The document discusses a tool called ROSE that mines version histories to suggest related changes when a programmer modifies code. ROSE analyzes past transactions from version control systems to determine associations between code changes and uses these to recommend additional locations that may need to be updated. An evaluation shows that ROSE is able to predict the correct changed entities 15% of the time on average across various projects and its top 3 suggestions are correct 64% of the time.
Lei Shi & Mei Wang, Qihoo 360
Virtualization is one of the most complicated software in the world. The VMware workstation is very popular in many fields. The windows 10 has a lot of mitigation technology to get avoid of exploitation. It's a great challenge to make a vm escape in VMware workstation under Win 10. Especially when the guest and host are both win 10 and the guest user are NO-ADMIN. This talk will present how to make a vm escape and execute arbitrary code in the host from a NO-ADMIN guest user under Win 10(both the guest and host are Win 10). They have developed three different exploitation. This talk will introduce them and show a very elegant exploitation technology of vm escape. Besides the vm escape technology, this talk will also show the exploitation technology in Win 10. It is quite attractive because there's a process continuation, saying that the guest can execute the exploitation without crashing/disturbing the host process(VMware workstation virtual machine process). The exploitation is very reliable, it reaches nearly 100% successful rate.
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...idsecconf
Eksploitasi kerentanan pada hypervisor semakin banyak diperbincangkan di beberapa tahun ini, dimulai dari kompetisi hacking Pwn2Own pada 2017 yang mengadakan kategori Virtual Machine dalam ajang lombanya, dan juga teknologi-teknologi terkini yang banyak menggunakan hypervisor seperti Cloud Computing, Malware Detection, dll. Hal tersebut menjadi ketertarikan bagi sebagian hacker, security researcher untuk mencari kelemahan dan mengeksploitasi hypervisor. Tulisan ini menjelaskan mengenai proses Vulnerability Research dan VM Escape exploitation pada VirtualBox.
This document contains various methods to hack or pentest the web-server and web-applications.
1. A person can use it as hand book for hacking websites.
2. All contents of these hand book is searched and taken out from various other websites & blogs...
3. Use these knowledge for education purpose only.
Lei Shi & Mei Wang, Qihoo 360
Virtualization is one of the most complicated software in the world. The VMware workstation is very popular in many fields. The windows 10 has a lot of mitigation technology to get avoid of exploitation. It's a great challenge to make a vm escape in VMware workstation under Win 10. Especially when the guest and host are both win 10 and the guest user are NO-ADMIN. This talk will present how to make a vm escape and execute arbitrary code in the host from a NO-ADMIN guest user under Win 10(both the guest and host are Win 10). They have developed three different exploitation. This talk will introduce them and show a very elegant exploitation technology of vm escape. Besides the vm escape technology, this talk will also show the exploitation technology in Win 10. It is quite attractive because there's a process continuation, saying that the guest can execute the exploitation without crashing/disturbing the host process(VMware workstation virtual machine process). The exploitation is very reliable, it reaches nearly 100% successful rate.
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...idsecconf
Eksploitasi kerentanan pada hypervisor semakin banyak diperbincangkan di beberapa tahun ini, dimulai dari kompetisi hacking Pwn2Own pada 2017 yang mengadakan kategori Virtual Machine dalam ajang lombanya, dan juga teknologi-teknologi terkini yang banyak menggunakan hypervisor seperti Cloud Computing, Malware Detection, dll. Hal tersebut menjadi ketertarikan bagi sebagian hacker, security researcher untuk mencari kelemahan dan mengeksploitasi hypervisor. Tulisan ini menjelaskan mengenai proses Vulnerability Research dan VM Escape exploitation pada VirtualBox.
This document contains various methods to hack or pentest the web-server and web-applications.
1. A person can use it as hand book for hacking websites.
2. All contents of these hand book is searched and taken out from various other websites & blogs...
3. Use these knowledge for education purpose only.
Presentation by Corinne Kramer, an analyst in CBO’s National Security Division, as part of the Global Security Technical Webinar Series at the Massachusetts Institute of Technology.
Falcon heavy Reusable Launch Vehicle- SpaceXAshish Singh
Falcon Heavy is the most powerful operational rocket in the world by a factor of two. With the ability to lift into orbit nearly 64 metric tons (141,000 lb)---a mass greater than a 737 jetliner loaded with passengers, crew, luggage and fuel--Falcon Heavy can lift more than twice the payload of the next closest operational vehicle, the Delta IV Heavy, at one-third the cost. Falcon Heavy draws upon the proven heritage and reliability of Falcon 9.
Its first stage is composed of three Falcon 9 nine-engine cores whose 27 Merlin engines together generate more than 5 million pounds of thrust at liftoff, equal to approximately eighteen 747 aircraft. Only the Saturn V moon rocket, last flown in 1973, delivered more payload to orbit. Falcon Heavy was designed from the outset to carry humans into space and restores the possibility of flying missions with crew to the Moon or Mars.
