The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The detection of duplicate bug reports can help reduce the processing time of handling field crashes. This is especially important for software companies with a large client base where multiple customers can submit bug reports, caused by the same faults. There exist several techniques for the detection of duplicate bug reports; many of them rely on some sort of classification techniques applied to...
The ability to navigate in diverse and previously unknown environments is a critical service of autonomous robots. The validation of the navigation software typically involves test campaigns in the field, which are costly and potentially risky for the robot itself or its environment. An alternative approach is to perform simulation-based testing, by immersing the software in virtual worlds. A question...
Static analysis tools (e.g., FindBugs) are widely used to detect potential defects in software development. A recent study suggests that there is a moderate correlation between the alerts reported by static analysis tools and software defects [1]. However, despite the actionable alerts reported by static analysis tools, they may report too many meaningless unactionable alerts. Actionable alert refers...
To improve the accuracy of analysis results is one of the hard challenges for static analysis. Especially, static analyzers generally analyze all paths of a program, including infeasible paths, which undoubtedly decreases the analysis accuracy. To mitigate the issue, we design and implement a static analyzer, called ABAZER-SE, which is based on the meta-compilation and the GCC abstract syntax tree...
Fuzzing is attractive for finding vulnerabilities in binary programs. However, when the application's input space is huge, fuzzing cannot deal with it well. For discovering vulnerabilities more effective, researchers came up concolic testing, and there are much researches on it recently. A common limitation of concolic systems designed to create inputs is that they often concentrate on path-coverage...
Security is a real concern for the society and it is not different for software. Vulnerable applications can expose the users to multiple risks. Software disassembling is an interesting approach to discover vulnerabilities. Unmounting an application into Assembly code can reveal multiple characteristics from the software. During the disassembling, technical features can be revealed that enable the...
Despite being known since a long time, memory violations are still a very important cause of security problems in low-level programming languages containing data parsers. We address this problem by proposing a pragmatic solution to fix not only bugs, but classes of bugs. First, using a fast and safe language such as Rust, and then using a parser combinator. We discuss the advantages and difficulties...
Twitter messages (tweets) contain important information for software and requirements evolution, such as feature requests, bug reports and feature shortcoming descriptions. For this reason, Twitter is an important source for crowd-based requirements engineering and software evolution. However, a manual analysis of this information is unfeasible due to the large number of tweets, its unstructured nature...
Program repair techniques attempt to fix programs by looking for patches within a search space of fix candidates. These techniques require a specification of the program to be repaired, used as an acceptance criterion for fix candidates, that often also plays an important role in guiding some search processes. Most tools use tests as specifications, which constitutes a risk, since the incompleteness...
Developers write unit tests together with programcode, and then maintain these tests as the program evolves. Sincewriting good tests can be difficult and tedious, unit tests canalso be generated automatically. However, maintaining these tests(e.g., when APIs change, or, when tests represent outdated andchanged behavior), is still a manual task. Because automaticallygenerated tests may have no clear...
Empirical studies in software engineering frequently rely on correlation data in an effort to demonstrate that a process or tool affects an important or meaningful outcome, with the ultimate goal of improving software engineering practice. But all students of statistics know that "correlation does not imply causation," and so causal conclusions (using traditional methods) from observational...
App store reviews are currently the main source of information for analyzing different aspects of app development and evolution. However, app users' feedback do not only occur on the app store. In fact, a large quantity of posts about apps are made daily on social media. In this paper, we study how Twitter can provide complementary information to support mobile app development. By analysing a total...
Current static-analysis tools are often long-running, which causes them to be sidelined into nightly build checks. As a result, developers rarely use such tools to detect bugs when writing code, because they disrupt their workflow. In this paper, we present Cheetah, a static taint analysis tool for Android apps that interleaves bug fixing and code development in the Eclipse integrated development...
During software development, code clones are commonly produced, in the form of a number of the same or similar code fragments spreading within one or many large code bases. Numerous research projects have been carried out on empirical studies or tool support for detecting or analyzing code clones. However, in practice, few such research projects have resulted in substantial industry adoption. In this...
Fuzz testing and symbolic test generation both face their own challenges. While symbolic testing has scalability issues, fuzzing cannot uncover faults which require carefully engineered inputs. In this paper I propose a combination of both approaches, compensating weaknesses of each approach with the strength of the other approach. I present my plans for evaluation, which include applications of the...
Background: Due to tight scheduling and limitedbudget, it may not be possible to resolve all the existing bugsin a current release of a software product. The accumulation ofthe deferred bugs in the issue tracking system are obligations (liabilities) of the software team similar to financial analogyof 'debt'. Defect debt is known as latent defects which arenot resolved in the current release. Aim:...
The application of Information Retrieval (IR) techniquesto software traceability link recovery has been the focusof many studies. These studies have formulated the task ofestablishing valid trace links between two types of softwareartifacts as a retrieval problem, where one type of artifacts isselected as the set of queries and the other as the corpus. Previouswork selected the sets of queries and...
How do professional software engineers debug computer programs? In an experiment with 27 real bugs that existed in several widely used programs, we invited 12 professional software engineers, who together spent one month on localizing, explaining, and fixing these bugs. This did not only allow us to study the various tools and strategies used to debug the same set of errors. We could also determine...
Human factors such as sentiments, emotions, mood, and stress along with their potential effect on software development are of paramount importance in software engineering, as we still strongly rely on human-to-human interaction for performing software development activities and driving results. With the advance of sentiment analysis tools, software engineering researchers have investigated the interplay...
During the past years, overload at work leading to psychological diseases, such as burnouts, have drawn more public attention. This paper is a preliminary step toward an analysis of the work patterns and possible indicators of overload and time pressure on software developers with mining software repositories approach. We explore the working pattern of developers in the context of Mozilla Firefox,...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.