Permanent URI for this collection
Browse
Recent Submissions
Item The Impact of API Change- and Fault-Proneness on the User Ratings of Android Apps(2015-01-01) Bavota, Gabriele; Linares-Vasquez, Mario; Bernal-Cardenas, Carlos Eduardo; Poshyvanyk, Denys; Di Penta, Massimiliano; Oliveto, RoccoThe mobile apps market is one of the fastest growing areas in the information technology. In digging their market share, developers must pay attention to building robust and reliable apps. In fact, users easily get frustrated by repeated failures, crashes, and other bugs; hence, they abandon some apps in favor of their competition. In this paper we investigate how the fault-and change-proneness of APIs used by Android apps relates to their success estimated as the average rating provided by the users to those apps. First, in a study conducted on 5,848 (free) apps, we analyzed how the ratings that an app had received correlated with the fault-and change-proneness of the APIs such app relied upon. After that, we surveyed 45 professional Android developers to assess (i) to what extent developers experienced problems when using APIs, and (ii) how much they felt these problems could be the cause for unfavorable user ratings. The results of our studies indicate that apps having high user ratings use APIs that are less fault-and change-prone than the APIs used by low rated apps. Also, most of the interviewed Android developers observed, in their development experience, a direct relationship between problems experienced with the adopted APIs and the users' ratings that their apps received.Item Mining Version Histories for Detecting Code Smells(2015-01-01) Palomba, Fabio; De Lucia, Andrea; Bavota, Gabriele; Poshyvanyk, DenysCode smells are symptoms of poor design and implementation choices that may hinder code comprehension, and possibly increase change-and fault-proneness. While most of the detection techniques just rely on structural information, many code smells are intrinsically characterized by how code elements change over time. In this paper, we propose Historical Information for Smell deTection (HIST), an approach exploiting change history information to detect instances of five different code smells, namely Divergent Change, Shotgun Surgery, Parallel Inheritance, Blob, and Feature Envy. We evaluate HIST in two empirical studies. The first, conducted on 20 open source projects, aimed at assessing the accuracy of HIST in detecting instances of the code smells mentioned above. The results indicate that the precision of HIST ranges between 72 and 86 percent, and its recall ranges between 58 and 100 percent. Also, results of the first study indicate that HIST is able to identify code smells that cannot be identified by competitive approaches solely based on code analysis of a single system's snapshot. Then, we conducted a second study aimed at investigating to what extent the code smells detected by HIST (and by competitive code analysis techniques) reflect developers' perception of poor design and implementation choices. We involved 12 developers of four open source projects that recognized more than 75 percent of the code smell instances identified by HIST as actual design/implementation problems.Item High-precision calculation of the strange nucleon electromagnetic form factors(2015-01-01) Green, Jeremy; Meinel, Stefan; Syritsyn, Sergey; Laeuchli, Jesse; Orginos, KostasWe report a direct lattice QCD calculation of the strange nucleon electromagnetic form factors G(E)(s) and G(M)(s) in the kinematic range 0 < = Q(2) less than or similar to 1.2 GeV2. For the first time, both G(E)(s) and G(M)(s) are shown to be nonzero with high significance. This work uses closer to physical lattice parameters than previous calculations, and achieves an unprecedented statistical precision by implementing a recently proposed variance reduction technique called hierarchical probing. We perform model-independent fits of the form factor shapes using the z-expansion and determine the strange electric and magnetic radii and magnetic moment. We compare our results to parity-violating electron-proton scattering data and to other theoretical studies.Item Particle transport in low-collisionality H-mode plasmas on DIII-D(2015-11-01) Mordijck, Saskia; Wang, X.; Doyle, E. J.; Rhodes, T. L.In this paper we show that changing from an ion temperature gradient (ITG) to a trapped electron mode (TEM) dominant turbulence regime (based on linear gyrokinetic simulations) results experimentally in a strong density pump-out (defined as a reduction in line-averaged density) in low collisionality, low power H-mode plasmas. We vary the turbulence drive by changing the heating from predominantly ion heated using neutral beam injection to electron heated using electron cyclotron heating, which changes the T-e/T-i ratio and the temperature gradients. Perturbed gas puff experiments show an increase in transport outside rho = 0.6, through a strong increase in the perturbed diffusion coefficient and a decrease in the inward pinch. Linear gyrokinetic simulations with TGLF show an