Room information: Koala

The discipline of Mining Software Repositories (MSR) transforms the passive archives of data that accrue during software development into active, value-generating solutions, such as recommendation systems. It is customary to evaluate these solutions using held out historical data. While history-based evaluation makes pragmatic use of available data, historical records may be: (1) overly optimistic, since past recommendations may have been suboptimal choices for the task at hand; or (2) overly pessimistic, since ``incorrect'' recommendations may have been equal (or better) choices.

In this paper, we empirically evaluate the extent to which historical data is an appropriate benchmark for MSR solutions. As a concrete instance for experimentation, we use reviewer recommendation, which suggests community members to review change requests. We replicate the cHRev and WLRRec approaches and apply them to 9,679 reviews from the Gerrit open source community. We then assess the recommendations with members of the Gerrit reviewing community using quantitative (personalized questionnaires about their comfort level with tasks) and qualitative methods (semi-structured interviews).

We find that history-based evaluation is far more pessimistic than optimistic in the Gerrit context. Indeed, while 86% of those who had been assigned to a review in the past felt that they were well suited to handle the review, 74% of those labelled as incorrect recommendations also felt that they would have been comfortable reviewing the changes. This indicates that, on the one hand, when solutions recommend the past assignee, they should indeed be considered correct. Yet, on the other hand, recommendations labelled as incorrect because they do not match the past assignee may have been correct as well.

Our results suggest that current (reviewer) recommendation evaluations do not always model the reality of software development. Future studies may benefit from looking beyond repository data to gain a clearer understanding of the practical value of historical data in repository mining solutions.

Ian X. Gauthier

McGill University

Maxime Lamothe

Polytechnique Montréal

Canada

Gunter Mussbacher

McGill University

Canada

Shane McIntosh

University of Waterloo

Canada

WebAssembly is the newest programming language for the Web. It defines a portable bytecode format that servers as a compilation target for languages such as C, C++, and Rust. Thus, WebAssembly binaries are usually generated using WebAssembly compilers, rather than being written manually. In order to port native code to the Web, WebAssembly compilers need to address the differences between the source and target languages and dissimilarities between their execution environments. WebAssembly compilers are also subject to bugs which can severely hurt software reliability. A deep understanding of the bugs in WebAssembly compilers can help guide compiler developers on where to concentrate development and testing efforts on.

In this paper, we conduct two empirical studies aimed at understanding the characteristics of the bugs encountered in WebAssembly compilers. First, we perform a qualitative study of bugs in the most widely-used WebAssembly compiler, Emscripten. We investigate 146 bug reports in Emscripten that are related to the unique challenges that WebAssembly compilers face when compared with standard compilers. Second, we conduct a quantitative study of 1,316 bugs in four open-source WebAssembly compilers, AssemblyScript, Binaryen, Emscripten, and Wasm-Bindgen. We analyze these bugs along three dimensions: lifecycle, impact, and sizes of bug-inducing inputs and bug fixes. These studies deepen our understanding of WebAssembly compiler bugs. We believe our analysis results will shed light on opportunities to design effective tools for testing and debugging WebAssembly compilers.

Alan Romano

University at Buffalo

United States

Xinyue Liu

University at Buffalo, SUNY

Yonghwi Kwon

University of Virginia

United States

Weihang Wang

University at Buffalo, SUNY

This paper presents industrial experiences on improving the fuzzing framework of SAP HANA to provide better configurability for continuous unit-level fuzzing. The fuzzing framework for unit-level testing should provide high configurability for the users to find and use the best configuration for each unit fuzzing driver beause each target component may have unique characteristics. To improve fuzzer configurability for unit-level testing, we provide new mutation scheduling strategies for effective uses of customized mutation operators, and new seed corpus selection strategies to configure a fuzzing campaign to check on changed code. The empirical results show that these extensions give better chances to the user to improve the effectiveness and the efficiency of the fuzzing.

