ESEC/FSE 2021
29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2021)
Powered by
Conference Publishing Consulting

29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2021), August 23–28, 2021, Athens, Greece

ESEC/FSE 2021 – Preliminary Table of Contents

Contents - Abstracts - Authors
Twitter: https://twitter.com/fseconf

Frontmatter

Title Page


Message from the Chairs


Committees


Sponsors


Papers

Feature Trace Recording
Paul Maximilian Bittner, Alexander Schultheiß, Thomas Thüm, Timo Kehrer, Jeffrey M. Young, and Lukas Linsbauer
(University of Ulm, Germany; Humboldt University of Berlin, Germany; Oregon State University, USA; TU Braunschweig, Germany)


Article Search
TaintStream: Fine-Grained Taint Tracking for Big Data Platforms through Dynamic Code Translation
Chengxu Yang, Yuanchun Li, Mengwei Xu, Zhenpeng Chen, Yunxin Liu, Gang Huang, and Xuanzhe Liu
(Peking University, China; Microsoft Research, China; Beijing University of Posts and Telecommunications, China; Tsinghua University, China)


Article Search
Synthesis of Web Layouts from Examples
Dylan Lukes, John Sarracino, Cora Coleman, Hila Peleg, Sorin Lerner, and Nadia Polikarpova
(University of California at San Diego, USA; Cornell University, USA)


Article Search
Hazard Analysis for Human-on-the-Loop Interactions in sUAS Systems
Michael Vierhauser ORCID logo, Md Nafee Al Islam, Ankit Agrawal, Jane Cleland-Huang, and James Mason
(JKU Linz, Austria; University of Notre Dame, USA; Northrop Grumman, n.n.)


Article Search
IDE Support for Cloud-Based Static Analyses
Linghui Luo, Martin Schäf, Daniel Sanchez, and Eric Bodden
(University of Paderborn, Germany; Amazon Web Services, USA; Amazon Alexa, USA; Fraunhofer IEM, Germany)


Article Search
Fair Preprocessing: Towards Understanding Compositional Fairness of Data Transformers in Machine Learning Pipeline
Sumon BiswasORCID logo and Hridesh Rajan
(Iowa State University, USA)


Article Search
Bias in Machine Learning Software: Why? How? What to Do?
Joymallya Chakraborty, Suvodeep Majumder, and Tim Menzies
(North Carolina State University, USA)
Increasingly, software is making autonomous decisions in case of criminal sentencing, approving credit cards, hiring employees, and so on. Some of these decisions show bias and adversely affect certain social groups (e.g. those defined by sex, race, age, marital status). Many prior works on bias mitigation take the following form: change the data or learners in multiple ways, then see if any of that improves fairness. Perhaps a better approach is to postulate root causes of bias and then applying some resolution strategy. This paper postulates that the root causes of bias are the prior decisions that affect- (a) what data was selected and (b) the labels assigned to those examples. Our Fair-SMOTE algorithm removes biased labels; and rebalances internal distributions such that based on sensitive attribute, examples are equal in both positive and negative classes. On testing, it was seen that this method was just as effective at reducing bias as prior approaches. Further, models generated via Fair-SMOTE achieve higher performance (measured in terms of recall and F1) than other state-of-the-art fairness improvement algorithms. To the best of our knowledge, measured in terms of number of analyzed learners and datasets, this study is one of the largest studies on bias mitigation yet presented in the literature.

Preprint
Cross-Language Code Search using Static and Dynamic Analyses
George Mathew and Kathryn T. Stolee
(North Carolina State University, USA)


Article Search
Understanding Neural Code Intelligence through Program Simplification
Md Rafiqul Islam Rabin, Vincent J. Hellendoorn, and Mohammad Amin Alipour
(University of Houston, USA; Carnegie Mellon University, USA)


Article Search
Skeletal Approximation Enumeration for SMT Solver Testing
Peisen Yao ORCID logo, Heqing Huang, Wensheng Tang, Qingkai Shi, Rongxin Wu, and Charles Zhang
(Hong Kong University of Science and Technology, China; Ant Group, China; Xiamen University, China)


Article Search
Toward Efficient Interactions between Python and Native Libraries
Jialiang Tan, Yu Chen, Zhenming Liu, Bin Ren, Shuaiwen Leon Song, Xipeng Shen, and Xu Liu
(College of William & Mary, USA; University of Sydney, Australia; North Carolina State University, USA)


