al., has shown promising results. However, these techniques can generate nonsensical patches due to the randomness of their mutation operations. To address this limitation, we propose a novel patch generation approach, Pattern-based Automatic program Repair (PAR), using fix patterns learned from existing human-written patches. We manually inspected more than 60,000 human-written patches and found there are several common fix patterns. Our approach leverages these fix patterns to generate program patches automatically. We experimentally evaluated PAR on 119 real bugs. In addition, a user study involving 89 students and 164 developers confirmed that patches generated by our approach are more acceptable than those generated by GenProg. PAR successfully generated patches for 27 out of 119 bugs, while GenProg was successful for only 16 bugs. @InProceedings{ICSE13p802, author = {Dongsun Kim and Jaechang Nam and Jaewoo Song and Sunghun Kim}, title = {Automatic Patch Generation Learned from Human-Written Patches}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {802--811}, doi = {}, year = {2013}, } |
|
Song, Linhai |
ICSE '13: "Toddler: Detecting Performance ..."
Toddler: Detecting Performance Problems via Similar Memory-Access Patterns
Adrian Nistor, Linhai Song, Darko Marinov , and Shan Lu (University of Illinois at Urbana-Champaign, USA; University of Wisconsin-Madison, USA) Performance bugs are programming errors that create significant performance degradation. While developers often use automated oracles for detecting functional bugs, detecting performance bugs usually requires time-consuming, manual analysis of execution profiles. The human effort for performance analysis limits the number of performance tests analyzed and enables performance bugs to easily escape to production. Unfortunately, while profilers can successfully localize slow executing code, profilers cannot be effectively used as automated oracles. This paper presents TODDLER, a novel automated oracle for performance bugs, which enables testing for performance bugs to use the well established and automated process of testing for functional bugs. TODDLER reports code loops whose computation has repetitive and partially similar memory-access patterns across loop iterations. Such repetitive work is likely unnecessary and can be done faster. We implement TODDLER for Java and evaluate it on 9 popular Java codebases. Our experiments with 11 previously known, real-world performance bugs show that TODDLER finds these bugs with a higher accuracy than the standard Java profiler. Using TODDLER, we also found 42 new bugs in six Java projects: Ant, Google Core Libraries, JUnit, Apache Collections, JDK, and JFreeChart. Based on our bug reports, developers so far fixed 10 bugs and confirmed 6 more as real bugs. @InProceedings{ICSE13p562, author = {Adrian Nistor and Linhai Song and Darko Marinov and Shan Lu}, title = {Toddler: Detecting Performance Problems via Similar Memory-Access Patterns}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {562--571}, doi = {}, year = {2013}, } |
|
Song, Yoonki |
ICSE '13: "Why Don't Software Developers ..."
Why Don't Software Developers Use Static Analysis Tools to Find Bugs?
Brittany Johnson, Yoonki Song, Emerson Murphy-Hill, and Robert Bowdidge (North Carolina State University, USA; Google, USA) Using static analysis tools for automating code inspections can be beneficial for software engineers. Such tools can make finding bugs, or software defects, faster and cheaper than manual inspections. Despite the benefits of using static analysis tools to find bugs, research suggests that these tools are underused. In this paper, we investigate why developers are not widely using static analysis tools and how current tools could potentially be improved. We conducted interviews with 20 developers and found that although all of our participants felt that use is beneficial, false positives and the way in which the warnings are presented, among other things, are barriers to use. We discuss several implications of these results, such as the need for an interactive mechanism to help developers fix defects. @InProceedings{ICSE13p672, author = {Brittany Johnson and Yoonki Song and Emerson Murphy-Hill and Robert Bowdidge}, title = {Why Don't Software Developers Use Static Analysis Tools to Find Bugs?}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {672--681}, doi = {}, year = {2013}, } |
|
Spoletini, Paola |
ICSE '13: "Managing Non-functional Uncertainty ..."
Managing Non-functional Uncertainty via Model-Driven Adaptivity
Carlo Ghezzi, Leandro Sales Pinto, Paola Spoletini, and Giordano Tamburrelli (Politecnico di Milano, Italy; Università dell'Insubria, Italy) Modern software systems are often characterized by uncertainty and changes in the environment in which they are embedded. Hence, they must be designed as adaptive systems. We propose a framework that supports adaptation to non-functional manifestations of uncertainty. Our framework allows engineers to derive, from an initial model of the system, a finite state automaton augmented with probabilities. The system is then executed by an interpreter that navigates the automaton and invokes the component implementations associated to the states it traverses. The interpreter adapts the execution by choosing among alternative possible paths of the automaton in order to maximize the system's ability to meet its non-functional requirements. To demonstrate the adaptation capabilities of the proposed approach we implemented an adaptive application inspired by an existing worldwide distributed mobile application and we discussed several adaptation scenarios. @InProceedings{ICSE13p33, author = {Carlo Ghezzi and Leandro Sales Pinto and Paola Spoletini and Giordano Tamburrelli}, title = {Managing Non-functional Uncertainty via Model-Driven Adaptivity}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {33--42}, doi = {}, year = {2013}, } Video |
|
Sridharan, Manu |
ICSE '13: "Efficient Construction of ..."
Efficient Construction of Approximate Call Graphs for JavaScript IDE Services
Asger Feldthaus, Max Schäfer, Manu Sridharan, Julian Dolby , and Frank Tip (Aarhus University, Denmark; Nanyang Technological University, Singapore; IBM Research, USA; University of Waterloo, Canada) The rapid rise of JavaScript as one of the most popular programming languages of the present day has led to a demand for sophisticated IDE support similar to what is available for Java or C#. However, advanced tooling is hampered by the dynamic nature of the language, which makes any form of static analysis very difficult. We single out efficient call graph construction as a key problem to be solved in order to improve development tools for JavaScript. To address this problem, we present a scalable field-based flow analysis for constructing call graphs. Our evaluation on large real-world programs shows that the analysis, while in principle unsound, produces highly accurate call graphs in practice. Previous analyses do not scale to these programs, but our analysis handles them in a matter of seconds, thus proving its suitability for use in an interactive setting. @InProceedings{ICSE13p752, author = {Asger Feldthaus and Max Schäfer and Manu Sridharan and Julian Dolby and Frank Tip}, title = {Efficient Construction of Approximate Call Graphs for JavaScript IDE Services}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {752--761}, doi = {}, year = {2013}, } |
|
Staats, Matt |
ICSE '13: "Observable Modified Condition/Decision ..."
Observable Modified Condition/Decision Coverage
Michael Whalen, Gregory Gay , Dongjiang You, Mats P. E. Heimdahl, and Matt Staats (University of Minnesota, USA; KAIST, South Korea) In many critical systems domains, test suite adequacy is currently measured using structural coverage metrics over the source code. Of particular interest is the modified condition/decision coverage (MC/DC) criterion required for, e.g., critical avionics systems. In previous investigations we have found that the efficacy of such test suites is highly dependent on the structure of the program under test and the choice of variables monitored by the oracle. MC/DC adequate tests would frequently exercise faulty code, but the effects of the faults would not propagate to the monitored oracle variables. In this report, we combine the MC/DC coverage metric with a notion of observability that helps ensure that the result of a fault encountered when covering a structural obligation propagates to a monitored variable; we term this new coverage criterion Observable MC/DC (OMC/DC). We hypothesize this path requirement will make structural coverage metrics 1.) more effective at revealing faults, 2.) more robust to changes in program structure, and 3.) more robust to the choice of variables monitored. We assess the efficacy and sensitivity to program structure of OMC/DC as compared to masking MC/DC using four subsystems from the civil avionics domain and the control logic of a microwave. We have found that test suites satisfying OMC/DC are significantly more effective than test suites satisfying MC/DC, revealing up to 88% more faults, and are less sensitive to program structure and the choice of monitored variables. @InProceedings{ICSE13p102, author = {Michael Whalen and Gregory Gay and Dongjiang You and Mats P. E. Heimdahl and Matt Staats}, title = {Observable Modified Condition/Decision Coverage}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {102--111}, doi = {}, year = {2013}, } |
|
Sumner, William N. |
ICSE '13: "Comparative Causality: Explaining ..."
