Cross-project defect prediction is very appealing because (i) it allows predicting defects in projects for which the availability of data is limited, and (ii) it allows producing generalizable prediction models. However, existing research suggests that cross-project prediction is particularly challenging and, due to heterogeneity of projects, prediction accuracy is not always very good. This paper proposes a novel, multi-objective approach for cross-project defect prediction, based on a multi-objective logistic regression model built using a genetic algorithm. Instead of providing the software engineer with a single predictive model, the multi-objective approach allows software engineers to choose predictors achieving a compromise between number of likely defect-prone artifacts (effectiveness) and LOC to be analyzed/tested (which can be considered as a proxy of the cost of code inspection). Results of an empirical evaluation on 10 datasets from the Promise repository indicate the superiority and the usefulness of the multi-objective approach with respect to single-objective predictors. Also, the proposed approach outperforms an alternative approach for cross-project prediction, based on local prediction upon clusters of similar classes.
Cross-project Defect Prediction Using A Connectivity-based Unsupervised Class...Feng Zhang
Defect prediction on projects with limited historical data has attracted great interest from both researchers and practitioners. Cross-project defect prediction has been the main area of progress by reusing classifiers from other projects. However, existing approaches require some degree of homogeneity (e.g., a similar distribution of metric values) between the training projects and the target project. Satisfying the homogeneity requirement often requires significant effort (currently a very active area of research).
An unsupervised classifier does not require any training data, therefore the heterogeneity challenge is no longer an issue. In this paper, we examine two types of unsupervised classifiers: a) distance-based classifiers (e.g., k-means); and b) connectivity-based classifiers. While distance-based unsupervised classifiers have been previously used in the defect prediction literature with disappointing performance, connectivity-based classifiers have never been explored before in our community.
We compare the performance of unsupervised classifiers versus supervised classifiers using data from 26 projects from three publicly available datasets (i.e., AEEEM, NASA, and PROMISE). In the cross-project setting, our proposed connectivity-based classifier (via spectral clustering) ranks as one of the top classifiers among five widely-used supervised classifiers (i.e., random forest, naive Bayes, logistic regression, decision tree, and logistic model tree) and five unsupervised classifiers (i.e., k-means, partition around medoids, fuzzy C-means, neural-gas, and spectral clustering). In the within-project setting (i.e., models are built and applied on the same project), our spectral classifier ranks in the second tier, while only random forest ranks in the first tier. Hence, connectivity-based unsupervised classifiers offer a viable solution for cross and within project defect predictions.
Reproducible Crashes: Fuzzing Pharo by Mutating the Test MethodsUniversity of Antwerp
Fuzzing (or Fuzz Testing) is a technique to verify the robustness of a program-under-test. Valid input is replaced by random values with the goal to force the program-under-test into unresponsive states. In this position paper, we propose a white box Fuzzing approach by transforming (mutating) existing test methods. We adopt the mechanisms used for test amplification to generate crash inducing tests, which developers can reproduce later. We provide anecdotal evidence that our approach towards Fuzzing reveals crashing issues in the Pharo environment.
Cross-project Defect Prediction Using A Connectivity-based Unsupervised Class...Feng Zhang
Defect prediction on projects with limited historical data has attracted great interest from both researchers and practitioners. Cross-project defect prediction has been the main area of progress by reusing classifiers from other projects. However, existing approaches require some degree of homogeneity (e.g., a similar distribution of metric values) between the training projects and the target project. Satisfying the homogeneity requirement often requires significant effort (currently a very active area of research).
An unsupervised classifier does not require any training data, therefore the heterogeneity challenge is no longer an issue. In this paper, we examine two types of unsupervised classifiers: a) distance-based classifiers (e.g., k-means); and b) connectivity-based classifiers. While distance-based unsupervised classifiers have been previously used in the defect prediction literature with disappointing performance, connectivity-based classifiers have never been explored before in our community.