Article Search
Detecting Node.js Prototype Pollution Vulnerabilities via Object Lookup Analysis
Song Li, Mingqing Kang, Jianwei Hou, and Yinzhi Cao
(Johns Hopkins University, USA; Renmin University of China, China)
Prototype pollution is a type of vulnerability specific to prototype-based languages, such as JavaScript, which allows an adversary to pollute a base object’s property, leading to a further consequence such as Denial of Service (DoS), arbitrary code execution, and session fixation. On one hand, the only prior work in detecting prototype pollution adopts dynamic analysis to fuzz package inputs, which inevitably has code coverage issues in triggering some deeply embedded vulnerabilities. On the other hand, it is challenging to apply state-of-the-art static analysis in detecting prototype pollution because of the involvement of prototype chains and fine-grained object relations including built-in ones.
In this paper, we propose a flow-, context-, and branch-sensitive static taint analysis tool, called ObjLupAnsys, to detect prototype pollution vulnerabilities. The key of ObjLupAnsys is a so-called object lookup analysis, which gradually expands the source and sink objects into big clusters with a complex inner structure by performing targeted object lookups in both clusters so that a system built-in function can be redefined. Specifically, at the source cluster, ObjLupAnsys proactively creates new object properties based on how the target program uses the initial source object; at the sink cluster, ObjLupAnsys assigns property values in object lookups to decrease the number of object lookups to reach a system built-in function.
We implemented an open-source tool and applied it for the detection of prototype pollution among Node.js packages. Our evaluation shows that ObjLupAnsys finds 61 zero-day, previously-unknown, exploitable vulnerabilities as opposed to 18 by the state-of-the-art dynamic fuzzing tool and three by a state-of-the-art static analysis tool that is modified to detect prototype pollution. To date, 11 vulnerable Node.js packages are assigned with CVE numbers and five have already been patched by their developers. In addition, ObjLupAnsys also discovered seven applications or packages including a real-world, online website, which are indirectly vulnerable due to the inclusion of vulnerable packages found by ObjLupAnsys.

Article Search
Identifying Bad Software Changes via Multimodal Anomaly Detection for Online Service Systems
Nengwen Zhao, Junjie Chen ORCID logo, Zhaoyang Yu, Honglin Wang, Jiesong Li, Bin Qiu, Hongyu Xu, Wenchi Zhang, Kaixin Sui, and Dan Pei
(Tsinghua University, China; Tianjin University, China; BizSeer, n.n.; China Guangfa Bank, China)


Article Search
A Syntax-Guided Edit Decoder for Neural Program Repair
Qihao Zhu, Zeyu Sun, Yuan'an Xiao, Wenjie Zhang, Kang Yuan, Yingfei Xiong, and Lu Zhang
(Peking University, China; Stony Brook University, USA)


Article Search
Probing Model Signal-Awareness via Prediction-Preserving Input Minimization
Yunhui Zheng, Sahil Suneja, Yufan Zhuang, Jim A. Laredo, and Alessandro Morari
(IBM Research, USA)


Article Search
ÐArcher: Detecting On-Chain-Off-Chain Synchronization Bugs in Decentralized Applications
Wuqi Zhang ORCID logo, Lili Wei ORCID logo, Shuqing Li ORCID logo, Yepang Liu ORCID logo, and Shing-Chi CheungORCID logo
(Hong Kong University of Science and Technology, China; Southern University of Science and Technology, China)


Article Search
XAI Tools in the Public Sector: A Case Study on Predicting Combined Sewer Overflows
Nicholas Maltbie, Nan Niu, Matthew Van Doren, and Reese Johnson
(University of Cincinnati, USA; Metropolitan Sewer District of Greater Cincinnati, USA)


Article Search
Timely and Accurate Detection of Model Deviation in Self-Adaptive Software-Intensive Systems
Yanxiang Tong, Yi Qin, Yanyan Jiang, Chang Xu, Chun Cao, and Xiaoxing Ma
(Nanjing University, China)


Article Search
Sound and Efficient Concurrency Bug Prediction
Yan Cai, Hao Yun, Jinqiu Wang, Lei Qiao, and Jens Palsberg
(Institute of Software at Chinese Academy of Sciences, China; Beijing Institute of Control Engineering, China; University of California at Los Angeles, USA)


Article Search
Algebraic-Datatype Taint Tracking, with Applications to Understanding Android Identifier Leaks
Sydur Rahaman, Iulian Neamtiu, and Xin Yin
(New Jersey Institute of Technology, USA)