Comparative Causality: Explaining the Differences between Executions
William N. Sumner and Xiangyu Zhang (Purdue University, USA) We propose a novel fine-grained causal inference technique. Given two executions and some observed differences between them, the technique reasons about the causes of such differences. The technique does so by state replacement, i.e. replacing part of the program state at an earlier point to observe whether the target differences can be induced. It makes a number of key advances: it features a novel execution model that avoids undesirable entangling of the replaced state and the original state; it properly handles differences of omission by symmetrically analyzing both executions; it also leverages a recently developed slicing technique to limit the scope of causality testing while ensuring that no relevant state causes can be missed. The application of the technique on automated debugging shows that it substantially improves the precision and efficiency of causal inference compared to state of the art techniques. @InProceedings{ICSE13p272, author = {William N. Sumner and Xiangyu Zhang}, title = {Comparative Causality: Explaining the Differences between Executions}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {272--281}, doi = {}, year = {2013}, } |
|
Sun, Jun |
ICSE '13: "Dynamic Synthesis of Local ..."
Dynamic Synthesis of Local Time Requirement for Service Composition
Tian Huat Tan, Étienne André , Jun Sun, Yang Liu, Jin Song Dong, and Manman Chen (National University of Singapore, Singapore; Université Paris 13, France; CNRS, France; Singapore University of Technology and Design, Singapore; Nanyang Technological University, Singapore) Service composition makes use of existing service-based applications as components to achieve a business goal. In time critical business environments, the response time of a service is crucial, which is also reflected as a clause in service level agreements (SLAs) between service providers and service users. To allow the composite service to fulfill the response time requirement as promised, it is important to find a feasible set of component services, such that their response time could collectively allow the satisfaction of the response time of the composite service. In this work, we propose a fully automated approach to synthesize the response time requirement of component services, in the form of a constraint on the local response times, that guarantees the global response time requirement. Our approach is based on parameter synthesis techniques for real-time systems. It has been implemented and evaluated with real-world case studies. @InProceedings{ICSE13p542, author = {Tian Huat Tan and Étienne André and Jun Sun and Yang Liu and Jin Song Dong and Manman Chen}, title = {Dynamic Synthesis of Local Time Requirement for Service Composition}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {542--551}, doi = {}, year = {2013}, } |
|
Swearngin, Amanda |
ICSE '13: "Human Performance Regression ..."
Human Performance Regression Testing
Amanda Swearngin, Myra B. Cohen, Bonnie E. John, and Rachel K. E. Bellamy (University of Nebraska-Lincoln, USA; IBM Research, USA) As software systems evolve, new interface features such as keyboard shortcuts and toolbars are introduced. While it is common to regression test the new features for functional correctness, there has been less focus on systematic regression testing for usability, due to the effort and time involved in human studies. Cognitive modeling tools such as CogTool provide some help by computing predictions of user performance, but they still require manual effort to describe the user interface and tasks, limiting regression testing efforts. In recent work, we developed CogTool Helper to reduce the effort required to generate human performance models of existing systems. We build on this work by providing task specific test case generation and present our vision for human performance regression testing (HPRT) that generates large numbers of test cases and evaluates a range of human performance predictions for the same task. We examine the feasibility of HPRT on four tasks in LibreOffice, find several regressions, and then discuss how a project team could use this information. We also illustrate that we can increase efficiency with sampling by leveraging an inference algorithm. Samples that take approximately 50% of the runtime lose at most 10% of the performance predictions. @InProceedings{ICSE13p152, author = {Amanda Swearngin and Myra B. Cohen and Bonnie E. John and Rachel K. E. Bellamy}, title = {Human Performance Regression Testing}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {152--161}, doi = {}, year = {2013}, } Video |
|
Sykes, Daniel |
ICSE '13: "Learning Revised Models for ..."
Learning Revised Models for Planning in Adaptive Systems
Daniel Sykes, Domenico Corapi, Jeff Magee, Jeff Kramer, Alessandra Russo, and Katsumi Inoue (Imperial College London, UK; National Institute of Informatics, Japan) Environment domain models are a key part of the information used by adaptive systems to determine their behaviour. These models can be incomplete or inaccurate. In addition, since adaptive systems generally operate in environments which are subject to change, these models are often also out of date. To update and correct these models, the system should observe how the environment responds to its actions, and compare these responses to those predicted by the model. In this paper, we use a probabilistic rule learning approach, NoMPRoL, to update models using feedback from the running system in the form of execution traces. NoMPRoL is a technique for non-monotonic probabilistic rule learning based on a transformation of an inductive logic programming task into an equivalent abductive one. In essence, it exploits consistent observations by finding general rules which explain observations in terms of the conditions under which they occur. The updated models are then used to generate new behaviour with a greater chance of success in the actual environment encountered. @InProceedings{ICSE13p63, author = {Daniel Sykes and Domenico Corapi and Jeff Magee and Jeff Kramer and Alessandra Russo and Katsumi Inoue}, title = {Learning Revised Models for Planning in Adaptive Systems}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {63--71}, doi = {}, year = {2013}, } Video |
|
Tamburrelli, Giordano |
ICSE '13: "Managing Non-functional Uncertainty ..."
Managing Non-functional Uncertainty via Model-Driven Adaptivity
Carlo Ghezzi, Leandro Sales Pinto, Paola Spoletini, and Giordano Tamburrelli (Politecnico di Milano, Italy; Università dell'Insubria, Italy) Modern software systems are often characterized by uncertainty and changes in the environment in which they are embedded. Hence, they must be designed as adaptive systems. We propose a framework that supports adaptation to non-functional manifestations of uncertainty. Our framework allows engineers to derive, from an initial model of the system, a finite state automaton augmented with probabilities. The system is then executed by an interpreter that navigates the automaton and invokes the component implementations associated to the states it traverses. The interpreter adapts the execution by choosing among alternative possible paths of the automaton in order to maximize the system's ability to meet its non-functional requirements. To demonstrate the adaptation capabilities of the proposed approach we implemented an adaptive application inspired by an existing worldwide distributed mobile application and we discussed several adaptation scenarios. @InProceedings{ICSE13p33, author = {Carlo Ghezzi and Leandro Sales Pinto and Paola Spoletini and Giordano Tamburrelli}, title = {Managing Non-functional Uncertainty via Model-Driven Adaptivity}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {33--42}, doi = {}, year = {2013}, } Video |
|
Tan, Hee Beng Kuan |
ICSE '13: "Mining SQL Injection and Cross ..."
Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Program Analysis
Lwin Khin Shar, Hee Beng Kuan Tan, and Lionel C. Briand (Nanyang Technological University, Singapore; University of Luxembourg, Luxembourg) In previous work, we proposed a set of static attributes that characterize input validation and input sanitization code patterns. We showed that some of the proposed static attributes are significant predictors of SQL injection and cross site scripting vulnerabilities. Static attributes have the advantage of reflecting general properties of a program. Yet, dynamic attributes collected from execution traces may reflect more specific code characteristics that are complementary to static attributes. Hence, to improve our initial work, in this paper, we propose the use of dynamic attributes to complement static attributes in vulnerability prediction. Furthermore, since existing work relies on supervised learning, it is dependent on the availability of training data labeled with known vulnerabilities. This paper presents prediction models that are based on both classification and clustering in order to predict vulnerabilities, working in the presence or absence of labeled training data, respectively. In our experiments across six applications, our new supervised vulnerability predictors based on hybrid (static and dynamic) attributes achieved, on average, 90% recall and 85% precision, that is a sharp increase in recall when compared to static analysis-based predictions. Though not nearly as accurate, our unsupervised predictors based on clustering achieved, on average, 76% recall and 39% precision, thus suggesting they can be useful in the absence of labeled training data. @InProceedings{ICSE13p642, author = {Lwin Khin Shar and Hee Beng Kuan Tan and Lionel C. Briand}, title = {Mining SQL Injection and Cross Site Scripting Vulnerabilities using Hybrid Program Analysis}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {642--651}, doi = {}, year = {2013}, } |
|
Tan, Tian Huat |
ICSE '13: "Dynamic Synthesis of Local ..."
