In this presentation, I talk about different ways of testing your software that go beyond testing. Log analytics and DevOps, static analysis tools, automated test generation, mistakes in web API integration, and challenges in software testing education.
I gave this talk to several Brazilian companies in December/2017.
Paypal Tutorial: How to Open and Set- Up Your AccountRea A.
This document provides a tutorial on how to use Paypal in 3 parts. Part 1 explains how to open a Paypal account. Part 2 describes the different sections of the Paypal online account dashboard. Part 3 breaks down the "My Account" toolbar and its subheadings for overview, withdraw, history, and profile where you can add/edit personal details, bank accounts, cards, and addresses.
Matteopanfilo presented on key performance indicators (KPIs) and metrics for businesses. He discussed different metrics that can be used depending on the type of business, such as number of homes with high-definition pictures for Airbnb or cost per acquisition for ecommerce sites. He then covered funnels, cohort analysis to measure customer behavior over time, churn rates, A/B testing to optimize websites and emails, analyzing source channels like email marketing, and using customer relationship management (CRM) systems to interact with customers. The presentation provided an overview of important analytics concepts for measuring business performance.
This document provides an overview of SafexPay's white label payment gateway proposal. It discusses SafexPay's team experience, technology platform, certifications, and the services it offers including a payment gateway, wallet platform, payout platform, and business app. It also covers transaction flows, integration types, security features, settlement processes, payment methods, modules, risk management, and advanced features. The document highlights advantages for white label partners, merchants, and WL partners in working with SafexPay and why SafexPay is a good choice due to its scalable and configurable platform, multi-channel capabilities, and focus on innovation.
figo Banking API: A Banking Service Provider for FinTech StartupsLars Markull
figo is offering a quick and easy to implement banking API. With our API our partners can implement financial sources into their service and make use of it in very different ways. We are defining ourselves as a Banking Service Provider: our offering is not just the banking API but we also take care of account management, regulation and so forth.
Instant Payments allow for payments to be processed in real-time, typically within 10 seconds. While they provide benefits like convenience and the ability to pay without cards, their disruptive potential is uncertain as existing payment instruments also work well. Adoption depends on triggers for users and use cases with enough volume and value. Banks face challenges implementing Instant Payments due to costs of upgrading systems while non-banks have opportunities. For Instant Payments to succeed, the focus needs to be on the customer experience and specific high-value use cases, with cooperation across the industry to improve efficiency of infrastructure.
Paypal Tutorial: How to Open and Set- Up Your AccountRea A.
This document provides a tutorial on how to use Paypal in 3 parts. Part 1 explains how to open a Paypal account. Part 2 describes the different sections of the Paypal online account dashboard. Part 3 breaks down the "My Account" toolbar and its subheadings for overview, withdraw, history, and profile where you can add/edit personal details, bank accounts, cards, and addresses.
Matteopanfilo presented on key performance indicators (KPIs) and metrics for businesses. He discussed different metrics that can be used depending on the type of business, such as number of homes with high-definition pictures for Airbnb or cost per acquisition for ecommerce sites. He then covered funnels, cohort analysis to measure customer behavior over time, churn rates, A/B testing to optimize websites and emails, analyzing source channels like email marketing, and using customer relationship management (CRM) systems to interact with customers. The presentation provided an overview of important analytics concepts for measuring business performance.
This document provides an overview of SafexPay's white label payment gateway proposal. It discusses SafexPay's team experience, technology platform, certifications, and the services it offers including a payment gateway, wallet platform, payout platform, and business app. It also covers transaction flows, integration types, security features, settlement processes, payment methods, modules, risk management, and advanced features. The document highlights advantages for white label partners, merchants, and WL partners in working with SafexPay and why SafexPay is a good choice due to its scalable and configurable platform, multi-channel capabilities, and focus on innovation.
figo Banking API: A Banking Service Provider for FinTech StartupsLars Markull
figo is offering a quick and easy to implement banking API. With our API our partners can implement financial sources into their service and make use of it in very different ways. We are defining ourselves as a Banking Service Provider: our offering is not just the banking API but we also take care of account management, regulation and so forth.
Instant Payments allow for payments to be processed in real-time, typically within 10 seconds. While they provide benefits like convenience and the ability to pay without cards, their disruptive potential is uncertain as existing payment instruments also work well. Adoption depends on triggers for users and use cases with enough volume and value. Banks face challenges implementing Instant Payments due to costs of upgrading systems while non-banks have opportunities. For Instant Payments to succeed, the focus needs to be on the customer experience and specific high-value use cases, with cooperation across the industry to improve efficiency of infrastructure.
The document discusses online payments and security gateways. It describes how online payments work, involving the transfer of money electronically over computer networks and the internet. It outlines the online payment process, including customers making purchases from merchants, verification of accounts by clearinghouses, and crediting of funds. It also discusses online banking, security measures like SSL, and the roles of payment gateways in transmitting transaction data between customers, merchants and financial institutions.
Successful Cashless Societies and how the rest are set to Emulate this Model ...Shift Conference
Settle is a mobile payments platform that allows users to send and receive money, pay merchants, access loyalty programs, and more. It aims to digitize payments and drive financial inclusion. Settle provides a fully managed payments solution for businesses, consumers, acquirers, and issuers. It is built on Auka's multi-award winning payments technology and removes costs and complexity for partners while facilitating an entire ecosystem where all parties benefit.
Reducing complexity of cash app in europe with aiEmagia
The document discusses using AI to improve cash application processes in Europe. It notes that cash application in Europe faces unique challenges compared to North America due to factors like multiple currencies and languages. The document proposes using AI-enhanced intelligent document processing and AI digital assistants to automate tasks like extracting remittance data from various sources and automatically applying payments to invoices. This could increase cash application hit rates from 45% to 85-90% while reducing costs. A customer success story is provided of a company that achieved these benefits through an AI-powered digital receivables platform.
The document discusses electronic documents (eDocs) for brokers. It provides definitions of eDocs and summarizes surveys of brokers and carriers on their use of paper vs electronic documents. Key findings are that most brokers now prefer eDocs over paper, but some still rely on paper due to workflow issues or lack of carrier support. The benefits of eDocs include increased efficiency and reduced costs. Carriers are increasingly offering eDocs and more plan to do so. Successful implementation of eDocs requires planning, training staff on new workflows, and troubleshooting any technical issues.
An Experience Report on Applying Passive Learning in a Large-Scale Payment Co...Rick Wieman
Slides from my paper presentation at ICSME 2017 (Industry Track).
