Machine Learning Security in the Real World
no description available
no description available
[Workshop] ASYDE
Mon 11 Sep 2023 11:20 - 11:40 at Room FR - Session 1: AI and Intelligent Systems Chair(s): Gianluca Filippone University of L'Aquila, ItalyChatGPT is an artificial intelligence chatbot developed by OpenAI, able of interacting in a conversational way by taking into account successive input prompts. Among many possible uses, ChatGPT has been found to possess code generation capabilities, being able to generate code snippets and assist developers in their programming tasks. This paper performs a qualitative exploration of perceptions of early adopters regarding the use of ChatGPT for code generation, acknowledging the substantial impact this tool can have in the software development landscape. We collected a diverse set of discussions from early adopters of ChatGPT code generation capabilities and, leveraging an open card sorting methodology categorized it into relevant topics with the goal of extracting insights into the experiences, opinions, and challenges they faced. We found that early adopters (i) report their own mixed usage experiences, (ii) share suggestions for prompt engineering, (iii) debate the extent to which they can trust generated code, and (iv) discuss the impact that ChatGPT can have on the software development process. We discuss the implications of the insights we extracted from early adopters’ perspectives and provide recommendations for future research.
Pre-print[Workshop] ASYDE
Mon 11 Sep 2023 11:40 - 12:00 at Room FR - Session 1: AI and Intelligent Systems Chair(s): Gianluca Filippone University of L'Aquila, ItalyAutomated negotiation is a process of autonomously overcoming conflicts between intelligent agents and achieving agreement. The literature has proposed several approaches to automated negotiation. To this end, the aim of this study is to summarize the state-of-the-art on automated negotiation for the research community to identify the research gap and to conduct further research in the automated negotiation domain. To achieve this goal, we conducted a systematic mapping study (SMS) on the automated negotiation literature on a set of 73,760 candidate studies. Through a precise search and selection procedure, we identified a set of 21 primary studies, published between the year 2017 and June 2022. As preliminary results of this mapping study, we provide the classification framework to identify and evaluate the automated negotiation literature, and an up-to-date map of the state-of-the-art on automated negotiation focusing on (i) the specific purpose of negotiation, (ii) the application domain in which it is employed, and (iii) how it is carried out in terms of inputs, outputs, and used techniques.
Pre-print File Attached[Workshop] ASYDE
Mon 11 Sep 2023 13:40 - 14:00 at Room FR - Session 2: Prioritization and Optimization Chair(s): Gian Luca Scoccia University of L'AquilaDealing with large configuration spaces is a complex task for developers, especially when manually searching for the configuration that best suits both their functional and performance requirements. Indeed, a well-performing configuration may not fit developers’ needs because of conflicting functional requirements, or vice-versa. In this paper, we propose ICO, a lightweight, domain-agnostic platform that supports multi-objective optimization for configurable software. The objective of ICO is to provide the developer with the best-performing configuration by altering as little as possible the initial one, in order to remain as close as possible to the developer’s functional requirements. We explain the foundations of ICO, describe its architecture, and explain how it can be used either through a command-line client or an Eclipse plugin. Finally, we assess ICO by evaluating its execution time and the time it saves users over a manual optimization.
[Workshop] ASYDE
Mon 11 Sep 2023 14:00 - 14:30 at Room FR - Session 2: Prioritization and Optimization Chair(s): Gian Luca Scoccia University of L'AquilaRegression testing is an important factor in ensuring software system reliability once new changes are introduced, but maintaining complex testing suites in continuous integration environments is challenging. Test case prioritization techniques are a potential solution to this problem by computing a reordered testing suite that can provide better fault detection capabilities. However, current methods rely on manually providing artifact dependencies (requirements to code, code to test cases, test cases to faults) as input. The purpose of this paper is to minimize the gap between automatic dependency computation and test case prioritization by analyzing how Behavior-Driven Development (BDD) practices affect the two tasks. Thus, the first contribution of this paper is related to the design and implementation of an automatic traceability component to retrieve dependencies based on BDD artifacts (requirements, source code, test cases, and faults). The second contribution refers to the integration of the discovered traces as features in a neural network classification model for test cases for further prioritization. Various architectures were used for the neural network classification model. Two real-world BDD projects were used for the validation of the models, comparing the best performing models with a baseline test case prioritization technique to assess their fault-detection capabilities. Our approach achieved promising fault detection rates that demonstrate the efficiency of automatic traceability and may lead to future applicability to large-scale projects.
Pre-print File Attached[Workshop] ASYDE
Mon 11 Sep 2023 14:30 - 15:00 at Room FR - Session 2: Prioritization and Optimization Chair(s): Gian Luca Scoccia University of L'AquilaIn continuous integration environments, the execution of test cases is performed for every newly added feature or when a bug fix occurs. Therefore, regression testing is performed considering various testing strategies. The Test Case Prioritization (TCP) approach considers reordering test cases so that faults are found earlier with a minimum execution cost. The purpose of the paper is to investigate the impact of neural network-based classification models to assist in the prioritization of test cases. Three different models are employed with various features (duration, fault rate, cycles count, total runs count) and considering information at every 30 cycles or at every 100 cycles. The results obtained emphasize that the NEUTRON approach finds a better prioritization with respect to NAPFD (normalized average percent of the detected fault) than random permutation and is comparable with the solutions that used either duration or faults, considering that it combines both values. Compared to other existing approaches, NEUTRON obtains similar competitive results when considering a budget of 50% and the best results when considering budgets of 75% and 100%.
Pre-print File Attached[Workshop] ASYDE
Mon 11 Sep 2023 15:30 - 15:50 at Room FR - Session 3: Contract and Microservices Chair(s): Gian Luca Scoccia University of L'AquilaWe propose a simple modelling language extending iContractML 2.0 for access control policies on smart contracts. The language supports multi-party authorisation and dynamic role-based access control (RBAC) where role members can be added or removed at runtime. Models in this language can be mapped to both Solidity and DAML in a model-driven approach to RBACs.
File Attached[Workshop] ASYDE
Mon 11 Sep 2023 15:50 - 16:10 at Room FR - Session 3: Contract and Microservices Chair(s): Gian Luca Scoccia University of L'AquilaFormal verification has become increasingly crucial in ensuring the accurate and secure functioning of modern software systems. Given a specification of the desired behaviour, i.e. a contract, a program is considered to be correct when all possible executions guarantee the specification. Should the software fail to behave as expected, then a bug is present. Most existing research assumes that the bug is present in the implementation, but it is also often the case that the specified expectations are incorrect, meaning that it is the specification that must be repaired. Research and tools for providing alternative specifications that fix details missing during contract definition, considering that the implementation is correct, are scarce. In this paper, we present a preliminary tool, focused on Dafny programs, for automatic specification repair in contract programming. Given a Dafny program that fails to verify, the tool suggests corrections that repair the specification. Our approach is inspired by a technique previously proposed for another contract programming language and relies on Daikon for dynamic invariant inference. Although the tool is focused on Dafny, it makes use of specification repair techniques that are generally applicable to programming languages that support contracts. Such a tool can be valuable in various scenarios. For instance, programmers can benefit from it when they have a reference implementation and need to analyse their contract options. Similarly, in education, it can serve as an aid for students, providing hints to correct their contracts.
File Attached[Workshop] ASYDE
Mon 11 Sep 2023 16:10 - 16:30 at Room FR - Session 3: Contract and Microservices Chair(s): Gian Luca Scoccia University of L'AquilaA current trend in service-oriented architectures is to break coarse-grained monolith systems, encapsulating all function capabilities, down into small-scale and fine-grained microservices, which work in concert. The microservices resulting from the decomposition can be independently deployed on physically distributed machines, and an extremely challenging and complex task is to ensure that the behavior emerging from their distributed interaction is equivalent to the original monolith system. Specifically, the price to be paid for the gained distribution is that the emerging microservices interaction may exhibit not only deadlocking behavior, but also extra behavior, which is undesired with respect to the original monolith. In this paper, we propose a method for automatically (i) detecting both deadlocking interactions and extra behavior, and (ii) synthesizing distributed coordinators that when interposed among the resulting microservices avoid deadlocks and undesired interactions.