An Apex Approach to performance assessment
LimitsProfiler is a package that allows you to natively profile your Apex code (including a Visualforce UI). You can find it at github.com/apexlarson/LimitsProfiler
Presentation by Corinne Kramer, an analyst in CBO’s National Security Division, as part of the Global Security Technical Webinar Series at the Massachusetts Institute of Technology.
Falcon heavy Reusable Launch Vehicle- SpaceXAshish Singh
Falcon Heavy is the most powerful operational rocket in the world by a factor of two. With the ability to lift into orbit nearly 64 metric tons (141,000 lb)---a mass greater than a 737 jetliner loaded with passengers, crew, luggage and fuel--Falcon Heavy can lift more than twice the payload of the next closest operational vehicle, the Delta IV Heavy, at one-third the cost. Falcon Heavy draws upon the proven heritage and reliability of Falcon 9.
Its first stage is composed of three Falcon 9 nine-engine cores whose 27 Merlin engines together generate more than 5 million pounds of thrust at liftoff, equal to approximately eighteen 747 aircraft. Only the Saturn V moon rocket, last flown in 1973, delivered more payload to orbit. Falcon Heavy was designed from the outset to carry humans into space and restores the possibility of flying missions with crew to the Moon or Mars.
An Apex Approach to performance assessment
LimitsProfiler is a package that allows you to natively profile your Apex code (including a Visualforce UI). You can find it at github.com/apexlarson/LimitsProfiler
SenchaCon 2016: Handling Undo-Redo in Sencha Applications - Nickolay PlatonovSencha
Undo and redo is a very common but not trivial feature, requested in most types of modern web applications. An application may define complex data processing rules involving data from different stores, which is tricky to handle when undoing an operation. With the Robo tool, we'll show you how to accurately revert data to any previous state with a simple undo() call.
What are some of the performance implications of using lambdas and what strategies can be used to address these. When might be want an alternative to using a lambda and how can we design our APIs to be flexible in this regard. What are the principles of writing low latency code in Java? How do we tune and optimize our code for low latency? When don’t we optimize our code? Where does the JVM help and where does it get in our way? How does this apply to lambdas? How can we design our APIs to use lambdas and minimize garbage?
MySQL Group Replication - Ready For Production? (2018-04)Kenny Gryp
At the end of 2016, Oracle released a new Plugin called MySQL Group Replication, which is a new MySQL replication method that aims to provide better High Availability, and built-in failover with consistency guarantees.
I evaluated the initial GA versions back in early 2017. I presented my initial findings with several best practices and concerns with the current implementation which made me state that Group Replication was not quite ready yet.
(https://www.slideshare.net/Grypyrg/my-sql-group-replication)
(Un)lucky as I was, a large part of the attendees were Oracle developers and the months after this, many of these bugs and missing features were implemented in both MySQL 8.0 as well as backported to MySQL 5.7. (Thank you!)
This is a followup presentation on my previous analysis, where I will look into the changes since and re-evaluate the readiness of Group Replication for production usage and provide my insights and opinion on the state of GR.
A science-gateway for workflow executions: online and non-clairvoyant self-h...Rafael Ferreira da Silva
PhD Thesis presented on November 29th 2013 at INSA-Lyon
Abstract - Science gateways, such as the Virtual Imaging Platform (VIP), enable transparent access to distributed computing and storage resources for scientific computations. However, their large scale and the number of middleware systems involved lead to many errors and faults. In practice, science gateways are often backed by substantial support staff who monitors running experiments by performing simple yet crucial actions such as rescheduling tasks, restarting services, killing misbehaving runs or replicating data files to reliable storage facilities. Fair quality of service (QoS) can then be delivered, yet with important human intervention. Automating such operations is challenging for two reasons. First, the problem is online by nature because no reliable user activity prediction can be assumed, and new workloads may arrive at any time. Therefore, the considered metrics, decisions and actions have to remain simple and to yield results while the application is still executing. Second, it is non-clairvoyant due to the lack of information about applications and resources in production conditions. Computing resources are usually dynamically provisioned from heterogeneous clusters, clouds or desktop grids without any reliable estimate of their availability and characteristics. Models of application execution times are hardly available either, in particular on heterogeneous computing resources. In this thesis, we propose a general healing process for autonomous detection and handling of operational incidents in workflow executions. Instances are modeled as Fuzzy Finite State Machines (FuSM) where state degrees of membership are determined by an external healing process. Degrees of membership are computed from metrics assuming that incidents have outlier performance, e.g. a site or a particular invocation behaves differently than the others. Based on incident degrees, the healing process identifies incident levels using thresholds determined from the platform history. A specific set of actions is then selected from association rules among incident levels.