Abstract: Passive learning techniques infer graph models on the behavior of a system from large trace logs. The research community has been dedicating great effort in making passive learning techniques more scalable and ready to use by industry. However, there is still a lack of empirical knowledge on the usefulness and applicability of such techniques in large scale real systems. To that aim, we conducted action research over nine months in a large payment company. Throughout this period, we iteratively applied passive learning techniques with the goal of revealing useful information to the development team. In each iteration, we discussed the findings and challenges to the expert developer of the company, and we improved our tools accordingly. In this paper, we present evidence that passive learning can indeed support development teams, a set of lessons we learned during our experience, a proposed guide to facilitate its adoption, and current research challenges.
Know The Reason Why eCheck Payment Processing Is RisingPaycron
Many big companies in the US are searching for ways to streamline the payment process and even improve the customer transaction experience by adopting the eCheck payment processing system. Read PDF to know more!
EML offers payment optimization solutions to large corporations, processing billions of dollars in payments annually. Payment optimization involves creating a holistic payment strategy to generate revenue, reduce costs, and improve controls. Key aspects include supplier enablement through customized enrollment campaigns, ongoing support, and reporting to clients on enrollment and payment activity. The presentation encourages attendees to contact EML to discuss how payment optimization could benefit their organization.
This document discusses mobile payments and analyzes Apple Pay. It provides background on early mobile payment solutions from 2000-2014 that failed to gain traction. It then summarizes how Apple Pay works, including using Touch ID for authentication and storing card details securely on devices. The document also discusses Apple Pay's potential business model of charging a 0.15% cut of transaction values and how it relies on existing payment networks and processors rather than creating a new ecosystem.
Hello! VEBTECH team creates solutions that develop your business. 200+ certified developers with 25 years of experience in FinTech. We are strong in:
• Website, platform, and mobile application development
• BPM (PEGA, Zendesk)
• Blockchain solutions
• Cybersecurity (Red Team)
• IT - Monitoring
SafexPay unique product offerings are advanced Integration API for best success ratios, Dynamic Currency Conversion (DCC), Push Response Technology, Dynamic Switching, Retry options, Advanced Analytics, Recurring Payments, Multiple Currency Options, Omni-Channel Offering, E-Wallet M-commerce etc. SafexPay aims to build digital payments businesses and platforms- Encompassing payment gateways, payment aggregation (through a PSP setup), mobile wallets , White-Label Solutions as well as to provide value added services in the payments domain to consumers, merchants, banks and financial institutions across the globe
INTERFACE, by apidays - The UK Open Banking Storyapidays
INTERFACE, by apidays - APIs: the next 10 years
June 8, 9 & 10 2022
The story of API In Open Banking UK
Chris Michael, Co-founder & CEO at OzoneAPI
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
This document provides an overview and demonstration of online tenant payments through AppFolio's online payment portal. It discusses the different payment options tenants have including eCheck, credit/debit card, and electronic cash payments. It also covers how to activate tenant portals, track online payments in AppFolio, and resources for additional training. The presentation includes a demonstration of sending portal activations, making an online payment, and viewing payment reports.
Microix Requisition Module for Abila MIPNet at Work
The document summarizes a webinar about Microix's Requisition Module that integrates with Abila MIP Fund Accounting. It discusses how the module transforms the purchasing process with multi-level approvals, budget checking, and electronic document attachment. It then demonstrates the module's features like approval workflows, system alerts, and optional mobile and web access. The presentation lasts around 50 minutes with 10 minutes for questions.
Core4VoIP is a secure VoIP billing application which empowers service providers with all necessary tools to successfully operate the complete telecom business. This android version of Core4VoIP billing is to manage and monitor child resellers and clients. The application works over any data network and Wi-Fi connecting your android smart phone and tablets
This document provides an overview of e-commerce, including its advantages and disadvantages. It discusses various e-commerce models like B2B, C2C, and M-commerce. It also examines the international and Indian e-commerce scenarios, highlighting growth rates, most popular purchase categories, and key drivers of growth in India like rising disposable income and improved payment systems. The document outlines opportunities in e-business and e-commerce integration in India. It also discusses challenges like privacy, security, and integrating e-commerce. It examines Indian laws governing e-commerce and payment methods used. Finally, it touches on risks to e-commerce businesses and ways to mitigate such risks.
Modernizing cash application with the 3A's automation analytics and AIEmagia
Modernizing cash application with the 3A's automation analytics and AI
https://www.emagia.com/modernizing-cash-application-with-the-3as-automation-analytics-and-ai/
Although the EMV migration deadline has long come and gone, there are still several industry players who have yet to implement it. In this recorded webinar, Ingenico Group’s Allen Friedman, Ingenico Mobile Solutions' Andrew Molloy and AZ Payments Group's Rick Oglesby discuss:
- Current state of EMV migration in the U.S.
- 7 Ways Businesses can make EMV migration easier for merchants
Watch the recorded webinar - https://event.webcasts.com/viewer/event.jsp?ei=1106146
Security and Authentication at a Low CostDonald Malloy
Online security, strong authentication and One time Password technology has been too expensive for too long. Open source using OATH algorithms provide security without being prohibitively expensive.
The document summarizes IBM Payments Gateway, a payment processing solution that allows merchants to accept more payment options. It discusses how evolving customer preferences are changing payments and creating challenges for merchants. IBM Payments Gateway aims to help merchants overcome issues like cart abandonment by offering over 170 payment methods across devices and channels. It also helps streamline reconciliation and reduce costs through features like automated payment routing and fraud analysis. The solution is deployed globally and used by various industries to improve sales and customer experiences.
Can ML help software developers? (TEQnation 2022)Maurício Aniche
We all have heard of the amazing things Machine Learning can do. It can drive cars, it can detect whether people are using safe equipments, it can play games. But... can it help software developers in, say, find bugs or refactor code?
In this talk, I'll go through the different research projects I was involved in the area. I'll show that machine learning models can, in fact, learn a lot about how we develop software, and recommend interesting things to developers. In particular, I'll talk about models that recommend refactoring (done together with ING), models that find bugs and models that recommend which methods to log (both done together with Adyen).
You don't need to be an expert in machine learning to follow this talk.
The document discusses online payments and security gateways. It describes how online payments work, involving the transfer of money electronically over computer networks and the internet. It outlines the online payment process, including customers making purchases from merchants, verification of accounts by clearinghouses, and crediting of funds. It also discusses online banking, security measures like SSL, and the roles of payment gateways in transmitting transaction data between customers, merchants and financial institutions.