Dynamic Synthesis of Local Time Requirement for Service Composition
Tian Huat Tan, Étienne André , Jun Sun, Yang Liu, Jin Song Dong, and Manman Chen (National University of Singapore, Singapore; Université Paris 13, France; CNRS, France; Singapore University of Technology and Design, Singapore; Nanyang Technological University, Singapore) Service composition makes use of existing service-based applications as components to achieve a business goal. In time critical business environments, the response time of a service is crucial, which is also reflected as a clause in service level agreements (SLAs) between service providers and service users. To allow the composite service to fulfill the response time requirement as promised, it is important to find a feasible set of component services, such that their response time could collectively allow the satisfaction of the response time of the composite service. In this work, we propose a fully automated approach to synthesize the response time requirement of component services, in the form of a constraint on the local response times, that guarantees the global response time requirement. Our approach is based on parameter synthesis techniques for real-time systems. It has been implemented and evaluated with real-world case studies. @InProceedings{ICSE13p542, author = {Tian Huat Tan and Étienne André and Jun Sun and Yang Liu and Jin Song Dong and Manman Chen}, title = {Dynamic Synthesis of Local Time Requirement for Service Composition}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {542--551}, doi = {}, year = {2013}, } |
|
Taylor, Richard N. |
ICSE '13: "Coupling Software Architecture ..."
Coupling Software Architecture and Human Architecture for Collaboration-Aware System Adaptation
Christoph Dorn and Richard N. Taylor (TU Vienna, Austria; UC Irvine, USA) The emergence of socio-technical systems characterized by significant user collaboration poses a new challenge for system adaptation. People are no longer just the ``users'' of a system but an integral part. Traditional self-adaptation mechanisms, however, consider only the software system and remain unaware of the ramifications arising from collaboration interdependencies. By neglecting collective user behavior, an adaptation mechanism is unfit to appropriately adapt to evolution of user activities, consider side-effects on collaborations during the adaptation process, or anticipate negative consequence upon reconfiguration completion. Inspired by existing architecture-centric system adaptation approaches, we propose linking the runtime software architecture to the human collaboration topology. We introduce a mapping mechanism and corresponding framework that enables a system adaptation manager to reason upon the effect of software-level changes on human interactions and vice versa. We outline the integration of the human architecture in the adaptation process and demonstrate the benefit of our approach in a case study. @InProceedings{ICSE13p53, author = {Christoph Dorn and Richard N. Taylor}, title = {Coupling Software Architecture and Human Architecture for Collaboration-Aware System Adaptation}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {53--62}, doi = {}, year = {2013}, } |
|
Thummalapenta, Suresh |
ICSE '13: "Guided Test Generation for ..."
Guided Test Generation for Web Applications
Suresh Thummalapenta, K. Vasanta Lakshmi, Saurabh Sinha, Nishant Sinha, and Satish Chandra (IBM Research, India; Indian Institute of Science, India; IBM Research, USA) We focus on functional testing of enterprise applications with the goal of exercising an application's interesting behaviors by driving it from its user interface. The difficulty in doing this is focusing on the interesting behaviors among an unbounded number of behaviors. We present a new technique for automatically generating tests that drive a web-based application along interesting behaviors, where the interesting behavior is specified in the form of "business rules." Business rules are a general mechanism for describing business logic, access control, or even navigational properties of an application's GUI. Our technique is black box, in that it does not analyze the application's server-side implementation, but relies on directed crawling via the application's GUI. To handle the unbounded number of GUI states, the technique includes two phases. Phase 1 creates an abstract state-transition diagram using a relaxed notion of equivalence of GUI states without considering rules. Next, Phase 2 identifies rule-relevant abstract paths and refines those paths using a stricter notion of state equivalence. Our technique can be much more effective at covering business rules than an undirected technique, developed as an enhancement of an existing test-generation technique. Our experiments showed that the former was able to cover 92% of the rules, compared to 52% of the rules covered by the latter. @InProceedings{ICSE13p162, author = {Suresh Thummalapenta and K. Vasanta Lakshmi and Saurabh Sinha and Nishant Sinha and Satish Chandra}, title = {Guided Test Generation for Web Applications}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {162--171}, doi = {}, year = {2013}, } |
|
Tian, Cong |
ICSE '13: "Detecting Spurious Counterexamples ..."
Detecting Spurious Counterexamples Efficiently in Abstract Model Checking
Cong Tian and Zhenhua Duan (Xidian University, China) Abstraction is one of the most important strategies for dealing with the state space explosion problem in model checking. With an abstract model, the state space is largely reduced, however, a counterexample found in such a model that does not satisfy the desired property may not exist in the concrete model. Therefore, how to check whether a reported counterexample is spurious is a key problem in the abstraction-refinement loop. Particularly, there are often thousands of millions of states in systems of industrial scale, how to check spurious counterexamples in these systems practically is a significant problem. In this paper, by re-analyzing spurious counterexamples, a new formal definition of spurious path is given. Based on it, efficient algorithms for detecting spurious counterexamples are presented. By the new algorithms, when dealing with infinite counterexamples, the finite prefix to be analyzed will be polynomially shorter than the one dealt by the existing algorithm. Moreover, in practical terms, the new algorithms can naturally be parallelized that makes multi-core processors contributes more in spurious counterexample checking. In addition, by the new algorithms, the state resulting in a spurious path ({false state}) that is hidden shallower will be reported earlier. Hence, as long as a {false state} is detected, lots of iterations for detecting all the {false states} will be avoided. Experimental results show that the new algorithms perform well along with the growth of system scale. @InProceedings{ICSE13p202, author = {Cong Tian and Zhenhua Duan}, title = {Detecting Spurious Counterexamples Efficiently in Abstract Model Checking}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {202--211}, doi = {}, year = {2013}, } Video |
|
Tip, Frank |
ICSE '13: "Efficient Construction of ..."
