References of "Le Traon, Yves 50002182"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailAn industrial study on the differences between pre-release and post-release bugs
Rwemalika, Renaud UL; Kintis, Marinos; Papadakis, Mike UL et al

in Proceedings of 35th IEEE International Conference on Software Maintenance and Evolution (2019, September 30)

Software bugs constitute a frequent and common issue of software development. To deal with this problem, modern software development methodologies introduce dedicated quality assurance procedures. At the ... [more ▼]

Software bugs constitute a frequent and common issue of software development. To deal with this problem, modern software development methodologies introduce dedicated quality assurance procedures. At the same time researchers aim at developing techniques capable of supporting the early discovery and fix of bugs. One important factor that guides such research attempts is the characteristics of software bugs and bug fixes. In this paper, we present an industrial study on the characteristics and differences between pre-release bugs, i.e. bugs detected during software development, and post-release bugs, i.e. bugs that escaped to production. Understanding such differences is of paramount importance as it will improve our understanding on the testing and debugging support that practitioners require from the research community, on the validity of the assumptions of several research techniques, and, most importantly, on the reasons why bugs escape to production. To this end, we analyze 37 industrial projects from our industrial partner and document the differences between pre-release bugs and post-release bugs. Our findings suggest that post-release bugs are more complex to fix, requiring developers to modify several source code files, written in different programming languages, and configuration files, as well. We also find that approximately 82% of the post-release bugs involve code additions and can be characterized as "omission" bugs. Finally, we conclude the paper with a discussion on the implications of our study and provide guidance to future research directions. [less ▲]

Detailed reference viewed: 124 (6 UL)
Full Text
Peer Reviewed
See detailiFixR: bug report driven program repair
Koyuncu, Anil UL; Liu, Kui UL; Bissyande, Tegawendé François D Assise UL et al

in ESEC/FSE 2019 Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (2019, August)

Issue tracking systems are commonly used in modern software development for collecting feedback from users and developers. An ultimate automation target of software maintenance is then the systematization ... [more ▼]

Issue tracking systems are commonly used in modern software development for collecting feedback from users and developers. An ultimate automation target of software maintenance is then the systematization of patch generation for user-reported bugs. Although this ambition is aligned with the momentum of automated program repair, the literature has, so far, mostly focused on generate-and- validate setups where fault localization and patch generation are driven by a well-defined test suite. On the one hand, however, the common (yet strong) assumption on the existence of relevant test cases does not hold in practice for most development settings: many bugs are reported without the available test suite being able to reveal them. On the other hand, for many projects, the number of bug reports generally outstrips the resources available to triage them. Towards increasing the adoption of patch generation tools by practitioners, we investigate a new repair pipeline, iFixR, driven by bug reports: (1) bug reports are fed to an IR-based fault localizer; (2) patches are generated from fix patterns and validated via regression testing; (3) a prioritized list of generated patches is proposed to developers. We evaluate iFixR on the Defects4J dataset, which we enriched (i.e., faults are linked to bug reports) and carefully-reorganized (i.e., the timeline of test-cases is naturally split). iFixR generates genuine/plausible patches for 21/44 Defects4J faults with its IR-based fault localizer. iFixR accurately places a genuine/plausible patch among its top-5 recommendation for 8/13 of these faults (without using future test cases in generation-and-validation). [less ▲]

Detailed reference viewed: 120 (16 UL)
Full Text
Peer Reviewed
See detailRevisiting the impact of common libraries for android-related investigations
Li, Li; Riom, Timothée UL; Bissyande, Tegawendé François D Assise UL et al

in Journal of Systems and Software (2019), 154

Detailed reference viewed: 47 (1 UL)
Full Text
Peer Reviewed
See detailLearning to Spot and Refactor Inconsistent Method Names
Liu, Kui UL; Kim, Dongsun; Bissyande, Tegawendé François D Assise UL et al

in 41st ACM/IEEE International Conference on Software Engineering (ICSE) (2019, May)

To ensure code readability and facilitate software maintenance, program methods must be named properly. In particular, method names must be consistent with the corresponding method implementations ... [more ▼]

To ensure code readability and facilitate software maintenance, program methods must be named properly. In particular, method names must be consistent with the corresponding method implementations. Debugging method names remains an important topic in the literature, where various approaches analyze commonalities among method names in a large dataset to detect inconsistent method names and suggest better ones. We note that the state-of-the-art does not analyze the implemented code itself to assess consistency. We thus propose a novel automated approach to debugging method names based on the analysis of consistency between method names and method code. The approach leverages deep feature representation techniques adapted to the nature of each artifact. Experimental results on over 2.1 million Java methods show that we can achieve up to 15 percentage points improvement over the state-of-the-art, establishing a record performance of 67.9% F1-measure in identifying inconsistent method names. We further demonstrate that our approach yields up to 25% accuracy in suggesting full names, while the state-of-the-art lags far behind at 1.1% accuracy. Finally, we report on our success in fixing 66 inconsistent method names in a live study on projects in the wild. [less ▲]

