面向危险操作的动态符号执行方法

针对缺陷检测的需求,提出了面向危险操作的动态符号执行方法.依据所关注的缺陷类型,定义危险操作及危险操作相关路径,通过计算覆盖不同上下文中危险操作的能力,协助动态符号执行选择高效初始输入,并利用危险操作相关信息引导测试流程.缺陷检测成为定位待测程序内危险操作以及对危险操作相关路径进行检测的过程.实现了面向Linux平台二进制可执行程序的原型系统CrashFinder,实验结果表明,该方法能够更快地发现更多缺陷.     

基于测试成本元素的众包测试缺陷数量估计模型

为实时监控众包测试任务过程从而对任务完成进行评估,针对分布式众包测试过程的不可预测性和测试成本的庞大性,从软件的可靠性出发,基于软件可靠性增长模型提出了一个同时考虑测试人力和测试报告两个测试成本元素的众包测试软件缺陷数量估计模型.首先分析两个成本元素的相关性,并依据成本元素相关性建立了一个分段式通用可靠性增长模型框架,并结合已有的3种测试工作量函数,以此估计出软件潜在缺陷数量和测试中的累积检测缺陷数量.在四组真实的众包测试数据集上的对比实验表明,模型的估计误差精度低于10％,优于传统可靠性增长模型.该模型能够利用较少实际数据进行缺陷预测,具有较强的实用性.     

由需求得到回归测试用例排序技术

为了提高回归测试用例集的测试效率和有效性,提出由需求得到回归测试用例排序技术及其实现算法。由需求得到回归测试用例排序技术,将与软件需求相关的需求描述度、需求实现复杂度、需求稳定度和需求覆盖度等因素应用于测试用例排序,以缺陷检测加权平均百分比作为度量标准。通过实验,比较排序后用例和未排序用例缺陷检测情况,实验结果表明该技术排序后的回归测试用例集,能够尽早地发现更多的软件错误,有效提高回归测试效率,保证软件质量。     

由需求得到回归测试用例排序技术

为了提高回归测试用例集的测试效率和有效性,提出由需求得到回归测试用例排序技术及其实现算法。由需求得到回归测试用例排序技术,将与软件需求相关的需求描述度、需求实现复杂度、需求稳定度和需求覆盖度等因素应用于测试用例排序,以缺陷检测加权平均百分比作为度量标准。通过实验,比较排序后用例和未排序用例缺陷检测情况,实验结果表明该技术排序后的回归测试用例集,能够尽早地发现更多的软件错误,有效提高回归测试效率,保证软件质量。     

基于工作者多属性特征模型的任务分配方法

针对众包任务分配中工作者个性特征和任务需求描述难以有效匹配的问题,提出通过建立工作者的分层属性特征模型,完成任务分配的方法。以众包协同翻译为例,根据具体任务需求特征分解工作者属性需求,设计出分层属性指标用于精确描述众包工作者能力,计算出多层次指标组合权重向量个性特征模型,据此完成工作者筛选和任务分配。经实验验证,该方法提高了众包工作者和任务特征的匹配度,提高了任务完成效率和结果质量。     

基于活跃度的众包工作者信誉模型

针对现有众包系统不能有效地控制众包交互过程中工作者的活跃积极性和任务完成质量的问题,提出了一种基于活跃度的工作者信誉模型来实现众包平台的质量控制。该模型改进了平均信誉模型,从工作者活跃度和历史信誉值的角度提出了活跃因子和历史因子的概念。首先根据众包工作者最近30 d内参与众包活动的天数计算工作者的活跃因子;然后根据历史因子计算众包工作者的历史信誉值;最后根据计算出来的活跃因子和历史信誉值计算基于活跃度的工作者信誉值,以衡量众包工作者的工作能力。理论分析和测试实验结果表明：与平均信誉模型相比,根据基于活跃度的工作者信誉模型选取的众包工作者在任务完成质量上提高了4.95%,在任务完成时间上减少了25.33%;与基于证据理论信任模型相比,在任务完成质量上提高了6.63%,在任务完成时间上减少了25.11%。实验结果表明,基于活跃度的工作者信誉模型在实际众包项目中能够有效提高众包任务的完成质量,减少众包任务的完成时间。     

基于需求的系统级黑盒测试用例优先化方法

测试用例优先化技术有利于提高测试的质量和效率。文章提出了一种在系统测试阶段基于需求的测试用例优先化方法TRP,并通过实验结果加以验证。与随机方法对测试用例排序的测试相比,TRP方法能尽早发现软件严重缺陷并提高缺陷检测率。     