Efficient Construction of Approximate Call Graphs for JavaScript IDE Services
Asger Feldthaus, Max Schäfer, Manu Sridharan, Julian Dolby , and Frank Tip (Aarhus University, Denmark; Nanyang Technological University, Singapore; IBM Research, USA; University of Waterloo, Canada) The rapid rise of JavaScript as one of the most popular programming languages of the present day has led to a demand for sophisticated IDE support similar to what is available for Java or C#. However, advanced tooling is hampered by the dynamic nature of the language, which makes any form of static analysis very difficult. We single out efficient call graph construction as a key problem to be solved in order to improve development tools for JavaScript. To address this problem, we present a scalable field-based flow analysis for constructing call graphs. Our evaluation on large real-world programs shows that the analysis, while in principle unsound, produces highly accurate call graphs in practice. Previous analyses do not scale to these programs, but our analysis handles them in a matter of seconds, thus proving its suitability for use in an interactive setting. @InProceedings{ICSE13p752, author = {Asger Feldthaus and Max Schäfer and Manu Sridharan and Julian Dolby and Frank Tip}, title = {Efficient Construction of Approximate Call Graphs for JavaScript IDE Services}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {752--761}, doi = {}, year = {2013}, } ICSE '13: "Detecting Deadlock in Programs ..." Detecting Deadlock in Programs with Data-Centric Synchronization Daniel Marino, Christian Hammer, Julian Dolby , Mandana Vaziri, Frank Tip, and Jan Vitek (Symantec Research Labs, USA; Saarland University, Germany; IBM Research, USA; University of Waterloo, Canada; Purdue University, USA) Previously, we developed a data-centric approach to concurrency control in which programmers specify synchronization constraints declaratively, by grouping shared locations into atomic sets. We implemented our ideas in a Java extension called AJ, using Java locks to implement synchronization. We proved that atomicity violations are prevented by construction, and demonstrated that realistic Java programs can be refactored into AJ without significant loss of performance. This paper presents an algorithm for detecting possible dead- lock in AJ programs by ordering the locks associated with atomic sets. In our approach, a type-based static analysis is extended to handle recursive data structures by considering programmer- supplied, compiler-verified lock ordering annotations. In an eval- uation of the algorithm, all 10 AJ programs under consideration were shown to be deadlock-free. One program needed 4 ordering annotations and 2 others required minor refactorings. For the remaining 7 programs, no programmer intervention of any kind was required. @InProceedings{ICSE13p322, author = {Daniel Marino and Christian Hammer and Julian Dolby and Mandana Vaziri and Frank Tip and Jan Vitek}, title = {Detecting Deadlock in Programs with Data-Centric Synchronization}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {322--331}, doi = {}, year = {2013}, } |
|
Tivoli, Massimo |
ICSE '13: "Automatic Synthesis of Modular ..."
Automatic Synthesis of Modular Connectors via Composition of Protocol Mediation Patterns
Paola Inverardi and Massimo Tivoli (University of L'Aquila, Italy) Ubiquitous and pervasive computing promotes the creation of an environment where Networked Systems (NSs) eternally provide connectivity and services without requiring explicit awareness of the underlying communications and computing technologies. In this context, achieving interoperability among heterogeneous NSs represents an important issue. In order to mediate the NSs interaction protocol and solve possible mismatches, connectors are often built. However, connector development is a never-ending and error-prone task and prevents the eternality of NSs. For this reason, in the literature, many approaches propose the automatic synthesis of connectors. However, solving the connector synthesis problem in general is hard and, when possible, it results in a monolithic connector hence preventing its evolution. In this paper, we define a method for the automatic synthesis of modular connectors, each of them expressed as the composition of independent mediators. A modular connector, as synthesized by our method, supports connector evolution and performs correct mediation. @InProceedings{ICSE13p3, author = {Paola Inverardi and Massimo Tivoli}, title = {Automatic Synthesis of Modular Connectors via Composition of Protocol Mediation Patterns}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {3--12}, doi = {}, year = {2013}, } Video |
|
Tzoref-Brill, Rachel |
ICSE '13: "Interaction-Based Test-Suite ..."
Interaction-Based Test-Suite Minimization
Dale Blue, Itai Segall, Rachel Tzoref-Brill , and Aviad Zlotnick (IBM, USA; IBM Research, Israel) Combinatorial Test Design (CTD) is an effective test planning technique that reveals faults resulting from feature interactions in a system. The standard application of CTD requires manual modeling of the test space, including a precise definition of restrictions between the test space parameters, and produces a test suite that corresponds to new test cases to be implemented from scratch. In this work, we propose to use Interaction-based Test-Suite Minimization (ITSM) as a complementary approach to standard CTD. ITSM reduces a given test suite without impacting its coverage of feature interactions. ITSM requires much less modeling effort, and does not require a definition of restrictions. It is appealing where there has been a significant investment in an existing test suite, where creating new tests is expensive, and where restrictions are very complex. We discuss the tradeoffs between standard CTD and ITSM, and suggest an efficient algorithm for solving the latter. We also discuss the challenges and additional requirements that arise when applying ITSM to real-life test suites. We introduce solutions to these challenges and demonstrate them through two real-life case studies. @InProceedings{ICSE13p182, author = {Dale Blue and Itai Segall and Rachel Tzoref-Brill and Aviad Zlotnick}, title = {Interaction-Based Test-Suite Minimization}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {182--191}, doi = {}, year = {2013}, } Video |
|
Uchitel, Sebastian |
ICSE '13: "Automated Reliability Estimation ..."
Automated Reliability Estimation over Partial Systematic Explorations
Esteban Pavese, Víctor Braberman, and Sebastian Uchitel (Universidad de Buenos Aires, Argentina; Imperial College London, UK) Model-based reliability estimation of software systems can provide useful insights early in the development process. However, computational complexity of estimating reliability metrics such as mean time to first failure (MTTF) can be prohibitive both in time, space and precision. In this paper we present an alternative to exhaustive model exploration-as in probabilistic model checking-and partial random exploration--as in statistical model checking. Our hypothesis is that a (carefully crafted) partial systematic exploration of a system model can provide better bounds for reliability metrics at lower computation cost. We present a novel automated technique for reliability estimation that combines simulation, invariant inference and probabilistic model checking. Simulation produces a probabilistically relevant set of traces from which a state invariant is inferred. The invariant characterises a partial model which is then exhaustively explored using probabilistic model checking. We report on experiments that suggest that reliability estimation using this technique can be more effective than (full model) probabilistic and statistical model checking for system models with rare failures. @InProceedings{ICSE13p602, author = {Esteban Pavese and Víctor Braberman and Sebastian Uchitel}, title = {Automated Reliability Estimation over Partial Systematic Explorations}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {602--611}, doi = {}, year = {2013}, } Video |
|
Vaziri, Mandana |
ICSE '13: "Detecting Deadlock in Programs ..."
Detecting Deadlock in Programs with Data-Centric Synchronization
Daniel Marino, Christian Hammer, Julian Dolby , Mandana Vaziri, Frank Tip, and Jan Vitek (Symantec Research Labs, USA; Saarland University, Germany; IBM Research, USA; University of Waterloo, Canada; Purdue University, USA) Previously, we developed a data-centric approach to concurrency control in which programmers specify synchronization constraints declaratively, by grouping shared locations into atomic sets. We implemented our ideas in a Java extension called AJ, using Java locks to implement synchronization. We proved that atomicity violations are prevented by construction, and demonstrated that realistic Java programs can be refactored into AJ without significant loss of performance. This paper presents an algorithm for detecting possible dead- lock in AJ programs by ordering the locks associated with atomic sets. In our approach, a type-based static analysis is extended to handle recursive data structures by considering programmer- supplied, compiler-verified lock ordering annotations. In an eval- uation of the algorithm, all 10 AJ programs under consideration were shown to be deadlock-free. One program needed 4 ordering annotations and 2 others required minor refactorings. For the remaining 7 programs, no programmer intervention of any kind was required. @InProceedings{ICSE13p322, author = {Daniel Marino and Christian Hammer and Julian Dolby and Mandana Vaziri and Frank Tip and Jan Vitek}, title = {Detecting Deadlock in Programs with Data-Centric Synchronization}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {322--331}, doi = {}, year = {2013}, } |
|
Visser, Willem |
ICSE '13: "Reliability Analysis in Symbolic ..."