Detailed reference viewed: 305 (20 UL)
Full Text
Peer Reviewed
See detailYou Cannot Fix What You Cannot Find! An Investigation of Fault Localization Bias in Benchmarking Automated Program Repair Systems
Liu, Kui UL; Koyuncu, Anil UL; Bissyande, Tegawendé François D Assise UL et al

in The 12th IEEE International Conference on Software Testing, Verification and Validation (ICST-2019) (2019, April 24)

Properly benchmarking Automated Program Repair (APR) systems should contribute to the development and adoption of the research outputs by practitioners. To that end, the research community must ensure ... [more ▼]

Properly benchmarking Automated Program Repair (APR) systems should contribute to the development and adoption of the research outputs by practitioners. To that end, the research community must ensure that it reaches significant milestones by reliably comparing state-of-the-art tools for a better understanding of their strengths and weaknesses. In this work, we identify and investigate a practical bias caused by the fault localization (FL) step in a repair pipeline. We propose to highlight the different fault localization configurations used in the literature, and their impact on APR systems when applied to the Defects4J benchmark. Then, we explore the performance variations that can be achieved by "tweaking'' the FL step. Eventually, we expect to create a new momentum for (1) full disclosure of APR experimental procedures with respect to FL, (2) realistic expectations of repairing bugs in Defects4J, as well as (3) reliable performance comparison among the state-of-the-art APR systems, and against the baseline performance results of our thoroughly assessed kPAR repair tool. Our main findings include: (a) only a subset of Defects4J bugs can be currently localized by commonly-used FL techniques; (b) current practice of comparing state-of-the-art APR systems (i.e., counting the number of fixed bugs) is potentially misleading due to the bias of FL configurations; and (c) APR authors do not properly qualify their performance achievement with respect to the different tuning parameters implemented in APR systems. [less ▲]

Detailed reference viewed: 197 (18 UL)
Full Text
Peer Reviewed
See detailWatch out for This Commit! A Study of Influential Software Changes
Li, Daoyuan UL; Li, Li UL; Kim, Dongsun UL et al

in Journal of Software: Evolution and Process (2019)

One single code change can significantly influence a wide range of software systems and their users. For example, 1) adding a new feature can spread defects in several modules, while 2) changing an API ... [more ▼]

One single code change can significantly influence a wide range of software systems and their users. For example, 1) adding a new feature can spread defects in several modules, while 2) changing an API method can improve the performance of all client programs. Developers often may not clearly know whether their or others’ changes are influential at commit time. Rather, it turns out to be influential after affecting many aspects of a system later. This paper investigates influential software changes and proposes an approach to identify them early, i.e., immediately when they are applied. We first conduct a post- mortem analysis to discover existing influential changes by using intuitions such as isolated changes and changes referred by other changes in 10 open source projects. Then we re-categorize all identified changes through an open-card sorting process. Subsequently, we conduct a survey with 89 developers to confirm our influential change categories. Finally, from our ground truth we extract features, including metrics such as the complexity of changes, terms in commit logs and file centrality in co-change graphs, to build ma- chine learning classifiers. The experiment results show that our prediction model achieves overall with random samples 86.8% precision, 74% recall and 80.4% F-measure respectively. [less ▲]

Detailed reference viewed: 212 (21 UL)
Full Text
Peer Reviewed
See detailAssessing the impact of attacks on OPC-UA applications in the Industry 4.0 era
Polge, Julien UL; Robert, Jérémy UL; Le Traon, Yves UL

in 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, 11-14 January 2019 (2019, January 11)

Detailed reference viewed: 173 (14 UL)
Full Text
Peer Reviewed
See detailAutomated Search for Configurations of Deep Neural Network Architectures
Ghamizi, Salah UL; Cordy, Maxime UL; Papadakis, Mike UL et al

in Automated Search for Configurations of Convolutional Neural Network Architectures (2019)

Deep Neural Networks (DNNs) are intensively used to solve a wide variety of complex problems. Although powerful, such systems require manual configuration and tuning. To this end, we view DNNs as ... [more ▼]