基于强化学习的Web服务众测任务分派方法

如何将众包测试任务分派给合适的众测工人,以较低的成本获得更好的测试结果,是一个重要问题。文中将CWS众测任务分派问题建模为一个基于马尔可夫决策过程的问题,且使用Deep Q Network进行学习和实时在线测试任务分派。该基于强化学习的方法被命名为WTA-C。此外,文中根据众测工人执行任务的历史时间,通过统计条件概率计算测试工人在任务期限内完成任务的概率,将其作为工人信誉值来反映工人质量,并在每次分派完成后对工人信誉值进行更新。实验结果显示,WTA-C在控制测试任务的“质量-成本”权衡和保证工人可靠度方面优于其他基于启发式策略的实时分派方法,并在分派效果上高于各启发式策略18%以上,从而证明了其可以更好地适应CWS的结构和众测环境的特点。     

基于Web的众包文本标注平台构建与应用

针对现有文本标注工具中缺乏复杂类型标注功能和众包质量检测方法等问题,构建了一个基于Web的众包文本标注平台。一方面,平台采用浏览器/服务器（B/S）的开发架构和前后端分离的开发方式,实现了复杂类型文本标注的需求,提供序列标注、单标签标注、量级标签标注、多层次标签标注和嵌套文本标注等场景的文本标注功能;另一方面,还提出了一种基于监督数据的多数投票一致性检测方法,在随机注入的监督数据上计算标注参与者的标注能力,作为多数投票的权重,进行真值推断得到最终的标注结果。最后,进行了系统功能测试、系统性能测试和浏览器兼容性测试,测试结果表明该系统能够满足复杂类型文本标注的需求,所提出的一致性检测方法能够筛选出高质量的标注内容反馈给用户。提供了一个高效便捷的众包文本标注平台,以构建高质量的文本语料库,助力自然语言处理（NLP）相关任务的研究,并已部署在服务器上,互联网用户可直接通过浏览器访问。     

基于机器视觉和轻量级卷积网络的安瓿瓶包装质量检测算法

针对人工检测安瓿瓶包装质量时存在的速度慢以及受主观因素影响导致的准确率低等问题,提出一种机器视觉和轻量级卷积神经网络结合的安瓿瓶包装质量检测方法。首先,采用机器视觉中基于阈值分割以及仿射变换的方法对待测图片进行阈值处理、倾斜校正和安瓿瓶区域的裁剪;然后,根据图像特点以及缺陷识别要求设计分类算法的网络结构;最后,采集生产现场图片构建安瓿瓶包装缺陷数据集,之后对提出的安瓿瓶包装缺陷识别网络进行了验证,并测试了部署在Jetson Nano嵌入式平台上的算法的准确率及检测速度。实验结果表明：以每盒五支装的产品为例,所提安瓿瓶包装质量检测算法平均每盒耗时70.1 ms,即可达14盒/秒,而准确率为99.94%,能够实现在Jetson Nano嵌入式平台上的在线高精度安瓿瓶包装质量检测。     

基于符号执行与模糊测试的混合测试方法

软件测试是保障软件质量的常用方法,如何获得高覆盖率是测试中十分重要且具有挑战性的研究问题.模糊测试与符号执行作为两大主流测试技术已被广泛研究并应用到学术界与工业界中,这两种技术都具有一定的优缺点：模糊测试随机变异生成测试用例并动态执行程序,可以执行并覆盖到较深的分支,但其很难通过变异的方法生成覆盖到复杂条件分支的测试用例.而符号执行依赖约束求解器,可以生成覆盖复杂条件分支的测试用例,但在符号化执行过程中往往会出现状态爆炸问题,因此很难覆盖到较深的分支.有工作已经证明,将符号执行与模糊测试相结合可以获得比单独使用模糊测试或者符号执行更好的效果.分析符号执行与模糊测试的优缺点,提出了一种基于分支覆盖将两种方法结合的混合测试方法——Afleer,结合双方优点从而可以生成具有更高分支覆盖率的测试用例.具体来说,模糊测试（例如AFL）为程序快速生成大量可以覆盖较深分支的测试用例,符号执行（例如KLEE）基于模糊测试的覆盖信息进行搜索,仅为未覆盖到的分支生成测试用例.为了验证Afleer的有效性,选取标准程序集LAVA-M以及实际项目oSIP作为评测对象,以漏洞检测能力以及覆盖能力作为评测指标.实验结果表明：（1）在漏洞检测能力上,Afleer总共可以发现755个漏洞,而AFL仅发现1个;（2）在覆盖能力上,Afleer在标准程序集上以及实际项目中都有不同程度的提升.其中,在oSIP中,Afleer比AFL在分支覆盖率上提高2.4倍,在路径覆盖率上提升6.1倍.除此之外,Afleer在oSIP中还检测出一个新的漏洞.     