Reliability Analysis in Symbolic Pathfinder
Antonio Filieri, Corina S. Păsăreanu, and Willem Visser (University of Stuttgart, Germany; Carnegie Mellon Silicon Valley, USA; NASA Ames Research Center, USA; Stellenbosch University, South Africa) Software reliability analysis tackles the problem of predicting the failure probability of software. Most of the current approaches base reliability analysis on architectural abstractions useful at early stages of design, but not directly applicable to source code. In this paper we propose a general methodology that exploit symbolic execution of source code for extracting failure and success paths to be used for probabilistic reliability assessment against relevant usage scenarios. Under the assumption of finite and countable input domains, we provide an efficient implementation based on Symbolic PathFinder that supports the analysis of sequential and parallel programs, even with structured data types, at the desired level of confidence. The tool has been validated on both NASA prototypes and other test cases showing a promising applicability scope. @InProceedings{ICSE13p622, author = {Antonio Filieri and Corina S. Păsăreanu and Willem Visser}, title = {Reliability Analysis in Symbolic Pathfinder}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {622--631}, doi = {}, year = {2013}, } Video |
|
Vitek, Jan |
ICSE '13: "Detecting Deadlock in Programs ..."
Detecting Deadlock in Programs with Data-Centric Synchronization
Daniel Marino, Christian Hammer, Julian Dolby , Mandana Vaziri, Frank Tip, and Jan Vitek (Symantec Research Labs, USA; Saarland University, Germany; IBM Research, USA; University of Waterloo, Canada; Purdue University, USA) Previously, we developed a data-centric approach to concurrency control in which programmers specify synchronization constraints declaratively, by grouping shared locations into atomic sets. We implemented our ideas in a Java extension called AJ, using Java locks to implement synchronization. We proved that atomicity violations are prevented by construction, and demonstrated that realistic Java programs can be refactored into AJ without significant loss of performance. This paper presents an algorithm for detecting possible dead- lock in AJ programs by ordering the locks associated with atomic sets. In our approach, a type-based static analysis is extended to handle recursive data structures by considering programmer- supplied, compiler-verified lock ordering annotations. In an eval- uation of the algorithm, all 10 AJ programs under consideration were shown to be deadlock-free. One program needed 4 ordering annotations and 2 others required minor refactorings. For the remaining 7 programs, no programmer intervention of any kind was required. @InProceedings{ICSE13p322, author = {Daniel Marino and Christian Hammer and Julian Dolby and Mandana Vaziri and Frank Tip and Jan Vitek}, title = {Detecting Deadlock in Programs with Data-Centric Synchronization}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {322--331}, doi = {}, year = {2013}, } |
|
Vouillon, Jérôme |
ICSE '13: "Broken Sets in Software Repository ..."
Broken Sets in Software Repository Evolution
Jérôme Vouillon and Roberto Di Cosmo (University of Paris Diderot, France; CNRS, France; INRIA, France) Modern software systems are built by composing components drawn from large repositories, whose size and complexity increase at a fast pace. Software systems built with components from a release of a repository should be seamlessly upgradeable using components from the next release. Unfortunately, users are often confronted with sets of components that were installed together, but cannot be upgraded together to the latest version from the new repository. Identifying these broken sets can be of great help for a quality assurance team, that could examine and fix these issues well before they reach the end user. Building on previous work on component co-installability, we show that it is possible to find these broken sets for any two releases of a component repository, computing extremely efficiently a concise representation of these upgrade issues, together with informative graphical explanations. A tool implementing the algorithm presented in this paper is available as free software, and is able to process the evolution between two major releases of the Debian GNU/Linux distribution in just a few seconds. These results make it possible to integrate seamlessly this analysis in a repository development process. @InProceedings{ICSE13p412, author = {Jérôme Vouillon and Roberto Di Cosmo}, title = {Broken Sets in Software Repository Evolution}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {412--421}, doi = {}, year = {2013}, } |
|
Wang, Jinshui |
ICSE '13: "Improving Feature Location ..."
Improving Feature Location Practice with Multi-faceted Interactive Exploration
Jinshui Wang, Xin Peng , Zhenchang Xing, and Wenyun Zhao (Fudan University, China; Nanyang Technological University, Singapore) Feature location is a human-oriented and information-intensive process. When performing feature location tasks with existing tools, developers often feel it difficult to formulate an accurate feature query (e.g., keywords) and determine the relevance of returned results. In this paper, we propose a feature location approach that supports multi-faceted interactive program exploration. Our approach automatically extracts and mines multiple syntactic and semantic facets from candidate program elements. Furthermore, it allows developers to interactively group, sort, and filter feature location results in a centralized, multi-faceted, and intelligent search User Interface (UI). We have implemented our approach as a web-based tool MFIE and conducted an experimental study. The results show that the developers using MFIE can accomplish their feature location tasks 32% faster and the quality of their feature location results (in terms of F-measure) is 51% higher than that of the developers using regular Eclipse IDE. @InProceedings{ICSE13p762, author = {Jinshui Wang and Xin Peng and Zhenchang Xing and Wenyun Zhao}, title = {Improving Feature Location Practice with Multi-faceted Interactive Exploration}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {762--771}, doi = {}, year = {2013}, } Video |
|
Wei, Yi |
ICSE '13: "What Good Are Strong Specifications? ..."
What Good Are Strong Specifications?
Nadia Polikarpova, Carlo A. Furia, Yu Pei, Yi Wei, and Bertrand Meyer (ETH Zurich, Switzerland; ITMO National Research University, Russia) Experience with lightweight formal methods suggests that programmers are willing to write specification if it brings tangible benefits to their usual development activities. This paper considers stronger specifications and studies whether they can be deployed as an incremental practice that brings additional benefits without being unacceptably expensive. We introduce a methodology that extends Design by Contract to write strong specifications of functional properties in the form of preconditions, postconditions, and invariants. The methodology aims at being palatable to developers who are not fluent in formal techniques but are comfortable with writing simple specifications. We evaluate the cost and the benefits of using strong specifications by applying the methodology to testing data structure implementations written in Eiffel and C#. In our extensive experiments, testing against strong specifications detects twice as many bugs as standard contracts, with a reasonable overhead in terms of annotation burden and run-time performance while testing. In the wide spectrum of formal techniques for software quality, testing against strong specifications lies in a "sweet spot" with a favorable benefit to effort ratio. @InProceedings{ICSE13p262, author = {Nadia Polikarpova and Carlo A. Furia and Yu Pei and Yi Wei and Bertrand Meyer}, title = {What Good Are Strong Specifications?}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {262--271}, doi = {}, year = {2013}, } Video |
|
Wendler, Philipp |
ICSE '13: "Strategies for Product-Line ..."
Strategies for Product-Line Verification: Case Studies and Experiments
Sven Apel, Alexander von Rhein, Philipp Wendler, Armin Größlinger, and Dirk Beyer (University of Passau, Germany) Product-line technology is increasingly used in mission-critical and safety-critical applications. Hence, researchers are developing verification approaches that follow different strategies to cope with the specific properties of product lines. While the research community is discussing the mutual strengths and weaknesses of the different strategies—mostly at a conceptual level—there is a lack of evidence in terms of case studies, tool implementations, and experiments. We have collected and prepared six product lines as subject systems for experimentation. Furthermore, we have developed a model-checking tool chain for C-based and Java-based product lines, called SPLVERIFIER, which we use to compare sample-based and family-based strategies with regard to verification performance and the ability to find defects. Based on the experimental results and an analytical model, we revisit the discussion of the strengths and weaknesses of product-line–verification strategies. @InProceedings{ICSE13p482, author = {Sven Apel and Alexander von Rhein and Philipp Wendler and Armin Größlinger and Dirk Beyer}, title = {Strategies for Product-Line Verification: Case Studies and Experiments}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {482--491}, doi = {}, year = {2013}, } Video |
|
Wert, Alexander |
ICSE '13: "Supporting Swift Reaction: ..."