Industry Challenge (Competition)
Wed 13 Sep 2023 10:00 - 10:10 at Room FR - Industry Challenge (Competition) Chair(s): Kui Liu Huaweino description available
I am a research scientist in the software engineering application technology lab at Huawei, China. Prior to that, I was an an associate professor in Software Engineering at the College of Computer Science and Technology (CCST), Nanjing University of Aeronautics and Astronautics (NUAA). Before I joined NUAA, I was a research associate at the University of Luxembourg (UL). I obtained my PhD degree in December 2019 from the Interdisciplinary Security and Trust Centre (SnT), University of Luxembourg, under the supervision of Prof. Dr. Yves Le Traon (IEEE Fellow), Associate Prof. Dr. Tegawendé F. Bissyandé (ERC Fellow), and Dr. Dongsun Kim.
Industry Challenge (Competition)
Wed 13 Sep 2023 10:10 - 10:25 at Room FR - Industry Challenge (Competition) Chair(s): Kui Liu Huaweino description available
Industry Challenge (Competition)
Wed 13 Sep 2023 10:25 - 10:40 at Room FR - Industry Challenge (Competition) Chair(s): Kui Liu Huaweino description available
Industry Challenge (Competition)
Wed 13 Sep 2023 10:40 - 10:55 at Room FR - Industry Challenge (Competition) Chair(s): Kui Liu Huaweino description available
Pre-printIndustry Challenge (Competition)
Wed 13 Sep 2023 11:10 - 11:25 at Room FR - Industry Challenge (Competition) Chair(s): Kui Liu Huaweino description available
Pre-printIndustry Challenge (Competition)
Wed 13 Sep 2023 11:25 - 11:40 at Room FR - Industry Challenge (Competition) Chair(s): Kui Liu Huaweino description available
Industry Challenge (Competition)
Wed 13 Sep 2023 11:40 - 11:55 at Room FR - Industry Challenge (Competition) Chair(s): Kui Liu HuaweiSoftware vulnerabilities damage the functionality of software systems. Recently, many deep learning-based approaches have been proposed to detect vulnerabilities at the function level by using one or a few different modalities (e.g., text representation, graph-based representation) of the function and have achieved promising performance. However, some of these existing studies have not completely leveraged these diverse modalities, particularly the underutilized image modality, and the others using images to represent functions for vulnerability detection have not made adequate use of the significant graph structure underlying the images.
In this paper, we propose MVulD, a multi-modal-based function-level vulnerability detection approach, which utilizes multi-modal features of the function (i.e., text representation, graph representation, and image representation) to detect vulnerabilities. Specifically, MVulD utilizes a pre-trained model (i.e., UniXcoder) to learn the semantic information of the textual source code, employs the graph neural network to distill graph-based representation, and makes use of computer vision techniques to obtain the image representation while retaining the graph structure of the function. We conducted a large-scale experiment on 25,816 functions. The experimental results show that MVulD improves four state-of-the-art baselines by 30.8%-81.3%, 12.8%-27.4%, 48.8%-115%, and 22.9%-141% in terms of F1-score, Accuracy, Precision, and PR-AUC respectively.