Article Search
SmartCommit: A Graph-Based Interactive Assistant for Activity-Oriented Commits
Bo Shen, Wei Zhang, Christian Kästner, Haiyan Zhao, Zhao Wei, Guangtai Liang, and Zhi Jin
(Peking University, China; Carnegie Mellon University, USA; Huawei Technologies, China)


Article Search
Embedding App-Library Graph for Neural Third Party Library Recommendation
Bo Li, Qiang He, Feifei Chen, Xin Xia, Li Li, John Grundy ORCID logo, and Yun Yang
(Swinburne University of Technology, Australia; Deakin University, Australia; Monash University, Australia)
The mobile app marketplace has fierce competition for mobile app developers, who need to develop and update their apps as soon as possible to gain first mover advantage. Third-party libraries (TPLs) offer developers an easier way to enhance their apps with new features. However, how to find suitable candidates among the high number and fast-changing TPLs is a challenging problem. TPL recommendation is a promising solution, but unfortunately existing approaches suffer from low accuracy in recommendation results. To tackle this challenge, we propose GRec, a graph neural network (GNN) based approach, for recommending potentially useful TPLs for app development. GRec models mobile apps, TPLs, and their interactions into an app-library graph. It then distills app-library interaction information from the app-library graph to make more accurate TPL recommendations. To evaluate GRec’s performance, we conduct comprehensive experiments based on a large-scale real-world Android app dataset containing 31,432 Android apps, 752 distinct TPLs, and 537,011 app-library usage records. Our experimental results illustrate that GRec can significantly increase the prediction accuracy and diversify the prediction results compared with state-of-the-art methods. A user study performed with app developers also confirms GRec's usefulness for real-world mobile app development.

Article Search
Automating the Removal of Obsolete TODO Comments
Zhipeng Gao, Xin Xia, David Lo, John Grundy ORCID logo, and Thomas Zimmermann
(Monash University, Australia; Singapore Management University, Singapore; Microsoft Research, USA)


Article Search
Vet: Identifying and Avoiding UI Exploration Tarpits
Wenyu Wang ORCID logo, Wei Yang, Tianyin Xu ORCID logo, and Tao Xie ORCID logo
(University of Illinois at Urbana-Champaign, USA; University of Texas at Dallas, USA; Peking University, China)


Article Search
Multi-objectivizing Software Configuration Tuning
Tao Chen and Miqing Li
(Loughborough University, UK; University of Birmingham, UK)


Article Search
Accelerating JavaScript Static Analysis via Dynamic Shortcuts
Joonyoung ParkORCID logo, Jihyeok ParkORCID logo, Dongjun Youn ORCID logo, and Sukyoung RyuORCID logo
(KAIST, South Korea)
ERROR in abstract.

Preprint
Checking LTL[F,G,X] on Compressed Traces in Polynomial Time
Minjian Zhang, Umang MathurORCID logo, and Mahesh Viswanathan
(University of Illinois at Urbana-Champaign, USA)


Article Search
An Empirical Study on Challenges of Application Development in Serverless Computing
Jinfeng Wen, Zhenpeng Chen, Yi Liu, Yiling Lou, Yun Ma, Gang Huang, Xin Jin, and Xuanzhe Liu
(Peking University, China)


Article Search
An Exploratory Study of Autopilot Software Bugs in Unmanned Aerial Vehicles
Dinghua Wang, Shuqing Li ORCID logo, Guanping Xiao, Yepang Liu ORCID logo, and Yulei SuiORCID logo
(University of Technology Sydney, Australia; Southern University of Science and Technology, China; Nanjing University of Aeronautics and Astronautics, China)


Article Search
Demystifying "Bad" Error Messages in Data Science Libraries
Yida Tao, Zhihui Chen, Yepang Liu ORCID logo, Jifeng Xuan, Zhiwu Xu, and Shengchao Qin
(Shenzhen University, China; Southern University of Science and Technology, China; Wuhan University, China; Teesside University, UK)


Article Search
Checking Conformance of Applications against GUI Policies
Zhen Zhang, Yu Feng, Michael D. Ernst, Sebastian Porst, and Isil Dillig
(University of Washington, USA; University of California at Santa Barbara, USA; Google, n.n.; University of Texas at Austin, USA)