Supporting Swift Reaction: Automatically Uncovering Performance Problems by Systematic Experiments
Alexander Wert, Jens Happe, and Lucia Happe (KIT, Germany; SAP Research, Germany) Performance problems pose a significant risk to software vendors. If left undetected, they can lead to lost customers, increased operational costs, and damaged reputation. Despite all efforts, software engineers cannot fully prevent performance problems being introduced into an application. Detecting and resolving such problems as early as possible with minimal effort is still an open challenge in software performance engineering. In this paper, we present a novel approach for Performance Problem Diagnostics (PPD) that systematically searches for well-known performance problems (also called performance antipatterns) within an application. PPD automatically isolates the problem's root cause, hence facilitating problem solving. We applied PPD to a well established transactional web e-Commerce benchmark (TPC-W) in two deployment scenarios. PPD automatically identified four performance problems in the benchmark implementation and its deployment environment. By fixing the problems, we increased the maximum throughput of the benchmark from 1800 requests per second to more than 3500. @InProceedings{ICSE13p552, author = {Alexander Wert and Jens Happe and Lucia Happe}, title = {Supporting Swift Reaction: Automatically Uncovering Performance Problems by Systematic Experiments}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {552--561}, doi = {}, year = {2013}, } |
|
Whalen, Michael |
ICSE '13: "Observable Modified Condition/Decision ..."
Observable Modified Condition/Decision Coverage
Michael Whalen, Gregory Gay , Dongjiang You, Mats P. E. Heimdahl, and Matt Staats (University of Minnesota, USA; KAIST, South Korea) In many critical systems domains, test suite adequacy is currently measured using structural coverage metrics over the source code. Of particular interest is the modified condition/decision coverage (MC/DC) criterion required for, e.g., critical avionics systems. In previous investigations we have found that the efficacy of such test suites is highly dependent on the structure of the program under test and the choice of variables monitored by the oracle. MC/DC adequate tests would frequently exercise faulty code, but the effects of the faults would not propagate to the monitored oracle variables. In this report, we combine the MC/DC coverage metric with a notion of observability that helps ensure that the result of a fault encountered when covering a structural obligation propagates to a monitored variable; we term this new coverage criterion Observable MC/DC (OMC/DC). We hypothesize this path requirement will make structural coverage metrics 1.) more effective at revealing faults, 2.) more robust to changes in program structure, and 3.) more robust to the choice of variables monitored. We assess the efficacy and sensitivity to program structure of OMC/DC as compared to masking MC/DC using four subsystems from the civil avionics domain and the control logic of a microwave. We have found that test suites satisfying OMC/DC are significantly more effective than test suites satisfying MC/DC, revealing up to 88% more faults, and are less sensitive to program structure and the choice of monitored variables. @InProceedings{ICSE13p102, author = {Michael Whalen and Gregory Gay and Dongjiang You and Mats P. E. Heimdahl and Matt Staats}, title = {Observable Modified Condition/Decision Coverage}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {102--111}, doi = {}, year = {2013}, } |
|
Whitehead Jr., E. James |
ICSE '13: "Does Bug Prediction Support ..."
Does Bug Prediction Support Human Developers? Findings from a Google Case Study
Chris Lewis, Zhongpeng Lin, Caitlin Sadowski, Xiaoyan Zhu, Rong Ou, and E. James Whitehead Jr. (UC Santa Cruz, USA; Google, USA; Xi'an Jiaotong University, China) While many bug prediction algorithms have been developed by academia, they're often only tested and verified in the lab using automated means. We do not have a strong idea about whether such algorithms are useful to guide human developers. We deployed a bug prediction algorithm across Google, and found no identifiable change in developer behavior. Using our experience, we provide several characteristics that bug prediction algorithms need to meet in order to be accepted by human developers and truly change how developers evaluate their code. @InProceedings{ICSE13p372, author = {Chris Lewis and Zhongpeng Lin and Caitlin Sadowski and Xiaoyan Zhu and Rong Ou and E. James Whitehead Jr.}, title = {Does Bug Prediction Support Human Developers? Findings from a Google Case Study}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {372--381}, doi = {}, year = {2013}, } |
|
Winbladh, Kristina |
ICSE '13: "Analysis of User Comments: ..."
Analysis of User Comments: An Approach for Software Requirements Evolution
Laura V. Galvis Carreño and Kristina Winbladh (University of Delaware, USA) User feedback is imperative in improving software quality. In this paper, we explore the rich set of user feedback available for third party mobile applications as a way to extract new/changed requirements for next versions. A potential problem using this data is its volume and the time commitment involved in extracting new/changed requirements. Our goal is to alleviate part of the process through automatic topic extraction. We process user comments to extract the main topics mentioned as well as some sentences representative of those topics. This information can be useful for requirements engineers to revise the requirements for next releases. Our approach relies on adapting information retrieval techniques including topic modeling and evaluating them on different publicly available data sets. Results show that the automatically extracted topics match the manually extracted ones, while also significantly decreasing the manual effort. @InProceedings{ICSE13p582, author = {Laura V. Galvis Carreño and Kristina Winbladh}, title = {Analysis of User Comments: An Approach for Software Requirements Evolution}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {582--591}, doi = {}, year = {2013}, } |
|
Xing, Zhenchang |
ICSE '13: "Improving Feature Location ..."
Improving Feature Location Practice with Multi-faceted Interactive Exploration
Jinshui Wang, Xin Peng , Zhenchang Xing, and Wenyun Zhao (Fudan University, China; Nanyang Technological University, Singapore) Feature location is a human-oriented and information-intensive process. When performing feature location tasks with existing tools, developers often feel it difficult to formulate an accurate feature query (e.g., keywords) and determine the relevance of returned results. In this paper, we propose a feature location approach that supports multi-faceted interactive program exploration. Our approach automatically extracts and mines multiple syntactic and semantic facets from candidate program elements. Furthermore, it allows developers to interactively group, sort, and filter feature location results in a centralized, multi-faceted, and intelligent search User Interface (UI). We have implemented our approach as a web-based tool MFIE and conducted an experimental study. The results show that the developers using MFIE can accomplish their feature location tasks 32% faster and the quality of their feature location results (in terms of F-measure) is 51% higher than that of the developers using regular Eclipse IDE. @InProceedings{ICSE13p762, author = {Jinshui Wang and Xin Peng and Zhenchang Xing and Wenyun Zhao}, title = {Improving Feature Location Practice with Multi-faceted Interactive Exploration}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {762--771}, doi = {}, year = {2013}, } Video |
|
Yamashita, Aiko |
ICSE '13: "Exploring the Impact of Inter-smell ..."
Exploring the Impact of Inter-smell Relations on Software Maintainability: An Empirical Study
Aiko Yamashita and Leon Moonen (Simula Research Laboratory, Norway) Code smells are indicators of issues with source code quality that may hinder evolution. While previous studies mainly focused on the effects of individual code smells on maintainability, we conjecture that not only the individual code smells but also the interactions between code smells affect maintenance. We empirically investigate the interactions amongst 12 code smells and analyze how those interactions relate to maintenance problems. Professional developers were hired for a period of four weeks to implement change requests on four medium-sized Java systems with known smells. On a daily basis, we recorded what specific problems they faced and which artifacts were associated with them. Code smells were automatically detected in the pre-maintenance versions of the systems and analyzed using Principal Component Analysis (PCA) to identify patterns of co-located code smells. Analysis of these factors with the observed maintenance problems revealed how smells that were co-located in the same artifact interacted with each other, and affected maintainability. Moreover, we found that code smell interactions occurred across coupled artifacts, with comparable negative effects as same-artifact co-location. We argue that future studies into the effects of code smells on maintainability should integrate dependency analysis in their process so that they can obtain a more complete understanding by including such coupled interactions. @InProceedings{ICSE13p682, author = {Aiko Yamashita and Leon Moonen}, title = {Exploring the Impact of Inter-smell Relations on Software Maintainability: An Empirical Study}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {682--691}, doi = {}, year = {2013}, } |
|
You, Dongjiang |
ICSE '13: "Observable Modified Condition/Decision ..."