File AttachedIndustry Challenge (Competition)
Wed 13 Sep 2023 13:30 - 13:45 at Room FR - Industry Challenge (Competition) Chair(s): Sun Jianwenno description available
Industry Challenge (Competition)
Wed 13 Sep 2023 13:45 - 14:00 at Room FR - Industry Challenge (Competition) Chair(s): Sun Jianwenno description available
Industry Challenge (Competition)
Wed 13 Sep 2023 14:00 - 14:15 at Room FR - Industry Challenge (Competition) Chair(s): Sun Jianwenno description available
Industry Challenge (Competition)
Wed 13 Sep 2023 14:15 - 14:30 at Room FR - Industry Challenge (Competition) Chair(s): Sun Jianwenno description available
Industry Challenge (Competition)
Wed 13 Sep 2023 14:45 - 15:00 at Room FR - Industry Challenge (Competition) Chair(s): Sun Jianwenno description available
Industry Challenge (Competition)
Wed 13 Sep 2023 15:00 - 15:15 at Room FR - Industry Challenge (Competition) Chair(s): Sun JianwenRepository mining of bug fixes from version control systems like GitHub is a challenging problem as far as the precision of the bug context is concerned, i.e., source codes immediately preceding and succeeding the fix location. Coupled with this, identification of the type of the bug fix goes a long way towards creating high quality datasets that can be used for several downstream tasks. However, existing bug fix datasets suffer from the following limitations that dilute the data quality. Firstly, they do not focus on multilingual projects in their entirety given that most open-source projects are now multilingual. Secondly, the granularity of the bug fixes are considered only at the function/method level without specifying line/statement level information. Thirdly, bug fixes lying within the scope of a source file but outside any of its constituent functions have not been examined. In this paper, we propose a solution to overcome the aforementioned limitations by introducing a novel and extensive dataset named Minecraft. With a size of 28.8GB (considering 416 GitHub projects encompassing programming languages such as C, C++, Java, and Python, 2.2M commits, 3.29M bug-fix pairs), Minecraft surpasses the existing datasets by 4-fold enlargement in terms of data availability. We believe Minecraft would serve as a valuable resource for various stakeholders in the software development and research communities, empowering them to improve software quality, develop innovative bug detection and auto-fix techniques, and advance the field of software engineering.
Pre-print File AttachedIndustry Challenge (Competition)
Wed 13 Sep 2023 15:15 - 15:30 at Room FR - Industry Challenge (Competition) Chair(s): Sun Jianwenno description available
Industry Challenge (Competition)
Wed 13 Sep 2023 15:30 - 15:45 at Room FR - Industry Challenge (Competition) Chair(s): Sun JianwenJust-In-Time defect prediction models can identify defect-inducing commits at check-in time and many approaches are proposed with remarkable performance. However, these approaches still have a few limitations which affect their effectiveness and practical usage: (1) partially using semantic information or structure information of code, (2) coarsely providing results to a commit (buggy or clean), and (3) independently investigating the defect prediction model and defect repair model.
In this study, to handle the aforementioned limitations, we propose a unified defect prediction and repair framework named COMPDEFECT, which can identify whether a changed function inside a commit is defect-prone, categorize the type of defect, and repair such a defect automatically if it falls into several scenarios, e.g., defects with single statement fixes, or those that match a small set of defect templates. Technically, the first two tasks in COMPDEFECT are treated as a multiclass classification task, while the last task is treated as a sequence generation task.
To verify the effectiveness of COMPDEFECT, we first build a large-scale function-level dataset (i.e., 21,047) named Function- SStuBs4J and then compare COMPDEFECT with tens of state-of-the-art (SOTA) approaches by considering five performance measures. The experimental results indicate that COMPDEFECT outperforms all SOTAs with a substantial improvement in three tasks separately. Moreover, the pipeline experimental results also indicate the feasibility of COMPDEFECT to unify three tasks in a model.
File AttachedSATE - Software Engineering at the Era of LLMs
Thu 14 Sep 2023 10:40 - 11:20 at Room FR - SATE - Software Engineering at the Era of LLMs Chair(s): Xin Xia Huawei TechnologiesAbstract: Large Language Model (LLM) have demonstrated significant potential in automating an array of software engineering activities, from code summarization and search to program analysis and vulnerability detection. These tasks span generative, ranking, and classification tasks. To advance LLM for Automated Software Engineering (LLM4ASE), it is vital to discern not just its strengths but also its shortcomings. This talk delves into our discoveries when probing LLM4ASE’s boundaries, especially considering the intricacies of software engineering—a multifaceted human-in-the-loop activity. We will spotlight the model’s weaknesses and existing constraints, alongside suggesting strategies to mitigate these challenges. While this talk may not provide comprehensive solutions, it aims to foster a dialogue around pertinent questions, nudging the community toward collaboratively elevating Automated Software Engineering (ASE) by harnessing LLM’s strengths and addressing its limitations.