Deep Neural Networks (DNNs) are intensively used to solve a wide variety of complex problems. Although powerful, such systems require manual configuration and tuning. To this end, we view DNNs as configurable systems and propose an end-to-end framework that allows the configuration, evaluation and automated search for DNN architectures. Therefore, our contribution is threefold. First, we model the variability of DNN architectures with a Feature Model (FM) that generalizes over existing architectures. Each valid configuration of the FM corresponds to a valid DNN model that can be built and trained. Second, we implement, on top of Tensorflow, an automated procedure to deploy, train and evaluate the performance of a configured model. Third, we propose a method to search for configurations and demonstrate that it leads to good DNN models. We evaluate our method by applying it on image classification tasks (MNIST, CIFAR-10) and show that, with limited amount of computation and training, our method can identify high-performing architectures (with high accuracy). We also demonstrate that we outperform existing state-of-the-art architectures handcrafted by ML researchers. Our FM and framework have been released to support replication and future research. [less ▲]

Detailed reference viewed: 171 (34 UL)
Full Text
Peer Reviewed
See detailAn Empirical Study on Vulnerability Prediction of Open-Source Software Releases
Jimenez, Matthieu; Rwemalika, Renaud UL; Papadakis, Mike UL et al

in Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) (2019)

Detailed reference viewed: 93 (6 UL)
Full Text
Peer Reviewed
See detailThe Importance of Accounting for Real-World Labelling When Predicting Software Vulnerabilities
Jimenez, Matthieu; Rwemalika, Renaud UL; Papadakis, Mike UL et al

in Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) (2019)

Detailed reference viewed: 145 (13 UL)
Full Text
Peer Reviewed
See detailMutation Testing Advances: An Analysis and Survey
Papadakis, Mike UL; Kintis, Marinos UL; Zhang, Jie et al

in Advances in Computers (2019)

Detailed reference viewed: 1078 (56 UL)
Full Text
Peer Reviewed
See detailTRIDENT: A Three-Steps Strategy to Digitise an Industrial System for Stepping into Industry 4.0
Benedick, Paul-Lou UL; Robert, Jérémy UL; Le Traon, Yves UL

in Proceedings of 45th Annual Conference of the IEEE Industrial Electronics Society (2019)

Detailed reference viewed: 75 (10 UL)
Full Text
Peer Reviewed
See detailA Replicable Comparison Study of NER Software: StanfordNLP, NLTK, OpenNLP, SpaCy, Gate
Schmitt, Xavier; Kubler, Sylvain; Robert, Jérémy UL et al

in International Conference on Social Networks Analysis, Management and Security (2019)

Detailed reference viewed: 92 (2 UL)
Full Text
Peer Reviewed
See detailMUSTI: Dynamic Prevention of Invalid Object Initialization Attacks
Bartel, Alexandre UL; Klein, Jacques UL; Le Traon, Yves UL

in IEEE Transactions on Information Forensics and Security (2019)

Invalid object initialization vulnerabilities have been identified since the 1990’s by a research group at Princeton University. These vulnerabilities are critical since they can be used to totally ... [more ▼]

Invalid object initialization vulnerabilities have been identified since the 1990’s by a research group at Princeton University. These vulnerabilities are critical since they can be used to totally compromise the security of a Java virtual machine.Recently, such a vulnerability identified as CVE-2017-3289 has been found again in the bytecode verifier of the JVM and affects more than 40 versions of the JVM. In this paper, we present a runtime solution called MUSTIto detect and prevent attacks leveraging this kind of critical vulnerabilities. We optimize MUSTI to have a runtime overhead below 0.5% and a memory overhead below 0.42%. Compared to state-of-the-art, MUSTI is completely automated and does not require to manually annotate the code. [less ▲]

Detailed reference viewed: 142 (1 UL)
Full Text
Peer Reviewed
See detailAssessing Transition-based Test Selection Algorithms at Google
Leong, Claire; Abhayendra, Singh; Papadakis, Mike UL et al

in International Conference on Software Engineering (ICSE) (2019)

Detailed reference viewed: 108 (8 UL)
Full Text
Peer Reviewed
See detailMart: A Mutant Generation Tool for LLVM
Titcheu Chekam, Thierry UL; Papadakis, Mike UL; Le Traon, Yves UL

in Titcheu Chekam, Thierry; Papadakis, Mike; Le Traon, Yves (Eds.) Mart: A Mutant Generation Tool for LLVM (2019)

Program mutation makes small syntactic alterations to programs' code in order to artificially create faulty programs (mutants). Mutants are used, in software analysis, to evaluate and improve test suites ... [more ▼]

