Shuang Liu,Jun Sun,Yang Liu,Yue Zhang,Bimlesh Wadhwa,Jin Song Dong,Xinyu Wang

DOI: https://doi.org/10.1145/2642937.2642969

2014-01-01

Abstract:Use cases, as the primary techniques in the user requirement analysis, have been widely adopted in the requirement engineering practice. As developed early, use cases also serve as the basis for function requirement development, system design and testing. Errors in the use cases could potentially lead to problems in the system design or implementation. It is thus highly desirable to detect errors in use cases. Automatically analyzing use case documents is challenging primarily because they are written in natural languages. In this work, we aim to achieve automatic defect detection in use case documents by leveraging on advanced parsing techniques. In our approach, we first parse the use case document using dependency parsing techniques. The parsing results of each use case are further processed to form an activity diagram. Lastly, we perform defect detection on the activity diagrams. To evaluate our approach, we have conducted experiments on 200+ real-world as well as academic use cases. The results show the effectiveness of our method.

Meng Yan,Xin Xia,Yuanrui Fan,Ahmed E. Hassan,David Lo,Shanping Li

DOI: https://doi.org/10.1109/tse.2020.2978819

IF: 7.4

2022-01-01

IEEE Transactions on Software Engineering

Abstract:Defect localization aims to locate buggy program elements (e.g., buggy files, methods or lines of code) based on defect symptoms, e.g., bug reports or program spectrum. However, when we receive the defect symptoms, the defect has been exposed and negative impacts have been introduced. Thus, one challenging task is: whether we can locate buggy program prior to the appearance of the defect symptom (e.g., when buggy program elements are being committed to a version control system). We refer to this type of defect localization as “Just-In-Time (JIT) Defect localization”. Although many prior studies have proposed various JIT defect identification methods to identify whether a new change is buggy, these prior methods do not locate the suspicious positions. Thus, JIT defect localization is the next step of JIT defect identification (i.e., after a buggy change is identified, suspicious source code lines are located). To address this problem, we propose a two-phase framework, i.e., JIT defect identification and JIT defect localization. Given a new change, JIT defect identification will identify it as buggy change or clean change first. If a new change is identified as buggy, JIT defect localization will rank the source code lines introduced by the new change according to their suspiciousness scores. The source code lines ranked at the top of the list are estimated as the defect location. For JIT defect identification phase, we use 14 change-level features to build a classifier by following existing approach. For JIT defect localization phase, we propose a JIT defect localization approach that leverages software naturalness with the N-gram model. To evaluate the proposed framework, we conduct an empirical study on 14 open source projects with a total of 177,250 changes. The results show that software naturalness is effective for our JIT defect localization. Our model achieves a reasonable performance, and outperforms the two baselines (i.e., random guess and a static bug finder (i.e., PMD)) by a substantial margin in terms of four ranking measures.

Jian Xu,Zhenyu Zhang,W. K. Chan,T. H. Tse,Shanping Li

DOI: https://doi.org/10.1016/j.infsof.2012.08.006

IF: 3.9

2012-01-01

Information and Software Technology

Abstract:Context: Existing fault-localization techniques combine various program features and similarity coefficients with the aim of precisely assessing the similarities among the dynamic spectra of these program features to predict the locations of faults. Many such techniques estimate the probability of a particular program feature causing the observed failures. They often ignore the noise introduced by other features on the same set of executions that may lead to the observed failures. It is unclear to what extent such noise can be alleviated. Objective: This paper aims to develop a framework that reduces the noise in fault-failure correlation measurements. Method: We develop a fault-localization framework that uses chains of key basic blocks as program features and a noise-reduction methodology to improve on the similarity coefficients of fault-localization techniques. We evaluate our framework on five base techniques using five real-life median-scaled programs in different application domains. We also conduct a case study on subjects with multiple faults. Results: The experimental result shows that the synthesized techniques are more effective than their base techniques by almost 10%. Moreover, their runtime overhead factors to collect the required feature values are practical. The case study also shows that the synthesized techniques work well on subjects with multiple faults. Conclusion: We conclude that the proposed framework has a significant and positive effect on improving the effectiveness of the corresponding base techniques.