DFTracker: detecting double-fetch bugs by multi-taint parallel tracking

A race condition is a common trigger for concurrency bugs. As a special case, a race condition can also occur across the kernel and user space causing a doublefetch bug, which is a field that has received little research attention. In our work, we first analyzed real-world doublefetch bug cases and extracted two specific patterns for doublefetch bugs. Based on these patterns, we proposed an approach of multi-taint parallel tracking to detect double-fetch bugs. We also implemented a prototype called DFTracker (doublefetch bug tracker), and we evaluated it with our test suite. Our experiments demonstrated that it could effectively find all the double-fetch bugs in the test suite including eight realworld cases with no false negatives and minor false positives. In addition, we tested it on Linux kernel and found a new double-fetch bug. The execution overhead is approximately 2x for single-file cases and approximately 9x for the whole kernel test, which is acceptable. To the best of the authors’ knowledge, this work is the first to introduce multi-taint parallel tracking to double-fetch bug detection—an innovative method that is specific to double-fetch bug features—and has better path coverage as well as lower runtime overhead than the widely used dynamic approaches.     

运用变异测试的并行程序测试用例最小化算法

在并行程序测试中,测试输入和线程交互时序是影响并行错误检测的两个关键因素。以缩减并行错误检测的输入空间为目标,给出一种基于变异测试的测试用例最小化算法。首先对并行程序进行研究,选取与并行错误密切相关的9个变异算子,并以此为基础为待测程序生成多种变异体;采用JPF作为线程调度工具来执行测试用例,根据变异评分与平均时间成本对测试用例进行排序,在优化后的测试用例集中选取检测能力不重复的测试用例,从而得到面向并行错误检测的最小测试用例集。实验结果证明,该方法能有效减小测试用例集的规模,并大幅缩短运行时间,从而提高了并行程序的测试效率。     

Multi‐level reranking approach for bug localization

Bug fixing has a key role in software quality evaluation. Bug fixing starts with the bug localization step, in which developers use textual bug information to find location of source codes which have the bug. Bug localization is a tedious and time consuming process. Information retrieval requires understanding the programme's goal, coding structure, programming logic and the relevant attributes of bug. Information retrieval (IR) based bug localization is a retrieval task, where bug reports and source files represent the queries and documents, respectively. In this paper, we propose BugCatcher, a newly developed bug localization method based on multi‐level re‐ranking IR technique. We evaluate BugCatcher on three open source projects with approximately 3400 bugs. Our experiments show that multi‐level reranking approach to bug localization is promising. Retrieval performance and accuracy of BugCatcher are better than current bug localization tools, and BugCatcher has the best Top N, Mean Average Precision (MAP) and Mean Reciprocal Rank (MRR) values for all datasets.     

面向软件安全性缺陷的开发者推荐方法

软件开发与维护过程中常会出现一些安全性缺陷,这些安全性缺陷会给软件和用户带来很大的风险.安全性缺陷在修复过程中,其修复级别和质量要求往往高于一般性的缺陷,因此,推荐出富有安全性经验的开发者及时有效地修复这些安全性缺陷非常重要.现有的开发者推荐技术在推荐开发者时仅仅考虑了开发者的历史开发内容,很少考虑到开发人员的安全性缺陷修复经验和修复质量等因素,所以这些技术不适用于安全性缺陷的开发者推荐.本文针对安全性缺陷的修复提出了一种有效的软件开发者推荐方法SecDR.SecDR在推荐开发者时不仅考虑了开发者的历史开发内容（与安全性相关）,还分析了开发者的修复质量和历史修复缺陷的复杂度等因素.此外,SecDR还实现了开发者的多经验级别推荐：推荐初级开发者修复简单的安全性缺陷,高级开发者修复复杂的安全性缺陷.本文在三个开源项目（Mozilla,Libgdx,ElasticSearch）上分别对SecDR推荐开发者进行有效性验证.通过对比实验证明,SecDR针对安全性缺陷推荐开发者相比于其他方法（如：DR_PSF）的推荐精度平均高出19%~42%.另外,实验对比了SecDR与实际开发人员的分配情况,结果显示SecDR可以更好地规避不合理的软件开发者的推荐.     

