Computer Software Volume 41, Issue 4

Detecting Test Insufficiency Candidates through Measurement of Services Combination Testing Coverage

Microservices Architecture (MSA) builds systems by combining multiple microservices. In MSA systems, the call relationship between services tends to be complex, making it difficult to comprehensively conduct Services Combination Testing (SCT). In this study, we propose a method to detect test insufficiency candidates through measuring test coverage of SCT, based on the request/response for each service in Services Unit Testing (SUT). The method is validated by successfully detecting SCT insufficiency that could lead to system malfunctions in the real system.

LineVul+: Towards Automated Program Repair via Line-level Defect Prediction

In recent years, automated program repair (APR) has been conducted to reduce the cost of debugging. When performing APR, it is necessary to perform fault localization (FL) to identify the location of bugs. A challenge of FL is that most FL techniques rely on test case coverage. They become difficult to apply when there are insufficient test cases and low test coverage. To overcome this challenge, we have shifted from using FL techniques to employing line-level defect prediction for APR. The latter generally does not require test cases. Because line-level defect prediction targets bugs at the same level of granularity as existing FL techniques, it could be considered as an alternative to these FL techniques. In this paper, we construct and assess our proposed line-level defect prediction approach LineVul+, which is an enhanced version of LineVul, an existing line-level vulnerability detection approach, and discuss its applicability to APR. The proposed approach conducts a two-step defect prediction. Initially, it predicts bugs on sections of differences provided by Git (hunks). If a bug is predicted, it then performs the prediction at the line-level. Our prediction at the hunk-level yielded low precision but high recall. Meanwhile, for line-level prediction, we achieved a Top-5 Accuracy of 0.84, and a median IFA of 0. In conclusion, reducing the number of false positives is necessary to apply the proposed approach to APR.

An Empirical Study of Influence of Software Maintenance Types and Process Ratio to Work Efficiency Considering System Architecture

We analyzed cross-company dataset of software maintenance, to clarify factors affecting work efficiency on the maintenance. In the analysis, we stratified the dataset by system architecture such as Web system, and clarified the influence of maintenance type such as corrective maintenance, and ratio of maintenance phase such as testing.

JxPlatform: A Tool Platform for Static Analysis of Java Source Code

Information on control and data flows within a program is often required when building tools that support or investigate software development and maintenance activities. However, existing source code analysis tools for Java programs are not capable enough of obtaining accurate information. Although byte-code analysis tools can provide enough information, they are not suitable for implementing source code manipulation since byte-code analysis results do not have clear corresponding relationships to source code elements. JxPlatform constructs control flow graphs and program dependence graphs that consist of nodes corresponding to statements, expressions, and variables that appear in Java source code. It provides more accurate information on those graphs than the existing source code analysis tools do. This paper presents the main features, implementation details, and evaluation results of JxPlatform.

Proposal and Evaluation of an Automated Method of Identifying Errors in Learner's UML State Machine Diagrams by Combination of Static and Dynamic Analysis

In UML state machine diagram education, it is necessary for educators to identify the location and type of errors in each answer and explain them to students in order to promote correct understanding among students. In this study, we propose an automated method to identify errors in UML state machine diagrams by static and dynamic analysis so that educators can efficiently and correctly identify errors in the UML state machine diagrams that serve as the assignment answers. In an evaluation experiment, we applied the proposed method to 95 answer sheets prepared by 19 information science students in five different tasks. The results showed that the proposed method did not incorrectly identify errors in answers that did not contain errors, and that it properly identified at least one error in each answer that contained an error. The educators evaluated that the proposed method was useful in terms of accuracy of error identification, although it did not completely identify errors that should be explained.

A Fault-prone Module Prediction Combining Past and Ongoing Test Results

The aim of this study is to improve the efficiency of software testing and/or review by predicting modules that are likely to contain a bug. In cross-version bug prediction, which uses bug data from a previous version to predict bugs in software currently under development, it is difficult to achieve high prediction accuracy due to differences in bug factors between versions. In this research, three methods (test method, mix method, select method) are proposed to address this challenge by incorporating ongoing test results, in addition to bug data from past versions. An evaluation experiment targeted 13 open-source software projects, comparing conventional cross-version prediction with the three proposed methods using seven evaluation metrics. The result indicates that each proposed method achieves higher accuracy in bug prediction than the conventional cross-version prediction when utilizing test results for approximately 10% of the modules in the developing software. Particularly, the select method demonstrated superior performance in comparison.

Userland implementation of fast and accurate process snapshotting for fuzzing on Windows

Fuzzing is the most widely used method for uncovering software security vulnerabilities, and many fuzzing implementations (fuzzers) are available on Linux. On Windows, however, only a few fuzzers are available; in particular, there is no process snapshot-based fuzzer that restores the heap fast and accurately on Windows. This paper proposes a novel process snapshotting for fuzzing that restores the entire memory area including heap fast and accurately. As a result of the preliminary experiment using our prototype implementation, our prototype restores the memory area accurately for 5 real-world software. And it also shows that our prototype achieved 3.81x faster, and 1.13x higher code coverage on average, compared to Winnie, which is a texttt{fork}-based fuzzer on Windows.