Program mutation makes small syntactic alterations to programs' code in order to artificially create faulty programs (mutants). Mutants are used, in software analysis, to evaluate and improve test suites. Mutants creation (generation) tools are often characterized by their mutation operators and the way they create and represent the mutants. This paper presents Mart, a mutants generation tool, for LLVM bitcode, that supports the fine-grained definition of mutation operators (as matching rule - replacing pattern pair; uses 816 defined pairs by default) and the restriction of the code parts to mutate. New operators are implemented in Mart by implementing their matching rules and replacing patterns. Mart also implements in-memory Trivial Compiler Equivalence to eliminate equivalent and duplicate mutants during mutants generation. Mart generates mutant code as separated mutant files, meta-mutants file, weak mutation, and mutant coverage instrumented files. The generated LLVM bitcode files can be interpreted using an LLVM interpreter or compiled into native code. Mart is publicly available (https://github.com/thierry-tct/mart) for use by researchers and practitioners. Mart has been applied to generate mutants for several research experiments and generated more than 4,000,000 mutants. [less ▲]

Detailed reference viewed: 262 (20 UL)
Full Text
Peer Reviewed
See detailOn the Evolution of Keyword-Driven Test Suites
Rwemalika, Renaud UL; Kintis, Marinos UL; Papadakis, Mike UL et al

in 12th IEEE International Conference on Software Testing, Verification and Validation (2019)

Many companies rely on software testing to verify that their software products meet their requirements. However, test quality and, in particular, the quality of end-to-end testing is relatively hard to ... [more ▼]

Many companies rely on software testing to verify that their software products meet their requirements. However, test quality and, in particular, the quality of end-to-end testing is relatively hard to achieve. The problem becomes challenging when software evolves, as end-to-end test suites need to adapt and conform to the evolved software. Unfortunately, end-to-end tests are particularly fragile as any change in the application interface, e.g., application flow, location or name of graphical user interface elements, necessitates a change in the tests. This paper presents an industrial case study on the evolution of Keyword-Driven test suites, also known as Keyword-Driven Testing (KDT). Our aim is to demonstrate the problem of test maintenance, identify the benefits of Keyword-Driven Testing and overall improve the understanding of test code evolution (at the acceptance testing level). This information will support the development of automatic techniques, such as test refactoring and repair, and will motivate future research. To this end, we identify, collect and analyze test code changes across the evolution of industrial KDT test suites for a period of eight months. We show that the problem of test maintenance is largely due to test fragility (most commonly-performed changes are due to locator and synchronization issues) and test clones (over 30% of keywords are duplicated). We also show that the better test design of KDT test suites has the potential for drastically reducing (approximately 70%) the number of test code changes required to support software evolution. To further validate our results, we interview testers from BGL BNP Paribas and report their perceptions on the advantages and challenges of keyword-driven testing. [less ▲]

Detailed reference viewed: 216 (9 UL)
Full Text
Peer Reviewed
See detailSearch-based Test and Improvement of Machine-Learning-Based Anomaly Detection Systems
Cordy, Maxime UL; Muller, Steve; Papadakis, Mike UL et al

in ACM SIGSOFT International Symposium on Software Testing and Analysis (2019)

Detailed reference viewed: 145 (6 UL)
Full Text
Peer Reviewed
See detailSemantic Fuzzing with Zest
Padhye, Rohan; Lemieux, Caroline; Sen, Koushik et al

in ACM SIGSOFT International Symposium on Software Testing and Analysis (2019)

Detailed reference viewed: 47 (1 UL)
Full Text
Peer Reviewed
See detailPopularity-driven Ontology Ranking using Qualitative Features
Kolbe, Niklas UL; Kubler, Sylvain UL; Le Traon, Yves UL

in The Semantic Web - ISWC 2019 (2019)

Efficient ontology reuse is a key factor in the Semantic Web to enable and enhance the interoperability of computing systems. One important aspect of ontology reuse is concerned with ranking most relevant ... [more ▼]

Efficient ontology reuse is a key factor in the Semantic Web to enable and enhance the interoperability of computing systems. One important aspect of ontology reuse is concerned with ranking most relevant ontologies based on a keyword query. Apart from the semantic match of query and ontology, the state-of-the-art often relies on ontologies' occurrences in the Linked Open Data (LOD) cloud to determine relevance. We observe that ontologies of some application domains, in particular those related to Web of Things (WoT), often do not appear in the underlying LOD datasets used to define ontologies' popularity, resulting in ineffective ranking scores. This motivated us to investigate - based on the problematic WoT case - whether the scope of ranking models can be extended by relying on qualitative attributes instead of an explicit popularity feature. We propose a novel approach to ontology ranking by (i) selecting a range of relevant qualitative features, (ii) proposing a popularity measure for ontologies based on scholarly data, (iii) training a ranking model that uses ontologies' popularity as prediction target for the relevance degree, and (iv) confirming its validity by testing it on independent datasets derived from the state-of-the-art. We find that qualitative features help to improve the prediction of the relevance degree in terms of popularity. We further discuss the influence of these features on the ranking model. [less ▲]

Detailed reference viewed: 92 (1 UL)