Observable Modified Condition/Decision Coverage
Michael Whalen, Gregory Gay , Dongjiang You, Mats P. E. Heimdahl, and Matt Staats (University of Minnesota, USA; KAIST, South Korea) In many critical systems domains, test suite adequacy is currently measured using structural coverage metrics over the source code. Of particular interest is the modified condition/decision coverage (MC/DC) criterion required for, e.g., critical avionics systems. In previous investigations we have found that the efficacy of such test suites is highly dependent on the structure of the program under test and the choice of variables monitored by the oracle. MC/DC adequate tests would frequently exercise faulty code, but the effects of the faults would not propagate to the monitored oracle variables. In this report, we combine the MC/DC coverage metric with a notion of observability that helps ensure that the result of a fault encountered when covering a structural obligation propagates to a monitored variable; we term this new coverage criterion Observable MC/DC (OMC/DC). We hypothesize this path requirement will make structural coverage metrics 1.) more effective at revealing faults, 2.) more robust to changes in program structure, and 3.) more robust to the choice of variables monitored. We assess the efficacy and sensitivity to program structure of OMC/DC as compared to masking MC/DC using four subsystems from the civil avionics domain and the control logic of a microwave. We have found that test suites satisfying OMC/DC are significantly more effective than test suites satisfying MC/DC, revealing up to 88% more faults, and are less sensitive to program structure and the choice of monitored variables. @InProceedings{ICSE13p102, author = {Michael Whalen and Gregory Gay and Dongjiang You and Mats P. E. Heimdahl and Matt Staats}, title = {Observable Modified Condition/Decision Coverage}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {102--111}, doi = {}, year = {2013}, } |
|
Zeller, Andreas |
ICSE '13: "It's Not a Bug, It's ..."
It's Not a Bug, It's a Feature: How Misclassification Impacts Bug Prediction
Kim Herzig, Sascha Just, and Andreas Zeller (Saarland University, Germany) In a manual examination of more than 7,000 issue reports from the bug databases of five open-source projects, we found 33.8% of all bug reports to be misclassified---that is, rather than referring to a code fix, they resulted in a new feature, an update to documentation, or an internal refactoring. This misclassification introduces bias in bug prediction models, confusing bugs and features: On average, 39% of files marked as defective actually never had a bug. We discuss the impact of this misclassification on earlier studies and recommend manual data validation for future studies. @InProceedings{ICSE13p392, author = {Kim Herzig and Sascha Just and Andreas Zeller}, title = {It's Not a Bug, It's a Feature: How Misclassification Impacts Bug Prediction}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {392--401}, doi = {}, year = {2013}, } |
|
Zhang, Lingming |
ICSE '13: "Bridging the Gap between the ..."
Bridging the Gap between the Total and Additional Test-Case Prioritization Strategies
Lingming Zhang, Dan Hao, Lu Zhang, Gregg Rothermel, and Hong Mei (Peking University, China; University of Texas at Austin, USA; University of Nebraska-Lincoln, USA) In recent years, researchers have intensively investigated various topics in test-case prioritization, which aims to re-order test cases to increase the rate of fault detection during regression testing. The total and additional prioritization strategies, which prioritize based on total numbers of elements covered per test, and numbers of additional (not-yet-covered) elements covered per test, are two widely-adopted generic strategies used for such prioritization. This paper proposes a basic model and an extended model that unify the total strategy and the additional strategy. Our models yield a spectrum of generic strategies ranging between the total and additional strategies, depending on a parameter referred to as the p value. We also propose four heuristics to obtain differentiated p values for different methods under test. We performed an empirical study on 19 versions of four Java programs to explore our results. Our results demonstrate that wide ranges of strategies in our basic and extended models with uniform p values can significantly outperform both the total and additional strategies. In addition, our results also demonstrate that using differentiated p values for both the basic and extended models with method coverage can even outperform the additional strategy using statement coverage. @InProceedings{ICSE13p192, author = {Lingming Zhang and Dan Hao and Lu Zhang and Gregg Rothermel and Hong Mei}, title = {Bridging the Gap between the Total and Additional Test-Case Prioritization Strategies}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {192--201}, doi = {}, year = {2013}, } |
|
Zhang, Lu |
ICSE '13: "Bridging the Gap between the ..."
Bridging the Gap between the Total and Additional Test-Case Prioritization Strategies
Lingming Zhang, Dan Hao, Lu Zhang, Gregg Rothermel, and Hong Mei (Peking University, China; University of Texas at Austin, USA; University of Nebraska-Lincoln, USA) In recent years, researchers have intensively investigated various topics in test-case prioritization, which aims to re-order test cases to increase the rate of fault detection during regression testing. The total and additional prioritization strategies, which prioritize based on total numbers of elements covered per test, and numbers of additional (not-yet-covered) elements covered per test, are two widely-adopted generic strategies used for such prioritization. This paper proposes a basic model and an extended model that unify the total strategy and the additional strategy. Our models yield a spectrum of generic strategies ranging between the total and additional strategies, depending on a parameter referred to as the p value. We also propose four heuristics to obtain differentiated p values for different methods under test. We performed an empirical study on 19 versions of four Java programs to explore our results. Our results demonstrate that wide ranges of strategies in our basic and extended models with uniform p values can significantly outperform both the total and additional strategies. In addition, our results also demonstrate that using differentiated p values for both the basic and extended models with method coverage can even outperform the additional strategy using statement coverage. @InProceedings{ICSE13p192, author = {Lingming Zhang and Dan Hao and Lu Zhang and Gregg Rothermel and Hong Mei}, title = {Bridging the Gap between the Total and Additional Test-Case Prioritization Strategies}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {192--201}, doi = {}, year = {2013}, } |
|
Zhang, Sai |
ICSE '13: "Automated Diagnosis of Software ..."
Automated Diagnosis of Software Configuration Errors
Sai Zhang and Michael D. Ernst (University of Washington, USA) The behavior of a software system often depends on how that system is configured. Small configuration errors can lead to hard-to-diagnose undesired behaviors. We present a technique (and its tool implementation, called ConfDiagnoser) to identify the root cause of a configuration error a single configuration option that can be changed to produce desired behavior. Our technique uses static analysis, dynamic profiling, and statistical analysis to link the undesired behavior to specific configuration options. It differs from existing approaches in two key aspects: it does not require users to provide a testing oracle (to check whether the software functions correctly) and thus is fully-automated; and it can diagnose both crashing and non-crashing errors. We evaluated ConfDiagnoser on 5 non-crashing configuration errors and 9 crashing configuration errors from 5 configurable software systems written in Java. On average, the root cause was ConfDiagnosers fifth-ranked suggestion; in 10 out of 14 errors, the root cause was one of the top 3 suggestions; and more than half of the time, the root cause was the first suggestion. @InProceedings{ICSE13p312, author = {Sai Zhang and Michael D. Ernst}, title = {Automated Diagnosis of Software Configuration Errors}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {312--321}, doi = {}, year = {2013}, } |
|
Zhang, Xiangyu |
ICSE '13: "Path Sensitive Static Analysis ..."