Successful Cashless Societies and how the rest are set to Emulate this Model ...Shift Conference
Settle is a mobile payments platform that allows users to send and receive money, pay merchants, access loyalty programs, and more. It aims to digitize payments and drive financial inclusion. Settle provides a fully managed payments solution for businesses, consumers, acquirers, and issuers. It is built on Auka's multi-award winning payments technology and removes costs and complexity for partners while facilitating an entire ecosystem where all parties benefit.
Reducing complexity of cash app in europe with aiEmagia
The document discusses using AI to improve cash application processes in Europe. It notes that cash application in Europe faces unique challenges compared to North America due to factors like multiple currencies and languages. The document proposes using AI-enhanced intelligent document processing and AI digital assistants to automate tasks like extracting remittance data from various sources and automatically applying payments to invoices. This could increase cash application hit rates from 45% to 85-90% while reducing costs. A customer success story is provided of a company that achieved these benefits through an AI-powered digital receivables platform.
The document discusses electronic documents (eDocs) for brokers. It provides definitions of eDocs and summarizes surveys of brokers and carriers on their use of paper vs electronic documents. Key findings are that most brokers now prefer eDocs over paper, but some still rely on paper due to workflow issues or lack of carrier support. The benefits of eDocs include increased efficiency and reduced costs. Carriers are increasingly offering eDocs and more plan to do so. Successful implementation of eDocs requires planning, training staff on new workflows, and troubleshooting any technical issues.
An Experience Report on Applying Passive Learning in a Large-Scale Payment Co...Rick Wieman
Slides from my paper presentation at ICSME 2017 (Industry Track).
Abstract: Passive learning techniques infer graph models on the behavior of a system from large trace logs. The research community has been dedicating great effort in making passive learning techniques more scalable and ready to use by industry. However, there is still a lack of empirical knowledge on the usefulness and applicability of such techniques in large scale real systems. To that aim, we conducted action research over nine months in a large payment company. Throughout this period, we iteratively applied passive learning techniques with the goal of revealing useful information to the development team. In each iteration, we discussed the findings and challenges to the expert developer of the company, and we improved our tools accordingly. In this paper, we present evidence that passive learning can indeed support development teams, a set of lessons we learned during our experience, a proposed guide to facilitate its adoption, and current research challenges.
Know The Reason Why eCheck Payment Processing Is RisingPaycron
Many big companies in the US are searching for ways to streamline the payment process and even improve the customer transaction experience by adopting the eCheck payment processing system. Read PDF to know more!
EML offers payment optimization solutions to large corporations, processing billions of dollars in payments annually. Payment optimization involves creating a holistic payment strategy to generate revenue, reduce costs, and improve controls. Key aspects include supplier enablement through customized enrollment campaigns, ongoing support, and reporting to clients on enrollment and payment activity. The presentation encourages attendees to contact EML to discuss how payment optimization could benefit their organization.
This document discusses mobile payments and analyzes Apple Pay. It provides background on early mobile payment solutions from 2000-2014 that failed to gain traction. It then summarizes how Apple Pay works, including using Touch ID for authentication and storing card details securely on devices. The document also discusses Apple Pay's potential business model of charging a 0.15% cut of transaction values and how it relies on existing payment networks and processors rather than creating a new ecosystem.
Hello! VEBTECH team creates solutions that develop your business. 200+ certified developers with 25 years of experience in FinTech. We are strong in:
• Website, platform, and mobile application development
• BPM (PEGA, Zendesk)
• Blockchain solutions
• Cybersecurity (Red Team)
• IT - Monitoring
SafexPay unique product offerings are advanced Integration API for best success ratios, Dynamic Currency Conversion (DCC), Push Response Technology, Dynamic Switching, Retry options, Advanced Analytics, Recurring Payments, Multiple Currency Options, Omni-Channel Offering, E-Wallet M-commerce etc. SafexPay aims to build digital payments businesses and platforms- Encompassing payment gateways, payment aggregation (through a PSP setup), mobile wallets , White-Label Solutions as well as to provide value added services in the payments domain to consumers, merchants, banks and financial institutions across the globe
INTERFACE, by apidays - The UK Open Banking Storyapidays
INTERFACE, by apidays - APIs: the next 10 years
June 8, 9 & 10 2022
The story of API In Open Banking UK
Chris Michael, Co-founder & CEO at OzoneAPI
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
This document provides an overview and demonstration of online tenant payments through AppFolio's online payment portal. It discusses the different payment options tenants have including eCheck, credit/debit card, and electronic cash payments. It also covers how to activate tenant portals, track online payments in AppFolio, and resources for additional training. The presentation includes a demonstration of sending portal activations, making an online payment, and viewing payment reports.
Microix Requisition Module for Abila MIPNet at Work
The document summarizes a webinar about Microix's Requisition Module that integrates with Abila MIP Fund Accounting. It discusses how the module transforms the purchasing process with multi-level approvals, budget checking, and electronic document attachment. It then demonstrates the module's features like approval workflows, system alerts, and optional mobile and web access. The presentation lasts around 50 minutes with 10 minutes for questions.
Core4VoIP is a secure VoIP billing application which empowers service providers with all necessary tools to successfully operate the complete telecom business. This android version of Core4VoIP billing is to manage and monitor child resellers and clients. The application works over any data network and Wi-Fi connecting your android smart phone and tablets
This document provides an overview of e-commerce, including its advantages and disadvantages. It discusses various e-commerce models like B2B, C2C, and M-commerce. It also examines the international and Indian e-commerce scenarios, highlighting growth rates, most popular purchase categories, and key drivers of growth in India like rising disposable income and improved payment systems. The document outlines opportunities in e-business and e-commerce integration in India. It also discusses challenges like privacy, security, and integrating e-commerce. It examines Indian laws governing e-commerce and payment methods used. Finally, it touches on risks to e-commerce businesses and ways to mitigate such risks.
Modernizing cash application with the 3A's automation analytics and AIEmagia
Modernizing cash application with the 3A's automation analytics and AI
https://www.emagia.com/modernizing-cash-application-with-the-3as-automation-analytics-and-ai/
Although the EMV migration deadline has long come and gone, there are still several industry players who have yet to implement it. In this recorded webinar, Ingenico Group’s Allen Friedman, Ingenico Mobile Solutions' Andrew Molloy and AZ Payments Group's Rick Oglesby discuss:
- Current state of EMV migration in the U.S.
- 7 Ways Businesses can make EMV migration easier for merchants
Watch the recorded webinar - https://event.webcasts.com/viewer/event.jsp?ei=1106146
Security and Authentication at a Low CostDonald Malloy
Online security, strong authentication and One time Password technology has been too expensive for too long. Open source using OATH algorithms provide security without being prohibitively expensive.
