Software Fault Research Articles

Visual software defect prediction method based on improved recurrent criss-cross residual network

PurposeThis study aims to solve the problems of large training sample size, low data sample quality, low efficiency of the currently used classical model, high computational complexity of the existing concern mechanism, and high graphics processing unit (GPU) occupancy in the current visualization software defect prediction, proposing a method for software defect prediction termed recurrent criss-cross attention for weighted activation functions of recurrent SE-ResNet (RCCA-WRSR). First, following code visualization, the activation functions of the SE-ResNet model are replaced with a weighted combination of Relu and Elu to enhance model convergence. Additionally, an SE module is added before it to filter feature information, eliminating low-weight features to generate an improved residual network model, WRSR. To focus more on contextual information and establish connections between a pixel and those not in the same cross-path, the visualized red as integer, green as integer, blue as integer images are inputted into a model incorporating a fused RCCA module for defect prediction.Design/methodology/approachSoftware defect prediction based on code visualization is a new software defect prediction technology, which mainly realizes the defect prediction of code by visualizing code as image, and then applying attention mechanism to extract the features of image. However, the challenges of current visualization software defect prediction mainly include the large training sample size and low sample quality of the data, and the classical models used today are not efficient, and the existing attention mechanisms have high computational complexity and high GPU occupancy.FindingsExperimental evaluation using ten open-source Java data sets from PROMISE and five existing methods demonstrates that the proposed approach achieves an F-measure value of 0.637 in predicting 16 cross-version projects, representing a 6.1% improvement.Originality/valueRCCA-WRSR is a new visual software defect prediction based on recurrent criss-cross attention and improved residual network. This method effectively enhances the performance of software defect prediction.

FunFuzz : Greybox Fuzzing with Function Significance

Greybox fuzzing is dedicated to revealing software bugs by maximizing code coverage. Concentrating on code coverage, greybox fuzzing effectively exposes bugs in real-world programs by continuously executing the program under test (PUT) with the test inputs generated from initial seeds, making it a popular software testing technique. Although powerful, the effectiveness of greybox fuzzing can be restricted in some cases. Ignoring the significant degrees of executed functions, traditional greybox fuzzing usually fails to identify significant seeds that execute more significant functions, and thus may assign similar energy to significant and trivial seeds when conducting power scheduling. As a result, the effectiveness of greybox fuzzing can be degraded due to wasting too much energy on trivial seeds. In this paper, we introduce function significance (FS) to measure the significant degrees of functions. Our key insight is that the influential functions that connect to many other functions are significant to greybox fuzzing as they provide more probabilities to reach previously unexplored code regions. To quantify FS, we conduct influence analysis upon the call graphs extracted from the PUTs to obtain the centrality values of function nodes. With FS as the significance measurement, we further propose FunFuzz , an FS-aware greybox fuzzing technique, to optimize significant seeds and tackle the aforementioned restriction. To this end, FunFuzz dynamically tracks the functions executed by a seed during fuzzing, and computes the significance score for the seed by accumulating the FS values of the functions executed by it. Based on the computed FS values, FunFuzz then takes an estimation-based power scheduling to assign more (or less) energy to seeds that achieve over-estimated (or under-estimated) significance scores. Specifically, the seed energy is adjusted by multiplying with a scale factor computed regarding the ratio of the actual significance score achieved by executing the seed and the estimated significance score predicted by a linear model constructed on-the-fly. To evaluate FunFuzz , we prototype it on top of AFL++ and conduct experiments with 15 programs, of which 10 are from common real-world projects and five are from Magma, and compare it to seven popular fuzzers. The experimental results obtained through fuzzing exceeding 40,800 CPU hours show that: (1) In terms of covering code, FunFuzz outperforms AFL++ by achieving 0.1% \(\sim\) 18.4% more region coverage on 13 out of 15 targets. (2) In terms of finding bugs, FunFuzz unveils 114 unique crashes and 25 Magma bugs (which are derived from CVEs) in 20 trials of 24-hour fuzzing, which are the most compared to the competitor fuzzers and include 32 crashes and 1 Magma bug that the other fuzzers fail to discover. Besides the experiments focusing on code coverage and bug finding, we evaluate the key components of FunFuzz , namely the FS-centered estimation-based power scheduling and the lazy FS computation mechanism. The extensive evaluation not only suggests FunFuzz ’s superiority in code coverage and bug finding, but also demonstrates the effectiveness of the two components.