Article Search
A First Look at Developers' Live Chat on Gitter
Lin ShiORCID logo, Xiao Chen, Ye Yang, Hanzhi Jiang, Ziyou Jiang, Nan Niu, and Qing Wang
(Institute of Software at Chinese Academy of Sciences, China; Stevens Institute of Technology, USA; University of Cincinnati, USA)
Modern communication platforms such as Gitter and Slack play an increasingly critical role in supporting software teamwork, especially in open source development.Conversations on such platforms often contain intensive, valuable information that may be used for better understanding OSS developer communication and collaboration. However, little work has been done in this regard. To bridge the gap, this paper reports a first comprehensive empirical study on developers' live chat, investigating when they interact, what community structures look like, which topics are discussed, and how they interact. We manually analyze 749 dialogs in the first phase, followed by an automated analysis of over 173K dialogs in the second phase. We find that developers tend to converse more often on weekdays, especially on Wednesdays and Thursdays (UTC), that there are three common community structures observed, that developers tend to discuss topics such as API usages and errors, and that six dialog interaction patterns are identified in the live chat communities. Based on the findings, we provide recommendations for individual developers and OSS communities, highlight desired features for platform vendors, and shed light on future research directions. We believe that the findings and insights will enable a better understanding of developers' live chat, pave the way for other researchers, as well as a better utilization and mining of knowledge embedded in the massive chat history.

Article Search Info
Sustainability Forecasting for Apache Incubator Projects
Likang Yin, Zhuangzhi Chen, Qi Xuan, and Vladimir Filkov
(University of California at Davis, USA; Zhejiang University of Technology, China)


Article Search
NIL: Large-Scale Detection of Large-Variance Clones
Tasuku Nakagawa, Yoshiki HigoORCID logo, and Shinji Kusumoto
(Osaka University, Japan)


Article Search
Fairea: A Model Behaviour Mutation Approach to Benchmarking Bias Mitigation Methods
Max HortORCID logo, Jie M. Zhang ORCID logo, Federica SarroORCID logo, and Mark HarmanORCID logo
(University College London, UK)


Article Search
Generating Efficient Solvers from Constraint Models
Shu Lin, Na Meng, and Wenxin Li
(Peking University, China; Virginia Tech, USA)


Article Search
Lightweight Global and Local Contexts Guided Method Name Recommendation with Prior Knowledge
Shangwen WangORCID logo, Ming WenORCID logo, Bo Lin ORCID logo, and Xiaoguang Mao
(National University of Defense Technology, China; Huazhong University of Science and Technology, China)
The quality of method names is critical for the readability and maintainability of source code. However, it is often challenging to construct concise method names. To alleviate this problem, a number of approaches have been proposed to automatically recommend high-quality names for methods. Despite being effective, existing approaches meet their bottlenecks mainly in two aspects: (1) the leveraged information is restricted to the target method itself; and (2) lack of distinctions towards the contributions of tokens extracted from different program contexts. Through a large-scale empirical analysis on +12M methods from +14K real-world projects, we found that (1) the tokens composing a method’s name can be frequently observed in its callers/callees; and (2) tokens extracted from different specific contexts have diverse probabilities to compose the target method’s name. Motivated by our findings, we propose, in this paper, a context-guided method name recommender, which mainly embodies two key ideas: (1) apart from the local context, which is extracted from the target method itself, we also consider the global context, which is extracted from other methods in the project that have call relations with the target method, to include more useful information; and (2) we utilize our empirical results as the prior knowledge to guide the generation of method names and also to restrict the number of tokens extracted from the global contexts. We implemented the idea as Cognac and performed extensive experiments to assess its effectiveness. Results reveal that can (1) perform better than existing approaches on the method name recommendation task (e.g., it achieves an F-score of 63.2%, 60.8%, 66.3%, and 68.5%, respectively, on four widely-used datasets, which all outperform existing techniques); and (2) achieve higher performance than existing techniques on the method name consistency checking task (e.g., its overall accuracy reaches 76.6%, outperforming the state-of-the-art MNire by 11.2%). Further results reveal that the caller/callee information and the prior knowledge all contribute significantly to the overall performance of Cognac.