We compare the performance of unsupervised classifiers versus supervised classifiers using data from 26 projects from three publicly available datasets (i.e., AEEEM, NASA, and PROMISE). In the cross-project setting, our proposed connectivity-based classifier (via spectral clustering) ranks as one of the top classifiers among five widely-used supervised classifiers (i.e., random forest, naive Bayes, logistic regression, decision tree, and logistic model tree) and five unsupervised classifiers (i.e., k-means, partition around medoids, fuzzy C-means, neural-gas, and spectral clustering). In the within-project setting (i.e., models are built and applied on the same project), our spectral classifier ranks in the second tier, while only random forest ranks in the first tier. Hence, connectivity-based unsupervised classifiers offer a viable solution for cross and within project defect predictions.
Reproducible Crashes: Fuzzing Pharo by Mutating the Test MethodsUniversity of Antwerp
Fuzzing (or Fuzz Testing) is a technique to verify the robustness of a program-under-test. Valid input is replaced by random values with the goal to force the program-under-test into unresponsive states. In this position paper, we propose a white box Fuzzing approach by transforming (mutating) existing test methods. We adopt the mechanisms used for test amplification to generate crash inducing tests, which developers can reproduce later. We provide anecdotal evidence that our approach towards Fuzzing reveals crashing issues in the Pharo environment.
Finding Bugs, Fixing Bugs, Preventing Bugs — Exploiting Automated Tests to In...University of Antwerp
With the rise of agile development, software teams all over the world embrace faster release cycles as *the* way to incorporate customer feedback into product development processes. Yet, faster release cycles imply rethinking the traditional notion of software quality: agile teams must balance reliability (minimize known defects) against agility (maximize ease of change). This talk will explore the state-of-the-art in software test automation and the opportunities this may present for maintaining this balance. We will address questions like: Will our test suite detect critical defects early? If not, how can we improve our test suite? Where should we fix a defect?
(Keynote for the SHIFT 2020 and IWSF 2020 Workshops, October 2020)
With the rise of agile development and the adoption of continuous integration, the software industry has seen an increasing interest in test automation. Many organizations invest in test automation but fail to reap the expected benefits, most likely due to a lack of test-automation maturity. In this talk, we present the results of a test automation maturity survey collecting responses of 151 practitioners coming from 101 organizations in 25 countries. We make observations regarding the state of the practice and provide a benchmark for assessing the maturity of an agile team. The benchmark resulted in a self-assessment tool for practitioners to be released under an open source license. An alfa version is presented herein. The research underpinning the survey has been conducted through the TESTOMAT project, a European project with 34 partners coming from 6 different countries.
(Presentation delivered at the Test Automation Days and the Testnet Autumn Event; October 2020)
Updated slides for my talk at the CHAQ meeting in Antwerp. I also added slides on some of my experiences on performing empirical studies with open source and industrial software systems.
Specification-based Verification of Incomplete ProgramsIDES Editor
Recently, formal methods like model checking or
theorem proving have been considered efficient tools for
software verification. However, when practically applied, those
techniques suffer high complexity cost. Combining static
analysis with dynamic checking to deal with this problem has
been becoming an emerging trend, which results in the
introduction of concolic testing technique and its variations.
However, the analysis-based verification techniques always
assume the availability of full source code of the verified
program, which does not always hold in real life contexts. In
this paper, we propose an approach to tackle this problem,
where our contributed ideas are (i) combining function
specification with control flow analysis to deal with sourcemissing
function; (ii) generating self-complete programs from
incomplete programs by means of concrete execution, thus
making them fully verifiable by model checking; and (iii)
developing a constraint-based test-case generation technique
to significantly reduce the complexity. Our solution has been
proved viable when successfully deployed for checking
programming work of students.
Analyzing Changes in Software Systems From ChangeDistiller to FMDiffMartin Pinzger
Software systems continuously change and developers spent a large portion of their time in keeping track and understanding changes and their effects. Current development tools provide only limited support. Most of all, they track changes in source files only on the level of textual lines lacking semantic and context information on changes. Developers frequently need to reconstruct this information manually which is a time consuming and error prone task. In this talk, I present three techniques to address this problem by extracting detailed syntactical information from changes in various source files. I start with introducing ChangeDistiller, a tool and approach to extract information on source code changes on the level of ASTs. Next, I present the WSDLDiff approach to extract information on changes in web services interface description files. Finally, I present FMDiff, an approach to extract changes from feature models defined with the linux Kconfig language. For each approach I report on cases studies and experiments to highlight the benefits of our techniques. I also point out several research opportunities opened by our techniques and tools, and the detailed data on changes extracted by them.