Hezhen Liu,Jiacheng Yin,Chengqiang Huang,Hao Lan,Zhi Jin,Zheng,Xun Zhang

DOI: https://doi.org/10.1109/issrew60843.2023.00045

2023-01-01

Abstract:Previous studies suggest that the combination of model-based fault injection and model checking can effectively detect the dependability bottlenecks and verify the fault-tolerance capability of systems at very early phases of their lifecycles. However, a challenge of applying such techniques in the industry is that semi-formal modeling languages like UML cannot easily support automated analysis and formal verification. To address this challenge, we propose a fault injection and verification framework based on UML sequence diagrams. The idea is to create formal models from sequence diagrams as well as predefined fault models, and then run a model checker to check if specific properties are violated. With an exhaustive exploration of a system’s states and fault space by the model checker, the approach ensures complete, automated reasoning on failure modes and effects. The framework also allows the designs of additional recovery actions to tolerate faults and then the verification of the updated models. The framework separates manual and automated activities, providing a guide to the practices of developers and the development of the support tool. We conduct a study on an industrial case and demonstrate that by the proposed approach, critical design flaws are revealed.

Haoyu Yang,Chen Wang,Qingkai Shi,Yang Feng,Zhenyu Chen

2014-01-01

Abstract:Bug fix is an important and challenging task in software development and maintenance. Bug fix is also a dangerous change, because it might induce new bugs. It is difficult to decide whether a bug fix is safe in practice. In this paper, we conducted an empirical study on bug inducing analysis to discover the types and features of fault prone bug fixes. We use a classical algorithm to track the location of the code changes introducing the bugs. The change types of the codes will be checked by an automatic tool and whether this change is a bug fix change is recorded. We analyze the statistics to find out what types of change are most prone to induce new bugs when they are intended to fix a bug. Finally, some guidelines are provided to help developers prevent such fault prone bug fixes.

Danhua Wang,Jingui Pan

2010-01-01

Abstract:In practice, engineers find that software quality depends heavily on the maturity and reliability of the software process. Therefore, organizations are placing increased attentions on finding an efficient way of integrating elements of software process in order to produce high quality software with lower cost and risk. Various kinds of techniques are used to manage, monitor and analyze software process. We proposed an idea of modeling software process in Little-JIL language, and then introduce automatic Fault Tree Analysis (FTA) technique and Failure Mode and Effect Analysis (FMEA) technique, two fully-fledged and widely used safety analysis techniques, to analyze software process. Results of these two techniques can be combined to improve software process, which may lead to software products with higher quality and reliability, also lower cost and risk.

Zhi Li,Zhi Jin

DOI: https://doi.org/10.3724/SP.J.1001.2013.04398

2013-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:This paper aims at deriving software specification descriptions from elicited user requirements and domain descriptions. It provides an approach to transforming user requirements into software specifications in a smooth and logical way. Based on previous in-depth research on Problem Frames, the study adopts Hoare's Communicating Sequential Processes (CSP) and Lai's weakest-environment calculus to transform an entire problem diagram. The derived software specifications are abstract models resembling program code, whose correctness can be verified by the model checker FDR. This paper provides foundational work for embedded software development, i.e., deriving software code from requirements descriptions, automating document transformation and validation, etc. The theory presented in this paper, together with the FDR model checker tool, may help to improve the efficiency and accuracy in embedded software development. © 2013 ISCAS.

Chi Li,Yuexing Wang,Min Zhou,Ming Gu

DOI: https://doi.org/10.1109/apsec53868.2021.00054

2021-01-01

Abstract:Precise static analysis is necessary for an industrial environment to ensure reliability and security, which is usually field-sensitive and inter-procedural. However, it faces the problem of insufficient scale capability when being applied to various industrial environments: (1) Field-sensitive analysis can not assure termination if field accesses are modeled by unbounded access paths; (2) Inter-procedural analysis may lead to path explosion problems because of the unbounded length of call chains. While using longer access paths or call chains can improve precision, the analysis may have poor performance in terms of efficiency. Specifically, an industry-strength method should be scalable enough to face different applications. This paper presents a scalable fault detection method based on the precise access path. Precise access path models a memory location with accurate operations and offsets from a source. Points-to relations of variables are used to refine it. It can differentiate elements of aggregate structures and is more precise than the ordinary access path. Based on the precise access path, we perform an inter-procedural analysis with the help of an intra-procedural analysis and combined function summary. Furthermore, our method is designed backward to detect error handling bugs. Compared with the state-of-the-art tools, our method is more scalable, with higher precision and efficiency on both benchmarks and 11 widely-used applications.