David Lo is a Professor of Computer Science and Director of the Information and Systems Cluster at School of Computing and Information Systems, Singapore Management University. He leads the Software Analytics Research (SOAR) group. His research interest is in the intersection of software engineering, cybersecurity, and data science, encompassing socio-technical aspects and analysis of different kinds of software artifacts, with the goal of improving software quality and security and developer productivity. His work has been published in major and premier conferences and journals in the area of software engineering, AI, and cybersecurity attracting substantial interest from the community. His work has been supported by NRF, MOE, NCR, AI Singapore, and several international research projects. He has won more than 15 international research and service awards including 6 ACM SIGSOFT Distinguished Paper Awards. He has received a number of international honors including IEEE Fellow (class of 2022, through Computer Society), Fellow of Automated Software Engineering (class of 2021), and ACM Distinguished Member (class of 2019).
Pre-printSATE - Software Engineering at the Era of LLMs
Thu 14 Sep 2023 11:20 - 12:00 at Room FR - SATE - Software Engineering at the Era of LLMs Chair(s): Xin Xia Huawei TechnologiesAbstract: Bridging the abstraction gap between concepts and source code is the essence of software engineering (SE). SE researchers regularly use machine learning to bridge this gap, but there are two fundamental issues with traditional applications of machine learning in SE research. Traditional applications are too reliant on human intuition, and they are not capable of learning expressive yet efficient internal representations. Ultimately, SE research needs approaches that can automatically learn representations of massive, heterogeneous, datasets in situ, apply the learned features to a particular task and possibly transfer knowledge from task to task. Improvements in both computational power and the amount of memory in modern computer architectures have enabled new approaches to canonical machine learning tasks. Specifically, these architectural advances have enabled machines that are capable of learning deep, compositional representations of massive data depots. This rise of Deep Learning (DL) has led to tremendous advances in several fields. Given the complexity of software repositories, deep learning has the potential to usher in new analytical frameworks and methodologies for SE research and the practical applications it reaches. Conversely, the development of DL algorithms and models represents an entirely new type of software engineering that is still rapidly evolving. This talk examines how DL algorithms can enhance and automate several critical SE tasks involving natural language, code, and graphical user interfaces including program prototyping and source code modifications. We demonstrate that deep learners significantly outperform state-of-practice canonical machine learning approaches for these tasks. These examples illustrate transformative potential that DL can have on the science and practice of software engineering by moving SE research from the art of feature engineering to the science of automated discovery. We also explore how advancements in software engineering tools and practices can enable further progress in making DL frameworks more accessible and useful for researchers, programmers, and data scientists. The talk will conclude with a discussion of promising future directions and opportunities for Deep Learning for SE and SE for Deep Learning.
Denys Poshyvanyk is a Chancellor Professor and a Graduate Director in the Computer Science Department at William and Mary (see W&M by numbers) where he leads SEMERU research group. He received his Ph.D. from Wayne State University, where he was advised by Dr. Andrian Marcus. His current research is in the area of software engineering; software analytics; evolution and maintenance; program comprehension; deep learning for software engineering (DL4SE) and SE for deep learning (SE4DL); mobile app development, testing, and security; reverse engineering; repository mining; and traceability. He currently serves on the editorial board of ACM Transactions on Software Engineering and Methodology (TOSEM), Empirical Software Engineering Journal (EMSE, Springer), Journal of Software: Evolution and Process (JSEP, Wiley) and Science of Computer Programming (SCP, Elsevier).