Formal Verification of Developer Tests: a Research Agenda Inspired by Mutatio...University of Antwerp
With the current emphasis on DevOps, automated software tests become a necessary ingredient for continuously evolving, high-quality software systems. This implies that the test code takes a significant portion of the complete code base — test to code ratios ranging from 3:1 to 2:1 are quite common.
We argue that "testware'" provides interesting opportunities for formal verification, especially because the system under test may serve as an oracle to focus the analysis. As an example we describe five common problems (mainly from the subfield of mutation testing) and how formal verification may contribute.
We deduce a research agenda as an open invitation for fellow researchers to investigate the peculiarities of formally verifying testware.
Finding Bugs, Fixing Bugs, Preventing Bugs — Exploiting Automated Tests to In...University of Antwerp
With the rise of agile development, software teams all over the world embrace faster release cycles as *the* way to incorporate customer feedback into product development processes. Yet, faster release cycles imply rethinking the traditional notion of software quality: agile teams must balance reliability (minimize known defects) against agility (maximize ease of change). This talk will explore the state-of-the-art in software test automation and the opportunities this may present for maintaining this balance. We will address questions like: Will our test suite detect critical defects early? If not, how can we improve our test suite? Where should we fix a defect?
(Keynote for the SHIFT 2020 and IWSF 2020 Workshops, October 2020)
With the rise of agile development and the adoption of continuous integration, the software industry has seen an increasing interest in test automation. Many organizations invest in test automation but fail to reap the expected benefits, most likely due to a lack of test-automation maturity. In this talk, we present the results of a test automation maturity survey collecting responses of 151 practitioners coming from 101 organizations in 25 countries. We make observations regarding the state of the practice and provide a benchmark for assessing the maturity of an agile team. The benchmark resulted in a self-assessment tool for practitioners to be released under an open source license. An alfa version is presented herein. The research underpinning the survey has been conducted through the TESTOMAT project, a European project with 34 partners coming from 6 different countries.
(Presentation delivered at the Test Automation Days and the Testnet Autumn Event; October 2020)
Updated slides for my talk at the CHAQ meeting in Antwerp. I also added slides on some of my experiences on performing empirical studies with open source and industrial software systems.
Specification-based Verification of Incomplete ProgramsIDES Editor
Recently, formal methods like model checking or
theorem proving have been considered efficient tools for
software verification. However, when practically applied, those
techniques suffer high complexity cost. Combining static
analysis with dynamic checking to deal with this problem has
been becoming an emerging trend, which results in the
introduction of concolic testing technique and its variations.
However, the analysis-based verification techniques always
assume the availability of full source code of the verified
program, which does not always hold in real life contexts. In
this paper, we propose an approach to tackle this problem,
where our contributed ideas are (i) combining function
specification with control flow analysis to deal with sourcemissing
function; (ii) generating self-complete programs from
incomplete programs by means of concrete execution, thus
making them fully verifiable by model checking; and (iii)
developing a constraint-based test-case generation technique
to significantly reduce the complexity. Our solution has been
proved viable when successfully deployed for checking
programming work of students.
Analyzing Changes in Software Systems From ChangeDistiller to FMDiffMartin Pinzger
Software systems continuously change and developers spent a large portion of their time in keeping track and understanding changes and their effects. Current development tools provide only limited support. Most of all, they track changes in source files only on the level of textual lines lacking semantic and context information on changes. Developers frequently need to reconstruct this information manually which is a time consuming and error prone task. In this talk, I present three techniques to address this problem by extracting detailed syntactical information from changes in various source files. I start with introducing ChangeDistiller, a tool and approach to extract information on source code changes on the level of ASTs. Next, I present the WSDLDiff approach to extract information on changes in web services interface description files. Finally, I present FMDiff, an approach to extract changes from feature models defined with the linux Kconfig language. For each approach I report on cases studies and experiments to highlight the benefits of our techniques. I also point out several research opportunities opened by our techniques and tools, and the detailed data on changes extracted by them.