Path Sensitive Static Analysis of Web Applications for Remote Code Execution Vulnerability Detection
Yunhui Zheng and Xiangyu Zhang (Purdue University, USA) Remote code execution (RCE) attacks are one of the most prominent security threats for web applications. It is a special kind of cross-site-scripting (XSS) attack that allows client inputs to be stored and executed as server side scripts. RCE attacks often require coordination of multiple requests and manipulation of string and non-string inputs from the client side to nullify the access control protocol and induce unusual execution paths on the server side. We propose a path- and context-sensitive interprocedural analysis to detect RCE vulnerabilities. The analysis features a novel way of analyzing both the string and non-string behavior of a web application in a path sensitive fashion. It thoroughly handles the practical challenges entailed by modeling RCE attacks. We develop a prototype system and evaluate it on ten real-world PHP applications. We have identified 21 true RCE vulnerabilities, with 8 unreported before. @InProceedings{ICSE13p652, author = {Yunhui Zheng and Xiangyu Zhang}, title = {Path Sensitive Static Analysis of Web Applications for Remote Code Execution Vulnerability Detection}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {652--661}, doi = {}, year = {2013}, } ICSE '13: "Comparative Causality: Explaining ..." Comparative Causality: Explaining the Differences between Executions William N. Sumner and Xiangyu Zhang (Purdue University, USA) We propose a novel fine-grained causal inference technique. Given two executions and some observed differences between them, the technique reasons about the causes of such differences. The technique does so by state replacement, i.e. replacing part of the program state at an earlier point to observe whether the target differences can be induced. It makes a number of key advances: it features a novel execution model that avoids undesirable entangling of the replaced state and the original state; it properly handles differences of omission by symmetrically analyzing both executions; it also leverages a recently developed slicing technique to limit the scope of causality testing while ensuring that no relevant state causes can be missed. The application of the technique on automated debugging shows that it substantially improves the precision and efficiency of causal inference compared to state of the art techniques. @InProceedings{ICSE13p272, author = {William N. Sumner and Xiangyu Zhang}, title = {Comparative Causality: Explaining the Differences between Executions}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {272--281}, doi = {}, year = {2013}, } |
|
Zhao, Wenyun |
ICSE '13: "Improving Feature Location ..."
Improving Feature Location Practice with Multi-faceted Interactive Exploration
Jinshui Wang, Xin Peng , Zhenchang Xing, and Wenyun Zhao (Fudan University, China; Nanyang Technological University, Singapore) Feature location is a human-oriented and information-intensive process. When performing feature location tasks with existing tools, developers often feel it difficult to formulate an accurate feature query (e.g., keywords) and determine the relevance of returned results. In this paper, we propose a feature location approach that supports multi-faceted interactive program exploration. Our approach automatically extracts and mines multiple syntactic and semantic facets from candidate program elements. Furthermore, it allows developers to interactively group, sort, and filter feature location results in a centralized, multi-faceted, and intelligent search User Interface (UI). We have implemented our approach as a web-based tool MFIE and conducted an experimental study. The results show that the developers using MFIE can accomplish their feature location tasks 32% faster and the quality of their feature location results (in terms of F-measure) is 51% higher than that of the developers using regular Eclipse IDE. @InProceedings{ICSE13p762, author = {Jinshui Wang and Xin Peng and Zhenchang Xing and Wenyun Zhao}, title = {Improving Feature Location Practice with Multi-faceted Interactive Exploration}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {762--771}, doi = {}, year = {2013}, } Video |
|
Zheng, Yunhui |
ICSE '13: "Path Sensitive Static Analysis ..."
Path Sensitive Static Analysis of Web Applications for Remote Code Execution Vulnerability Detection
Yunhui Zheng and Xiangyu Zhang (Purdue University, USA) Remote code execution (RCE) attacks are one of the most prominent security threats for web applications. It is a special kind of cross-site-scripting (XSS) attack that allows client inputs to be stored and executed as server side scripts. RCE attacks often require coordination of multiple requests and manipulation of string and non-string inputs from the client side to nullify the access control protocol and induce unusual execution paths on the server side. We propose a path- and context-sensitive interprocedural analysis to detect RCE vulnerabilities. The analysis features a novel way of analyzing both the string and non-string behavior of a web application in a path sensitive fashion. It thoroughly handles the practical challenges entailed by modeling RCE attacks. We develop a prototype system and evaluate it on ten real-world PHP applications. We have identified 21 true RCE vulnerabilities, with 8 unreported before. @InProceedings{ICSE13p652, author = {Yunhui Zheng and Xiangyu Zhang}, title = {Path Sensitive Static Analysis of Web Applications for Remote Code Execution Vulnerability Detection}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {652--661}, doi = {}, year = {2013}, } |
|
Zhu, Xiaoyan |
ICSE '13: "Does Bug Prediction Support ..."
Does Bug Prediction Support Human Developers? Findings from a Google Case Study
Chris Lewis, Zhongpeng Lin, Caitlin Sadowski, Xiaoyan Zhu, Rong Ou, and E. James Whitehead Jr. (UC Santa Cruz, USA; Google, USA; Xi'an Jiaotong University, China) While many bug prediction algorithms have been developed by academia, they're often only tested and verified in the lab using automated means. We do not have a strong idea about whether such algorithms are useful to guide human developers. We deployed a bug prediction algorithm across Google, and found no identifiable change in developer behavior. Using our experience, we provide several characteristics that bug prediction algorithms need to meet in order to be accepted by human developers and truly change how developers evaluate their code. @InProceedings{ICSE13p372, author = {Chris Lewis and Zhongpeng Lin and Caitlin Sadowski and Xiaoyan Zhu and Rong Ou and E. James Whitehead Jr.}, title = {Does Bug Prediction Support Human Developers? Findings from a Google Case Study}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {372--381}, doi = {}, year = {2013}, } |
|
Zimmermann, Thomas |
ICSE '13: "The Design of Bug Fixes ..."
The Design of Bug Fixes
Emerson Murphy-Hill, Thomas Zimmermann , Christian Bird, and Nachiappan Nagappan (North Carolina State University, USA; Microsoft Research, USA) When software engineers fix bugs, they may have several options as to how to fix those bugs. Which fix they choose has many implications, both for practitioners and researchers: What is the risk of introducing other bugs during the fix? Is the bug fix in the same code that caused the bug? Is the change fixing the cause or just covering a symptom? In this paper, we investigate alternative fixes to bugs and present an empirical study of how engineers make design choices about how to fix bugs. Based on qualitative interviews with 40 engineers working on a variety of products, data from 6 bug triage meetings, and a survey filled out by 326 engineers, we found a number of factors, many of them non-technical, that influence how bugs are fixed, such as how close to release the software is. We also discuss several implications for research and practice, including ways to make bug prediction and localization more accurate. @InProceedings{ICSE13p332, author = {Emerson Murphy-Hill and Thomas Zimmermann and Christian Bird and Nachiappan Nagappan}, title = {The Design of Bug Fixes}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {332--341}, doi = {}, year = {2013}, } |
|
Zlotnick, Aviad |
ICSE '13: "Interaction-Based Test-Suite ..."
Interaction-Based Test-Suite Minimization
Dale Blue, Itai Segall, Rachel Tzoref-Brill , and Aviad Zlotnick (IBM, USA; IBM Research, Israel) Combinatorial Test Design (CTD) is an effective test planning technique that reveals faults resulting from feature interactions in a system. The standard application of CTD requires manual modeling of the test space, including a precise definition of restrictions between the test space parameters, and produces a test suite that corresponds to new test cases to be implemented from scratch. In this work, we propose to use Interaction-based Test-Suite Minimization (ITSM) as a complementary approach to standard CTD. ITSM reduces a given test suite without impacting its coverage of feature interactions. ITSM requires much less modeling effort, and does not require a definition of restrictions. It is appealing where there has been a significant investment in an existing test suite, where creating new tests is expensive, and where restrictions are very complex. We discuss the tradeoffs between standard CTD and ITSM, and suggest an efficient algorithm for solving the latter. We also discuss the challenges and additional requirements that arise when applying ITSM to real-life test suites. We introduce solutions to these challenges and demonstrate them through two real-life case studies. @InProceedings{ICSE13p182, author = {Dale Blue and Itai Segall and Rachel Tzoref-Brill and Aviad Zlotnick}, title = {Interaction-Based Test-Suite Minimization}, booktitle = {Proc.\ ICSE}, publisher = {IEEE}, pages = {182--191}, doi = {}, year = {2013}, } Video |
277 authors
proc time: 0.91