Hanyoung Yoo

Handong Global University

Jingun Hong

SAP Labs

South Korea

Bader Lucas

SAP Labs

Dongwon Hwang

SAP Labs

South Korea

Shin Hong

Handong Global University

South Korea

Numerous efforts have been invested in improving the effectiveness of bug localization techniques, whereas little attention is paid to making these tools run more efficiently in continuously evolving software repositories. This paper first analyzes the information retrieval model behind a classic bug localization tool, BugLocator, and builds a mathematical foundation that the model can be updated incrementally when codebase or bug reports evolve. Then, we present IncBL, a tool for Incremental Bug Localization in evolving software repositories. IncBL is evaluated on the Bugzbook dataset, and the results show that IncBL can significantly reduce the running time by 77.79% on average compared with re-computing the model, while maintaining the same level of accuracy. We also implement IncBL as a Github App that can be easily integrated into open-source projects on Github, and users can also deploy and use IncBL locally. The demo video for IncBL can be viewed at https://youtu.be/G4gMuvlJSb0, and the source code can be found at https://github.com/soarsmu/IncBL}

Zhou Yang

Singapore Management University

Singapore

Jieke Shi

Singapore Management University

Shaowei Wang

University of Manitoba

Canada

David Lo

Singapore Management University

Singapore

We introduce a new approach, CONCH, for de-bloating contexts for all the object-sensitive pointer analysis algorithms developed for object-oriented languages, where the calling contexts of a method are distinguished by its receiver objects. Our key insight is to approximate a recently proposed set of two necessary conditions for an object to be context-sensitive, i.e., context-dependent (whose precise verification is undecidable) with a set of three linearly verifiable conditions (in terms of the number of statements in the program) that are almost always necessary for real-world object-oriented applications, based on three key observations regarding context-dependability for their objects used. To create a practical implementation, we introduce a new IFDS-based algorithm for reasoning about object reachability in a program. By debloating contexts for two representative object-sensitive pointer analyses applied to a set of 12 representative Java programs, CONCH can speed up the two baselines together substantially (3.1x on average with a maximum of 15.9x) and analyze 7 more programs scalably, but at only an negligible loss of precision (less than 0.1%).

Dongjie He

UNSW Sydney

Australia

Jingbo Lu

UNSW Sydney

Jingling Xue

UNSW Sydney

Australia

Traditionally, high performance kernels (HPKs) have been written in statically typed languages, such as C/C++ and Fortran. A recent trend among scientists—prototyping applications in dynamic languages such as Python—created a gap between the applications and existing HPKs. Thus, scientists have to either reimplement necessary kernels or manually create a connection layer to leverage existing kernels. Either option requires substantial development effort and slows down progress in science. We present a technique, dubbed WayOut, which automatically generates the entire connection layer for HPKs invoked from Python and written in C/C++. WayOut performs a hybrid analysis: it statically analyzes header files to generate Python wrapper classes and functions, and dynamically generates bindings for those kernels. By leveraging the type information available at run-time, it generates only the necessary bindings. We evaluate WayOut by rewriting dozens of existing examples from C/C++ to Python and leveraging HPKs enabled by WayOut. Our experiments show the feasibility of our technique, as well as negligible performance overhead on HPKs performance.

Steven Zhu

The University of Texas at Austin

Nader Al Awar

The University of Texas at Austin

Mattan Erez

The University of Texas at Austin

Milos Gligoric

University of Texas at Austin

United States

WebAssembly is the newest web standard. It features a compact bytecode format, making it fast to be loaded and decoded. While WebAssembly is generally expected to be faster than JavaScript, there have been mixed results in proving which code is faster. Unfortunately, little research has been done in understanding WebAssembly’s performance advantage. In this paper, we investigate how browser engines optimize WebAssembly execution comparing to JavaScript. Specifically, we measure their execution time and memory usage with diverse program inputs. Our results show that (1) when the program input size is small, WebAssembly outperforms JavaScript. However, WebAssembly programs become slower for larger inputs; (2) WebAssembly uses significantly more memory than their JavaScript counterparts. We believe our findings can provide insights for WebAssembly virtual machine developers to identify optimization opportunities. We also report the challenges encountered when compiling the benchmarks to WebAssembly and discuss our solutions.

Weihang Wang

University at Buffalo, SUNY

Programmers often use Q&A sites (e.g. Stack Overflow) to understand a root cause of program bugs. Runtime exceptions is one of such important class of bugs that is actively discussed on Stack Overflow. However, it may be difficult for beginner programmers to come up with appropriate keywords for search. Moreover, they need to switch their attentions between IDE and browser, and it is time-consuming. To overcome these difficulties, we proposed a method, ``MAESTRO'', to find suitable Q&A posts automatically for Java runtime exception by utilizing structure information of codes described in programming Q&A website. In this paper, we describe a usage scenario of IDE-plugin, the architecture and user interface of the implementation, and results of user studies. A video is available at https://youtu.be/4X24jJrMUVw . A demo software is available at https://github.com/FujitsuLaboratories/Q-A-MAESTRO .

Yusuke Kimura

Fujitsu Ltd.

Japan

Takumi Akazaki

Fujitsu Limited

Shinji Kikuchi

Fujitsu Laboratories Ltd.

Sonal Mahajan

Fujitsu Research of America, Inc.

United States

Mukul Prasad

Fujitsu Research of America

United States

In this paper, we demonstrate the implementation details and usage of GenTree, a dynamic analysis tool for learning a program’s interactions. Configurable software systems, while providing more flexibility to the users, are harder to develop, test, and analyze. GenTree can efficiently analyze the interactions among configuration options in configurable software. These interactions compactly represent large sets of configurations and thus allow us to efficiently analyze and discover interesting properties (e.g., bugs) in configurable software. Our experiments on 17 configurable systems spanning 4 languages show that GenTree efficiently finds precise interactions using a tiny fraction of the configuration space. GenTree and its dataset are opensource and available at https://github.com/unsat/gentree and a video demo is at https://youtu.be/x3eqUflvlN8

KimHao Nguyen

University of Nebraska-Lincoln

United States

ThanhVu Nguyen

George Mason University

United States

Visualizations are widely used to communicate findings and make data-driven decisions. Unfortunately creating bespoke and reproducible visualizations requires the use of procedural tools such as matplotlib. These tools present a steep learning curve as their documentation often lacks sufficient usage examples to help beginners get started or accomplish a specific task. Forums such as StackOverflow have long helped developers search for code online and adapt it for their use. However such forums still place the burden on the developer to sift through results and understand the code before adapting it for their use.

We build a tool VizSmith which improves \emph{code reuse} for visualizations by mining visualization code from Kaggle notebooks and creating a database of 7176 \emph{reusable} Python functions. Given a dataset, columns to visualize and a text query from the user, VizSmith uses this database to search for appropriate functions, runs them and displays the generated visualizations to the user. At the core of VizSmith is a novel metamorphic testing based approach to automatically assess the reusability of functions, which improves end-to-end synthesis performance by 10% and cuts number of execution failures by 50%.

Rohan Bavishi

University of California at Berkeley

United States

Shadaj Laddad

UC Berkeley

Hiroaki Yoshida

Fujitsu Laboratories of America, Inc.

United States

Mukul Prasad

Fujitsu Research of America

United States

Koushik Sen

University of California at Berkeley

United States

Community live chats contain rich sets of information for potential improvement on software quality and productivity. One of the important applications is to mine knowledge on issues and their potential solutions. However, it remains a challenging problem to accurately mine such knowledge due to the noisy nature of interleaved dialogs in live chat data. In this paper, we first formulate the problem of issue-solution pair extraction from developer live chat data, and propose an automated approach, named ISPY, based on natural language processing and deep learning techniques with customized enhancements, to address the problem. Specifically, ISPY automates three tasks: 1) Disentangle live chat logs, employing a feedforward neural network to automatically disentangle a conversation history into separate dialogs; 2) Detect dialogs discussing issues, using a novel convolutional neural network (CNN), which consists of a BERT-based utterance embedding layer, a context-aware dialog embedding layer, and an output layer; 3) Extract appropriate utterances and combine them as corresponding solutions, based on the same CNN structure but with different feeding inputs. To evaluate ISPY, we compare it with six baselines, utilizing a dataset with 750 dialogs including 171 issue-solution pairs and evaluate ISPY from eight Gitter communities. The results show that, for issue-detection, our approach achieves the F1 of 76%, and outperforms all baselines by 30%. For solution-extraction, our approach achieves the F1 of 63%, and outperforms the baselines by 20%. Furthermore, we apply ISPY on three new communities to extensively evaluate ISPY’s practical usage. Moreover, we publish over 30K issue-solution pairs extracted from 11 communities. We believe that ISPY can facilitate community-based software development by promoting knowledge sharing and shortening the issue-resolving process.