Formal Verification of Developer Tests: a Research Agenda Inspired by Mutatio...University of Antwerp
With the current emphasis on DevOps, automated software tests become a necessary ingredient for continuously evolving, high-quality software systems. This implies that the test code takes a significant portion of the complete code base — test to code ratios ranging from 3:1 to 2:1 are quite common.
We argue that "testware'" provides interesting opportunities for formal verification, especially because the system under test may serve as an oracle to focus the analysis. As an example we describe five common problems (mainly from the subfield of mutation testing) and how formal verification may contribute.
We deduce a research agenda as an open invitation for fellow researchers to investigate the peculiarities of formally verifying testware.
Cross-project defect prediction is very appealing because (i) it allows predicting defects in projects for which the availability of data is limited, and (ii) it allows producing generalizable prediction models. However, existing research suggests that cross-project prediction is particularly challenging and, due to heterogeneity of projects, prediction accuracy is not always very good.
This paper proposes a novel, multi-objective approach for cross-project defect prediction, based on a multi-objective logistic regression model built using a genetic algorithm. Instead of providing the software engineer with a single predictive model, the multi-objective approach allows software engineers to choose predictors achieving a compromise between number of likely defect-prone artifacts (effectiveness) and LOC to be analyzed/tested (which can be considered as a proxy of the cost of code inspection).
Results of an empirical evaluation on 10 datasets from the Promise repository indicate the superiority and the usefulness of the multi-objective approach with respect to single-objective predictors. Also, the proposed approach outperforms an alternative approach for cross-project prediction, based on local prediction upon clusters of similar classes.
Model-Driven Optimization: Generating Smart Mutation Operators for Multi-Obj...SEAA 2022
Niels van Harten Radboud University Nijmegen Nijmegen, The Netherlands
CDN (Diego) Damasceno Radboud University Nijmegen Nijmegen, The Netherlands
Daniel Strüber
Chalmers | University of Gothenburg (SE) Radboud University Nijmegen (NL)
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...gdgsurrey
Dive into the essentials of ML model development, processes, and techniques to combat underfitting and overfitting, explore distributed training approaches, and understand model explainability. Enhance your skills with practical insights from a seasoned expert.
Leveraging the Option Value of Unconventional Resource ProjectsPortfolio Decisions
The option value is the difference between the intrinsic (stand-alone) value of an opportunity and the value that becomes available through alternatives. The application to unconventional resource plays is that they unique characteristics that may lead to increased option value potential. These include significant uncertainties (volatility), long time horizons, market liquidity, ownership options, and large up-front investment requirements. Here we share a case study on a resource development program.
The Comprehensive Product Platform Planning (CP3) framework presents a flexible mathematical model of the platform planning process, which allows (i) the formation of sub-families of products, and (ii) the simultaneous identification and quantification of plat- form/scaling design variables. The CP3 model is founded on a generalized commonality matrix that represents the product platform plan, and yields a mixed binary-integer non- linear programming problem. In this paper, we develop a methodology to reduce the high dimensional binary integer problem to a more tractable integer problem, where the com- monality matrix is represented by a set of integer variables. Subsequently, we determine the feasible set of values for the integer variables in the case of families with 3 − 7 kinds of products. The cardinality of the feasible set is found to be orders of magnitude smaller than the total number of unique combinations of the commonality variables. In addition, we also present the development of a generalized approach to Mixed-Discrete Non-Linear Optimization (MDNLO) that can be implemented through standard non-gradient based op- timization algorithms. This MDNLO technique is expected to provide a robust and compu- tationally inexpensive optimization framework for the reduced CP3 model. The generalized approach to MDNLO uses continuous optimization as the primary search strategy, how- ever, evaluates the system model only at the feasible locations in the discrete variable space.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2021/08/robust-object-detection-under-dataset-shifts-a-presentation-from-arm/
Partha Maji, Principal Research Scientist at Arm’s Machine Learning Research Lab, presents the “Robust Object Detection Under Dataset Shifts” tutorial at the May 2021 Embedded Vision Summit.