Wanwangying Ma,Lin Chen,Yuming Zhou,Baowen Xu

DOI: https://doi.org/10.1109/SATE.2016.11

2016-01-01

Abstract:Code smells are used to describe code structures that may cause detrimental effects on software and should be refactored. Previous studies show that some code smells have significant effect on faults. However, how to refactor code smells to reduce bugs still needs more concern. We investigate the possibility of prioritizing code smell refactoring with the help of fault prediction results. We also investigate the possibility of improving the performance of fault prediction by using code smell detection results. We use Cohen's Kappa statistic to report agreements between results of code smell detections and fault predictions. We use fault prediction result as an indicator to guide code smell refactoring. Our results show that refactoring Blob, Long Parameter List, and Refused Parent Be Request may have a good chance to detect and fix bugs, and some code smells are particularly useful for improving the recall of fault prediction.

Charles Dickerson,Rosmira Roslan,Siyuan Ji

DOI: https://doi.org/10.1109/TR.2018.2849013

2018-05-01

Abstract:Fault analysis and resolution of faults should be part of any end-to-end system development process. This paper is concerned with developing a formal transformation method that maps control flows modeled in UML Activities to semantically equivalent Fault Trees. The transformation method developed features the use of propositional calculus and probability theory. Fault Propagation Chains are introduced to facilitate the transformation method. An overarching metamodel comprised of transformations between models is developed and is applied to an understood Traffic Management System of Systems problem to demonstrate the approach. In this way, the relational structure of the system behavior model is reflected in the structure of the Fault Tree. The paper concludes with a discussion of limitations of the transformation method and proposes approaches to extend it to object flows, State Machines and functional allocations.

Software Engineering

Huihui Zhang,Tao Yue,Shaukat Ali,Chao Liu

DOI: https://doi.org/10.1145/2976767.2976784

2016-01-01

Abstract:Requirements inspection is a well-known method for detecting defects. Various defect detection techniques for requirements inspection have been widely applied in practice such as checklist and defect-based techniques. Use case modelling is a widely accepted requirements specification method in practice; therefore, inspecting defects in use case models in a cost-effective manner is an important challenge. However, it does not exist a systematic mutation analysis approach for evaluating inspection techniques for use case models. In this paper we present the methodology we followed to systematically derive mutation operators for use case models. More specifically, we first proposed a defect taxonomy defining 94 defect types, based on the IEEE Std. 830-1998 standard. Second, we systematically applied the basic guide words of the standardized Hazard and Operability Study (HAZOP) methodology to define 191 mutation operators. Last, we defined a set of guidelines for devising defect seeding strategies. The proposed methodology was evaluated by a real world case study and six case studies from the literature. Results show that all the derived mutation operators for Restricted Use Case Modelling (RUCM) models are feasible to apply and the defect taxonomy is the most comprehensive one to compare with the literature.

Ruizhi Gao,W. Eric Wong,Zhenyu Chen,Yabin Wang

DOI: https://doi.org/10.1007/s11219-015-9295-1

2015-01-01

Software Quality Journal

Abstract:Software has become ubiquitous in our daily lives, and with its increasing functionality and complexity comes a frequently tedious and prolonged debugging process. Of the three activities in program debugging (failure detection, fault localization, and bug fixing), the focus of this paper is on the first, failure detection, under the condition that there is no test oracle that can be used to automatically determine the success or failure of all the executions. More precisely, the outputs for many executions have to be verified manually, or the expected outputs are not even available. We want to determine whether there is a solution to help programmers predict the execution results. How good are these predicted results when they are used to help programmers find the locations of bugs? A framework is proposed to reduce the effort on output verification using a strategy based on the Hamming distance or K-Means clustering to predict results of test executions. Such data and the statement coverage of each test case are used to compute the suspiciousness of each statement according to a fault localization technique and produce a ranking for examination to locate bugs. Case studies using 22 programs and seven fault localization techniques were conducted to evaluate the fault localization effectiveness of the proposed framework on 1203 faulty versions, some of which have a single bug and others with multiple bugs. A discussion on factors that may affect the accuracy of execution result prediction and the resulting fault localization effectiveness is also presented. Our data suggests that, in general, with respect to fault localization techniques using execution results verified against the expected outputs, those using predicted execution results can be even more effective than (by examining a smaller number of statements to locate the first faulty statement) or as good as the former (the verified).