For more information visit http://www.rafaelsilva.com
JavaOne 2016: Code Generation with JavaCompiler for Fun, Speed and Business P...Juan Cruz Nores
On-the-fly bytecode generation is generally known to be super efficient, but also super difficult to implement and debug. Instead of trying to generate bytecode for the JVM, you can leverage the built-in Java compiler; generate Java code as a string, compile that to bytecode and then have that executed. This gives you better code efficiency, is easier to implement, and is straight-forward to debug. We’ll cover on-the-fly code generation, execution and debugging, working with HotSpot and G1 using dynamic code, as well as how to optimize for engineer implementation time; maximum gain in minimum time. We’ll use practical examples and code snippets, so you can be ready to make the core processing for your business 10x faster.
Simplified Data Processing On Large ClusterHarsh Kevadia
A computer cluster consists of a set of loosely connected or tightly connected computers that work together so that in many respects they can be viewed as a single system. They are connected through fast local area network and are deployed to improve performance over that of single computer. We know that on the web large amount of data are being stored, processed and retrieved in a few milliseconds. Doing so with help of single computer machine is very difficult task. And so we require cluster of machines which can perform this task.
Although using cluster for processing data is not enough, we need to develop a technique that can perform this task easily and efficiently. MapReduce programming model is used for this type of processing. In this model Users specify a map function that processes a key/value pair to generate a set of intermediate key/value pairs, and a reduce function that merges all intermediate values associated with the same intermediate key.
Programs written in this functional style are automatically parallelized and executed on a large cluster of commodity machines. The run-time system takes care of the details of partitioning the input data, scheduling the program's execution across a set of machines, handling machine failures, and managing the required inter-machine communication. This allows programmers without any experience with parallel and distributed systems to easily utilize the resources of a large distributed system.
Analyzing Changes in Software Systems From ChangeDistiller to FMDiffMartin Pinzger
Software systems continuously change and developers spent a large portion of their time in keeping track and understanding changes and their effects. Current development tools provide only limited support. Most of all, they track changes in source files only on the level of textual lines lacking semantic and context information on changes. Developers frequently need to reconstruct this information manually which is a time consuming and error prone task. In this talk, I present three techniques to address this problem by extracting detailed syntactical information from changes in various source files. I start with introducing ChangeDistiller, a tool and approach to extract information on source code changes on the level of ASTs. Next, I present the WSDLDiff approach to extract information on changes in web services interface description files. Finally, I present FMDiff, an approach to extract changes from feature models defined with the linux Kconfig language. For each approach I report on cases studies and experiments to highlight the benefits of our techniques. I also point out several research opportunities opened by our techniques and tools, and the detailed data on changes extracted by them.
Jan vitek distributedrandomforest_5-2-2013Sri Ambati
- Powered by the open source machine learning software H2O.ai. Contributors welcome at: https://github.com/h2oai
- To view videos on H2O open source machine learning software, go to: https://www.youtube.com/user/0xdata
Similar to Mining Version Histories to Guide Software Changes (20)
A preview of the MSR 2013 conference, May 18-19, 2013, in San Francisco, CA. REGISTER NOW! Early registration discounts until April 14. http://msrconf.org
Empirical Software Engineering at Microsoft ResearchThomas Zimmermann
An invited talk that I gave in Tokyo. Very special thanks to Shuji Morisaki who was my translator during the session. Many thanks to Chris Bird, Nachi Nagappan, Rahul Premraj, and Sascha Just who provided slides for this talk.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Mining Version Histories to Guide Software Changes
1. 0/10
26th International Conference on Software Engineering (ICSE), Edinburgh, 28.05.2004
Mining Version Histories
to Guide Software Changes
Thomas Zimmermann
(with Peter Weißgerber, Stephan Diehl, and Andreas Zeller)
Lehrstuhl Softwaretechnik
Universität des Saarlandes, Saarbrücken
3. Extending ECLIPSE Preferences 1/10
Your task: Extend ECLIPSE with a new preference.
Preferences are stored in field fKeys[]:
4. Extending ECLIPSE Preferences 2/10
What else do you need to change?
Which of the 27,000 files
20,000 classes
200,000 methods of ECLIPSE?
5. Extending ECLIPSE Preferences 2/10
What else do you need to change?
Which of the 27,000 files
20,000 classes
200,000 methods of ECLIPSE?
Program analysis.
fKeys[] and initDefaults() use the same variables.
– Usage does not induce change.
– Usage can be detected only within program code.
ECLIPSE has 12,000 non-JAVA files
6. Extending ECLIPSE Preferences 2/10
What else do you need to change?
Which of the 27,000 files
20,000 classes
200,000 methods of ECLIPSE?