In image classification tasks, the evaluation of models’ robustness to increased dataset shifts with a probabilistic framework is very well studied. However, object detection (OD) tasks pose other challenges for uncertainty estimation and evaluation. For example, one needs to evaluate both the quality of the label uncertainty (i.e., what?) and spatial uncertainty (i.e., where?) for a given bounding box, but that evaluation cannot be performed with more traditional average precision metrics (e.g., mAP).
In this talk, Maji discusses how to adapt well-established object detection models to generate uncertainty estimations by introducing stochasticity in the form of Monte Carlo Dropout (MC-Drop). He also discusses how such techniques could be extended to a broad class of embedded vision tasks to improve robustness.
Similar to Multi-Objective Cross-Project Defect Prediction (20)
Maliheh (Mali) Izadi, PhD, Andrea Di Sorbo, and Sebastiano Panichella co-chaired the 3rd Intl. Workshop on NL-based Software Engineering
April 20 2024, Lisbon, Portugal.
Diversity-guided Search Exploration for Self-driving Cars Test Generation thr...Sebastiano Panichella
Timo Blattner, Christian Birchler, Timo Kehrer, Sebastiano Panichella: Diversity-guided Search Exploration for Self-driving Cars Test Generation through Frenet Space Encoding. Intl. Workshop on Search-Based and Fuzz Testing (SBFT). 2024
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
Nicolas Erni, Al-Ameen, Mohammed, Christian Birchler, Pouria Derakhshanfar, Stephan Lukasczyk, Sebastiano Panichella: SBFT Tool Competition 2024 -- Python Test Case Generation Track 17th International Workshop on Search-Based and Fuzz Testing
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSebastiano Panichella
Sajad Khatiri, Prasun Saurabh, Timothy Zimmermann, Charith Munasinghe, Christian Birchler, Sebastiano Panichella: SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track 17th International Workshop on Search-Based and Fuzz Testing
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
Sajad Khatiri, Sebastiano Panichella, Paolo Tonella: Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist. International Conference on Software Engineering. 2024
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Sebastiano Panichella
Lecture entitled "Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective Test Generation and Selection" at the International Summer School
on Search- and Machine Learning-based Software Engineering
June 22-24, 2022 - Córdoba, Spain
Sebastiano Panichella and Christian Birchler
COSMOS:
DevOps for Complex Cyber-physical Systems
Sebastiano Panichella
Zurich University of Applied Sciences (ZHAW)
Workshop on Adaptive CPSoS (WASOS) 2023
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...Sebastiano Panichella
Keynote presentation </b>at ICST (AIST workshop) entitled "Testing and Development Challenges for Complex Cyber-Physical Systems: Insights from the COSMOS H2020 Project"
An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...Sebastiano Panichella
Presentation at 16th IEEE International Conference on Software
Testing, Verification and Validation (ICST): An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical Systems. Journal of Systems & Software (JSS).
Automated Identification and Qualitative Characterization of Safety Concerns ...Sebastiano Panichella
Presentation at the IEEE/ACM International Conference on
Automated Software Engineering (ASE 2023):
“Automated Identification and Qualitative Characterization of Safety Concerns
Reported in UAV Software Platforms” -
Transactions on Software Engineering and Methodology
Simulation-based Test Case Generation for Unmanned Aerial Vehicles in the Nei...Sebastiano Panichella
Here are the slides of the presentation of the paper entitled "Simulation-based Test Case Generation for Unmanned Aerial Vehicles in the Neighborhood of Real Flights". It was presented at the IEEE International Conference on Software Testing, Verification, and Validation (ICST) 2023.
The presentation concerns the ongoing research in the COSMOS H2020 project (https://www.cosmos-devops.org/), as outlined by the ICST Program (https://conf.researchr.org/program/icst-2023/program-icst-2023/?past=Show%20upcoming%20events%20only).