Jiajun Jiang,Yingfei Xiong,Xin Xia

DOI: https://doi.org/10.1007/s11432-018-1465-6

2019-01-01

Science China Information Sciences

Abstract:Automatic program repair techniques, which target to generate correct patches for real-world defects automatically, have gained a lot of attention in the last decade. Many different techniques and tools have been proposed and developed. However, even the most sophisticated automatic program repair techniques can only repair a small portion of defects while producing a large number of incorrect patches. A possible reason for the low performance is the test suites of real-world programs are usually too weak to guarantee the behavior of a program. To understand to what extent defects can be fixed with exiting test suites, we manually analyzed 50 real-world defects from Defects4J, where a large portion (i.e., 82%) of them were correctly fixed. This result suggests that there is much room for the current automatic program repair techniques to improve. Furthermore, we summarized seven fault localization and seven patch generation strategies that are useful in localizing and fixing these defects, and compared those strategies with current techniques. The results indicate potential directions to improve automatic program repair in the future.

Danhua Wang,Jingui Pan,George S. Avrunin,Lori A. Clarke,Bin Chen

2010-01-01

Abstract:Many processes are safety critical and therefore could benefit from proactive safety analysis techniques that attempt to identify weaknesses of such processes before they are put into use. In this paper, we propose an approach that automatically derives Failure Mode and Effect Analysis (FMEA) information from processes modeled in the Little-JIL process definition language. Typically FMEA information is created manually by skilled experts, an approach that is usually considered to be time-consuming, error-prone, and tedious when applied to complex processes. Although great care must be taken in creating an accurate process definition, with our approach this definition can then be used to create FMEA representations for a wide range of potential failures. In addition, our approach provides a complementary Fault Tree Analysis (FTA), thereby supporting two of the most widely used safety analysis techniques.

Yiling Lou,Ali Ghanbari,Xia Li,Lingming Zhang,Haotian Zhang,Dan Hao,Lu Zhang

DOI: https://doi.org/10.1145/3395363.3397351

2020-01-01

Abstract:A large body of research efforts have been dedicated to automated software debugging, including both automated fault localization and program repair. However, existing fault localization techniques have limited effectiveness on real-world software systems while even the most advanced program repair techniques can only fix a small ratio of real-world bugs. Although fault localization and program repair are inherently connected, their only existing connection in the literature is that program repair techniques usually use off-the-shelf fault localization techniques (e.g., Ochiai) to determine the potential candidate statements/elements for patching. In this work, we propose the unified debugging approach to unify the two areas in the other direction for the first time, i.e., can program repair in turn help with fault localization? In this way, we not only open a new dimension for more powerful fault localization, but also extend the application scope of program repair to all possible bugs (not only the bugs that can be directly automatically fixed). We have designed ProFL to leverage patch-execution results (from program repair) as the feedback information for fault localization. The experimental results on the widely used Defects4J benchmark show that the basic ProFL can already at least localize 37.61% more bugs within Top-1 than state-of-the-art spectrum and mutation based fault localization. Furthermore, ProFL can boost state-of-the-art fault localization via both unsupervised and supervised learning. Meanwhile, we have demonstrated ProFL's effectiveness under different settings and through a case study within Alipay, a popular online payment system with over 1 billion global users.

Yu-Min Chung,Chin-Yu Huang,Yu-Chi Huang

DOI: https://doi.org/10.1109/PRDC.2008.34

2008-01-01

Abstract:In software development and maintenance, locating faults is generally a complex and time-consuming process. In order to effectively identify the locations of program faults, several approaches have been proposed. Similarity-aware fault localization (SAFL) is a testing-based fault localization method that utilizes testing information to calculate the suspicion probability of each statement. Dicing is also another method that we have used. In this paper, our proposed method focuses on predicates and their influence, instead of on statements in traditional SAFL. In our method, fuzzy theory, matrix calculating, and some probability are used. Our method detects the importance of each predicate and then provides more test data for programmers to analyze the fault locations. Furthermore, programmers will also gain some important information about the program in order to maintain their program accordingly. In order to speed up the efficiency, we also simplified the program. We performed an experimental study for several programs, together with another two testing-based fault localization (TBFL) approaches. These three methods were discussed in terms of different criteria such as line of code and suspicious code coverage. The experimental results show that the proposed method from our study can decrease the number of codes which have more probability of suspicion than real bugs.

