References of "Le Traon, Yves 50002182"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailTRIDENT: A Three-Steps Strategy to Digitise an Industrial System for Stepping into Industry 4.0
Benedick, Paul-Lou UL; Robert, Jérémy UL; Le Traon, Yves UL

in Proceedings of 45th Annual Conference of the IEEE Industrial Electronics Society (2019)

Detailed reference viewed: 104 (11 UL)
Full Text
Peer Reviewed
See detailA Replicable Comparison Study of NER Software: StanfordNLP, NLTK, OpenNLP, SpaCy, Gate
Schmitt, Xavier; Kubler, Sylvain; Robert, Jérémy UL et al

in International Conference on Social Networks Analysis, Management and Security (2019)

Detailed reference viewed: 160 (4 UL)
Full Text
Peer Reviewed
See detailMUSTI: Dynamic Prevention of Invalid Object Initialization Attacks
Bartel, Alexandre UL; Klein, Jacques UL; Le Traon, Yves UL

in IEEE Transactions on Information Forensics and Security (2019)

Invalid object initialization vulnerabilities have been identified since the 1990’s by a research group at Princeton University. These vulnerabilities are critical since they can be used to totally ... [more ▼]

Invalid object initialization vulnerabilities have been identified since the 1990’s by a research group at Princeton University. These vulnerabilities are critical since they can be used to totally compromise the security of a Java virtual machine.Recently, such a vulnerability identified as CVE-2017-3289 has been found again in the bytecode verifier of the JVM and affects more than 40 versions of the JVM. In this paper, we present a runtime solution called MUSTIto detect and prevent attacks leveraging this kind of critical vulnerabilities. We optimize MUSTI to have a runtime overhead below 0.5% and a memory overhead below 0.42%. Compared to state-of-the-art, MUSTI is completely automated and does not require to manually annotate the code. [less ▲]

Detailed reference viewed: 186 (1 UL)
Full Text
Peer Reviewed
See detailAn Empirical Study on Vulnerability Prediction of Open-Source Software Releases
Jimenez, Matthieu; Rwemalika, Renaud UL; Papadakis, Mike UL et al

in Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) (2019)

Detailed reference viewed: 142 (10 UL)
Full Text
Peer Reviewed
See detailSemantic Fuzzing with Zest
Padhye, Rohan; Lemieux, Caroline; Sen, Koushik et al

in ACM SIGSOFT International Symposium on Software Testing and Analysis (2019)

Detailed reference viewed: 125 (3 UL)
Full Text
Peer Reviewed
See detailCan we automate away the main challenges of end-to-end testing?
Rwemalika, Renaud UL; Kintis, Marinos UL; Papadakis, Mike UL et al

Scientific Conference (2018, December 11)

Agile methodologies enable companies to drastically increase software release pace and reduce time-to-market. In a rapidly changing environment, testing becomes a cornerstone of the software development ... [more ▼]

Agile methodologies enable companies to drastically increase software release pace and reduce time-to-market. In a rapidly changing environment, testing becomes a cornerstone of the software development process, guarding the system code base from the insertion of faults. To cater for this, many companies are migrating manual end-to-end tests to automated ones. This migration introduces several challenges to the practitioners. These challenges relate to difficulties in the creation of the automated tests, their maintenance and the evolution of the test code base. In this position paper, we discuss our preliminary results on such challenges and present two potential solutions to these problems, focusing on keyword-driven end-to-end tests. Our solutions leverage existing software artifacts, namely the test suite and an automatically-created model of the system under test, to support the evolution of keyword-driven test suites. [less ▲]

Detailed reference viewed: 291 (27 UL)
Full Text
Peer Reviewed
See detailAre mutants really natural? A study on how “naturalness” helps mutant selection
Jimenez, Matthieu UL; Titcheu Chekam, Thierry UL; Cordy, Maxime UL et al

in Proceedings of 12th International Symposium on 
 Empirical Software Engineering and Measurement (ESEM'18) (2018, October 11)

Background: Code is repetitive and predictable in a way that is similar to the natural language. This means that code is ``natural'' and this ``naturalness'' can be captured by natural language modelling ... [more ▼]