Exposed! A case study on the vulnerability-proneness of Google Play AppsSebastiano Panichella
Title: Exposed! A case study on the vulnerability-proneness
of Google Play Apps
Authors:
Andrea Di Sorbo, Sebastiano Panichella
Venue:
ESEC/FSE - Journal First Presentation
14-18, November 2022, Singapore
Video:
https://www.youtube.com/watch?v=9lv3WGuNM0A&ab_channel=Sebastiano
Search-based Software Testing (SBST) '22
Workshop Co-Chairs:
Giovani Guizzo
UNIVERSITY COLLEGE LONDON, UNITED KINGDOM
Sebastiano Panichella
ZURICH UNIVERSITY OF APPLIED SCIENCE, SWITZERLAND
Competition Co-Chairs:
Alessio Gambi
UNIVERSITY OF PASSAU, GERMANY
Gunel Jahangirova
UNIVERSITÀ DELLA SVIZZERA ITALIANA, SWITZERLAND
Vincenzo Riccio
UNIVERSITÀ DELLA SVIZZERA ITALIANA, SWITZERLAND
Fiorella Zampetti
UNIVERSITY OF SANNIO, ITALY
Website Chair:
Rebecca Moussa
UNIVERSITY COLLEGE LONDON, UNITED KINGDOM
Program Committee:
Nazareno Aguirre, Universidad Nacional de Río Cuarto - CONICET, Argentina
Aldeida Aleti, Monash University, Australia
Giuliano Antoniol, Ecole Polytechnique de Montréal, Canada
Kate Bowers, Oakland University, USA
Jose Campos, University of Washington, USA
Thelma E. Colanzi, State University of Maringá, Brazil
Byron DeVries, Grand Valley State University, USA
Gordon Fraser, University of Passau, Germany
Erik Fredericks, Oakland University, USA
Gregory Gay, Chalmers and the University of Gothenburg, Sweden
Alessandra Gorla, IMDEA Software Institute, Spain
Gregory Kapfhammer, Allegheny College, USA
Yiling Lou, Peking University, China
Mitchell Olsthoorn, Delft University of Technology, Netherlands
Justyna Petke, University College London, UK
Silvia R. Vergilio, Universidade Federal do Paraná, Brazil
Simone do Rocio Senger de Souza, University of São Paulo, Brazil
Thomas Vogel, Humboldt-Universität zu Berlin, Germany
Jie Zhang, University College London, UK
Tool Competition
Introduction
NLP-based approaches and tools have been proposed to improve the efficiency of software engineers, processes, and products, by automatically processing natural language artifacts (issues, emails, commits, etc.).
We believe that the availability of accurate tools is becoming increasingly necessary to improve Software Engineering (SE) processes. One important process is issue management and prioritization where developers have to understand, classify, prioritize, assign, etc. incoming issues reported by end-users and developers.
This year, we are pleased to announce the first edition of the NLBSE’22 tool competition on issue report classification, an important task in issue management and prioritization.
For the competition, we provide a dataset encompassing more than 800k labeled issue reports (as bugs, enhancements, and questions) extracted from real open-source projects. You are invited to leverage this dataset for evaluating your classification approaches and compare the achieved results against a proposed baseline approach (based on FastText).
Competition overview
We created a Colab notebook with detailed information about the competition (provided data, baseline approach, paper submission, paper format, etc.).
If you want to participate, you must:
Train and tune a multi-label multi-class classifier using the provided training set. The classifier should assign one label to an issue.
Evaluate your classifier on the provided test set
Write a paper (4 pages max.) describing:
The architecture and details of the classifier
The procedure used to pre-process the data
The procedure used to tune the classifier on the training set
The results of your classifier on the test set
Additional info.: provide a link to your code/tool with proper documentation on how to run it
Submit the paper by emailing the tool competition organizers (see below)
Submissions will be evaluated and accepted based on correctness and reproducibility, defined by the following criteria:
Clarity and detail of the paper content
Availability of the code/tool, released as open-source
Correct training/tuning/evaluation of your code/tool on the provided data
Clarity of the code documentation
The accepted submissions will be published at the workshop proceedings.
The submissions will be ranked based on the F1 score achieved by the proposed classifiers on the test set, as indicated in the papers.
The submission with the highest F1 score will be the winner of the competition.
How to participate?