Program analysis.
fKeys[] and initDefaults() use the same variables.
– Usage does not induce change.
– Usage can be detected only within program code.
ECLIPSE has 12,000 non-JAVA files
Learning from history.
Programmers who changed fKeys[] also changed…
7. Guiding the Programmer 3/10
A) The user inserts a
new preference into
the field fKeys[]
B) ROSE suggests
locations for further
changes, e.g. the
function initDefaults()
8. From CVS to Transactions 4/10
The ECLIPSE CVS archive has more than 47,000 transactions.
9. From CVS to Transactions 4/10
The ECLIPSE CVS archive has more than 47,000 transactions.
!
12. Effective Mining 6/10
The classical association mining approach is to mine all rules:
– Helpful in understanding general patterns.
– Requires high support thresholds (>2n possible rules).
– Takes time to compute (3 days and more).
13. Effective Mining 6/10
The classical association mining approach is to mine all rules:
– Helpful in understanding general patterns.
– Requires high support thresholds (>2n possible rules).
– Takes time to compute (3 days and more).
Alternative — mine only matching rules on demand:
Constraints on antecedent. Mine only rules which are related
to the situation Σ, e.g. Σ ⇒ X
Single consequent rules. Mine only rules which have a
singleton as consequent, e.g. Σ ⇒ {x}
Average runtime of a query: 0.5 seconds.
14. Precision vs. Recall 7/10
What ROSE finds What it should find
False positives False negatives
Correct prediction
Precision How many of the returned entities are relevant?
High precision = few false positives
Recall How many relevant entities are returned?
High recall = few false negatives
15. Evaluation 8/10
The programmer has changed one single entity.
Can ROSE suggest other entities that should be changed?
Granularity Entities
Project Recall Precision Top3
ECLIPSE 0.15 0.26 0.53
GCC 0.28 0.39 0.89
GIMP 0.12 0.25 0.91
JBOSS 0.16 0.38 0.69
JEDIT 0.07 0.16 0.52
KOFFICE 0.08 0.17 0.46
POSTGRES 0.13 0.23 0.59
PYTHON 0.14 0.24 0.51
Average 0.15 0.26 0.64
ROSE predicts 15% of all changed entities
In 64% of all transactions, ROSE’s topmost three suggestions
contain a correct entity
16. Evaluation 8/10
The programmer has changed one single entity.
Can ROSE suggest other entities that should be changed?
Granularity Entities Files
Project Recall Precision Top3 Recall Precision Top3
ECLIPSE 0.15 0.26 0.53 0.17 0.26 0.54
GCC 0.28 0.39 0.89 0.44 0.42 0.87
GIMP 0.12 0.25 0.91 0.27 0.26 0.90
JBOSS 0.16 0.38 0.69 0.25 0.37 0.64
JEDIT 0.07 0.16 0.52 0.25 0.22 0.68
KOFFICE 0.08 0.17 0.46 0.24 0.26 0.67
POSTGRES 0.13 0.23 0.59 0.23 0.24 0.68
PYTHON 0.14 0.24 0.51 0.24 0.36 0.60
Average 0.15 0.26 0.64 0.26 0.30 0.70
ROSE predicts 15% of all changed entities (files: 26%).
In 64% of all transactions, ROSE’s topmost three suggestions
contain a correct entity (files: 70%).
17. Challenges 9/10
Further Data Sources.
Test outcomes, Mailing lists, Newsgroups, Chat logs
How do we leverage these sources?
18. Challenges 9/10
Further Data Sources.
Test outcomes, Mailing lists, Newsgroups, Chat logs
How do we leverage these sources?
Further Analyses.
Program analysis, Sequence analysis, Clustering
How do we integrate different analyses?
19. Challenges 9/10
Further Data Sources.
Test outcomes, Mailing lists, Newsgroups, Chat logs
How do we leverage these sources?
Further Analyses.
Program analysis, Sequence analysis, Clustering
How do we integrate different analyses?
From Locations to Actions.
You have extended fKeys[] with UI_SPLINES;
ROSE suggests:
Insert store.setDefaults(UI_SPLINES, false);
in function initDefaults();
The user can accept this at the touch of one button.
How much can we learn from history?
20. Conclusion 10/10
5 ROSE detects coupling between non-program entities
(e.g. programs and documentation).
5 ROSE effectively guides users along related changes.
5 In 64% of all transactions, ROSE’s topmost three
suggestions contain a correct entity (files: 70%).
5 Research has just begun to exploit non-program artefacts:
– Similar results by A. Ying (2004); A. Hassan (2004);
and J. Sayyad-Shirabad (2003).
– ICSE Workshop on Mining Software Repositories, 2004.
5 ROSE will be available as an ECLIPSE plug-in in Fall 2004:
http://www.st.cs.uni-sb.de/softevo/