HetFL: Heterogeneous Graph-Based Software Fault Localization

HetFL: Heterogeneous Graph-Based Software Fault Localization

The effect of data complexity on classifier performance

The research area of Software Defect Prediction (SDP) is both extensive and popular, and is often treated as a classification problem. Improvements in classification, pre-processing and tuning techniques, (together with many factors which can influence model performance) have encouraged this trend. However, no matter the effort in these areas, it seems that there is a ceiling in the performance of the classification models used in SDP. In this paper, the issue of classifier performance is analysed from the perspective of data complexity. Specifically, data complexity metrics are calculated using the Unified Bug Dataset, a collection of well-known SDP datasets, and then checked for correlation with the defect prediction performance of machine learning classifiers (in particular, the classifiers C5.0, Naive Bayes, Artificial Neural Networks, Random Forests, and Support Vector Machines). In this work, different domains of competence and incompetence are identified for the classifiers. Similarities and differences between the classifiers and the performance metrics are found and the Unified Bug Dataset is analysed from the perspective of data complexity. We found that certain classifiers work best in certain situations and that all data complexity metrics can be problematic, although certain classifiers did excel in some situations.

Users' Awareness of Cyber Security Practices for Preventing Data Attacks in Public Organisations

This study assessed users' awareness of cyber security practices for preventing data attacks. The study employed a descriptive research design and quantitative research approach. A random sampling technique was used to select a sample of 65 respondents. Data were collected through structured questionnaires. Descriptive statistics such as mean and standard deviation were used to analyse data. The validity and reliability of data collection tools were ensured. Findings revealed that the user's awareness of cyber security practices on prevention of data attacks was high in the selected case for study, which remains anonymous. The study recommends that due to the rapid changing of technology, the organisation should prevent risks from various sources, including internet-borne attacks, such as spyware or malware, user-generated weaknesses, such as easily guessed passwords or misplaced information, inherent system or software flaws and vulnerabilities and subvert system or software features.

Ensemble methods with feature selection and data balancing for improved code smells classification performance

Code smells are software flaws that make it challenging to comprehend, develop, and maintain the software. Identifying and removing code smells is crucial for software quality. This study examines the effectiveness of several machine-learning models before and after applying feature selection and data balancing on code smell datasets. Extreme Gradient Boosting, Gradient Boosting, Adaptive Boosting, Random Forest, Artificial Neural Network (ANN), and Ensemble model of Bagging, and the two best-performing Boosting techniques are used to predict code smell. This study proposes an enhanced approach, which is an ensemble model of the Bagging and Boosting classifier (EMBBC) that incorporates feature selection and data balancing techniques to predict code smells. Four publicly available code smell datasets, Blob Class, Data Class, Long Parameter List, and Switch Statement, were considered for the experimental work. Classes of datasets are balanced using the Synthetic Minority Over-Sampling Technique (SMOTE). A feature selection method called Recursive Feature Elimination with Cross-Validation (RFECV) is used. This study shows that the ensemble model of Bagging and the two best-performing Boosting techniques performs better in Blob Class, Data Class, and Long Parameter List datasets with the highest accuracy of 99.21%, 99.21%, and 97.62%, respectively. In the Switch Statement dataset, the ANN model provides a higher accuracy of 92.86%. Since the proposed model uses only seven features and still provides better results than others, it could be helpful to detect code smells for software engineers and practitioners in less computational time, improving the system's overall performance.