Email your paper to Oscar Chaparro (oscarch@wm.edu) and Rafael Kallis (rk@rafaelkallis.com) by the submission deadline.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
6. Indicators of defects
Cached history
information
Kim
at
al.
ICSE
2007
Change Metrics
Moset
at
al.
ICSE
2008.
A metrics suite for
object oriented
design Chidamber
at
al.
TSE
1994
9. Defect Prediction Methodology
Predic<ng
Model
Project
Test
Set
Training
Set
Defect
Prone
Class1 YES
Class2 YES
Class3 NO
… YES
ClassN …
Within Project
Issue: Size of the
Training Set
10. Defect Prediction Methodology
Predic<ng
Model
Project
Test
Set
Training
Set
Defect
Prone
Class1 YES
Class2 YES
Class3 NO
… YES
ClassN …
Predic<ng
Model
Test
Set
Training
Set
Defect
Prone
Class1 YES
Class2 YES
Class3 NO
… YES
ClassN …
Within Project
Issue: Size of the
Training Set
Past
Projects
New
Project
11. Project
B
Project
A
Defect Prediction Methodology
Predic<ng
Model
Project
Test
Set
Training
Set
Defect
Prone
Class1 YES
Class2 YES
Class3 NO
… YES
ClassN …
Predic<ng
Model
Test
Set
Training
Set
Defect
Prone
Class1 YES
Class2 YES
Class3 NO
… YES
ClassN …
Within Project
Cross-Project
Issue: Size of the
Training Set
12. Project
B
Project
A
Defect Prediction Methodology
Predic<ng
Model
Project
Test
Set
Training
Set
Defect
Prone
Class1 YES
Class2 YES
Class3 NO
… YES
ClassN …
Predic<ng
Model
Test
Set
Training
Set
Defect
Prone
Class1 YES
Class2 YES
Class3 NO
… YES
ClassN …
Within Project
Cross-Project
Issue: Size of the
Training Set
Issue: The predicting
accuracy can be lower
13. Cost Effectiveness
1) Cross-project does not
necessarily works worse than
within-project
2) Better precision (accuracy)
does not mirror less
inspection cost
3) Traditional predicting model:
logistic regression
Recaling the “imprecision” of Cross-
project Defect Prediction, Rahman
at
al.
FSE
2012
15. Cost Effectiveness: example
Predicting model 1
Class
A
Class
B
Class
A
Class
C
Class
D
100
LOC
10,000
LOC
100
LOC
100
LOC
100
LOC
Predicting model 2
Class
A
Class
B
Class
C
Class
D
16. Cost Effectiveness: example
Predicting model 1
Class
A
Class
B
Class
A
Class
C
Class
D
BUG
BUG
100
LOC
10,000
LOC
100
LOC
100
LOC
100
LOC
Predicting model 2
Class
A
Class
B
Class
C
Class
D
17. Cost Effectiveness: example
Predicting model 1
Class
A
Class
B
Class
A
Class
C
Class
D
BUG
BUG
100
LOC
10,000
LOC
100
LOC
100
LOC
100
LOC
Precision
=
50
%
Cost
=10,100
LOC
Predicting model 2
Class
A
Class
B
Class
C
Class
D
18. Cost Effectiveness: an example
Predicting model 1
Class
A
Class
B
Class
A
Class
C
Class
D
BUG
BUG
100
LOC
10,000
LOC
100
LOC
100
LOC
100
LOC
Precision
=
50
%
Cost
=10,100
LOC
Predicting model 2
Precision
=
33
%
Cost
=
300
LOC
Class
A
Class
B
Class
C
Class
D
19. Class
A
Class
B
Class
C
Class
D
Cost Effectiveness: an example
Predicting model 1
Class
A
Class
B
Class
A
Class
C
Class
D
BUG
BUG
100
LOC
10,000
LOC
100
LOC
100
LOC
100
LOC
Predicting model 2
Precision does not mirrorthe inspection cost
All the existing predicting models work
on precision and not on cost
We need COST oriented models
30. a + b mi1 + c mi2 + …
Multi-objective Genetic Algorithm
⎪
⎩
⎪
⎨
⎧
⋅=
⋅=
∑
∑
i
ii
i
i
i
ActualedessEffectiven
CostPredCostIspection
Pr
min
max
.