Background: Code is repetitive and predictable in a way that is similar to the natural language. This means that code is ``natural'' and this ``naturalness'' can be captured by natural language modelling techniques. Such models promise to capture the program semantics and identify source code parts that `smell', i.e., they are strange, badly written and are generally error-prone (likely to be defective). Aims: We investigate the use of natural language modelling techniques in mutation testing (a testing technique that uses artificial faults). We thus, seek to identify how well artificial faults simulate real ones and ultimately understand how natural the artificial faults can be. %We investigate this question in a fault revelation perspective. Our intuition is that natural mutants, i.e., mutants that are predictable (follow the implicit coding norms of developers), are semantically useful and generally valuable (to testers). We also expect that mutants located on unnatural code locations (which are generally linked with error-proneness) to be of higher value than those located on natural code locations. Method: Based on this idea, we propose mutant selection strategies that rank mutants according to a) their naturalness (naturalness of the mutated code), b) the naturalness of their locations (naturalness of the original program statements) and c) their impact on the naturalness of the code that they apply to (naturalness differences between original and mutated statements). We empirically evaluate these issues on a benchmark set of 5 open-source projects, involving more than 100k mutants and 230 real faults. Based on the fault set we estimate the utility (i.e. capability to reveal faults) of mutants selected on the basis of their naturalness, and compare it against the utility of randomly selected mutants. Results: Our analysis shows that there is no link between naturalness and the fault revelation utility of mutants. We also demonstrate that the naturalness-based mutant selection performs similar (slightly worse) to the random mutant selection. Conclusions: Our findings are negative but we consider them interesting as they confute a strong intuition, i.e., fault revelation is independent of the mutants' naturalness. [less ▲]

Detailed reference viewed: 201 (23 UL)
Full Text
Peer Reviewed
See detailMeasuring inconsistency and deriving priorities from fuzzy pairwise comparison matrices using the knowledge-based consistency index
Kubler, Sylvain; Derigent, William; Voisin, Alexandre et al

in Knowledge-Based Systems (2018)

Detailed reference viewed: 136 (5 UL)
Full Text
Peer Reviewed
See detailTUNA: TUning Naturalness-based Analysis
Jimenez, Matthieu UL; Cordy, Maxime UL; Le Traon, Yves UL et al

in 34th IEEE International Conference on Software Maintenance and Evolution, Madrid, Spain, 26-28 September 2018 (2018, September 26)

Natural language processing techniques, in particular n-gram models, have been applied successfully to facilitate a number of software engineering tasks. However, in our related ICSME ’18 paper, we have ... [more ▼]

Natural language processing techniques, in particular n-gram models, have been applied successfully to facilitate a number of software engineering tasks. However, in our related ICSME ’18 paper, we have shown that the conclusions of a study can drastically change with respect to how the code is tokenized and how the used n-gram model is parameterized. These choices are thus of utmost importance, and one must carefully make them. To show this and allow the community to benefit from our work, we have developed TUNA (TUning Naturalness-based Analysis), a Java software artifact to perform naturalness-based analyses of source code. To the best of our knowledge, TUNA is the first open- source, end-to-end toolchain to carry out source code analyses based on naturalness. [less ▲]

Detailed reference viewed: 212 (12 UL)
Full Text
Peer Reviewed
See detailOn the impact of tokenizer and parameters on N-gram based Code Analysis
Jimenez, Matthieu UL; Cordy, Maxime UL; Le Traon, Yves UL et al

Scientific Conference (2018, September)

Recent research shows that language models, such as n-gram models, are useful at a wide variety of software engineering tasks, e.g., code completion, bug identification, code summarisation, etc. However ... [more ▼]

Recent research shows that language models, such as n-gram models, are useful at a wide variety of software engineering tasks, e.g., code completion, bug identification, code summarisation, etc. However, such models require the appropriate set of numerous parameters. Moreover, the different ways one can read code essentially yield different models (based on the different sequences of tokens). In this paper, we focus on n- gram models and evaluate how the use of tokenizers, smoothing, unknown threshold and n values impact the predicting ability of these models. Thus, we compare the use of multiple tokenizers and sets of different parameters (smoothing, unknown threshold and n values) with the aim of identifying the most appropriate combinations. Our results show that the Modified Kneser-Ney smoothing technique performs best, while n values are depended on the choice of the tokenizer, with values 4 or 5 offering a good trade-off between entropy and computation time. Interestingly, we find that tokenizers treating the code as simple text are the most robust ones. Finally, we demonstrate that the differences between the tokenizers are of practical importance and have the potential of changing the conclusions of a given experiment. [less ▲]