SATE - Software Engineering at the Era of LLMs
Thu 14 Sep 2023 13:20 - 14:00 at Room FR - SATE - Software Engineering at the Era of LLMs Chair(s): Xin Xia Huawei TechnologiesAbstract: Large Language Models (LLMs), such as ChatGPT, have shown impressive performance in various downstream tasks spanning diverse fields. In this talk, I will present our recent work on leveraging LLMs for improving software quality, covering techniques for breaking, fixing, and synthesizing software systems. More specifically, I will first talk about our TitanFuzz work, the first approach demonstrating that LLMs can be directly applied for both generation- and mutation-based fuzz testing studied for decades, while being fully automated, generalizable, and applicable to challenging application domains (such as ML systems). Next, I will talk about our AlphaRepair work, which reformulates the Automated Program Repair (APR) problem as an infilling (or cloze) task and demonstrates that LLMs can outperform all prior APR techniques studied for over a decade. Lastly, I will briefly talk about our recent EvalPlus work, which shows that the evaluation of almost all recent LLMs on program synthesis can be largely affected by the weak test suites in existing datasets. Furthermore, I will also briefly talk about our other work along the covered directions.
Lingming Zhang is an Associate Professor at the Department of Computer Science in University of Illinois Urbana-Champaign. His main research interests lie in Software Engineering, and its synergy with Machine Learning, Programming Languages, and Formal Methods. He has published over 80 research papers, winning the ACM SIGSOFT Early Career Researcher Award, four ACM SIGSOFT Distinguished Paper Awards, and one Best Industry Paper Award. His research has helped detect hundreds of bugs for open-source projects from Apache and GitHub, as well as software systems from eBay, eMetric, Google, Meta/Facebook, Microsoft, NVIDIA, OctoML, Oracle, and Yahoo!. His work on regression testing optimization has been run day-to-day in Google, while his work on automated program repair and unified debugging has been successfully deployed to the Alipay system with million lines of code and over 1 billion global users.
SATE - Software Engineering at the Era of LLMs
Thu 14 Sep 2023 14:00 - 14:40 at Room FR - SATE - Software Engineering at the Era of LLMs Chair(s): Xin Xia Huawei TechnologiesAbstract: LLMs are increasingly used not just for autocompletion, but also for code generation from natural language and APIs and other tasks. The output they produce, however, is based on the input data that is nominally permissively licensed, but is not curated for quality, security, performance, or other factors, such as whether the code’s license is authentic. This leads to buggy, insecure, poorly performing, or inappropriately licensed output that is already poisoning the rapidly growing OSS codebase. Problematic inputs will result in problematic outputs even if all the LLM hallucinations were to be removed, hence stronger provenance tracking and quality assurance for LLM training and fine-tuning inputs is essential to improve quality of the generated code. We suggest approaches to use World of Code research infrastructure to curate LLM training data via de-duplicating and auto curating source code based on the OSS-wide software supply chain properties derived from the nearly complete collection of OSS source code.
Audris Mockus is the Ericsson-Harlan D. Mills Chair Professor of Digital Archeology and Evidence Engineering in the Department of Electrical Engineering and Computer Science of the University of Tennessee, Knoxville. He studies software developers’ culture and behavior through the recovery, documentation, and analysis of digital remains, in other words, Digital Archaeology. These digital traces reflect projections of collective and individual activity. He reconstructs the reality from these projections by designing data mining methods to summarize and augment these digital traces, interactive visualization techniques to inspect, present, and control the behavior of teams and individuals, and statistical models and optimization techniques to understand the nature of individual and collective behavior.
File AttachedSATE - Software Engineering at the Era of LLMs
Thu 14 Sep 2023 14:40 - 15:20 at Room FR - SATE - Software Engineering at the Era of LLMs Chair(s): Xin Xia Huawei TechnologiesAbstract: When embracing new technology like LLMs, are we “throwing the baby out with the bath water”? What are we forgetting, from past research, that it is still relevant and useful? For example, I firmly believe that deep learning and generative AI methods such as ``chain of thought’ will dramatically change the nature of science (in general) and SE (in particular). But moving forward away from generative tasks to classification, regression, and optimization tasks, my experimental results strongly suggest that other non-neural methods can be just as effective, particularly when combined with hyperparameter optimization. This is an important point since the non-neural methods can yield the succinct symbolic models that humans need to review and understand a model.
Timothy Menzies (IEEE Fellow, Ph.D., UNSW, 1995) is a full Professor in CS at North Carolina State University where he teaches software engineering, automated software engineering, and foundations of software science. He is the directory of the RAISE lab (real world AI for SE) and the author of over 280 referred publications. In his career, he has been a lead researcher on projects for NSF, NIJ, DoD, NASA, USDA (funding totalling over 13 million dollars) as well as joint research work with private companies. Prof. Menzies is the editor-in-chief of the Automated Software Engineering journal and associate editor of IEEE Transactions on Software Engineering (and other leading SE journals).
Pre-printFull prof, ex-nurse,rocketman,taxi-driver,journalist (it all made sense at the time).
SATE - Software Engineering at the Era of LLMs
Thu 14 Sep 2023 15:40 - 16:20 at Room FR - SATE - Software Engineering at the Era of LLMs Chair(s): Xin Xia Huawei TechnologiesAbstract: Recently, Large Language Models (LLMs) such as GPT-3 and ChatGPT have attracted great attention from both academia and industry. They have shown substantial gains in solving a variety of problems ranging from Q&A to text summarization. Existing studies also found that some LLMs can be applied to the source code, such as code generation or debugging. However, their performance on various software engineering tasks has not been systematically investigated, and the understanding of LLMs is arguably fairly limited. Also, it is unclear how we can build software engineering capability based on LLM. In this talk, I will discuss the performance of LLMs on various software engineering tasks, including code generation, test generation, program repair, code translation, and documentation generation, and present some software engineering applications based on LLM (e.g., . vulnerability management, code search, and code idioms mining).
Xing Hu is an associate professor at school of software technology, Zhejiang University(ZJU). She got my Ph.D degree in July 2020 from School of Electronics Engineering and Computer Science (EECS), Peking University, China. Her research interests are intelligent software engineering (e.g., intelligent code generation and test case generation) and mining software repositories. Her work has been published in major and premier conferences and journals in the area of software engineering and AI.
SATE - Software Engineering at the Era of LLMs
Thu 14 Sep 2023 16:20 - 17:00 at Room FR - SATE - Software Engineering at the Era of LLMs Chair(s): Xin Xia Huawei TechnologiesYves Le Traon is full professor of Computer Science at University of Luxembourg, in the domain of software engineering, with a focus on software testing, software security, and data-intensive systems. His research interests include (1) innovative testing, debugging and repair techniques, (2) mobile Android security using static code analysis, machine learning techniques and, (3) design of robust machine-learning based systems. His research is inspired from and applies to several industry partners (Fintech BGL BNP-Paribas and Paypal, Smartgrid - CREOS, Industry 4.0 - Cebi).
SATE - Software Engineering at the Era of LLMs
Thu 14 Sep 2023 17:00 - 17:40 at Room FR - SATE - Software Engineering at the Era of LLMs Chair(s): Xin Xia Huawei TechnologiesAbstract: Large language models (LLMs) are artificial intelligence systems that are trained on vast amounts of text data, allowing them to generate human-like language. In software development, LLMs can be used to assist a wide range of tasks, from generating code to writing documentation and even testing software. By leveraging the power of these models, developers can save time and increase productivity. In this talk, I will first introduce the background of LLMs and how previous works utilize them in the software development process. I will then briefly introduce our recent contributions in this domain, comprising several distinct studies. These studies investigate tuning and querying LLMs through prompts for diverse software development tasks, such as type inference, code generation, and code documentation. Finally, I will summarize the key challenges and potential opportunities of software development research in the era of LLMs. he era of LLMs. search in the era of LLMs.