The document summarizes IBM Payments Gateway, a payment processing solution that allows merchants to accept more payment options. It discusses how evolving customer preferences are changing payments and creating challenges for merchants. IBM Payments Gateway aims to help merchants overcome issues like cart abandonment by offering over 170 payment methods across devices and channels. It also helps streamline reconciliation and reduce costs through features like automated payment routing and fraud analysis. The solution is deployed globally and used by various industries to improve sales and customer experiences.
Similar to Software Testing with Caipirinhas and Stroopwafels (20)
Can ML help software developers? (TEQnation 2022)Maurício Aniche
We all have heard of the amazing things Machine Learning can do. It can drive cars, it can detect whether people are using safe equipments, it can play games. But... can it help software developers in, say, find bugs or refactor code?
In this talk, I'll go through the different research projects I was involved in the area. I'll show that machine learning models can, in fact, learn a lot about how we develop software, and recommend interesting things to developers. In particular, I'll talk about models that recommend refactoring (done together with ING), models that find bugs and models that recommend which methods to log (both done together with Adyen).
You don't need to be an expert in machine learning to follow this talk.
Code smells in MVC applications (Dutch Spring meetup)Maurício Aniche
The document discusses code smells that are specific to Model-View-Controller (MVC) architecture. It identifies several smells including Promiscuous Controller, Brain Controller, Meddling Service, Brain Repository, and Fat Repository. The document then discusses strategies for detecting these smells and benchmarks results for detecting smells in controllers. It also discusses challenges in measuring code attributes and finding the right place for data access objects and database queries.
This document discusses code quality in MVC systems and strategies for improvement. It describes analyzing 60k-110k lines of Java code to measure metrics like coupling and benchmarking controllers. The document outlines a catalogue of specific smells in MVC architectures and validated research on improperly placed database queries and data access object methods. It proposes moving queries to the correct place and improving test code stability with patterns to reduce rewriting.
A Validated Set of Smells for MVC Architectures - ICSME 2016Maurício Aniche
This document presents research into identifying code smells that are specific to Model-View-Controller (MVC) architectures. Through interviews and surveys with 50 developers, the researchers identified 6 smells related to common problems in MVC controller, service, and repository classes. An empirical study found that classes affected by these smells tended to be more change- and defect-prone, and developers perceived classes with these smells as problematic. The researchers validated a catalogue of 6 MVC-specific code smells.
SATT: Tailoring Code Metric Thresholds for Different Software Architectures (...Maurício Aniche
1. The document presents a technique called SATT (Software Architecture-based Threshold Tailoring) that tailors code metric thresholds to different software architectures.
2. SATT works by ordering classes by their metric values, weighting them based on their size, aggregating the weights to extract thresholds at certain points, and defining thresholds specific to architectural roles whose metrics differ significantly from other classes.
3. The study applies SATT to projects using common architectures like MVC and finds that architectural roles do have significantly different metric value distributions compared to other classes, which can be explained by their specialized responsibilities. SATT improves over benchmark-based techniques by setting role-specific thresholds.
DNAD 2015 - Métricas de código, pra que te quero?Maurício Aniche
O documento discute métricas de código e como elas podem ser usadas para melhorar a qualidade do código e identificar problemas. Ele menciona métricas como tamanho de métodos e classes, complexidade ciclomática, coesão e acoplamento. Também discute visualizações de código e como métricas podem ser correlacionadas com bugs e manutenção do código.
Como eu aprendi que testar software é importante?Maurício Aniche
O documento discute a importância de testes de software, relatando a experiência do autor. Ele aprendeu sobre testes ao longo de sua carreira na faculdade e em várias empresas, onde testes automatizados ajudaram a evitar problemas. O autor também fornece dicas valiosas sobre estudos e carreira para desenvolvedores de software.
Proposta: Métricas e Heurísticas para Detecção de Problemas em Aplicações WebMaurício Aniche
Proposta de pesquisa apresentada no encontro do NAPSoL em São Carlos, 2014: Proposta: Métricas e Heurísticas para Detecção de Problemas em Aplicações Web
O documento discute as vantagens e desafios da prática de Test-Driven Development (TDD). A prática de TDD pode melhorar a qualidade do código e do projeto de classes, mas não garante esses resultados automaticamente. Os desenvolvedores precisam estar atentos aos feedbacks dos testes para refatorar o código continuamente e melhorar o projeto.
O que estamos temos feito com mineração de repositório de código no IME?Maurício Aniche
O documento discute mineração de repositórios de código. Apresenta o grupo de pesquisa e seus interesses em aspectos sociais de código aberto, dependências lógicas, dívida técnica e ferramentas usadas como script R, metricminer e medidas de qualidade de código. Também discute desafios da área como falta de organização de dados e dificuldade em demonstrar valor para a indústria.
MetricMiner is a web application that aims to support researchers in mining software repositories by automating common tasks like downloading source code, extracting metrics, and performing calculations. It was created to make the process easier and potentially leverage cloud computing. The developers validated the tool by replicating a previous study with MetricMiner accessing over 250 projects and 500,000 commits, compared to the original study of 1 project and 800 commits. Future work includes improving the interface, scalability, and collecting more data.
Does the Act of Refactoring Really Make Code Simpler? A Preliminary Study - W...Maurício Aniche
Este estudo investigou se a refatoração de código realmente simplifica o código, medindo a complexidade ciclomática antes e depois das refatorações. A análise de 500 mil commits de 256 projetos Java mostrou que a refatoração nem sempre reduz a complexidade ciclomática. Uma análise qualitativa indicou que as refatorações melhoram principalmente a legibilidade do código.
[TDC 2014] Métricas de código, pra que te quero?Maurício Aniche
O documento discute a importância de métricas de código e como elas podem ser usadas para melhorar a qualidade do software e do processo de desenvolvimento. Algumas métricas mencionadas incluem tamanho de métodos e classes, complexidade ciclomática, coesão, acoplamento e estabilidade. As métricas fornecem insights sobre onde focar os esforços de refatoração e melhoria contínua.