Lin Shi

Institute of Software at Chinese Academy of Sciences

China

Ziyou Jiang

Institute of Software at Chinese Academy of Sciences

China

Ye Yang

Stevens Institute of Technology

United States

Xiao Chen

Institute of Software at Chinese Academy of Sciences

China

YuMin Zhang

Institute of Software Chinese Academy of Sciences

Fangwen Mu

Institute of Software Chinese Academy of Sciences

Hanzhi Jiang

Institute of Software at Chinese Academy of Sciences

China

Qing Wang

Institute of Software at Chinese Academy of Sciences

China

Code comments are vital for software development and maintenance. To supplement the code comments, researchers design automatic tools for method-level comment generation. The prior tools generate comments that explain code functionalities, but cannot generate comments that explain why code was developed as it is. Issue reports contain rich information on how code was maintained. The valuable details of issue reports (e.g. maintenance types, symptoms, and purposes of modifications) are useful to understand source code, especially when programmers learn why code was developed in a specific way. To generate such comments, it is desirable if an approach can automatically build the links between code fragments and issue reports. In this paper, we propose the first approach for this research purpose. Our results show that it relinks more than 70% issue numbers that are written by programmers in code comments. Furthermore, the links built by our tool covers 4X bugs, and 10X other issues than the links written in manual comments. We present samples of our built links, and explain why our links are useful to describe the functionalities and the purpose of code.

Zexuan Li

Shanghai Jiao Tong University

Hao Zhong

Shanghai Jiao Tong University

Although issue reports are useful, some of them can be obsolete, in that their corresponding commits are overwritten or rolled back, with the evolution of software. The obsolete issue reports can invalidate their references and descriptions, and can have far-reaching impacts on the approaches built on them. In this paper, given an issue report, we define its obsolete ratio as its modified lines that appear in the latest source files over its total modified code lines. In this paper, we build a tool called ICLINKER. It automatically relinks an issue report to its commits, and compares its modified files with the latest files to calculate the ratio. To the best of our knowledge, we conduct the first empirical study to analyze obsolete issue reports.

Zexuan Li

Shanghai Jiao Tong University

Hao Zhong

Shanghai Jiao Tong University

Many modern software engineering tools integrate SMT decision procedures and rely on the accuracy and performance of SMT solvers. We describe four basic patterns for integrating constraint solvers (earliest verdict, majority vote, feature-based solver selection, and verdict-based second attempt) that can be used for combining individual solvers into meta-decision procedures that balance accuracy, performance, and cost – or optimize for one of these metrics. In order to evaluate the effectiveness of meta-solving, we analyze and minimize $16$ existing benchmark suites and benchmark seven state-of-the-art SMT solvers on $17k$ unique instances. From the obtained performance data, we can estimate the performance of different meta-solving strategies. We validate our results by implementing and analyzing one strategy. As additional results, we obtain (a) the first benchmark suite of unique SMT string problems with validated expected verdicts, (b) an extensive dataset containing data on benchmark instances as well as on the performance of individual decision procedures and several meta-solving strategies on these instances, and (c) a framework for generating data that can easily be used for similar analyses on different benchmark instances or for different decision procedures.