Detailed reference viewed: 254 (16 UL)
Full Text
Peer Reviewed
See detailA Closer Look at Real-World Patches
Liu, Kui UL; Kim, Dongsun UL; Koyuncu, Anil UL et al

in 34th IEEE International Conference on Software Maintenance and Evolution (ICSME) (2018, September)

Bug fixing is a time-consuming and tedious task. To reduce the manual efforts in bug fixing, researchers have presented automated approaches to software repair. Unfortunately, recent studies have shown ... [more ▼]

Bug fixing is a time-consuming and tedious task. To reduce the manual efforts in bug fixing, researchers have presented automated approaches to software repair. Unfortunately, recent studies have shown that the state-of-the-art techniques in automated repair tend to generate patches only for a small number of bugs even with quality issues (e.g., incorrect behavior and nonsensical changes). To improve automated program repair (APR) techniques, the community should deepen its knowledge on repair actions from real-world patches since most of the techniques rely on patches written by human developers. Previous investigations on real-world patches are limited to statement level that is not sufficiently fine-grained to build this knowledge. In this work, we contribute to building this knowledge via a systematic and fine-grained study of 16,450 bug fix commits from seven Java open-source projects. We find that there are opportunities for APR techniques to improve their effectiveness by looking at code elements that have not yet been investigated. We also discuss nine insights into tuning automated repair tools. For example, a small number of statement and expression types are recurrently impacted by real-world patches, and expression-level granularity could reduce search space of finding fix ingredients, where previous studies never explored. [less ▲]

Detailed reference viewed: 215 (24 UL)
Full Text
Peer Reviewed
See detailO-MI/O-DF vs. MQTT: a performance analysis
Benedick, Paul-Lou UL; Robert, Jérémy UL; Le Traon, Yves UL et al

in O-MI/O-DF vs. MQTT: a performance analysis (2018, June 21)

Over the past decade, a flourishing number of concepts and architectural shifts appeared such as Industrial Internet of Things (IIoT), Industrial CPS or even Industry 4.0. Unfortunately, today’s IoT as ... [more ▼]

Over the past decade, a flourishing number of concepts and architectural shifts appeared such as Industrial Internet of Things (IIoT), Industrial CPS or even Industry 4.0. Unfortunately, today’s IoT as well as Industry 4.0 environments, look more like a collection of isolated “Intranets of Things”, also referred to as “vertical silos”, rather than a federated infrastructure. Breaking down these silos is a key challenge in both the IoT and Industry 4.0 communities. This paper is intended to present and discuss two open and standardised mes- saging protocols designed for IoT applications, namely: MQTT and O-MI/O-DF. First, a traffic load’s analytical model derived from the MQTT standard specifications is presented. Second, a comparison study between MQTT and O-MI/O-DF standards is carried out based on a real-life industrial implementation. This study brings a deep understanding of the extent to which these protocols are performant (from a traffic load perspective) and how they can impact on future architectural designs. [less ▲]

Detailed reference viewed: 219 (17 UL)
Full Text
See detailMUSTI: Dynamic Prevention of Invalid Object Initialization Attacks
Bartel, Alexandre UL; Klein, Jacques UL; Le Traon, Yves UL

Report (2018)

Detailed reference viewed: 235 (20 UL)
Full Text
Peer Reviewed
See detailFaCoY - A Code-to-Code Search Engine
Kim, Kisub UL; Kim, Dongsun UL; Bissyande, Tegawendé François D Assise UL et al

in International Conference on Software Engineering (ICSE 2018) (2018, May 27)

Code search is an unavoidable activity in software development. Various approaches and techniques have been explored in the literature to support code search tasks. Most of these approaches focus on ... [more ▼]

Code search is an unavoidable activity in software development. Various approaches and techniques have been explored in the literature to support code search tasks. Most of these approaches focus on serving user queries provided as natural language free-form input. However, there exists a wide range of use-case scenarios where a code-to-code approach would be most beneficial. For example, research directions in code transplantation, code diversity, patch recommendation can leverage a code-to-code search engine to find essential ingredients for their techniques. In this paper, we propose FaCoY, a novel approach for statically finding code fragments which may be semantically similar to user input code. FaCoY implements a query alternation strategy: instead of directly matching code query tokens with code in the search space, FaCoY first attempts to identify other tokens which may also be relevant in implementing the functional behavior of the input code. With various experiments, we show that (1) FaCoY is more effective than online code-to-code search engines; (2) FaCoY can detect more semantic code clones (i.e., Type-4) in BigCloneBench than the state-of-theart; (3) FaCoY, while static, can detect code fragments which are indeed similar with respect to runtime execution behavior; and (4) FaCoY can be useful in code/patch recommendation. [less ▲]