Code coverage for MSR Researches [Work in Progress]Maurício Aniche
The document discusses code coverage analysis and proposes a static analysis technique to estimate code coverage. It calculates method-level and class-level coverage using McCabe's complexity metric and test method counts. The technique is compared to the dynamic analysis tool Emma, finding differences of 25-30% on average. While fast, static analysis has disadvantages like being heuristic-based and having difficulty handling inheritance and polymorphism.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
4. 🇳🇱 Jeroen Castelein
🇮🇷 Mozhan Soltani 🇮🇹 Annibale Panichella
🇳🇱 Joop Aué 🇳🇱 Maikel Lobbezoo 🇳🇱 Rick Wieman
🇳🇱 Sicco Verwer
🇳🇱 Felienne Hermans 🇮🇹 Davide Spadini🇮🇹 🇨🇭 Alberto Bacchelli
🇳🇱 Arie van DeursenKristín Fjóla
🇳🇱 Peter Evers
5. How to make sure your software
works?
Software testing!
More:
• Log analytics
• Static analysis
And more:
• Test generation
• Code review
• Test code quality
• Production code quality
8. One Billion Log Lines a Day:
Monitoring using the ELK Stack
• Logstash: Unify different logging sources
• Elastic Search: Search and filter large log data
• Kibana: Visual interactive dashboard
Image credit: www.neteye-blog.com
9. Poll: Java Exceptions in a Payment
System
Your payment system in production generates 1
billion log lines per day. How many errors / warnings
with exceptions do you expect to see?
A. None. “We have a zero exception policy.”
B. 1 Thousand. “Some exceptions are unavoidable.”
C. 1 Million. “Most exceptions are harmless.”
D. 1 Billion. “We only log errors and exceptions.”
Adyen, Nov 2016:
~1,000,000 per
day
10. Logness: Extract, Cluster, Tag
• Extract features:
• application name, class name, exception
• Remove details:
• literal numbers, (encryption) hashes
• Cluster:
• Same payment identifier in 15min window
• Same features
• longest common substring above threshold
• Tag as severe, known (monitored, bug), and
unknown
Peter Evers, Maurício Aniche, Arie van Deursen, Maikel Lobbezoo.
Finding Relevant Errors in Massive Payment Log Data. TU Delft, 2017, in preparation.
1,000,000
err log lines
-->
250
exception clusters
11. Issues Found in Research Period
First credit cards
starting with 95 and
with 19 digits:
long overflow!
Merchant configuration error.
All payments stalled.
Discovered before being
noticed by merchant
Firewall configuration
problem: Server unreachable.
Discovered before merchants
were assigned to this server
Server update incompatible with
legacy point of sale terminals.
Customer could buy, but merchant
received no money. IOException
triggered.
12. Complex API Integration
• Payment APIs are complex
• Integration faults are easily made
• Merchant needs assistance with API
usage
• Merchant may not notice mistakes
• 2.5M http error responses per month
• What can we learn from them?
12
13. 2.5M Errors to 69 Fault Cases
FC12
Contract not found
Replication latency.
FC24
iDEAL
communication error
FC42
Invalid paRes
from issuer
FC1
ApplePay token
amount-mismatch
FC5
Billing address
problem (Country 0)
FC62
Unable to
decrypt data
FC14
Could not read
XML stream.
FC15
Couldn’t parse
expiry year
Joop Aué, Maurício Aniche, Arie van Deursen, Maikel Lobbezoo
An Exploratory Study on Faults in Web API Integration in a Large-Scale Payment Company . TU Delft, 2017. Submitted.
14. 11 Common Causes for API Error
Reponses
Integrators are definitely the main responsible for API integration problems!
15. API Integration Recommendations
• API Consumer:
• Actually handle all error codes returned by provider
• API Producer:
• Document which error codes can be returned under what
circumstances
• Offer easy-to-use test harness for integrations created by
consumers
• Make explicit which error codes are ‘retriable’
• Enrich returned error codes with actionable info (for
consumer or end user)
• Offer Error Dashboard for API consumer offering live insight in
error handling
• API Researcher:
• Rethink API usability in this context
17. Point of sale terminal variability
• Card brands
• Card entry modes
(chip, swipe, contactless)
• Currency conversion
• Loyalty points
• Validation type (pin, signature)
• Issuer responses
(declined, insufficient balance)
• Cancellations
(shopper, merchant)
18. Passive learning
Identifying system behavior from observations,
and representing it in the smallest possible model.
20170101160001 Adyen version: ******
20170101160002 Starting TX/amt=10001/currency=978
20170101160003 Starting EMV
20170101160004 EMV started
20170101160005 Magswipe opened
20170101160006 CTLS started
20170101160007 Transaction initialised
20170101160008 Run TX as EMV transaction
20170101160009 Application selected app:******
20170101160010 read_application_data succeeded
20170101160011 data_authentication succeeded
20170101160012 validate 0
20170101160013 DCC rejected
20170101160014 terminal_risk_management succeeded
20170101160015 verify_card_holder succeeded
20170101160016 generate_first_ac succeeded
20170101160017 Authorizing online
20170101160018 Data returned by the host succeeded
20170101160019 Transaction authorized by card
20170101160020 Approved receipt printed
20170101160021 pos_result_code:APPROVED
20170101160022 Final status: Approved
20170101160001 Adyen version: ******
20170101160002 Starting TX/amt=10001/currency=978
20170101160003 Starting EMV
20170101160004 EMV started
20170101160005 Magswipe opened
20170101160006 CTLS started
20170101160007 Transaction initialised
20170101160008 Run TX as EMV transaction
20170101160009 Application selected app:******
20170101160010 read_application_data succeeded
20170101160011 data_authentication succeeded
20170101160012 validate 0
20170101160013 DCC rejected
20170101160014 terminal_risk_management succeeded
20170101160015 verify_card_holder succeeded
20170101160016 generate_first_ac succeeded
20170101160017 Authorizing online
20170101160018 Data returned by the host succeeded
20170101160019 Transaction authorized by card
20170101160020 Approved receipt printed
20170101160021 pos_result_code:APPROVED
20170101160022 Final status: Approved
20170101160001 Adyen version: ******
20170101160002 Starting TX/amt=10001/currency=978
20170101160003 Starting EMV
20170101160004 EMV started
20170101160005 Magswipe opened
20170101160006 CTLS started
20170101160007 Transaction initialised
20170101160008 Run TX as EMV transaction
20170101160009 Application selected app:******
20170101160010 read_application_data succeeded
20170101160011 data_authentication succeeded
20170101160012 validate 0
20170101160013 DCC rejected
20170101160014 terminal_risk_management succeeded
20170101160015 verify_card_holder succeeded
20170101160016 generate_first_ac succeeded
20170101160017 Authorizing online
20170101160018 Data returned by the host succeeded
20170101160019 Transaction authorized by card
20170101160020 Approved receipt printed
20170101160021 pos_result_code:APPROVED
20170101160022 Final status: Approved
20170101160001 Adyen version: ******
20170101160002 Starting TX/amt=10001/currency=978
20170101160003 Starting EMV
20170101160004 EMV started
20170101160005 Magswipe opened
20170101160006 CTLS started
20170101160007 Transaction initialised
20170101160008 Run TX as EMV transaction
20170101160009 Application selected app:******
20170101160010 read_application_data succeeded
20170101160011 data_authentication succeeded
20170101160012 validate 0
20170101160013 DCC rejected
20170101160014 terminal_risk_management succeeded
20170101160015 verify_card_holder succeeded
20170101160016 generate_first_ac succeeded
20170101160017 Authorizing online
20170101160018 Data returned by the host succeeded
20170101160019 Transaction authorized by card
20170101160020 Approved receipt printed
20170101160021 pos_result_code:APPROVED
20170101160022 Final status: Approved
20170101160001 Adyen version: ******
20170101160002 Starting TX/amt=10001/currency=978
20170101160003 Starting EMV
20170101160004 EMV started
20170101160005 Magswipe opened
20170101160006 CTLS started
20170101160007 Transaction initialised
20170101160008 Run TX as EMV transaction
20170101160009 Application selected app:******
20170101160010 read_application_data succeeded
20170101160011 data_authentication succeeded
20170101160012 validate 0
20170101160013 DCC rejected
20170101160014 terminal_risk_management succeeded
20170101160015 verify_card_holder succeeded
20170101160016 generate_first_ac succeeded
20170101160017 Authorizing online
20170101160018 Data returned by the host succeeded
20170101160019 Transaction authorized by card
20170101160020 Approved receipt printed
20170101160021 pos_result_code:APPROVED
20170101160022 Final status: Approved
Rick Wieman, Maurício Aniche, Willem Lobbezoo, Sicco Verwer and Arie van Deursen.