Malte Mues

TU Dortmund University

Falk Howar

TU Dortmund University

Germany

Assigning bugs to the right components is the prerequisite to get the bugs analyzed and fixed. Classification-based techniques have been used in practice for assisting bug component assignments, for example, the BugBug tool developed by Mozilla. However, our study on 124,477 bugs in Mozilla products reveals that erroneous bug component assignments occur frequently and widely. Most errors are repeated errors and some errors are even misled by the BugBug tool. Our study reveals that complex component designs and misleading component names and bug report keywords confuse bug component assignment not only for bug reporters but also developers and even bug triaging tools. In this work, we propose a learning to rank framework that learns to assign components to bugs from correct, erroneous and irrelevant bug-component assignments in the history. To inform the learning, we construct a bug tossing knowledge graph which incorporates not only goal-oriented component tossing relationships but also rich information about component tossing community, component descriptions, and historical closed and tossed bugs, from which three categories and seven types of features for bug, component and bug-component relation can be derived. We evaluate our approach on a dataset of 98,587 closed bugs (including 29,100 tossed bugs) of 186 components in six Mozilla products. Our results show that our approach significantly improve bug component assignments for both tossed and non-tossed bugs over the BugBug tool and the BugBug tool enhanced with component tossing relationships, with >20% Top-k accuracies and >30% NDCG@k (k=1,3,5,10).

Yanqi Su

Australian National University

Zhenchang Xing

Australian National University

Australia

Xin Peng

Fudan University

China

Xin Xia

Huawei Software Engineering Application Technology Lab

China

Chong Wang

Fudan University

Xiwei (Sherry) Xu

CSIRO’s Data61

Australia

Liming Zhu

CSIRO’s Data61; UNSW

Australia

A symbolic execution engine regularly queries a Satisfiability Modulo Theory (SMT) solver to determine reachability of code during execution. Unfortunately, the SMT solver is often the bottleneck of symbolic execution. Inspired by abstract interpretation, we propose an abstract symbolic execution (ASE) engine which aims at querying the SMT solver less often by trying to compute reachability faster through an increasingly weaker abstraction. For this purpose, we have designed and implemented a value set decision procedure based on so-called strided value intervals (SVI) for efficiently determining precise, or under-approximating value sets for variables. Our ASE engine begins reasoning with respect to the SVI abstraction, and then only if needed uses the theory of bit-vectors implemented in SMT solvers. Our ASE engine efficiently detects when the former abstraction becomes incomplete to move on and try the next abstraction.

We have designed and implemented a prototype of our engine for a subset of 64-bit RISC-V. Our experimental evaluation shows that our prototype often improves symbolic execution time by significantly reducing the number of SMT queries while, whenever the abstractions do not work, the overhead for trying still remains low.

Alireza S. Abyaneh

University of Salzburg

Christoph Kirsch

University of Salzburg; Czech Technical University

Austria

no description available

Tao Xie

Peking University

China

Libraries are widely adopted in developing software projects. Library APIs are often missing during library evolution as library developers may deprecate, remove or refactor APIs. As a result, client developers have to manually find replacement APIs for missing APIs when updating library versions in their projects, which is a difficult and expensive software maintenance task. One of the key limitations of the existing automated approaches is that they usually consider the library itself as the single source to find replacement APIs, which heavily limits their accuracy.

In this paper, we first present an empirical study to understand characteristics about missing APIs and their replacements. Specifically, we quantify the prevalence of missing APIs, and summarize the knowledge sources where the replacements are found, and the code change and mapping cardinality between missing APIs and their replacements. Then, inspired by the insights from our study, we propose a heuristic-based approach, RepFinder, to automatically find replacements for missing APIs in library update. We design and combine a set of heuristics to hierarchically search three sources (deprecation message, own library, and external library) for finding replacements. Our evaluation has demonstrated that RepFinder can find replacement APIs effectively and efficiently, and significantly outperform the state-of-the-art approaches.

Kaifeng Huang

Fudan University

Bihuan Chen

Fudan University, China

China

Linghao Pan

Fudan University

Shuai Wu

Fudan University

Xin Peng

Fudan University

China

Recommender systems in software engineering provide developers with a wide range of valuable items to help them complete their tasks. Among others, API recommender systems have gained momentum in recent years as they became more successful at suggesting API calls or code snippets. While these systems have proven to be effective in terms of prediction accuracy, there has been less attention for what concerns such recommenders’ resilience against adversarial attempts. In fact, by crafting the recommenders’ learning material, e.g., data from large open-source software (OSS) repositories, hostile users may succeed in injecting malicious data, putting at risk the software clients adopting API recommender systems. In this paper, we present an empirical investigation of adversarial machine learning techniques and their possible influence on recommender systems. The evaluation performed on three state-of-the-art API recommender systems reveals a worrying outcome: all of them are not immune to malicious data. The obtained result triggers the need for effective countermeasures to protect recommender systems against hostile attacks disguised in training data.