Detailed reference viewed: 252 (32 UL)
Full Text
Peer Reviewed
See detailTowards Estimating and Predicting User Perception on Software Product Variants
Martinez, Jabier; Sottet, Jean-Sebastien; Garcia-Frey, Alfonso et al

in 17th International Conference on Software Reuse (ICSR) (2018, May)

Detailed reference viewed: 102 (3 UL)
Full Text
Peer Reviewed
See detailExtracting Statistical Graph Features for Accurate and Efficient Time Series Classification
Li, Daoyuan UL; Lin, Jessica; Bissyande, Tegawendé François D Assise UL et al

in 21st International Conference on Extending Database Technology (2018, March)

This paper presents a multiscale visibility graph representation for time series as well as feature extraction methods for time series classification (TSC). Unlike traditional TSC approaches that seek to ... [more ▼]

This paper presents a multiscale visibility graph representation for time series as well as feature extraction methods for time series classification (TSC). Unlike traditional TSC approaches that seek to find global similarities in time series databases (eg., Nearest Neighbor with Dynamic Time Warping distance) or methods specializing in locating local patterns/subsequences (eg., shapelets), we extract solely statistical features from graphs that are generated from time series. Specifically, we augment time series by means of their multiscale approximations, which are further transformed into a set of visibility graphs. After extracting probability distributions of small motifs, density, assortativity, etc., these features are used for building highly accurate classification models using generic classifiers (eg., Support Vector Machine and eXtreme Gradient Boosting). Thanks to the way how we transform time series into graphs and extract features from them, we are able to capture both global and local features from time series. Based on extensive experiments on a large number of open datasets and comparison with five state-of-the-art TSC algorithms, our approach is shown to be both accurate and efficient: it is more accurate than Learning Shapelets and at the same time faster than Fast Shapelets. [less ▲]

Detailed reference viewed: 829 (13 UL)
Full Text
Peer Reviewed
See detailCloud Providers Viability: How to Address it from an IT and Legal Perspective?
Bartolini, Cesare UL; El Kateb, Donia; Le Traon, Yves UL et al

in Electron Markets (2018), 28(1), 53-75

A major part of the commercial Internet is moving toward the cloud paradigm. This phenomenon has a drastic impact onthe organizational structures of enterprizes and introduces new challenges that must be ... [more ▼]

A major part of the commercial Internet is moving toward the cloud paradigm. This phenomenon has a drastic impact onthe organizational structures of enterprizes and introduces new challenges that must be properly addressed to avoid majorsetbacks. One such challenge is that of cloud provider viability, that is, the reasonable certainty that the Cloud ServiceProvider (CSP) will not go out of business, either by filing for bankruptcy or by simply shutting down operations, thusleaving its customers stranded without an infrastructure and, depending on the type of cloud service used, even withouttheir applications or data. This article attempts to address the issue of cloud provider viability, defining a possible way ofmodeling viability as a non-functional requirement and proposing some approaches that can be used to mitigate the problem,both from a technical and from a legal perspective. By introducing a structured perspective into the topic of cloud viability,describing the risks, factors and possible mitigators, the contribution of this work is twofold: it gives the customer a betterunderstanding to determine when it can rely on the cloud infrastructure on the long term and what precautions it should takein any case, and provides the CSP with means to address some of the viability issues and thus increase its customers’ trust. [less ▲]

Detailed reference viewed: 171 (0 UL)
Full Text
Peer Reviewed
See detailComparison of metadata quality in open data portals using the Analytic Hierarchy Process
Kubler, sylvain; Robert, Jérémy UL; Neumaier, Sebastian et al

in Government Information Quarterly (2018)

Detailed reference viewed: 157 (3 UL)
Full Text
Peer Reviewed
See detailAugmenting and Structuring User Queries to Support Efficient Free-Form Code Search
Sirres, Raphael; Bissyande, Tegawendé François D Assise UL; Kim, Dongsun et al

in Empirical Software Engineering (2018), 90

Detailed reference viewed: 139 (6 UL)
Full Text
Peer Reviewed
See detailFeature location benchmark for extractive software product line adoption research using realistic and synthetic Eclipse variants
Martinez, Jabier; Ziadi, Tewfik; Papadakis, Mike UL et al

in Information and Software Technology (2018)

Detailed reference viewed: 181 (5 UL)