Issue Downloads
DRIVE: Dockerfile Rule Mining and Violation Detection
A Dockerfile defines a set of instructions to build Docker images, which can then be instantiated to support containerized applications. Recent studies have revealed a considerable amount of quality issues with Dockerfiles. In this article, we propose a ...
FQN Inference in Partial Code by Prompt-tuned Language Model of Code
Partial code usually involves non-fully-qualified type names (non-FQNs) and undeclared receiving objects. Resolving the FQNs of these non-FQN types and undeclared receiving objects (referred to as type inference) is the prerequisite to effective search ...
Probabilistic Safe WCET Estimation for Weakly Hard Real-time Systems at Design Stages
Weakly hard real-time systems can, to some degree, tolerate deadline misses, but their schedulability still needs to be analyzed to ensure their quality of service. Such analysis usually occurs at early design stages to provide implementation guidelines ...
Acrobats and Safety Nets: Problematizing Large-Scale Agile Software Development
Agile development methods have become a standard in the software industry, including in large-scale projects. These methods share a set of underlying assumptions that distinguish them from more traditional plan-driven approaches. In this article, we adopt ...
A Closer Look at the Security Risks in the Rust Ecosystem
Rust is an emerging programming language designed for the development of systems software. To facilitate the reuse of Rust code, crates.io, as a central package registry of the Rust ecosystem, hosts thousands of third-party Rust packages. The openness of ...
Stress Testing Control Loops in Cyber-physical Systems
Cyber-physical Systems (CPSs) are often safety-critical and deployed in uncertain environments. Identifying scenarios where CPSs do not comply with requirements is fundamental but difficult due to the multidisciplinary nature of CPSs. We investigate the ...
Understanding the Helpfulness of Stale Bot for Pull-Based Development: An Empirical Study of 20 Large Open-Source Projects
Pull Requests (PRs) that are neither progressed nor resolved clutter the list of PRs, making it difficult for the maintainers to manage and prioritize unresolved PRs. To automatically track, follow up, and close such inactive PRs, Stale bot was introduced ...
Characterizing and Detecting WebAssembly Runtime Bugs
- Yixuan Zhang,
- Shangtong Cao,
- Haoyu Wang,
- Zhenpeng Chen,
- Xiapu Luo,
- Dongliang Mu,
- Yun Ma,
- Gang Huang,
- Xuanzhe Liu
WebAssembly (abbreviated WASM) has emerged as a promising language of the Web and also been used for a wide spectrum of software applications such as mobile applications and desktop applications. These applications, named WASM applications, commonly run ...
LoGenText-Plus: Improving Neural Machine Translation Based Logging Texts Generation with Syntactic Templates
Developers insert logging statements in the source code to collect important runtime information about software systems. The textual descriptions in logging statements (i.e., logging texts) are printed during system executions and exposed to multiple ...
ALL: Supporting Experiential Accessibility Education and Inclusive Software Development
Creating accessible software is imperative for making software inclusive for all users.Unfortunately, the topic of accessibility is frequently excluded from computing education, leading to scenarios where students are unaware of either how to develop ...
Search-Based Software Testing Driven by Automatically Generated and Manually Defined Fitness Functions
Search-based software testing (SBST) typically relies on fitness functions to guide the search exploration toward software failures. There are two main techniques to define fitness functions: (a) automated fitness function computation from the ...
Variable-based Fault Localization via Enhanced Decision Tree
Fault localization, aiming at localizing the root cause of the bug under repair, has been a longstanding research topic. Although many approaches have been proposed in past decades, most of the existing studies work at coarse-grained statement or method ...
Hierarchical Distribution-aware Testing of Deep Learning
With its growing use in safety/security-critical applications, Deep Learning (DL) has raised increasing concerns regarding its dependability. In particular, DL has a notorious problem of lacking robustness. Input added with adversarial perturbations, i.e.,...
Learning to Detect Memory-related Vulnerabilities
Memory-related vulnerabilities can result in performance degradation or even program crashes, constituting severe threats to the security of modern software. Despite the promising results of deep learning (DL)-based vulnerability detectors, there exist ...
Poracle: Testing Patches under Preservation Conditions to Combat the Overfitting Problem of Program Repair
To date, the users of test-driven program repair tools suffer from the overfitting problem; a generated patch may pass all available tests without being correct. In the existing work, users are treated as merely passive consumers of the tests. However, ...
CLFuzz: Vulnerability Detection of Cryptographic Algorithm Implementation via Semantic-aware Fuzzing
Cryptography is a core component of many security applications, and flaws hidden in its implementation will affect the functional integrity or, more severely, pose threats to data security. Hence, guaranteeing the correctness of the implementation is ...
Automated Test Suite Generation for Software Product Lines Based on Quality-Diversity Optimization
A Software Product Line (SPL) is a set of software products that are built from a variability model. Real-world SPLs typically involve a vast number of valid products, making it impossible to individually test each of them. This arises the need for ...
Automated Mapping of Adaptive App GUIs from Phones to TVs
With the increasing interconnection of smart devices, users often desire to adopt the same app on quite different devices for identical tasks, such as watching the same movies on both their smartphones and TVs. However, the significant differences in ...
KAPE: kNN-based Performance Testing for Deep Code Search
Code search is a common yet important activity of software developers. An efficient code search model can largely facilitate the development process and improve the programming quality. Given the superb performance of learning the contextual ...
Aspect-level Information Discrepancies across Heterogeneous Vulnerability Reports: Severity, Types and Detection Methods
Vulnerable third-party libraries pose significant threats to software applications that reuse these libraries. At an industry scale of reuse, manual analysis of third-party library vulnerabilities can be easily overwhelmed by the sheer number of ...
The Good, the Bad, and the Missing: Neural Code Generation for Machine Learning Tasks
Machine learning (ML) has been increasingly used in a variety of domains, while solving ML programming tasks poses unique challenges due to the fundamental difference in the nature and the construct of general programming tasks, especially for developers ...
LibAM: An Area Matching Framework for Detecting Third-Party Libraries in Binaries
- Siyuan Li,
- Yongpan Wang,
- Chaopeng Dong,
- Shouguo Yang,
- Hong Li,
- Hao Sun,
- Zhe Lang,
- Zuxin Chen,
- Weijie Wang,
- Hongsong Zhu,
- Limin Sun
Third-party libraries (TPLs) are extensively utilized by developers to expedite the software development process and incorporate external functionalities. Nevertheless, insecure TPL reuse can lead to significant security risks. Existing methods, which ...
FormatFuzzer: Effective Fuzzing of Binary File Formats
Effective fuzzing of programs that process structured binary inputs, such as multimedia files, is a challenging task, since those programs expect a very specific input format. Existing fuzzers, however, are mostly format-agnostic, which makes them ...
Survey of Code Search Based on Deep Learning
Code writing is repetitive and predictable, inspiring us to develop various code intelligence techniques. This survey focuses on code search, that is, to retrieve code that matches a given natural language query by effectively capturing the semantic ...
A Survey of Learning-based Automated Program Repair
Automated program repair (APR) aims to fix software bugs automatically and plays a crucial role in software development and maintenance. With the recent advances in deep learning (DL), an increasing number of APR techniques have been proposed to leverage ...