Phuong T. Nguyen

University of L’Aquila

Italy

Claudio Di Sipio

University of L'Aquila

Italy

Juri Di Rocco

University of L'Aquila

Italy

Massimiliano Di Penta

University of Sannio, Italy

Italy

Davide Di Ruscio

University of L'Aquila

Italy

Autonomous Driving Systems (ADSs) are complex systems that must satisfy multiple requirements such as safety, compliance to traffic rules, and comfortableness. However, satisfying all these requirements may not always be possible due to emerging environmental conditions. Therefore, the ADSs may have to make trade-offs among multiple requirements during the ongoing operation, resulting in one or more requirements violations. For ADS engineers, it is highly important to know which combinations of requirements violations may occur, as different combinations can expose different types of failures. However, there is currently no testing approach that can generate scenarios to expose different combinations of requirements violations. To address this issue, in this paper, we introduce the notion of requirements violation pattern to characterize a specific combination of requirements violations. Based on this notion, we propose a testing approach named EMOOD that can effectively generate test scenarios to expose as many requirements violation patterns as possible. EMOOD uses a prioritization technique to sort all possible patterns to search for, from the most to the least critical ones. Then, EMOOD iteratively includes an evolutionary many-objective optimization algorithm to find different combinations of requirements violations. In each iteration, the targeted pattern is determined by a dynamic prioritization technique to give preferences to those patterns with higher criticality and higher likelihood to occur. We apply EMOOD to an industrial ADS under two common traffic situations. Evaluation results show that EMOOD outperforms three baseline approaches in generating test scenarios by discovering more requirements violation patterns.

Yixing Luo

Peking University

Xiaoyi Zhang

National Institute of Informatics, Japan

Paolo Arcaini

National Institute of Informatics

Japan

Zhi Jin

Peking University

China

Haiyan Zhao

Peking University

China

Fuyuki Ishikawa

National Institute of Informatics

Japan

Rongxin Wu

Xiamen University

China

Tao Xie

Peking University

China

Process modeling can benefit from automation using knowledge mined from collections of existing processes. One promising technique for such automation is the recommendation of the next elements to be added to the processes under construction. In this paper, we review an autocompletion engine that is based on the semantic similarity of business processes. To assess its efficiency in practical settings, we conduct a user study where domain experts are asked to rate the suggestions made by the engine for a commercial product. Their ratings are then compared to the engine’s accuracy measured by metrics from the natural language processing field. Our study shows a strong correlation between the expert ratings and some of these metrics. We confirm the usefulness of such an autocompletion engine, and enumerate potential improvements to any process autocompletion technique.

Maayan Goldstein

Nokia Bell Labs, Israel

Cecilia Gonzalez-Alvarez

Nokia Bell Labs

Modernizing information systems is a recurring need for large enterprises. Data migration from source to target information system is a critical step for successful modernization project. Central to data migration is \emph{data transform} that transforms the source system data into target system. Though there are different commercial tools available to address data migration challenge, creation of data transformation specification is largely a manual, knowledge intensive, and expert driven process. In this paper we present a tool that assists the experts while creating the data transformation specification by suggesting candidate field matches between the source and target data models and rules for the data transformation. Our tool is adaptive in the sense that it can take the user feedback in terms of corrected matches and validation data, and then proposes new matches and transformation rules for the remaining fields. Our tool uses machine learning, knowledge representation in order to learn and infer the candidate matches and it uses program synthesis to infer the transformation rules. We have executed our tool on real industrial data. Our schema matching recall at 5 score is 0.76, which means the experts need to look into first 5 tool recommended matches to identify the correct field match for 76 out of 100 fields. The recall at 2 score of the rule generator is 0.81, which means the experts need to look into first 2 tool suggested transformation rules to identify correct rule.