Preprint Info
iBatch: Saving Ethereum Fees via Secure and Cost-Effective Batching of Smart-Contract Invocations
Yibo Wang, Qi Zhang, Kai Li, Yuzhe Tang, Jiaqi Chen, Xiapu Luo, and Ting Chen
(Syracuse University, USA; Hong Kong Polytechnic University, China; University of Electronic Science and Technology of China, China)


Article Search
Validation on Machine Reading Comprehension Software without Annotated Labels: A Property-Based Method
Songqiang ChenORCID logo, Shuo Jin, and Xiaoyuan Xie ORCID logo
(Wuhan University, China)
Machine Reading Comprehension (MRC) in Natural Language Processing has seen great progress recently. But almost all the current MRC software is validated with a reference-based method, which requires well-annotated labels for test cases and tests the software by checking the consistency between the labels and the outputs. However, labeling test cases of MRC could be very costly due to their complexity, which makes reference-based validation hard to be extensible and sufficient. Furthermore, solely checking the consistency and measuring the overall score may not be sensible and flexible for assessing the language understanding capability. In this paper, we propose a property-based validation method for MRC software with Metamorphic Testing to supplement the reference-based validation. It does not refer to the labels and hence can make much data available for testing. Besides, it validates MRC software against various linguistic properties to give a specific and in-depth picture on linguistic capabilities of MRC software. Comprehensive experimental results show that our method can successfully reveal violations to the target linguistic properties without the labels. Moreover, it can reveal problems that have been concealed by the traditional validation. Comparison according to the properties provides deeper and more concrete ideas about different language understanding capabilities of the MRC software.

Article Search
Estimating Residual Risk in Greybox Fuzzing
Marcel BöhmeORCID logo, Danushka Liyanage, and Valentin Wüstholz
(Monash University, Australia; ConsenSys, Germany)


Article Search
A Large-Scale Empirical Study on Java Library Migrations: Prevalence, Trends, and Rationales
Hao He ORCID logo, Runzhi He, Haiqiao Gu, and Minghui Zhou
(Peking University, China; Tsinghua University, China)


Article Search
Detecting Concurrency Vulnerabilities Based on Partial Orders of Memory and Thread Events
Kunpeng Yu, Chenxu Wang, Yan Cai, Xiapu Luo, and Zijiang Yang
(Xi'an Jiaotong University, China; Institute of Software at Chinese Academy of Sciences, China; Hong Kong Polytechnic University, China; Western Michigan University, USA)


Article Search
Metamorphic Testing of Datalog Engines
Muhammad Numair Mansur, Maria Christakis, and Valentin Wüstholz
(MPI-SWS, Germany; ConsenSys, Germany)
Datalog is a popular query language with applications in several domains. Like any complex piece of software, Datalog engines may contain bugs. The most critical ones manifest as incorrect results when evaluating queries—we refer to these as query bugs. Given the wide applicability of the language, query bugs may have detrimental consequences, for instance, by compromising the soundness of a program analysis that is implemented and formalized in Datalog. In this paper, we present the first metamorphic-testing approach for detecting query bugs in Datalog engines. We ran our tool on three mature engines and found 13 previously unknown query bugs, some of which are deep and revealed critical semantic issues.

Preprint Info
Efficient Module-Level Dynamic Analysis for Dynamic Languages with Module Recontextualization
Nikos Vasilakis, Grigoris Ntousakis, Veit Heller, and Martin C. Rinard
(Massachusetts Institute of Technology, USA; TU Crete, Greece)


Article Search
Automating Serverless Deployments for DevOps Organizations
Daniel SokolowskiORCID logo, Pascal WeisenburgerORCID logo, and Guido SalvaneschiORCID logo
(TU Darmstadt, Germany; University of St. Gallen, Switzerland)


Article Search
Lightweight and Modular Resource Leak Verification
Martin Kellogg, Narges Shadab, Manu Sridharan, and Michael D. Ernst
(University of Washington, USA; University of California at Riverside, USA)


Article Search
JSISOLATE: Lightweight In-Browser JavaScript Isolation
Mingxue Zhang and Wei MengORCID logo
(Chinese University of Hong Kong, China)


Article Search
Finding Broken Linux Configuration Specifications by Statically Analyzing the Kconfig Language
Jeho Oh, Necip Fazıl Yıldıran, Julian Braha, and Paul Gazzillo
(University of Texas at Austin, USA; University of Central Florida, USA)


Article Search
Connecting the Dots: Rethinking the Relationship between Code and Prose Writing with Functional Connectivity
Zachary Karas, Andrew Jahn, Westley Weimer, and Yu Huang
(University of Michigan, USA)


Article Search
Boosting Coverage-Based Fault Localization via Graph-Based Representation Learning
Yiling Lou, Qihao Zhu, Jinhao Dong, Xia Li, Zeyu Sun, Dan Hao, Lu Zhang, and Lingming Zhang ORCID logo
(Peking University, China; Kennesaw State University, USA; University of Illinois at Urbana-Champaign, USA)


Article Search
Detecting and Localizing Keyboard Accessibility Failures in Web Applications
Paul T. Chiou, Ali S. Alotaibi, and William G. J. HalfondORCID logo
(University of Southern California, USA)


Article Search
Characterizing Search Activities on Stack Overflow
Jiakun Liu, Sebastian Baltes, Christoph Treude, David Lo, Yun Zhang, and Xin Xia
(Zhejiang University, China; University of Adelaide, Australia; Singapore Management University, Singapore; Zhejiang University City College, China; Monash University, Australia)


Article Search
To Read or to Rotate? Comparing the Effects of Technical Reading Training and Spatial Skills Training on Novice Programming Ability
Madeline Endres, Madison Fansher, Priti Shah, and Westley Weimer
(University of Michigan, USA)


Article Search
Flaky Test Detection in Android via Event Order Exploration
Zhen Dong, Abhishek Tiwari, Xiao Liang Yu, and Abhik RoychoudhuryORCID logo
(National University of Singapore, Singapore)


Article Search
Parallel Shadow Execution to Accelerate the Debugging of Numerical Errors
Sangeeta Chowdhary and Santosh NagarakatteORCID logo
(Rutgers University, USA)


Article Search
GLIB: Towards Automated Test Oracle for Graphically-Rich Applications
Ke Chen, Yufei Li, Yingfeng Chen, Changjie Fan, Zhipeng Hu, and Wei Yang
(Netease, n.n.; University of Texas at Dallas, USA)


Article Search
AlloyMax: Bringing Maximum Satisfaction to Relational Specifications
Changjian Zhang ORCID logo, Ryan Wagner, Pedro Orvalho, David Garlan, Vasco Manquinho, Ruben Martins, and Eunsuk Kang
(Carnegie Mellon University, USA; INESC-ID, Portugal; Universidade de Lisboa, Portugal)


Article Search
Re-assessing Automatic Evaluation Metrics for Code Summarization Tasks
Devjeet Roy, Sarah Fakhoury, and Venera Arnaoudova
(Washington State University, USA)


Article Search
A Longitudinal Analysis of Bloated Java Dependencies
Cesar Soto-Valero, Thomas DurieuxORCID logo, and Benoit Baudry
(KTH, Sweden)


Article Search
An Automatic Refactoring Framework for Replacing Test-Production Inheritance by Mocking Mechanism
Xiao Wang, Lu Xiao, Tingting Yu, Anne Woepse, and Sunny Wong
(Stevens Institute of Technology, USA; University of Cincinnati, USA; Analytical Graphics, USA)


Article Search
A Comprehensive Study of Deep Learning Compiler Bugs
Qingchao Shen ORCID logo, Haoyang Ma ORCID logo, Junjie Chen ORCID logo, Yongqiang TianORCID logo, Shing-Chi CheungORCID logo, and Xiang ChenORCID logo
(Tianjin University, China; University of Waterloo, Canada; Hong Kong University of Science and Technology, China)


Article Search
LastPyMile: Identifying the Discrepancy between Sources and Packages
Duc Ly VuORCID logo, Ivan Pashchenko, Fabio Massacci, Henrik Plate, and Antonino Sabetta
(University of Trento, Italy; Vrije Universiteit Amsterdam, Netherlands; SAP Security Research, France)


Article Search
Symbolic Parallel Adaptive Importance Sampling for Probabilistic Program Analysis
Yicheng Luo ORCID logo, Antonio Filieri ORCID logo, and Yuan Zhou
(University College London, UK; Imperial College London, UK; University of Oxford, UK)


Article Search
Understanding and Detecting Server-Side Request Races in Web Applications
Zhengyi Qiu, Shudi Shao, Qi Zhao, and Guoliang Jin
(North Carolina State University, USA)


Article Search
A Grounded Theory of the Role of Coordination in Software Security Patch Management
Nesara Dissanayake, Mansooreh Zahedi, Asangi Jayatilaka, and Muhammad Ali Babar
(University of Adelaide, Australia)


Article Search
A Bounded Symbolic-Size Model for Symbolic Execution
David Trabish, Shachar Itzhaky, and Noam Rinetzky
(Tel Aviv University, Israel; Technion, Israel)


Article Search
Vulnerability Detection with Fine-Grained Interpretations
Yi Li, Shaohua Wang, and Tien N. Nguyen
(New Jersey Institute of Technology, USA; University of Texas at Dallas, USA)