Memoization in Model Checking for Safety Properties with Multi-Swarm Particle Swarm Optimization

In software engineering, errors or faults in software systems often lead to critical social problems. One effective methodology to tackle this problem is model checking, which is an automated formal verification technique. In traditional model checking, the task of finding specification errors is reduced to deterministic search techniques such as Depth-First Search. Recent research has shown that swarm intelligence offers a powerful search capability compared to traditional techniques. In particular, multi-swarm Particle Swarm Optimization is known to be efficient and can mitigate the state-space explosion problem, i.e., the exponential increase in the search space with a linear increase in the problem size. However, the state-space explosion problem is still significant when verifying very large systems. Further performance improvement is needed. To achieve this, we propose a novel memoization or cache mechanism for storing tentative solutions for reuse in the later stages of the search procedure. For each stage, a candidate solution computed by a swarm is summarized efficiently and heuristically to consolidate similar solutions into a single representative solution. We store the summary and its associated solutions in key-value maps. Instead of computing known solutions repeatedly, we retrieve the solution if the stored key matches the summary. We incorporated the proposed mechanism into a model-checking technique with multi-swarm Particle Swarm Optimization and evaluated the search performance. We show in this paper that the proposed mechanism improved time and space consumption while maintaining solution quality.

An efficient instance selection algorithm for fast training of support vector machine for cross-project software defect prediction pairs

SVM is limited in its use for cross-project software defect prediction because of its very slow training process. So, this research article proposes a new instance selection (IS) algorithm called boundary detection among classes (BDAC) to reduce the training dataset size for faster training of SVM without degrading the prediction performance. The proposed algorithm is evaluated against six existing IS algorithms based on accuracy, running time, data reduction rate, etc. using 23 general datasets, 18 software defect prediction datasets, and two shape-based datasets, and results prove that BDAC is better than the selected algorithm based on collective comparison.

Refining software defect prediction through attentive neural models for code understanding

Identifying defects through manual software testing is a resource-intensive task in software development. To alleviate this, software defect prediction identifies code segments likely to contain faults using data-driven methods. Traditional techniques rely on static code metrics, which often fail to reflect the deeper syntactic and semantic features of the code. This paper introduces a novel framework that utilizes transformer-based networks with attention mechanisms to predict software defects. The framework encodes input vectors to develop meaningful representations of software modules. A bidirectional transformer encoder is employed to model programming languages, followed by fine-tuning with labeled data to detect defects. The performance of the framework is assessed through experiments across various software projects and compared against baseline techniques. Additionally, statistical hypothesis testing and an ablation study are performed to assess the impact of different parameter choices. The empirical findings indicate that the proposed approach can increase classification accuracy by an average of 15.93% and improve the F1 score by up to 44.26% compared to traditional methods.

SỬ DỤNG GOOGLE DOCS VÀ MERCI APP TRONG LỚP HỌC VIẾT TIẾNG PHÁP

This study compares the effectiveness of two automated feedback tools, Google Documents, which will be further addressed as Google Docs, and Merci App, in improving writing ability in French as a foreign language. Forty second-year students used these two reviewer tools to correct their B2-level texts. The data includes 80 student drafts edited on two tools and a survey questionnaire after using these two applications. The results show that both tools help students correct many errors at the sentence, word, and fragment levels but cannot correct errors at the inter-sentence, idea, and coherence levels. Google Docs detects more grammatical errors than Merci App, but Merci App is superior when it comes to finding errors in spelling, vocabulary, expression, and punctuation. Students use the application's error correction suggestions to correct their papers at a very high rate, 92.6% with Google Docs and 81.7% with Merci App. The number of students who prefer Google Docs is also higher than the number of students who prefer Merci App. The study proposes to use both tools to correct students' writing errors and to help students become familiar with error explanations in Merci App to help them systematize language knowledge and develop auto-learning capacity.

Fuzzing drones for anomaly detection: A systematic literature review

Drones, also referred to as Unmanned Aerial Vehicles (UAVs), are becoming popular today due to their uses in different fields and recent technological advancements which provide easy control of UAVs via mobile apps. However, UAVs may contain vulnerabilities or software bugs that cause serious safety and security concerns. For example, the communication protocol used by the UAV may contain authentication and authorization vulnerabilities, which may be exploited by attackers to gain remote access over the UAV. Drones must therefore undergo extensive testing before being released or deployed to identify and fix any software bugs or security vulnerabilities. Fuzzing is one commonly used technique for finding bugs and vulnerabilities in software programs and protocols. This article reviews various approaches where fuzzing is applied to detect bugs and vulnerabilities in UAVs. Our goal is to assess the current state-of-the-art fuzzing approaches for UAVs, which are yet to be explored in the literature. We identified open challenges that call for further research to improve the current state-of-the-art.