Analyzing and predicting software integration bugs using network analysis on requirements dependency network

Complexity, cohesion and coupling have been recognized as prominent indicators of software quality. One characterization of software complexity is the existence of dependency relationships. Moreover, the degree of dependency reflects the cohesion and coupling between software elements. Dependencies in the design and implementation phase have been proven to be important predictors of software bugs. We empirically investigated how requirements dependencies correlate with and predict software integration bugs, which can provide early estimates regarding software quality and thus facilitate decision making early in the software lifecycle. We conducted network analysis on the requirements dependency networks of three commercial software projects. Significant correlation is observed between most of our network measures and the number of bugs. Furthermore, many network measures demonstrate significantly greater values for higher severity (or a higher fixing workload). Afterward, we built bug prediction models using these network measures and found that bugs can be predicted with high accuracy and sensitivity, even in cross-project and cross-company contexts. We further identified the dependency type that contributes most to bug correlation, as well as the network measures that contribute more to bug prediction. These observations show that the requirements dependency network can be used as an early indicator and predictor of software integration bugs.     

UCov: a user‐defined coverage criterion for test case intent verification

The goal of regression testing is to ensure that the behaviour of existing code, believed correct by previous testing, is not altered by new program changes. This paper argues that the primary focus of regression testing should be on code associated with (1) earlier bug fixes and (2) particular application scenarios considered to be important by the developer or tester. Existing coverage criteria do not enable such focus, for example, 100% branch coverage does not guarantee that a given bug fix is exercised or a given application scenario is tested. Therefore, there is a need for a new and complementary coverage criterion in which the user can definea test requirement characterizing a given behaviour to be covered as opposed to choosing from a pool of pre‐defined and generic program elements. This paper proposes this new methodology and calls it UCov, a user‐defined coverage criterion wherein a test requirement is an execution pattern of program elements, and possibly predicates, that a test case must satisfy. The proposed criterion is not meant to replace existing criteria, but to complement them as it focuses the testing on important code patterns that could go untested otherwise. UCov supports test case intent verification. For example, following a bug fix, the testing team may augment the regression suite with the test case that revealed the bug. However, this test case might become obsolete due to code modifications not related to the bug. But if a test requirement characterizing the bug was defined by the user, UCov would determine that test case intent verification failed. The UCov methodology was implemented for the Java platform, was successfully applied onto 10 real‐life case studies and was shown to have advantages over JUnit. The implementation comprises the following tools: (1) TRSpec: allows the user to easily specify complex test requirements; (2) TRCheck: checks whether user‐defined test requirements were satisfied, that is, supports test case intent verification; and (3) TRMigrate: migrates user‐defined test requirements to subsequent versions of a given program. Copyright © 2016 John Wiley & Sons, Ltd.     

基于时空信息和任务流行度分析的移动群智感知任务推荐

现有移动群智感知任务推荐的共同缺点是：一方面,未充分考虑时空信息对工人偏好的影响,导致推荐准确性低;另一方面,忽略了任务流行度对推荐的影响,导致推荐覆盖率差。为解决这些问题,提出一种基于时空信息和任务流行度分析的移动群智感知任务推荐方法。充分利用工人执行记录中的相关信息（如工人执行任务的时间、位置）,准确预测工人对任务的偏好;基于工人声誉和任务执行情况分析任务流行度并设计任务流行度惩罚因子,提升推荐效果的覆盖率;结合工人偏好和流行度惩罚因子生成任务推荐列表。实验结果表明,与现有基线方法相比,所提出方法在推荐准确率上平均提升了3.5%,推荐覆盖率上平均提高了25%。     

Using coverage to automate and improve test purpose based testing

Test purposes have been presented as a solution to avoid the state space explosion when selecting test cases from formal models. Although such techniques work very well with regard to the speed of the test derivation, they leave the tester with one important task that influences the quality of the overall testing process: test purposes have to be formulated manually. In this paper, we present an approach that assists a test engineer with test purpose design in two ways: it allows automatic generation of coverage based test suites and can be used to automatically exercise those aspects of the system that are missed by hand-crafted test purposes. We consider coverage of Lotos specifications, and show how labeled transition systems derived from such specifications have to be extended in order to allow the application of logical coverage criteria to Lotos specifications. We then show how existing tools can be used to efficiently derive test cases and suggest how to use the coverage information to minimize test suites while generating them.     

浅析软件缺陷管理及工具的选择

软件缺陷是软件开发过程中不可避免的,因此有效的缺陷管理成为过程管理的重要环节,而且开发过程中产生缺陷的数量又非常多,因此选择合适项目本身的缺陷管理工具就显得尤为重要.通过对缺陷产生的原因和工具选择方法,使我们了解什么是软件缺陷,以及软件缺陷管理和使用管理工具的好处.