Article Search
Context-Aware and Data-Driven Feedback Generation for Programming Assignments
Dowon Song, Woosuk Lee, and Hakjoo Oh
(Korea University, South Korea; Hanyang University, South Korea)


Article Search
Reel Life vs. Real Life: How Software Developers Share Their Daily Life through Vlogs
Souti Chattopadhyay, Thomas Zimmermann, and Denae Ford
(Oregon State University, USA; Microsoft Research, USA)


Article Search
VarFix: Balancing Edit Expressiveness and Search Effectiveness in Automated Program Repair
Chu-Pan Wong, Priscila Santiesteban, Christian Kästner, and Claire Le Goues
(Carnegie Mellon University, USA; Coe College, USA)


Article Search
Swarmbug: Debugging Configuration Bugs in Swarm Robotics
Chijung Jung, Ali Ahad, Jinho Jung, Sebastian Elbaum, and Yonghwi Kwon
(University of Virginia, USA; Georgia Institute of Technology, USA)


Article Search
Conditional Interpolation: Making Concurrent Program Verification More Effective
Jie Su ORCID logo, Cong Tian, and Zhenhua Duan
(Xidian University, China)
Due to the state-space explosion problem, efficient verification of real-world programs in large scale is still a big challenge. Particularly, thread alternation makes the verification of concurrent programs much more difficult since it aggravates this problem. In this paper, an application of Craig interpolation, namely conditional interpolation, is proposed to work together with CEGAR-based approach to reduce the state-space of concurrent tasks. Specifically, conditional interpolation is formalized to confine the reachable region of states so that infeasible conditional branches could be pruned. Furthermore, the generated conditional interpolants are utilized to shorten the interpolation paths, which makes the time consumed for verification significantly reduced. We have implemented the proposed approach on top of an open-source software model checker. Empirical results show that the conditional interpolation is effective in improving the verification efficiency of concurrent tasks.

Article Search
Generalizable and Interpretable Learning for Configuration Extrapolation
Yi Ding, Ahsan Pervaiz, Michael Carbin, and Henry Hoffmann
(Massachusetts Institute of Technology, USA; University of Chicago, USA)


Article Search
Data-Driven Accessibility Repair Revisited: On the Effectiveness of Generating Labels for Icons in Android Apps
Forough Mehralian, Navid Salehnamadi, and Sam Malek
(University of California at Irvine, USA)


Article Search
DIFFBASE: A Differential Factbase for Effective Software Evolution Management
Xiuheng Wu, Chenguang Zhu, and Yi LiORCID logo
(Nanyang Technological University, Singapore; University of Texas at Austin, USA)


Preprint
Authorship Attribution of Source Code: A Language-Agnostic Approach and Applicability in Software Engineering
Egor Bogomolov, Vladimir Kovalenko, Yurii Rebryk, Alberto Bacchelli, and Timofey Bryksin
(JetBrains Research, Russia; HSE University, Russia; JetBrains Research, Netherlands; University of Zurich, Switzerland; St. Petersburg State University, Russia)


Article Search
StateFormer: Fine-Grained Type Recovery from Binaries using Generative State Modeling
Kexin Pei, Jonas Guan, Matthew Broughton, Zhongtian Chen, Songchen Yao, David Williams-King, Vikas Ummadisetty, Junfeng Yang, Baishakhi Ray, and Suman Jana
(Columbia University, USA; University of Toronto, Canada; Dublin High School, Ireland)


Article Search
PHYSFRAME: Type Checking Physical Frames of Reference for Robotic Systems
Sayali Kate, Michael Chinn, Hongjun Choi, Xiangyu Zhang, and Sebastian Elbaum
(Purdue University, USA; University of Virginia, USA)


Article Search
Studying Test Ignore Practices in the Wild
Dong Jae Kim, Bo Yang, Jinqiu Yang, and Tse-Hsun (Peter) Chen
(Concordia University, Canada)


Article Search
HeteroFuzz: Fuzz Testing to Detect Platform Dependent Divergence for Heterogeneous Applications
Qian Zhang, Jiyuan Wang, and Miryung Kim
(University of California at Los Angeles, USA)


Article Search
Empirical Study of Transformers for Source Code
Nadezhda Chirkova and Sergey Troshin
(HSE University, Russia)