Cuiyun Gao is an Associate Professor of the School of Computer Science and Technology at Harbin Institute of Technology (Shenzhen). Her research interests include intelligent software engineering and software reliability. She received her Ph.D. from the Chinese University of Hong Kong, during which she was an academic visiting scholar at University College London, and then a postdoctoral fellow at the Chinese University of Hong Kong and Nanyang Technological University in Singapore. In recent years, she has published more than 50 papers in TSE, TOSEM, ICSE, FSE, ASE and other conferences and journals. She has served as a program committee member for many top conferences such as FSE, ISSTA, ASE, etc. She is also a reviewer of many top journals such as TSE, TOSEM, etc.
Android applications have pervaded the digital landscape, making static analysis an indispensable tool for vetting app security. While existing static models offer valuable insights, they are fraught with a high degree of unsoundness. This keynote discusses our recent work aimed at enhancing the soundness of static analysis in the Android ecosystem. We not only explore innovative solutions to current limitations but also propose future research directions to address open challenges in this domain.
Jordan Samhi is a Postdoctoral Researcher working in Software Security and Software Engineering at CISPA in Germany in the Software research group. His research is about automating software security with static code analysis. More particularly, he has a strong interest to improve the comprehensiveness of software analysis towards ensuring the security and reliability of software systems. Currently, he is focusing on Android systems.
no description available
What are the best mobile development approaches to cut the carbon footprint? To answer this question, this experience paper provides a life-size comparison of native versus cross-platform frameworks prevailing in the mobile software industry at the time of writing, namely Kotlin Multiplatform Mobile, React Native and Flutter. To do this, we collected metrics related to the package size, network traffic and battery drain issued by a boilerplate application developed following the different approaches. Our preliminary findings tend to show that the cross-platform solutions perform quite well.
File AttachedCross-platform development frameworks allow producing a single codebase for an app targeting web browsers and native mobile operating systems. However, detractors stress their limitations in accessing platform-specific features or achieving optimal performance compared to native platform development. Although interest in cross-platform development has increased recently, few case studies are published on using them, often on toy examples. Therefore, it is important to provide sound evidence on the usage of a cross-development platform for a full-fledged app development case study, from requirements specification to quality assurance, using well-understood standard modeling notations (UML and BPMN). This case study is about IscteSpots, a gamified app developed in the scope of Iscte’s commemoration of its 50th anniversary, to promote its heritage and history. One of its components provides publicly organized access to a chronological corpus of the university’s past and is available on web browsers and on/ Android and iOS smartphones. Another component, specifically targeted to smartphones, implements a contest with gamification strategies, specially targeted to the current community members (students mostly, but also teaching and administrative staff). Development went through several iterations, including validations with groups of users that were instrumental in the app’s continuous improvement. The vast majority of the suggested changes had repercussions at the GUI level, that had to be propagated to the web, Android, and iOS platforms. The agility achieved by generating versions for the three target platforms, without noticeable degradation of execution efficiency and requiring only minor adaptations, amply proved the advantage of using a cross-platform framework.
Temporal inconsistency in Android malware datasets can significantly distort the performance of these models, leading to inflated detection accuracy. Existing methods to detect temporal inconsistency in biased datasets, while useful, have limitations. They struggle when temporal inconsistencies are small, and their requirement of knowing the specific year of the dataset is often unfeasible in real-world scenarios. Motivated by these challenges, we introduce a novel and more effective method for identifying temporal inconsistency in Android malware datasets. Unlike prior studies, our method can identify the temporal inconsistency on an unknown dataset quickly and accurately without any assumption. Besides, We introduce a new dataset comprising 78k diverse Android samples, including malware and benign app samples spanning various time frames, specifically designed to study temporal inconsistency. Through a systematic evaluation of our proposed technique using this new dataset, we demonstrate its effectiveness in dealing with temporal inconsistency. Our experiments indicate that our method can achieve an accuracy rate of 98.3% in detecting temporal inconsistency in unknown datasets. Additionally, we established the efficacy of our feature selection process, which is integral to our approach, and demonstrated our method’s robustness when applied to unknown datasets. Our findings set a new benchmark in Android malware detection, paving the way for more reliable and accurate ML-based detection methods.