increase in the particle flux outside the mid-radius. In conjunction an increase in intermediate-scale length density fluctuations is observed, which indicates an increase in turbulence intensity at typical TEM wavelengths. However, although the experimental changes in particle transport agree with a change from ITG to TEM turbulence regimes, we do not observe a reduction in the core rotation at mid-radius, nor a rotation reversal.Item Effects of resonant magnetic perturbations on turbulence and transport in DIII-D L-mode plasmas(2016-01-01) Mordijck, Saskia; Rhodes, T. L.; Zeng, L.; Doyle, E. J.In this paper we show that resonant magnetic perturbations (RMPs) affect the L- to H-mode power threshold. We find that during the L-mode phase, RMPs cause the particle pinch to reverse from traditionally inward to outward. As a result, the density at the plasma edge increases, while the density in the plasma core is reduced. Linear stability calculations indicate that the plasma transitions from an ion temperature gradient (ITG) to trapped electron mode (TEM) regime at the plasma edge. If the applied RMP current is below the threshold for penetration and island formation, we find that the changes in the edge radial electric field are minimal, while the carbon toroidal rotation brakes over the whole minor radius. Once the RMP field penetrates and the screening plasma response dissappears, the spin-up of the toroidal rotation at the plasma edge results in a positive radial electric field inside the separatrix.Item CaSE: Cache-Assisted Secure Execution on ARM Processors(2016-01-01) Zhang, Ning; Lou, Wenjing; Hou, Y. Thomas; Sun, Kun; Virginia TechRecognizing the pressing demands to secure embedded applications, ARM TrustZone has been adopted in both academic research and commercial products to protect sensitive code and data in a privileged, isolated execution environment. However, the design of TrustZone cannot prevent physical memory disclosure attacks such as cold boot attack from gaining unrestricted read access to the sensitive contents in the dynamic random access memory (DRAM). A number of system-on-chip (SoC) bound execution solutions have been proposed to thaw the cold boot attack by storing sensitive data only in CPU registers, CPU cache or internal RAM. However, when the operating system, which is responsible for creating and maintaining the SoC-bound execution environment, is compromised, all the sensitive data is leaked. In this paper, we present the design and development of a cache-assisted secure execution framework, called CaSE, on ARM processors to defend against sophisticated attackers who can launch multi-vector attacks including software attacks and hardware memory disclosure attacks. CaSE utilizes TrustZone and Cache-as-RAM technique to create a cache-based isolated execution environment, which can protect both code and data of security-sensitive applications against the compromised OS and the cold boot attack. To protect the sensitive code and data against cold boot attack, applications are encrypted in memory and decrypted only within the processor for execution. The memory separation and the cache separation provided by TrustZone are used to protect the cached applications against compromised OS. We implement a prototype of CaSE on the i.MX53 running ARM Cortex-A8 processor. The experimental results show that CaSE incurs small impacts on system performance when executing cryptographic algorithms including AES, RSA, and SHA1.Item PROST: Predicting Resource Usages with Spatial and Temporal Dependencies(2016-01-01) Xue, Ji; Smirni, Evgenia; Scherer, Thomas; Birke, Robert; Chen, Lydia Y.We present a tool, PROST, which can achieve scalable and accurate prediction of server workload time series in data centers. As several virtual machines are typically co-located on physical servers, the CPU and RAM show strong temporal and spatial dependencies. PROST is able to leverage the spatial dependency among co-located VMs to improve the scalability of prediction models solely based on temporal features, such as neural network. We show the benefits of PROST in obtaining accurate prediction of resource usage series and designing effective VM sizing strategies for the private data centers.Item Automatic Performance Testing using Input-Sensitive Profiling(2016-01-01) Luo, QiDuring performance testing, software engineers commonly perform application profiling to analyze an application's traces with different inputs to understand performance behaviors, such as time and space consumption. However, a non-trivial application commonly has a large number of inputs, and it is mostly manual to identify the specific inputs leading to performance bottlenecks. Thus, it is challenge is to automate profiling and find these specific inputs. To solve these problems, we propose novel approaches, FOREPOST, GA-Prof and PerfImpact, which automatically profile applications for finding the specific combinations of inputs triggering performance bottlenecks, and further analyze the corresponding traces to identify problematic methods. Specially, our approaches work in two different types of real-world scenarios of performance testing: i) a single-version scenario, in which performance bottlenecks are detected in a single software release, and ii) a two-version scenario, in which code changes responsible for performance regressions are detected by considering two consecutive software releases.Item Mining Performance Regression Inducing Code Changes in Evolving Software(2016-01-01) Luo, Qi; Poshyvanyk, Denys; Grechanik, MarkDuring software evolution, the source code of a system frequently changes due to bug fixes or new feature requests. Some of these changes may accidentally degrade performance of a newly released software version. A notable problem of regression testing is how to find problematic changes (out of a large number of committed changes) that may be responsible for performance regressions under certain test inputs. We propose a novel recommendation system, coined as PerfImpact, for automatically identifying code changes that may potentially be responsible for performance regressions using a combination of search-based input profiling and change impact analysis techniques. PerfImpact independently sends the same input values to two releases of the application under test, and uses a genetic algorithm to mine execution traces and explore a large space of input value combinations to find specific inputs that take longer time to execute in a new release. Since these input values are likely to expose performance regressions, PerfImpact automatically mines the corresponding execution traces to evaluate the impact of each code change on the performance and ranks the changes based on their estimated contribution to performance regressions. We implemented PerfImpact and evaluated it on different releases of two open-source web applications. The results demonstrate that PerfImpact effectively detects input value combinations to expose performance regressions and mines the code changes are likely to be responsible for these performance regressions.Item Input-Sensitive Performance Testing(2016-01-01) Luo, QiOne goal of performance testing is to find specific test input data for exposing performance bottlenecks and identify the methods responsible for these performance bottlenecks. A big and important challenges of performance testing is how to deeply understand the performance behaviors of a non-trivial software system in terms of test input data to properly select the specific test input values for finding the problematic methods. Thus, we propose this research program to automatically analyze performance behaviors in software and link these behaviors with test input data for selecting the specific ones that can expose performance bottlenecks. In addition, this research further examines the corresponding execution traces of selected inputs for targeting the problematic methods.Item Cheetah: Detecting False Sharing Efficiently and Effectively(2016-01-01) Liu, Tongping; Liu, XuFalse sharing is a notorious performance problem that may occur in multithreaded programs when they are running on ubiquitous multicore hardware. It can dramatically degrade the performance by up to an order of magnitude, significantly hurting the scalability. Identifying false sharing in complex programs is challenging. Existing tools either incur significant performance overhead or do not provide adequate information to guide code optimization. To address these problems, we develop Cheetah, a profiler that detects false sharing both efficiently and effectively. Cheetah leverages the lightweight hardware performance monitoring units (PMUs) that are available in most modern CPU architectures to sample memory accesses. Cheetah develops the first approach to quantify the optimization potential of false sharing instances without actual fixes, based on the latency information collected by PMUs. Cheetah precisely reports false sharing and provides insightful optimization guidance for programmers, while adding less than 7% runtime overhead on average. Cheetah is ready for real deployment.Item (EMC)-M-3: Improving Energy Efficiency via Elastic Multi-Controller SDN in Data Center Networks(2016-01-01) Xie, Kun; Huang, Xiaohong; Zhang, Pei; Hao, ShuaiEnergy consumed by network constitutes a significant portion of the total power budget in modern data centers. Thus, it is critical to understand the energy consumption and improve the power efficiency of data center networks (DCNs). In doing so, one straightforward and effective way is to make the size of DCNs elastic along with traffic demands, i.e., turning off unnecessary network components to reduce the energy consumption. Today, software defined networking (SDN), as one of the most promising solutions for data center management, provides a paradigm to elastically control the resources of DCNs. However, to the best of our knowledge, the features of SDN have not been fully leveraged to improve the power saving, especially for large-scale multi-controller DCNs. To address this problem, we propose (EMC)-M-3, a mechanism to improve DCN's energy efficiency via the elastic multi-controller SDN. In (EMC)-M-3, the energy optimizations for both forwarding and control plane are considered by utilizing SDN's fine-grained routing and dynamic control mapping. In particular, the flow network theory and the bin-packing heuristic are used to deal with the forwarding plane and control plane, respectively. Our simulation results show that E3MC can achieve more efficient power management, especially in highly structured topologies such as Fat-Tree and BCube, by saving up to 50% of network energy, at an acceptable level of computation cost.Item FUSION: A Tool for Facilitating and Augmenting Android Bug Reporting(2016-01-01) Moran, Kevin; Linares-Vasquez, Mario; Bernal-Cardenas, Carlos; Poshyvanyk, DenysAs the popularity of mobile smart devices continues to climb the complexity of "apps" continues to increase, making the development and maintenance process challenging. Current bug tracking systems lack key features to effectively support construction of reports with actionable information that directly lead to a bug's resolution. In this demo we present the implementation of a novel bug reporting system, called FUSION, that facilitates users including reproduction steps in bug reports for mobile apps. FUSION links user-provided information to program artifacts extracted through static and dynamic analysis performed before testing or release. Results of preliminary studies demonstrate that FUSION both effectively facilitates reporting and allows for more reliable reproduction of bugs from reports compared to traditional issue tracking systems by presenting more detailed contextual app information. Tool website: www.fusion-android.com Video url: https://youtu.be/AND9h0E1xRgItem Fixing Bug Reporting for Mobile and GUI-Based Applications(2016-01-01) Moran, KevinSmartphones and tablets have established themselves as mainstays in the modern computing landscape. It is conceivable that in the near future such devices may supplant laptops and desktops, becoming many users primary means of carrying out typical computer assisted tasks. In turn, this means that mobile applications will continue on a trajectory to becoming more complex, and the primary focus of millions of developers worldwide. In order to properly create and maintain these "apps" developers will need support, especially with regard to the prompt confirmation and resolution of bug reports. Unfortunately, current issue tracking systems typically only implement collection of coarse grained natural language descriptions, and lack features to facilitate reporters including important information in their reports. This illustrates the lexical information gap that exists in current bug reporting systems for mobile and GUI-based apps. This paper outlines promising preliminary work towards addressing this problem and proposes a comprehensive research program which aims to implement new bug reporting mechanisms and examine the impact that they might have on related software maintenance tasks.Item MobiPlay: A Remote Execution Based Record-and-Replay Tool for Mobile Applications(2016-01-01) Qin, Zhengrui; Tang, Yutao; Novak, Ed; Li, QunThe record-and-replay approach for software testing is important and valuable for developers in designing mobile applications. However, the existing solutions for recording and replaying Android applications are far from perfect. When considering the richness of mobile phones' input capabilities including touch screen, sensors, GPS, etc., existing approaches either fall short of covering all these different input types, or require elevated privileges that are not easily attained and can be dangerous. In this paper, we present a novel system, called MobiPlay, which aims to improve record-and-replay testing. By collaborating between a mobile phone and a server, we are the first to capture all possible inputs by doing so at the application layer, instead of at the Android framework layer or the Linux kernel layer, which would be infeasible without a server. MobiPlay runs the to-be-tested application on the server under exactly the same environment as the mobile phone, and displays the GUI of the application in real time on a thin client application installed on the mobile phone. From the perspective of the mobile phone user, the application appears to be local. We have implemented our system and evaluated it with tens of popular mobile applications showing that MobiPlay is efficient, flexible, and comprehensive. It can record all input data, including all sensor data, all touchscreen gestures, and GPS. It is able to record and replay on both the mobile phone and the server. Furthermore, it is suitable for both white-box and black-box testing.Item FOREPOST: A Tool For Detecting Performance Problems with Feedback-Driven Learning Software Testing(2016-01-01) Luo, Qi; Poshyvanyk, Denys; Nair, Aswathy; Grechanik, Mark; University of IllinoisA goal of performance testing is to find situations when applications unexpectedly exhibit worsened characteristics for certain combinations of input values. A fundamental question of performance testing is how to select a manageable subset of the input data faster to find performance problems in applications automatically. We present a novel tool, FOREPOST, for finding performance problems in applications automatically using black-box software testing. In this paper, we demonstrate how FOREPOST extracts rules from execution traces of applications by using machine learning algorithms, and then uses these rules to select test input data automatically to steer applications towards computationally intensive paths and to find performance problems.Item HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users(2016-01-01) Sitova, Zdenka; Sedenka, Jaroslav; Yang, Qing; Peng, Ge; Zhou, Gang; Gasti, PaoloWe introduce hand movement, orientation, and grasp (HMOG), a set of behavioral features to continuously authenticate smartphone users. HMOG features unobtrusively capture subtle micro-movement and orientation dynamics resulting from how a user grasps, holds, and taps on the smartphone. We evaluated authentication and biometric key generation (BKG) performance of HMOG features on data collected from 100 subjects typing on a virtual keyboard. Data were collected under two conditions: 1) sitting and 2) walking. We achieved authentication equal error rates (EERs) as low as 7.16% (walking) and 10.05% (sitting) when we combined HMOG, tap, and keystroke features. We performed experiments to investigate why HMOG features perform well during walking. Our results suggest that this is due to the ability of HMOG features to capture distinctive body movements caused by walking, in addition to the hand-movement dynamics from taps. With BKG, we achieved the EERs of 15.1% using HMOG combined with taps. In comparison, BKG using tap, key hold, and swipe features had EERs between 25.7% and 34.2%. We also analyzed the energy consumption of HMOG feature extraction and computation. Our analysis shows that HMOG features extracted at a 16-Hz sensor sampling rate incurred a minor overhead of 7.9% without sacrificing authentication accuracy. Two points distinguish our work from current literature: 1) we present the results of a comprehensive evaluation of three types of features (HMOG, keystroke, and tap) and their combinations under the same experimental conditions and 2) we analyze the features from three perspectives (authentication, BKG, and energy consumption on smartphones).Item Virtualization in the Private Cloud: State of the Practice(2016-01-01) Birke, Robert; Chen, Lydia Y.; Podzimek, Andrej; Smirni, EvgeniaVirtualization has become a mainstream technology that allows efficient and safe resource sharing in data centers. In this paper, we present a large scale workload characterization study of 90K virtual machines hosted on 8K physical servers, across several geographically distributed corporate data centers of a major service provider. The study focuses on 19 days of operation and focuses on the state of the practice, i. e., how virtual machines are deployed across different physical resources with an emphasis on processors and memory, focusing on resource sharing and usage of physical resources, virtual machine life cycles, and migration patterns and their frequencies. This paper illustrates that indeed there is a huge tendency in over-provisioning CPU and memory resources while certain virtualization features (e. g., migration and collocation) are used rather conservatively, showing that there is significant room for the development of policies that aim to reduce operational costs in data centers.Item Special issue: a selection of distinguished papers from the 18th Working Conference on Reverse Engineering 2011(2014-01-01) Pinzger, Martin; Poshyvanyk, DenysItem Unleashing Exposed Terminals in Enterprise WLANs: A Rate Adaptation Approach(2014-01-01) Huang, Jun; Xing, Guoliang; Zhou, GangThe increasing availability of inexpensive off-the-shelf 802.11 hardware has made it possible to deploy access points (APs) densely to ensure the coverage of complex enterprise environments such as business and college campuses. However, dense AP deployment often leads to increased level of wireless contention, resulting in low system throughput. A promising approach to address this issue is to enable the transmission concurrency of exposed terminals in which two senders lie in the range of one another but do not interfere each other's receiver. However, existing solutions ignore the rate diversity of 802.11 and hence cannot fully exploit concurrent transmission opportunities in a WLAN. In this paper, we present TRACK - Transmission Rate Adaptation for Colliding linKs, a novel protocol for harnessing exposed terminals with a rate adaptation approach in enterprise WLANs. Using measurement-based channel models, TRACK can optimize the bit rates of concurrent links to improve system throughput while maintaining link fairness. Our extensive experiments on a testbed of 17 nodes show that TRACK improves system throughput by up to 67% and 35% over 802.11 CSMA and conventional approaches of harnessing exposed terminals.