An Experience Report on Applying Passive Learning in a Large-Scale Payment Company. ICSME Industry Track, 2017
https://automatonlearning.net/
DFASAT / FlexFringe
Heule & Verwer, ICGI 2010
19. Use Inferred Models to Analyze:
Bugs in Test Phase
• Terminal asked for PIN
• AND asked for signature
• Domain expert noted this unwanted
behavior in inferred model.
• Fixed before it went into production
20. Use Inferred Models to Analyze:
Differences Between Card Brands
Twice as many chip errors
Informed
merchant
about issue.
21. Use Inferred Models to Analyze:
Time out problems
Timeout
Improved
performance under
network instability
by adding targeted
retry mechanism
22.
23. Log Analysis in Research
1. Abstraction Seeing the bigger picture
2. Detection Finding errors and anomalies
3. Enhancing More effective logging practices
4. Parsing Extracting message templates
5. Modeling Message ordering and protocols
6. Scaling Dealing with many many logs
7. Visualizing Put the eyes to use
Joop Aué, Maurício Aniche, Arie van Deursen.
Log Analysis from A-Z: A Literature Survey. TU Delft, 2017, in preparation.
Identified 73
core papers.
Venues:
SIGOPS SOSP
ACM TOCS
Usenix WASL
Usenix OSDI
IEEE ISSRE
ICSE
24. Testing can be hard…
• Lack of testability.
• Hard to think about all the
corner cases.
• You never know if your tests
are good enough.
25. Fraser, Gordon, and Andrea Arcuri. "Evosuite: automatic test suite generation for object-oriented software." Proceedings of
the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering. ACM, 2011.
26. SQL
Query
SELECT Name
FROM Product
WHERE Price > 20
Name Price
Towel 15
Lawn mower 40
1kg Caviar 900
Coffee cup 1
Name Price
Towel 15
Lawn mower 40
1kg Caviar 900
Coffee cup 1
Database
Table: Product
Output
Name
Lawn mower
1kg Caviar
27. Testing SQL
Query
SELECT Name
FROM Product
WHERE Price > 20
Name Price
- 19
- 20
- 21
Test Database
Table: Product
Coverage Criterion
1. False
Price = 19
2. Boundary
Price = 20
3. True
Price = 21
28. Testing SQL
Query
SELECT *
FROM `account`
LEFT JOIN `user` AS `assignedUser` ON account.assigned_user_id = assigneduser.id
LEFT JOIN `user` AS `modifiedBy` ON account.modified_by_id = modifiedby.id
LEFT JOIN `user` AS `createdBy` ON account.created_by_id = createdby.id
LEFT JOIN `entity_email_address` AS `emailAddressesMiddle`
ON account.id = emailaddressesmiddle.entity_id
AND emailaddressesmiddle.deleted = '0'
AND emailaddressesmiddle.primary = '1'
AND emailaddressesmiddle.entity_type = 'Account'
LEFT JOIN `email_address` AS `emailAddresses`
ON emailaddresses.id = emailaddressesmiddle.email_address_id
AND emailaddresses.deleted = '0'
LEFT JOIN `entity_phone_number` AS `phoneNumbersMiddle`
ON account.id = phonenumbersmiddle.entity_id
AND phonenumbersmiddle.deleted = '0'
AND phonenumbersmiddle.primary = '1'
AND phonenumbersmiddle.entity_type = 'Account'
LEFT JOIN `phone_number` AS `phoneNumbers`
ON phonenumbers.id = phonenumbersmiddle.phone_number_id
AND phonenumbers.deleted = '0'
WHERE (( account.name LIKE 'Besha%'
OR account.id IN (SELECT entity_id
FROM entity_email_address
JOIN email_address
ON email_address.id =
entity_email_address.email_address_id
WHERE entity_email_address.deleted = 0
AND entity_email_address.entity_type =
'Account'
AND email_address.deleted = 0
AND email_address.name LIKE 'Besha%') ))
AND account.deleted = '0'
x 42 Coverage Rules
29. Other Approaches
Coverage Rule Query
SELECT Name
FROM Product
WHERE Price = 20
Column Constraints
Name -
Price = 20
Constraint Satisfaction Problem
Coverage Rule Query
SELECT Name
FROM Product
WHERE Price > 50 AND Price < 100
Column Constraints
Name -
Price > 50 and < 100
Constraint Satisfaction Problem
30. Limitations
Subqueries
SELECT Name
FROM Product
WHERE Price < (SELECT MAX(Price) FROM UserPrice WHERE UserId = 1)
String Constraints
SELECT Price
FROM Product
WHERE Name = ‘Towel’ OR Name LIKE ‘%Caviar%’
84% of our evaluation
32. Using a Database
Target Query
SELECT Name
FROM Product
WHERE Price = 20 Name Price
Towel 15
Coffee 4
Table: Product
Dataset 1
Name Price
Caviar 900
Table: Product
Dataset 2
Fitness value: 5 880
>
20 - 15 900 - 20
33. Using a Database
Target Query
SELECT Name
FROM Product
WHERE Price = 20 Name Price
Towel 20
Coffee 4
Table: Product
Dataset 1
Fitness value: 0
20 - 20
34. Using a Database
LEFT JOIN
RIGHT JOIN
INNER JOIN
GROUP BY
EXISTS
HAVING
WHERE
LIKE
MAX SUM
IN
NOT
>=
<>
<=
OR
COUNT
35. MC/DC Coverage on SQL Queries
Javier Tuya, Maria Suarez-Cabal and Claudio de la Riva. Full predicate coverage for testing SQL database queries. Software
Testing, Verification and Reliability, 2010.
47. EvoSQL Evaluation Outcomes
• 100% of targets covered for 98% of the queries
• On average 86% covered for the remaining 2%
• Usually within seconds
• Outperforms biased and random alternatives:
• Biased random can handle 90% of simple queries (< 10
rules)
• Biased random often finds no solution for complex
queries (10+ rules)
51. oWhat do developers
expect from such tools?
Why do they use them?
oHow do they configure
such flexible tools?
oWhat challenges do
developer face?
Kristín Fjóla Tómasdóttir, Maurício Aniche, Arie Van Deursen.
Why and How JavaScript Developers Use Linters. ASE 2017.
The Adoption of JavaScript Linters. TU Delft. In preparation.
52. Interviewing Developers
Goal
- Reasons for using a
linter
- Methods to configure
a linter
- Challenges
Method
- Grounded Theory
- 13 questions
Data
- 15 developers
- Top 120 JS GitHub
projects
52
53. Data
- 86,366 JavaScript
projects
- 9,548 ESLint
configuration files
Analyzing Configuration Files
Goal
- Prevalence of
configurations
- Most common rules
Method
- GHTorrent & Google
BigQuery
- Tool to parse files
54. Surveying Developers
Goal
- Reasons for using a
linter
- Methods to configure
- Most important rules
- Challenges
Method
- Questionnaire
- Open and closed
questions
- Distributed in JS
communities
Data
- 337 responses
- Reddit, Echo JS,
Facebook, Twitter
65. When to mock?
• Infrastructure is often mocked.
• There was no clear trend on domain objects.
• Complicated classes are mocked.
• Classes that are too coupled are mocked.
Davide Spadini, M. Finavaro Aniche, Magiel Bruntink, Alberto Bacchelli.
To Mock or Not To Mock? An Empirical Study on Mocking Practices. MSR 2017.
Mock Objects For Testing Java Systems: Why and How Developers Use Them, and How They Evolve. EMSE. In submission.
66. Mocks are introduced from the
very beginning of the test class!
Davide Spadini, M. Finavaro Aniche, Magiel Bruntink, Alberto Bacchelli.
To Mock or Not To Mock? An Empirical Study on Mocking Practices. MSR 2017.
Mock Objects For Testing Java Systems: Why and How Developers Use Them, and How They Evolve. EMSE. In submission.
67. Challenges
• Dealing with coupling
• Mocking in legacy systems
• Non-testable/Hard-to-test classes
• Untestable dependencies
Davide Spadini, M. Finavaro Aniche, Magiel Bruntink, Alberto Bacchelli.
To Mock or Not To Mock? An Empirical Study on Mocking Practices. MSR 2017.
Mock Objects For Testing Java Systems: Why and How Developers Use Them, and How They Evolve. EMSE. In submission.
68. 50% of changes in a mock occur
because the production code
changed! Coupling is strong!
Davide Spadini, M. Finavaro Aniche, Magiel Bruntink, Alberto Bacchelli.
To Mock or Not To Mock? An Empirical Study on Mocking Practices. MSR 2017.
Mock Objects For Testing Java Systems: Why and How Developers Use Them, and How They Evolve. EMSE. In submission.
70. There’s a correlation between a
complex code and a hard-to-test
code.
Aniche, M., Gerosa, M. “Does test-driven development improve class design? A qualitative study on developers’
perceptions”. Journal of the Brazilian Computer Society.2015, 21:15.
Bruntink, Magiel, and Arie Van Deursen. "Predicting class testability using object-oriented metrics." Fourth IEEE
International Workshop on Source Code Analysis and Manipulation, 2004.
72. How I (Maurício) do the trade-off
Unit tests
Integration tests
System tests
Manual
All business rules should be
tested here.
Avoid at all cost. But do it
when needed.
Complex integrations with
external services.
Main/Risky flow of the app
tested.
You will come up with your own way of thinking!
74. A catalogue
of patterns
For Web Testing Fixture API
ID in HTML
Move Fast, Move Slow
…
Aniche, M., Guerra, E., Gerosa, M. “A Set of Patterns to Improve Code Quality of Automated Functional Tests of Web
Applications”. 21th Conference on Pattern Languages of Programs. 2014.
75. Code review in test files!
Test files are almost 2 times less likely to be discussed
during code review when reviewed together with
production files!!
Davide Spadini, Maurício Aniche, Magiel Bruntink, Margaret-Anne Storey, Alberto Bacchelli. When Testing Meets Code
Review: Why and How Developers Review Tests. ICSE 2018.
76. Code review in test files!
Little on
finding more
bugs!
Davide Spadini, Maurício Aniche, Magiel Bruntink, Margaret-Anne Storey, Alberto Bacchelli. When Testing Meets Code
Review: Why and How Developers Review Tests. ICSE 2018.
77. A main concern of reviewers is
understanding
whether the test covers all the
paths of the production code
and to ensure tests’
maintainability and readability.
Lack of good tooling
support!
79. Common mistakes
Maurício Aniche, Felienne Hermans, Arie van Deursen. An Exploratory Study on Challenges in Software Testing
Education. TU Delft. In submission.
• Test coverage (20.87%)
• Maintainability of test code (20.42%)
• Understanding test concepts (15.35%)
• Boundary testing (12.95%)
• State-based testing (12.39%)
• Assertions (8.93%)
• Mock Objects (5.87%)
• Tools (4.21%)
80. Difficult topics
Maurício Aniche, Felienne Hermans, Arie van Deursen. An Exploratory Study on Challenges in Software Testing
Education. TU Delft. In submission.
81. How to Learn?
Maurício Aniche, Felienne Hermans, Arie van Deursen. An Exploratory Study on Challenges in Software Testing
Education. TU Delft. In submission.
Peopledonotlikebooksandpapers…
82. Challenges
Maurício Aniche, Felienne Hermans, Arie van Deursen. An Exploratory Study on Challenges in Software Testing
Education. TU Delft. In submission.
• Apply tools and techniques for the first time.
• How, what, and how much to test.
• Understanding the system under test.
• Motivation and experience.
• Software testing theory.
• Testability mindset.
83. The majority of projects and users [from 416
participants and 1,337,872 intervals] do not practice
testing actively.
We should change it.
Moritz Beller, Georgios Gousios, Annibale Panichella, Andy Zaidman. When, How, and Why Developers (Do Not) Test in Their IDEs. FSE 2015.
84. Topics we discussed today!
• Log Analytics and DevOps
• Web API integration mistakes
• Testing SQL queries
• To Mock or Not To Mock?
• Code review in test files
• Challenges in learning software testing
Maurício Aniche (m.f.aniche@tudelft.nl / @mauricioaniche)
Editor's Notes
Directe tenured collega’s: Georgios, Andy, Felienne, Alberto
Four former msc students now working in industry, 2 phds, 1 postdoc, one former msc student now working in academia.
https://emojipedia.org/flag-for-netherlands/
Evt ook STAMP/BSR/NWO/Adyen
Evt ook Michael de Jong, Anthony, Georgios, Peggy, Martin P.
4 roles
System that is operational 7 x 24. Needs a lot of monitoring. So fits our devops setting very well.
At the 2008 Agile Toronto conference, Andrew Shafer and Patrick Debois introduced the term in their talk on "Agile Infrastructure”.
The prototypical devops picture.
Fault tolerance, resilient to load swings.
Culture: Accepting joint responsibility.
https://commons.wikimedia.org/wiki/File:Devops-toolchain.svg
Stages in a devops tool chain.
Release / provision.
One system: One release. Multiple deployments under many different configurations. Think product line.
Operate: Make sure it can be used
Monitor: Learn and improve – close the feedback loop.
IT People: data center focused. Infrastructure management. Infra as code.
Support people: client focused.
Without Borders
In SE research, we focus on the left part: Creation / modification, and verification.
Plan: Decide what feature to add or what issue to fix.
Create: Modify the product as planned
Verify: Automatically test, check it works.
Package: Make the artefact ready for use by other. E.g., npm, maven central, or local nexus server.
Code — code development and review, source code management tools, code merging
Build — continuous integration tools, build status
Test — continuous testing tools that provide feedback on business risks
Package — artifact repository, application pre-deployment staging
Release — change management, release approvals, release automation
Configure — infrastructure configuration and management, Infrastructure as Code tools
Monitor — applications performance monitoring, end–user experience
Logging: Key component of monitoring architecture
System logs, application logs, web server logs, …
Critical, error, warning, info, debug levels
Diagnosis, security, audits, debugging, …
http://www.neteye-blog.com/wp-content/uploads/2014/06/log-logstash-elasticsearch-kibana-flow.png
Precision and Recall around 90%.
Inspects sample of log messages on several days.
Found issues, reported them, and they actually required a fix. Found signal, not noise. Saved money.
Really devops: Mix between operational problems (firewall, configuration) and development (long overflow, backward compatibility).
Approach not very deep. Low hanging fruit. Industry does not care if it is low or high hanging fruit. To collaborate, you need to address the problems.
Paves the way for next collaboration.
Savings: Substantial.
DevOps: Development AND Operations.
Several of these exceptions point to operations problems.
Relatively mundane:
Operations AND development issues.
Not rocket science. Low hanging fruit. If you want to work with industry, you need to solve problems. This earned the credit to take the next steps.
69 cases represent 30% of all error messages, yet 91% of all http errors.
Impacting 1500 of all consumers
End user:
Consumer:
Internal/Provider : FC2, FC12, FC62
Third party: FC24, FC42
FC2: Due to missing response data from a third party payment method, recurring payments for a specific bank and payment method are failing. In this case Adyen resorts to a backup mechanism, which is unsuccessful and causes an internal error.
FC12) “800 - Contract not found” (2): This error is caused by an internal database replication delay. When a recurring contract is created it takes a few minutes to be replicated to the slaves. If the contract is requests before replication the request fails with this error.
FC62) “174 - Unable to decrypt data” (2) : Credit card information encrypted in the shoppers browser is to be decrypted by Adyen. In a limited number of cases this encryption fails with an internal exception, causing this error to be returned.
FC24) “0 - iDEAL communication error”: The select iDEAL bank is not available. This can be because of planned maintenance or a temporary connection problem.
FC42) “105 - Invalid paRes from issuer” (1)
3D secure authorize calls require a payment authorization response from the issuer and a payment session identifier. This error is returned when Adyen tries to process the payment with the issuer, which is unable to process their own payment authorization response.
FC1) “5 001 - ApplePay token amount-mismatch” : one cent difference in amount in request and in ApplePay token.
Double p
Process payment or disablement multiple times in specific settings.
The merchant in this case tries to process a 3D secure payment request multiple times, which results in an error. The API does not handle the error well resulting in an empty response.
Specific authorization request type.
This error occurs when one attempts to disable a shopper contract that has been disabled in the past. The reference associated with the contract thus not found.
rocessing: FC11, FC18, FC69
250 currencies
150 payment methods
Sicco Verwer and Christian Hammerschmidt. flexfringe: a passive automaton learning package
International Colloquium on Grammar Inference
A boundary with the systems community!
Who of you has written papers that should be discussed in such a survey? Great, I want to talk to you!
What is a SQL query
It’s no problem to do this for one simple query. But many, or complex queries soon get awful to do manually. Hence, we need automated test data generation.
What do these other approaches do?
What are their limitations?
What do these other approaches do?
What are their limitations?
Overview of how we use a database
So to overcome the limitations of not being able to solve some SQL constructs, we came up with the idea of using a real database, as it is able to process any SQL query.
From the database, we can extract information during query execution. This information can then be used to find the right data.
Do some examples
So to overcome the limitations of not being able to solve some SQL constructs, we came up with the idea of using a real database, as it is able to process any SQL query.
From the database, we can extract information during query execution. This information can then be used to find the right data.
Do some examples
We use a search-based optimization algorithm to find the solutions in the search space
If we look how many coverage rules are generated by our queries
Most of the queries generate few coverage rules, but there is still quite a number of queries that generate more than 10.
First step: Now working on integrating this in the IDE, and using it for integration testing.