1 e
e
Pred
+
=
a + b mi1 + c mi2 + …
Chromosome
(a, b,c , …)
Fitness Function
Multiple objectives are
optimized using Pareto
efficient approaches
31. Multi-objective Genetic Algorithm
Pareto Optimality: all solutionsthat are not dominated by anyother solutions form the Paretooptimal set.
Multiple otpimal solutions (models)
can be found
Cost
Effectiveness
The frontier allows to make a
well-informed decision that
balances the trade-offs
between the two objectives
33. Research Questions
RQ1: How does the multi-objective (MO)prediction perform,
compared to single-objective (SO) prediction
34. Research Questions
RQ1: How does the multi-objective (MO)prediction perform,
compared to single-objective (SO) prediction
Cross-project MO vs. cross-project SO
vs. within project SO
35. Research Questions
RQ2: How does the proposed approach perform, comparedto the local prediction approach by Menzie et al. ?
RQ1: How does the multi-objective (MO)prediction perform,
compared to single-objective (SO) prediction
Cross-project MO vs. cross-project SO
vs. within project SO
36. Research Questions
RQ2: How does the proposed approach perform, comparedto the local prediction approach by Menzie et al. ?
RQ1: How does the multi-objective (MO)prediction perform,
compared to single-objective (SO) prediction
Cross-project MO vs. cross-project SO
vs. within project SO
Cross-project MO vs. Local Prediction
38. • 10 java projects from PROMISE datasetü
different
sizes
ü
different
context
applica<on
Experiment outline
• Cross-projects defect prediction:
ü Training
model
on
nine
projects
and
test
on
the
remaining
one
(10
<mes)
RQ1
39. • 10 java projects from PROMISE datasetü
different
sizes
ü
different
context
applica<on
Experiment outline
• Cross-projects defect prediction:
ü Training
model
on
nine
projects
and
test
on
the
remaining
one
(10
<mes)
• Within project defect prediction:
ü
10
cross-‐folder
valida<on
RQ1
RQ1
40. • 10 java projects from PROMISE datasetü
different
sizes
ü
different
context
applica<on
Experiment outline
• Cross-projects defect prediction:
ü Training
model
on
nine
projects
and
test
on
the
remaining
one
(10
<mes)
• Within project defect prediction:
ü
10
cross-‐folder
valida<on
• Local prediction:
ü
K-‐means
clustering
algorithm
ü
Silhoue]e
Coefficient
RQ1
RQ1
RQ2
43. Cross-project MO vs. Cross-project SO
0
50
100
150
200
250
300
KLOC
Cross-‐project
SO
Cross
project
MO
44. Cross-project MO vs. Cross-project SO
0
50
100
150
200
250
300
KLOC
Cross-‐project
SO
Cross
project
MO
The proposed multi-objective model
Outperform the single-objective one
45. Cross-project MO vs. Within-project SO
0
50
100
150
200
250
300
350
KLOC
Within
project
SO
Cross
project
MO
46. Cross-project MO vs. Within-project SO
0
10
20
30
40
50
60
70
80
90
100
Precision
Within
project
SO
Cross
project
MO
47. Cross-project MO vs. Within-project SO
0
10
20
30
40
50
60
70
80
90
100
Precision
Within
project
SO
Cross
project
MO
Cross-project prediction is worse than within-project
prediction in terms of PRECISION
48. Cross-project MO vs. Within-project SO
0
10
20
30
40
50
60
70
80
90
100
Precision
Within
project
SO
Cross
project
MO
Cross-project prediction is worse than within-project
prediction in terms of PRECISION
But it is better than within-project predictors in term
of COST-EFFECTIVENESS
49. 0
50
100
150
200
250
300
KLOC
Local
Predic<on
Cross
project
MO
Cross-project MO vs. Local Prediction
50. 0
50
100
150
200
250
300
KLOC
Local
Predic<on
Cross
project
MO
Cross-project MO vs. Local Prediction
The multi-objective predictor outperforms the local
predictor.