Expediting Programmer AWAREness of Anomalous Code Sarah E. Smith Laurie Williams Jun Xu November 11, 2005.

Slides:

Advertisements

Similar presentations

ICSE Doctoral Symposium | May 21, 2007 Adaptive Ranking Model for Ranking Code-Based Static Analysis Alerts Sarah Smith Heckman Advised by Laurie Williams.

Advertisements

Testing and Quality Assurance

CS527: Advanced Topics in Software Engineering (Software Testing and Analysis) Darko Marinov September 18, 2008.

Automated Software Testing: Test Execution and Review Amritha Muralidharan (axm16u)

ESEM | October 9, 2008 On Establishing a Benchmark for Evaluating Static Analysis Prioritization and Classification Techniques Sarah Heckman and Laurie.

Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.

Daily Tests - SAST March , © Ascom1 Daily Tests of Embedded Systems.

Prioritizing User-session-based Test Cases for Web Applications Testing Sreedevi Sampath, Renne C. Bryce, Gokulanand Viswanath, Vani Kandimalla, A.Gunes.

Static code check – Klocwork

MetriCon 2.0 Correlating Automated Static Analysis Alert Density to Reported Vulnerabilities in Sendmail Michael Gegick, Laurie Williams North Carolina.

SBSE Course 3. EA applications to SE Analysis Design Implementation Testing Reference: Evolutionary Computing in Search-Based Software Engineering Leo.

Roadmap to Continuous Integration Testing and Benefits Gowri Selka, Walgreens Natalie Koltun, Walgreens May 20th, 2014 ©2013 Walgreen Co. All rights reserved.

What causes bugs? Joshua Sunshine. Bug taxonomy Bug components: – Fault/Defect – Error – Failure Bug categories – Post/pre release – Process stage – Hazard.

Chapter 14 Maintaining Information Systems Modern Systems Analysis and Design Seventh Edition Jeffrey A. Hoffer Joey F. George Joseph S. Valacich.

Reliability and Software metrics Done by: Tayeb El Alaoui Software Engineering II Course.

Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.

Michael Ernst, page 1 Improving Test Suites via Operational Abstraction Michael Ernst MIT Lab for Computer Science Joint.

Evaluating the Efficacy of Test-Driven Development: Industrial Case Studies -Joe Finley.

DATA ADDRESS PREDICTION Zohair Hyder Armando Solar-Lezama CS252 – Fall 2003.

1 Software Reuse in Eclipse Kellie-Ann Smith Norgye Yuanyuan Song Xiang Yin Jia Xu.

ISSRE 2006 | November 10, 2006 Automated Adaptive Ranking and Filtering of Static Analysis Alerts Sarah Heckman Laurie Williams November 10, 2006.

Chapter 16 Maintaining Information Systems

Methodology for Architectural Level Reliability Risk Analysis Lalitha Krothapalli CSC 532.

By: Taylor Helsper.  Introduction  Test Driven Development  JUnit  Testing Private Methods  TDD Example  Conclusion.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 27 Slide 1 Quality Management 1.

CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.

CSCE 548 Secure Software Development Risk-Based Security Testing.

University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.

Method comparison: for Situational Method Engineering Mohssen Ali.

System Analysis and Design

Maintaining Information Systems Modern Systems Analysis and Design.

VTT-STUK assessment method for safety evaluation of safety-critical computer based systems - application in BE-SECBS project.

CSCE 548 Code Review. CSCE Farkas2 Reading This lecture: – McGraw: Chapter 4 – Recommended: Best Practices for Peer Code Review,

University of Maryland Bug Driven Bug Finding Chadd Williams.

Cluster Reliability Project ISIS Vanderbilt University.

1 Software Reliability Assurance for Real-time Systems Joel Henry, Ph.D. University of Montana NASA Software Assurance Symposium September 4, 2002.

Software testing Main issues: There are a great many testing techniques Often, only the final code is tested.

Dr. Tom WayCSC Testing and Test-Driven Development CSC 4700 Software Engineering Based on Sommerville slides.

© 2006 ITT Educational Services Inc. System Analysis for Software Engineers: Unit 3 Slide 1 Chapter 16 Maintaining Information Systems.

Software Metrics and Reliability. Definitions According to ANSI, “ Software Reliability is defined as the probability of failure – free software operation.

Debug Concern Navigator Masaru Shiozuka(Kyushu Institute of Technology, Japan) Naoyasu Ubayashi(Kyushu University, Japan) Yasutaka Kamei(Kyushu University,

Program Development Cycle Modern software developers base many of their techniques on traditional approaches to mathematical problem solving. One such.