Sayandeep Mitra

Tata Consultancy Services

Debayan Mukherjee

Tata Consultancy Services

Atreya Bandyopadhyay

Tata Consultancy Services

Rajdip Chowdhury

Tata Consultancy Services

Raveendra Kumar Medicherla

Tata Consultancy Services

India

Indrajit Bhattacharya

Tata Consultancy Services

Ravindra Naik

TCS Research, TRDDC, India

India

Decision systems such as Multiple-Criteria Decision Analysis systems formulate a decision process in terms of a mathematical function that takes into consideration different aspects of a problem. Testing such systems is crucial, as they are usually employed in safety-critical systems. A \emph{good} test suite for these systems should be able to exercise all the possible types of decisions that can be taken by the system. Classic structural coverage criteria do not provide good test suites in this sense, as they can be fulfilled by simple tests that only cover one possible type of decision. Therefore, in this paper we discuss the need for tailored coverage criteria for this class of systems, and we propose a criterion based on the perturbation of the decision systems’ parameters. We demonstrate the effectiveness of the criterion, compared to classic structural coverage criteria, on a path planner system for autonomous driving. We also discuss other benefits, such as the criterion helping explain \emph{why} a decision was made during a test.

Thomas Laurent

Lero & University College Dublin

Ireland

Paolo Arcaini

National Institute of Informatics

Japan

Fuyuki Ishikawa

National Institute of Informatics

Japan

Anthony Ventresque

University College Dublin

Ireland

DNN validation and verification approaches that are input distribution agnostic waste effort on irrelevant inputs and report false property violations. Drawing on the large body of work on model-based validation and verification of traditional systems, we introduce the first approach that leverages environmental models to focus DNN falsification and verification on the relevant input space. Our approach, DFV, automatically builds an input distribution model using unsupervised learning, prefixes that model to the DNN to force all inputs to come from the learned distribution, and reformulates the property to the input space of the distribution model. This transformed verification problem allows existing DNN falsification and verification tools to target the input distribution – avoiding consideration of infeasible inputs. Our study of DFV with 7 falsification and verification tools, two DNNs defined over different data sets, and 93 distinct distribution models, provides clear evidence that the counter-examples found by the tools are much more representative of the data distribution, and it shows how the performance of DFV varies across domains, models, and tools.

Felipe Toledo

David Shriver

University of Virginia

United States

Sebastian Elbaum

University of Virginia

United States

Matthew B Dwyer

University of Virginia

Many program verification tools can be customized via run-time configuration options that trade off performance, precision, and soundness. However, in practice, users often run tools under their default configurations, because understanding these tradeoffs requires significant expertise. In this paper, we ask how well a single, default configuration can work in general, and we propose SATune, a novel tool for automatically configuring program verification tools for given target programs. To answer our question, we gathered a dataset that runs four well-known program verification tools against a range of C and Java benchmarks, with results labeled as correct, incorrect, or inconclusive (e.g., timeout). Examining the dataset, we find there is generally no one-size-fits-all best configuration. Moreover, a statistical analysis shows that many individual configuration options do not have simple tradeoffs: they can be better or worse depending on the program.

Motivated by these results, we developed SATune, which constructs configurations using a meta-heuristic search. The search is guided by a surrogate fitness function trained on our dataset. We compare the performance of SATune to three baselines: a single configuration with the most correct results in our dataset; the most precise configuration followed by the most correct configuration (if needed); and the most precise configuration followed by random search (also if needed). We find that SATune outperforms these approaches by completing more correct tasks with high precision. In summary, our work shows that good configurations for verification tools are not simple to find, and SATune takes an important first step towards automating the process of finding them.

Ugur Koc

University of Maryland, College Park

United States

Austin Mordahl

The University of Texas at Dallas

United States

Shiyi Wei

The University of Texas at Dallas

United States

Jeffrey S. Foster

Tufts University

United States

Adam Porter

University of Maryland

Signal temporal logic (STL) is widely used to specify and analyze properties of cyber-physical systems with continuous behaviors. But STL model checking is still quite limited; existing STL model checking methods are either incomplete or very inefficient. This paper presents a new SMT-based model checking algorithm for verifying STL properties of cyber-physical systems. We propose a novel technique to reduce the STL bounded model checking problem to the satisfiability of a first-order logic formula over reals, which can be solved using state-of-the-art SMT solvers. Our algorithm is based on a new theoretical result, presented in this paper, to build a small but complete discretization of continuous signals, which preserves the bounded satisfiability of STL. Our modular translation method allows an efficient STL model checking algorithm that is refutationally complete for bounded signals, and that is much more scalable than the previous refutationally complete algorithm.