How can artificial intelligence be used to detect and mitigate zero-day vulnerabilities?

A zero-day exploit is a cyberattack that uses unknown or unaddressed security flaws in computer software, hardware, or firmware. Zero-day vulnerabilities pose very significant threats to cyber security. While traditional methods have been effective, they are lacking in many aspects due to rapidly evolving cyber threats. Hence, this paper examines artificial intelligence techniques, including machine learning and their application in enhancing cyber security against zero-day vulnerabilities. The research delves into supervised and unsupervised models and algorithms like Naive Bayes. The findings suggest that effective solutions such as artificial intelligence-driven approaches are crucial in the face of rapidly evolving cyber threats.

Uniqueness of suspiciousness scores: towards boosting evolutionary fault localization

Context. Software is subject to the presence of faults, which impacts its quality as well as production and maintenance costs. Evolutionary fault localization uses data from the test activity (test spectra) as a source of information about defects, and its automation aims to obtain better accuracy and lower software repair cost. Motivation. Our analysis identified that the test spectra commonly used in research exhibit a high ratio of sample repetition, which impairs the training and evolution of Genetic Programming (GP) evolved heuristics. Problem. We investigate whether evolutionary training based on the uniqueness of suspiciousness scores can increase the ability to find software faults (defects), even in repeat-sample scenarios. Specifically, we examine whether the GP-evolved heuristic, which is based on the distinguishability of program elements in terms of faults, is really competitive. Methodology. The investigation formalized hypotheses, introduced three training strategies to guide the research and carried out an experimental evaluation, aiming to reach conclusions regarding the assessment of research questions and hypotheses. Analysis. The results have shown the competitiveness of all the proposed training strategies through evaluation metrics commonly used in the research field. Conclusion. Statistical analyses confirmed that the uniqueness of suspiciousness scores guides the generation of superior heuristics for fault localization.

Component-based modeling of cascading failure propagation in directed dual-weight software networks

Software vulnerabilities often lead to cascading failures, resulting in service unavailability and potential breaches of user data. However, existing models for cascading failure propagation typically focus solely on the static design’s calling relationships, disregarding dynamic runtime propagation paths. Moreover, current network topology models primarily consider function calling frequency while overlooking critical factors like internal failure probability and component failure tolerance rates. Yet, these factors significantly influence the actual propagation of software cascading failures. In this study, we address these limitations by incorporating internal failure probabilities and calling frequencies as node and edge weights, respectively. This forms the basis of our component-based directed dual-weight software network cascading failure propagation model. This model encompasses the evaluation of cascading failure propagation through intra-component and inter-component propagation probabilities, alongside the constraint of component failure tolerance rates. Through extensive experiments conducted on six real-world software applications, our model has demonstrated its effectiveness in predicting software cascading failure propagation processes. This method deepens our understanding of software failures and structures, equipping software testers with the knowledge to make well-informed judgments regarding software quality concerns.

Exploring Debugging Challenges and Strategies Using Structural Topic Model: A Comparative Analysis of High and Low-Performing Students

Debugging is essential for identifying and rectifying errors in programming, yet time constraints and students’ trivialization of errors often hinder progress. This study examines differences in debugging challenges and strategies among students with varying computational thinking (CT) competencies using weekly coding journals from an online undergraduate CT course. Participants used Scratch, a block-based programming language, and their journals from five assignments were analyzed using Term Frequency-Inverse Document Frequency and Structural Topic Modeling. High-performing students engaged with diverse topics and specific blocks tied to their weekly projects while low-performing students faced repetitive and broad challenges, such as understanding motion blocks and broadcast concepts. These patterns reveal that low-performing students struggle particularly during the ‘diagnose the fault’ phase of debugging, often hindering their progress in the final stage. Such challenges highlight the necessity for targeted educational interventions to improve the debugging proficiency and overall CT skills. The study underscores the importance of further research into students’ logical thinking processes during code review and debugging, suggesting the use of think-aloud protocols and detailed tracking of debugging practices for deeper insights. This research contributes to the field by showing that differentiated instruction and strategic support can enhance debugging skills across different student performance levels.