How to Improve the Safety of Signalling Systems with a Shortened Construction Period in Engineering Construction Projects Gao Guoliang Safety Assurance.

Unit Testing with JUnit and Clover Based on material from: Daniel Amyot JUnit Web site.

Software Metrics Cmpe 550 Fall Software Metrics.

Testing as a Driver for Development Change Wall Street Systems Graham Thomas.

Software Waterfall Life Cycle

Fault Tolerance Benchmarking. 2 Owerview What is Benchmarking? What is Dependability? What is Dependability Benchmarking? What is the relation between.

Architecture Analysis Techniques

“How to Measure the Impact of Specific Development Practices on Fielded Defect Density” by Ann Marie Neufelder Presented by: Feride Padgett.

LOGO TESTING Team 8: 1.Nguyễn Hoàng Khánh 2.Dương Quốc Việt 3.Trang Thế Vinh.

Consensus-based Mining of API Preconditions in Big Code Hoan NguyenRobert DyerTien N. NguyenHridesh Rajan.

Tolerating Communication and Processor Failures in Distributed Real-Time Systems Hamoudi Kalla, Alain Girault and Yves Sorel Grenoble, November 13, 2003.

Extreme Programming. Extreme Programming (XP) Formulated in 1999 by Kent Beck, Ward Cunningham and Ron Jeffries Agile software development methodology.

Survey of Tools to Support Safe Adaptation with Validation Alain Esteva-Ramirez School of Computing and Information Sciences Florida International University.

DevCOP: A Software Certificate Management System for Eclipse Mark Sherriff and Laurie Williams North Carolina State University ISSRE ’06 November 10, 2006.

Chapter 16 Maintaining Information Systems. Objectives:  Explain and contrast four types of system maintenance.  Describe factors affecting maintenance.

SOFTWARE TESTING SOFTWARE TESTING Presented By, C.Jackulin Sugirtha-10mx15 R.Jeyaramar-10mx17K.Kanagalakshmi-10mx20J.A.Linda-10mx25P.B.Vahedha-10mx53.

Static Analysis Introduction Emerson Murphy-Hill.

Chapter 8: Maintenance and Software Evolution Ronald J. Leach Copyright Ronald J. Leach, 1997, 2009, 2014,

ISQB Software Testing Section Meeting 10 Dec 2012.

Methodologies and Algorithms

Software Dependability

CSCE 548 Secure Software Development Risk-Based Security Testing

Dynamo: A Runtime Codesign Environment

CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet

CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet

Progression of Test Categories

Quality Measurable characteristic Cyclomatic complexity Cohesion

Methodology for Architectural Level Reliability Risk Analysis

Presentation transcript:

Expediting Programmer AWAREness of Anomalous Code Sarah E. Smith Laurie Williams Jun Xu November 11, 2005

Contents Motivation Research Objective AWARE –Functional Organization –Alert Ranking and Filtering –Ranking Metrics Evaluation Metrics Progress & Future Work Conclusions

Motivation Faults are detected during testing, code analysis, or after code release. Long fix latency could increase the cost of fault fix. Test-driven development (TDD) involves a programmer writing tests and code in rapid cycles Incorporating static analysis into TDD unit test cycles will increase the scope of faults detected.

Research Objective To enhance test-driven development feedback loops to automatically and continuously provide ranked, prioritized, and filtered alerts to the software engineer on the correctness and security of their code implementation during development.

AWARE Automated Warning Application for Reliability Engineering Builds on Continuous Testing - running test cases using spare processor cycles while programmer continuous development. Combines compilation errors and warnings, static analysis warnings, and test case failures into a ranked listing.

Functional Organization

Alert Ranking and Filtering Rank static analysis and generated test case alerts based on the probability the alert is a true positive Internal ranking adjusted based on programmer feedback –Spam filters

Ranking Metrics Type Accuracy: Categorization of alerts based on observed accuracy of alert type Redundancy Factor: Number of tools that report the same alert Code Locality: Alerts reported by static analysis tools cluster by locality Test Coverage: Areas of high test coverage will have fewer true alerts

Evaluation Metrics

Progress Current Work: –Development of AWARE tool for Eclipse IDE Future Work: –Feasibility study of efficacy of AWARE AWARE plug-in site: –

Conclusions Enhancing TDD should reduce ignorance time and therefore fix time on a larger number of faults than traditional TDD

Questions? Sarah Smith: