软件开发过程

1.程序员写出自认为没有Bug的代码。 2.软件测试,表现了20个Bug。 3.程序员修改了10个Bug,并告诉测试组另外10个不是Bug。 4.测试组发现其中5个改动根本无法工作,同时又发现了15个新Bug。     

基于代价极速学习机的软件缺陷报告分类方法

在所有的软件系统开发过程中,Bug的存在是不可避免的问题.对于软件系统的开发者来说,修复Bug最有利的工具就是Bug报告.但是人工识别Bug报告会给开发人员带来新的负担,因此,自动对Bug报告进行分类是一项很有必要的工作.基于此,提出用基于极速学习机的方法来对Bug报告进行分类.具体而言,主要解决Bug报告自动分类的3个问题：第1个是Bug报告数据集里不同类别的样本数量不平衡问题;第2个是Bug报告数据集里被标注的样本不充足问题;第3个是Bug报告数据集总体样本量不充足问题.为了解决这3个问题,分别引入了基于代价的有监督分类方法、基于模糊度的半监督学习方法以及样本迁移方法.通过在多个Bug报告数据集上进行实验,验证了这些方法的可行性和有效性.     

谈软件测试中的Bug

软件测试在软件的开发过程中越来越重要,那么软件测试的目的是什么?软件测试中什么是Bug?重点分析软件测试中Bug出现的几个原因,在软件测试中发现Bug的方法。     

J Ruby on Rails上的项目宿主平台Kenai

在经历数个Beta版本后,Python 2.6终于迎来了正式版的发布。Python 2.6开发过程中,Bug管理工作从先前的SourceForge平台转移到基于开源项目Roundup的Bug管理系统之上。同时,新的文档将使用Python开源项目Sphinx来产生美观的HTML输出,以替代之前一直沿用的LaTex格式。除此之外,Python 2.6在字符串格式化、异常处理、Byte文本方面都进行了改进。更多细节可以查看Python开发者林胜在站点onlypython.com给出的Python 2.6版本新特性全文翻译。     

谈软件测试中的Bug

软件测试在软件的开发过程中越来越重要，那么软件测试的目的是什么？软件测试中什么是Bug？重点分析软件测试中Bug出现的几个原因，在软件测试中发现Bug的方法。     

不用找客服,诺记手机自助刷“固件”

诺基亚手机型号很多,再加上用户众多,难免会发现这样那样的小Bug。其实有些Bug或信号问题可以通过更新手机固件来解决,诺基亚官方网站已经开设了"自助手机软件更新"服务,不必为了小小的软件问题到客服中心排长队了。     

苹果有“虫”——Mac OSX服务器操作系统出现Bug

Mac OS X 服务器操作系统被发现存在一个 Bug,这个 Bug 在系统处理 Web 站点运行时可能会导致系统瘫痪。德国一家权威技术杂志称,他们在 Mac OS X 服务器平台上发现的这个 Bug 将限制在 Web 站点上使用的各类软件功能的发挥。在一个测试程序的测试中,基于 Mac OS X 服务     

Win98第一Bug露面

微软8月中承认Windows98存在一个时间更换的Bug(故障),这是目前微软公布的第一个Windows98存在的Bug。当Windows98操作系统在晚上23∶59和00∶00之间的某个时间启动时,这个Bug将导致Windows的系统日期向前跃过两天或是退后一天,这取决于计算机重启的时间。但此Bug仅在每年12月31日的一秒钟里发作。可以通过手工设置任务栏上的日期功能解决这一问题。这个Bug是英格兰一家名为Prove It 2000的2000年问题服务公司发现的。微软强调这与2000年问题无关,但这个Bug会对运行金融应用或其它对日期有要求的应用的Windows98系统造成影响。Kim Akers表示,“尽管还没有任何用户遇到过这个问题,我们还是准备提供修补程序,这其实是非常简单的事。”Akers补充     

虫飞薨薨，镭光萧霁：ATi显卡Bug解决方案集锦

随着ATi开放显卡生产授权，众多品牌的ATi显卡如百花齐放，争奇斗艳，显卡市场再也不是nVIDIA独霸一方。不过我们在实际使用中发现ATi Radeon系列显卡的Bug较多，而且有些Bug有一定的共性。我们如何消除这些Bug,让“镭”光更耀眼呢？     

虫飞薨薨,镭光萧霁ATi显卡Bug及解决方案集锦

随着ATi开放显卡生产授权,众多品牌的ATi显卡如百花齐放,争奇斗艳,显卡市场再也不是nVIDIA独霸一方。不过我们在实际使用中发现ATi Radeon系列显卡的Bug较多,而且有些Bug有一定的共性。我们如何消除这些Bug,让“镭”光更耀眼呢?     

Fail fast [software debugging]

The most annoying aspect of software development is debugging. We don't mind the kinds of bugs that yield to a few minutes inspection. The bugs we hate are the ones that show up only after hours of successful operation, under unusual circumstances, or whose stack traces lead to dead ends. Fortunately, there's a simple technique that dramatically reduces the number of these bugs in our software. It won't reduce the overall number of bugs, at least not at first, but it'll make most defects much easier to find. The technique is to build our software to "fail fast".     

Understanding the triaging and fixing processes of long lived bugs

ContextBug fixing is an integral part of software development and maintenance. A large number of bugs often indicate poor software quality, since buggy behavior not only causes failures that may be costly but also has a detrimental effect on the user’s overall experience with the software product. The impact of long lived bugs can be even more critical since experiencing the same bug version after version can be particularly frustrating for user. While there are many studies that investigate factors affecting bug fixing time for entire bug repositories, to the best of our knowledge, none of these studies investigates the extent and reasons of long lived bugs.ObjectiveIn this paper, we investigate the triaging and fixing processes of long lived bugs so that we can identify the reasons for delay and improve the overall bug fixing process.MethodologyWe mine the bug repositories of popular open source projects, and analyze long lived bugs from five different perspectives: their proportion, severity, assignment, reasons, as well as the nature of fixes.ResultsOur study on seven open-source projects shows that there are a considerable number of long lived bugs in each system and over 90% of them adversely affect the user’s experience. The reasons for these long lived bugs are diverse including long assignment time, not understanding their importance in advance, etc. However, many bug-fixes were delayed without any specific reasons. Furthermore, 40% of long lived bugs need only small fixes.ConclusionOur overall results suggest that a significant number of long lived bugs may be minimized through careful triaging and prioritization if developers could predict their severity, change effort, and change impact in advance. We believe our results will help both developers and researchers better to understand factors behind delays, improve the overall bug fixing process, and investigate analytical approaches for prioritizing bugs based on bug severity as well as expected bug fixing effort.     

Detecting functional and security-related issues in smart contracts: A systematic literature review

Blockchain is a platform of distributed elaboration, which allows users to provide software for a huge range of next-generation decentralized applications without involving reliable third parties. Smart contracts (SCs) are an important component in blockchain applications: they are programmatic agreements among two or more parties that cannot be rescinded. Furthermore, SCs have an important characteristic: they allow users to implement reliable transactions without involving third parties. However, the advantages of SCs have a price. Like any program, SCs can contain bugs, some of which may also constitute security threats. Writing correct and secure SCs can be extremely difficult because, once deployed, they cannot be modified. Although SCs have been recently introduced, a large number of approaches have been proposed to find bugs and vulnerabilities in SCs. In this article, we present a systematic literature review on the approaches for the automated detection of bugs and vulnerabilities in SCs. We survey 68 papers published between 2015 and 2020, and we annotate each paper according to our classification framework to provide quantitative results and find possible areas not explored yet. Finally, we identify the open problems in this research field to provide possible directions to future researchers.     

Do bugs foreshadow vulnerabilities? An in-depth study of the chromium project

As developers face an ever-increasing pressure to engineer secure software, researchers are building an understanding of security-sensitive bugs (i.e. vulnerabilities). Research into mining software repositories has greatly increased our understanding of software quality via empirical study of bugs. Conceptually, however, vulnerabilities differ from bugs: they represent an abuse of functionality as opposed to insufficient functionality commonly associated with traditional, non-security bugs. We performed an in-depth analysis of the Chromium project to empirically examine the relationship between bugs and vulnerabilities. We mined 374,686 bugs and 703 post-release vulnerabilities over five Chromium releases that span six years of development. We used logistic regression analysis, ranking analysis, bug type classifications, developer experience, and vulnerability severity metrics to examine the overarching question: are bugs and vulnerabilities in the same files? While we found statistically significant correlations between pre-release bugs and post-release vulnerabilities, we found the association to be weak. Number of features, source lines of code, and pre-release security bugs are, in general, more closely associated with post-release vulnerabilities than any of our non-security bug categories. In further analysis, we examined sub-types of bugs, such as stability-related bugs, and the associations did not improve. Even the files with the most severe vulnerabilities (by measure of CVSS or bounty payouts) did not show strong correlations with number of bugs. These results indicate that bugs and vulnerabilities are empirically dissimilar groups, motivating the need for security engineering research to target vulnerabilities specifically.     

Firefox缺陷跟踪系统中的用户反馈

缺陷追踪是软件项目管理的一个重要环节，是保证现代大规模开源软件开发顺利进行并持续提高软件质量的必要手段.目前，大部分开源软件都使用开放的缺陷跟踪系统进行软件缺陷的管理.它允许用户向开发者提交系统故障（即defect类型缺陷）以及系统改进建议（即enhancement类型缺陷），但是这些用户的反馈所起的作用尚未得到充分研究.针对这一问题，对Firefox的缺陷跟踪系统进行实证研究，收集了2018年和2019年提交的19 474份Firefox Desktop以及3 057份Firefox for Android缺陷报告.在此基础上，对比分析了普通用户和核心开发者提交的缺陷在数量、严重性、组件分布、修复率、修复速度以及修复者上的差别，并调查了缺陷报告的撰写质量与缺陷处理结果和修复时间的关系.主要发现包括：（1）当前缺陷追踪系统中普通用户人数众多，但参与程度较浅，86%的用户只提交过一个缺陷，其中，高严重等级的缺陷不超过3%；（2）普通用户提交的缺陷主要分布在和用户交互相关的UI组件上（例如地址栏、音频/视频等），然而还有43%的缺陷由于缺乏充分描述信息而难以准确地定位到具体的关联组件；（3）在缺陷处理结果上，由于查重系统以及缺陷填报系统在设计上过于简单，致使普通用户提交的大量缺陷被处理为“无用”缺陷，缺陷修复率低于10%；（4）在缺陷修复流程上，由于普通用户难以准确、充分地描述缺陷，导致系统对其重视程度不足，普通用户提交缺陷的处理流程也比核心开发者提交的复杂，平均需要多花至少8天的时间进行修复.上述研究结果揭示了当前缺陷追踪系统在用户参与激励机制、缺陷自动查重以及缺陷报告填写智能辅助等方面的不足，能够为缺陷跟踪系统开发者和管理者改进系统、提高普通用户对开源软件的贡献提供参考.     

Bugzilla, ITracker, and other bug trackers

Bug-tracking helps the software developers in knowing what the error is, resolving it, and learning from it. Working on a software project includes managing the bugs we find. At first, we might list them on a spreadsheet. But when the number of bugs becomes too large and a lot of people must access and input data on them, we have to give up the spreadsheet and instead use a bug- or issue-tracking system. Many software projects reach this point, especially during testing and deployment when users tend to find an application's bugs. Nowadays we can choose among dozens of bug-tracking systems. This paper looks at two specific open source products and provides useful hints for working with any bug-tracking tool.     

ARIMA模型在软件测试缺陷数量预测中的应用

本文通过采用ARIMA模型(求和自回归滑动平均模型)对嵌入式软件项目开发中缺陷数量的预测方法进行了研究,提出将嵌入式软件项目测试过程中发现的缺陷数量,按时间顺序阶段作为时间序列事件数据,按照ARIMA(p,d,q)模型的方式,对此数据的时间过程进行分析与建模,根据所得模型对下一个相似的软件项目测试发现缺陷数量进行预测的方法。同时采用这种方法对实际项目数据进行了建模,利用所得模型进行了预测,并与实际项目的数据进行了比较,对更深一步的研究进行了讨论。     

Analyzing and predicting software integration bugs using network analysis on requirements dependency network

Complexity, cohesion and coupling have been recognized as prominent indicators of software quality. One characterization of software complexity is the existence of dependency relationships. Moreover, the degree of dependency reflects the cohesion and coupling between software elements. Dependencies in the design and implementation phase have been proven to be important predictors of software bugs. We empirically investigated how requirements dependencies correlate with and predict software integration bugs, which can provide early estimates regarding software quality and thus facilitate decision making early in the software lifecycle. We conducted network analysis on the requirements dependency networks of three commercial software projects. Significant correlation is observed between most of our network measures and the number of bugs. Furthermore, many network measures demonstrate significantly greater values for higher severity (or a higher fixing workload). Afterward, we built bug prediction models using these network measures and found that bugs can be predicted with high accuracy and sensitivity, even in cross-project and cross-company contexts. We further identified the dependency type that contributes most to bug correlation, as well as the network measures that contribute more to bug prediction. These observations show that the requirements dependency network can be used as an early indicator and predictor of software integration bugs.     

Spectral‐based fault localization using hyperbolic function

Debugging is crucial for producing reliable software. One of the effective bug localization techniques is spectral‐based fault localization. It tries to locate a buggy statement by applying an evaluation metric to program spectra and ranking program components on the basis of the score it computes. Here, we propose a restricted class of “hyperbolic” metrics, with a small number of numeric parameters. This class of functions is based on past theoretical and empirical results. We show that optimization methods such as genetic programming and simulated annealing can reliably discover effective metrics over a wide range of data sets of program spectra. We evaluate the performance for both real programs and model programs with single bugs, multiple bugs, “deterministic” bugs, and nondeterministic bugs and find that the proposed class of metrics performs as well as or better than the previous best‐performing metrics over a broad range of data.     

Analysis of software bug causes and its prevention

In our software development group we have faced difficulties in improving software quality. In order to find the causes of this problem we have analyzed software bugs that were found in the credit authorization terminal software that our group developed, and found the real causes of the bug. As a result, it was found that about 50% of the real causes were made by the designer's carelessness. Based on this finding, guidelines were established to improve the designers’ behavior. Furthermore, we made clear the causes of software bugs, the phase in which they were made, the relation between the software bugs and their real causes. We also made the measures to prevent the software bugs and implemented them. And we refer to the effect that the substantial amount of software bugs can be decreased by the implementation.