Manish Motwani

DOI: https://doi.org/10.48550/arXiv.2104.07851

2021-04-16

Abstract:Automatic program repair (APR) has recently gained attention because it proposes to fix software defects with no human intervention. To automatically fix defects, most APR tools use the developer-written tests to (a) localize the defect, and (b) generate and validate the automatically produced candidate patches based on the constraints imposed by the tests. While APR tools can produce patches that appear to fix the defect for 11-19% of the defects in real-world software, most of the patches produced are not correct or acceptable to developers because they overfit to the tests used during the repair process. This problem is known as the patch overfitting problem. To address this problem, I propose to equip APR tools with additional constraints derived from natural-language software artifacts such as bug reports and requirements specifications that describe the bug and intended software behavior but are not typically used by the APR tools. I hypothesize that patches produced by APR tools while using such additional constraints would be of higher quality. To test this hypothesis, I propose an automated and objective approach to evaluate the quality of patches and propose two novel methods to improve the fault localization and developer-written test suites using natural-language software artifacts. Finally, I propose to use my patch evaluation methodology to analyze the effect of the improved fault localization and test suites on the quality of patches produced by APR tools for real-world defects.

Software Engineering

Teng Long,Lin Liu,Yijun Yu,Zhiguo Wan

DOI: https://doi.org/10.1109/FCST.2010.85

2010-01-01

Abstract:Nowadays, software refactoring techniques are widely adopted to enhance the quality of software by improving its understandability, performance, as well as other quality related design attributes. On the other hand, various kinds of software obfuscation methods have been proposed to protect security-sensitive information involved in software implementations. This paper analyzes how refactoring and obfuscation use reverse transformations to improve quality and security of software code, and proposes a systematic modeling approach based on i* to support the selection of refactoring techniques and obfuscation methods under different social, environmental and operational situations. First, top-level softgoals guiding designer's decision making are identified and analyzed; next accidental programming “bad smells” and intentional code cracker's threats to these softgoals are identified and analyzed; then refactoring and obfuscation transformations are modeled as countermeasures for these threats; eventually their reversal relations and counteracting patterns are examined using example code segments.

Danhua Wang,Jingui Pan

DOI: https://doi.org/10.1109/iccda.2010.5541008

2010-01-01

Abstract:There are two issues to be addressed in the automatic Fault Tree Analysis (FTA) and Failure Mode and Effect Analysis (FMEA) approaches: resource fault and channel fault are not considered when generating the artifact flow graph (AFG) from Little-JIL processes. The AFG is incomplete, thus the fault trees and FMEA reports automatically generated partially based on AFG is incomplete. In this paper, we put forward to an approach of introducing resource instances and channel instances into fault propagation in Little-JIL processes. Thus, it makes the FTA and FMEA for Little-JIL processes to be much more effective. That is to say, how resource instances and channel instances might affect the fault propagation in Little-JIL processes is taken into account while performing these two automatic safety analysis techniques.

Jiajun Jiang,Yingfei Xiong

DOI: https://doi.org/10.48550/arxiv.1705.04149

2017-01-01

Abstract:Automated program repair techniques, which target to generating correct patches for real world defects automatically, have gained a lot of attention in the last decade. Many different techniques and tools have been proposed and developed. However, even the most sophisticated program repair techniques can only repair a small portion of defects while producing a lot of incorrect patches. A possible reason for this low performance is that the test suites of real world programs are usually too weak to guarantee the behavior of the program. To understand to what extent defects can be fixed with weak test suites, we analyzed 50 real world defects from Defects4J, in which we found that up to 84% of them could be correctly fixed. This result suggests that there is plenty of space for current automated program repair techniques to improve. Furthermore, we summarized seven fault localization strategies and seven patch generation strategies that were useful in localizing and fixing these defects, and compared those strategies with current repair techniques. The results indicate potential directions to improve automatic program repair in the future research.