Jia Lee

POSTECH

Geunyeol Yu

Pohang University of Science and Technology (POSTECH)

South Korea

Kyungmin Bae

Pohang University of Science and Technology (POSTECH)

South Korea

Mutation analysis is a powerful dynamic approach that has many applications, such as measuring the quality of test suites or automatically locating fault. However, the inherent low scalability hampers its practical use. To accelerate mutation analysis, researchers propose approaches to reduce redundant executions. A family of fork-based approaches tries to share identical executions among mutants. Fork-based approaches carry all mutants in one process, and decide whether to fork new child-processes when reach a mutated statement. The mutants carried by the parent process are split into groups and distribute to different processes to finish remaining executions. However, existing fork-based approaches have two limitations: (1) the limited analysis scope on a single statement to compare and cluster mutants prevents their systems from detecting more equivalent mutants, and (2) the interpretation of the mutants and the runtime equivalence analysis introduce significant overhead.

In this paper, we present a novel fork-based mutation analysis approach WinMut, which (1) groups mutants in a scope of mutated statements and, (2) removes redundant computations inside interpreters. WinMut not only reduces the number of invoked processes, but also has a lower cost for executing a single process. Our experiments show that our approach can further accelerate mutation analysis with an average speedup of 9.52x on the top of the state-of-the-art fork-based approach, AccMut.

Bo Wang

Beijing Jiaotong University

China

Sirui Lu

Peking University

Yingfei Xiong

Peking University

China

Feng Liu

Beijing Jiaotong University

Standard software analytics often involves having a large amount of data with labels in order to commission models with acceptable performance. However, prior work has shown that such requirements can be expensive, taking several weeks to label thousands of commits, and not always available when traversing new research problems and domains. Unsupervised Learning is a promising direction to learn hidden patterns within unlabelled data, which has only been extensively studied in defect prediction. Nevertheless, unsupervised learning can be ineffective by itself and has not been explored in other domains (e.g., static analysis and issue close time).

Motivated by this literature gap and technical limitations, we explore the performance variations seen in several simple optimization schemes. We present FRUGAL, a tuned semi-supervised method that builds on a simple optimization scheme that does not require sophisticated (e.g., deep learners) and expensive (e.g., 100% manually labelled data) methods. Our method optimizes the unsupervised learner’s configurations in the grid search manner while validating the picked settings on only 10% of the labelled train data before predicting. FRUGAL outperforms the state-of-the-art actionable static code warning recognizer and issue closed time predictor with less information, reducing the cost of labelling by 90%.

Our conclusions are two-fold. Firstly, FRUGAL can save considerable efforts in data labelling especially in validating prior work or researching new problems. Secondly, proponents of complex and expensive methods should always baseline such methods against simpler and cheaper alternatives. For instance, a semi-supervised learner like FRUGAL can serve as a baseline to the state-of-the-art software analytics tools.

Huy Tu

North Carolina State University, USA

United States

Tim Menzies

North Carolina State University

United States

Continuous Integration is a critical problem for software maintenance in global projects compromising companies’ performance, which tends to accumulate a high-resolution time due to the approval process, conflict resolution, tests, and validations. The process of the validation involves the commit description interpretation and can be automated by NLP-mechanisms. This paper presents an intelligent NLP-based approach to evaluate if the commits can integrate a software release based only on their descriptions, including paraphrasing. The solution is validated using pre-classified commits on the training stage and achieved an accuracy of 92.9%. The proposed solution allows the automatic integration of the commits in a release with confidence, mitigating the software managing efforts.

Samuel Cristo da Fonseca

Sidia R&D

Mateus C. Lucena

Sidia R&D

Brazil

Tiago M. Reis

Sidia R&D

Pedro F. Cabral

Sidia R&D

Walmir A. Silva

Sidia R&D

Flavia de S. Santos

Sidia R&D

Brazil

Felipe T. Giuntini

Sidia R&D

Brazil

Juliano Sales

Sidia R&D