WEBSITE SECURITY ANALYSIS CURUG VILLAGE GOVERNMENT USING OPEN WEB APPLICATION SECURITY PROJECT (OWASP)

Cybersecurity has become a crucial issue in the current digital era, especially for government websites that are often targeted by attacks. According to the National Cyber and Crypto Agency (BSSN), government websites are vulnerable to hacking. This study aims to analyze the security of the Curug Village Government website using the Open Web Application Security Project (OWASP). The analysis was conducted on the ten main categories of web application security vulnerabilities listed in OWASP Top 10 2021, including Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration, Vulnerable and Outdated Components, Identification and Authentication Failures, Software and Data Integrity Failures, Security Logging and Monitoring Failures, and Server-side Request Forgery. The results of the testing showed that 4 out of 8 vulnerabilities fall into the OWASP TOP 10 for 2021, particularly in the categories of Injection and Security Misconfiguration. Recommendations for improvements are provided based on these findings, which are expected to help the Curug Village Government strengthen their cybersecurity.

Evolving Paradigms in Automated Program Repair: Taxonomy, Challenges, and Opportunities

With the rapid development and large-scale popularity of program software, modern society increasingly relies on software systems. However, the problems exposed by software have also come to the fore. The software bug has become an important factor troubling developers. In this context, Automated Program Repair (APR) techniques have emerged, aiming to automatically fix software bug problems and reduce manual debugging work. In particular, benefiting from the advances in deep learning, numerous learning-based APR techniques have emerged in recent years, which also bring new opportunities for APR research. To give researchers a quick overview of APR techniques’ complete development and future opportunities, we review the evolution of APR techniques and discuss in depth the latest advances in APR research. In this article, the development of APR techniques is introduced in terms of four different patch generation schemes: search-based, constraint-based, template-based, and learning-based. Moreover, we propose a uniform set of criteria to review and compare each APR tool and then discuss the current state of APR development. Finally, we analyze current challenges and future directions, especially highlighting the critical opportunities that large language models bring to APR research.

A Software Defect Prediction Method That Simultaneously Addresses Class Overlap and Noise Issues after Oversampling

A Software Defect Prediction Method That Simultaneously Addresses Class Overlap and Noise Issues after Oversampling

Computing Precise Control Interface Specifications

Verifying network programs is challenging because of how they divide labor: the control plane computes high level routes through the network and compiles them to device configurations, while the data plane uses these configurations to realize the desired forwarding behavior. In practice, the correctness of the data plane often assumes that the configurations generated by the control plane will satisfy complex specifications. Consequently, validation tools such as program verifiers, runtime monitors, fuzzers, and test-case generators must be aware of these control interface specifications (ci-specs) to avoid raising false alarms. In this paper, we propose the first algorithm for computing precise ci-specs for network data planes. Our specifications are designed to be efficiently monitorable —concretely, checking that a fixed configuration satisfies a ci-spec can be done in polynomial time. Our algorithm, based on modular program instrumentation, quantifier elimination, and a path-based analysis, is more expressive than prior work, and is applicable to practical network programs. We describe an implementation and show that ci-specs computed by our tool are useful for finding real bugs in real-world data plane programs.

CoolerSpace: A Language for Physically Correct and Computationally Efficient Color Programming

Color programmers manipulate lights, materials, and the resulting colors from light-material interactions. Existing libraries for color programming provide only a thin layer of abstraction around matrix operations. Color programs are, thus, vulnerable to bugs arising from mathematically permissible but physically meaningless matrix computations. Correct implementations are difficult to write and optimize. We introduce CoolerSpace to facilitate physically correct and computationally efficient color programming. CoolerSpace raises the level of abstraction of color programming by allowing programmers to focus on describing the logic of color physics. Correctness and efficiency are handled by CoolerSpace. The type system in CoolerSpace assigns physical meaning and dimensions to user-defined objects. The typing rules permit only legal computations informed by color physics and perception. Along with type checking, CoolerSpace also generates performance-optimized programs using equality saturation. CoolerSpace is implemented as a Python library and compiles to ONNX, a common intermediate representation for tensor computations. CoolerSpace not only prevents common errors in color programming, but also does so without run-time overhead: even unoptimized CoolerSpace programs out-perform existing Python-based color programming systems by up to 5.7 times; our optimizations provide up to an additional 1.4 times speed-up.