Article Search
Exposing Numerical Bugs in Deep Learning via Gradient Back-Propagation
Ming Yan, Junjie Chen ORCID logo, Xiangyu Zhang, Lin Tan, Gan Wang, and Zan Wang
(Tianjin University, China; Purdue University, USA)


Article Search
Would You Like a Quick Peek? Providing Logging Support to Monitor Data Processing in Big Data Application
Zehao Wang, Haoxiang Zhang, Tse-Hsun (Peter) Chen, and Shaowei Wang
(Concordia University, Canada; Huawei, Canada; University of Manitoba, Canada)


Article Search
Explaining Mispredictions of ML Models
Jürgen Cito, Isil Dillig, Vijayaraghavan Murali, Seohyun Kim, and Satish Chandra
(TU Vienna, Austria; Facebook, Austria; University of Texas at Austin, USA; Facebook, USA)


Article Search
FLEX: Fixing Flaky Tests in Machine-Learning Projects by Updating Assertion Bounds
Saikat Dutta, August Shi, and Sasa Misailovic
(University of Illinois at Urbana-Champaign, USA; University of Texas at Austin, USA)


Article Search
Which Abbreviations Should Be Expanded?
Yanjie Jiang, Hui Liu, Yuxia Zhang, Nan Niu, Yuhai Zhao, and Lu Zhang
(Beijing Institute of Technology, China; University of Cincinnati, USA; Northeastern University, USA; Peking University, China)


Article Search
Code Integrity Attestation for PLCs using Black Box Neural Network Predictions
Yuqi Chen, Christopher M. PoskittORCID logo, and Jun SunORCID logo
(Singapore Management University, Singapore)


Article Search
Learning-Based Extraction of First-Order Logic Representations of API Directives
Mingwei Liu, Xin Peng, Andrian (Andi) Marcus, Christoph Treude, Xuefang Bai, Gang Lyu, Jiazhan Xie, and Xiaoxin Zhang
(Fudan University, China; University of Texas at Dallas, USA; University of Adelaide, Australia)


Article Search
Graph-Based Seed Object Synthesis for Search-Based Unit Testing
Yun Lin, You Sheng Ong, Jun SunORCID logo, Gordon Fraser, and Jin Song Dong
(National University of Singapore, Singapore; Singapore Management University, Singapore; University of Passau, Germany)


Article Search
Benchmarking Automated GUI Testing for Android against Real-World Bugs
Ting Su ORCID logo, Jue Wang, and Zhendong Su
(East China Normal University, China; Nanjing University, China; ETH Zurich, Switzerland)


Article Search
SynGuar: Guaranteeing Generalization in Programming by Example
Bo Wang, Teodora Baluta, Aashish Kolluri, and Prateek Saxena
(National University of Singapore, Singapore)


Article Search
LS-Sampling: An Effective Local Search Based Sampling Approach for Achieving High t-wise Coverage
Chuan Luo ORCID logo, Binqi Sun ORCID logo, Bo Qiao ORCID logo, Junjie Chen ORCID logo, Hongyu ZhangORCID logo, Jinkun Lin ORCID logo, Qingwei Lin ORCID logo, and Dongmei Zhang ORCID logo
(Microsoft Research, China; Microsoft Research, n.n.; Tianjin University, China; University of Newcastle, Australia; Institute of Software at Chinese Academy of Sciences, China)


Article Search
Semantic Bug Seeding: A Learning-Based Approach for Creating Realistic Bugs
Jibesh Patra and Michael PradelORCID logo
(University of Stuttgart, Germany)


Article Search
Identifying Casualty Changes in Software Patches
Adriana Sejfia, Yixue Zhao, and Nenad MedvidovićORCID logo
(University of Southern California, USA; University of Massachusetts at Amherst, USA)


Article Search
Probabilistic Delta Debugging
Guancheng Wang, Ruobing Shen, Junjie Chen ORCID logo, Yingfei Xiong, and Lu Zhang
(Peking University, China; Tianjin University, China)


Article Search
Boosting Static Analysis Accuracy with Instrumented Test Executions
Tianyi Chen, Kihong Heo, and Mukund Raghothaman
(University of Southern California, USA; KAIST, South Korea)


Article Search
ACHyb: A Hybrid Analysis Approach to Detect Kernel Access Control Vulnerabilities
Yang Hu, Wenxi Wang, Casen Hunger, Riley Wood, Sarfraz Khurshid, and Mohit Tiwari
(University of Texas at Austin, USA)


Article Search

proc time: 1.35