Smartphone applications' performance has a vital impact on user experience. However, many smartphone applications suffer from bugs that cause significant degradation, thereby losing their competitive edge. Unfortunately, people have little understanding of these bugs. They also lack effective techniques to fight with such To bridge this gap, we conducted study 70 real-world collected eight large-scale and popular Android applications. We studied the characteristics (e.g., bug types how they...

Android ecosystem is heavily fragmented. The numerous combinations of different device models and operating system versions make it impossible for app developers to exhaustively test their apps. As a result, various compatibility issues arise, causing poor user experience. However, little known on the characteristics such fragmentation-induced no mature tools exist help quickly diagnose fix these issues. To bridge gap, we conducted an empirical study 191 real-world collected from popular...

Smartphone applications' energy efficiency is vital, but many Android applications suffer from serious inefficiency problems. Locating these problems labor-intensive and automated diagnosis highly desirable. However, a key challenge the lack of decidable criterion that facilitates judgment such Our work aims to address this challenge. We conducted an in-depth study 173 open-source 229 commercial applications, observed two common causes problems: missing deactivation sensors or wake locks,...

Large Language Models (LLMs), renowned for their superior proficiency in language comprehension and generation, stimulate a vibrant ecosystem of applications around them. However, extensive assimilation into various services introduces significant security risks. This study deconstructs the complexities implications prompt injection attacks on actual LLM-integrated applications. Initially, we conduct an exploratory analysis ten commercial applications, highlighting constraints current attack...

The PyPI ecosystem has indexed millions of Python libraries to allow developers automatically download and install dependencies their projects based on the specified version constraints. Despite convenience brought by automation, constraints in can easily conflict, resulting build failures. We refer such conflicts as <u>D</u>ependency <u>C</u>onfict (DC) issues. Although DC issues are common projects, lack tool support gain a comprehensive knowledge for diagnosing root causes these In this...

Web testing has long been recognized as a notoriously difficult task. Even nowadays, web still mainly relies on manual efforts in many cases while automated is far from achieving human-level performance. Key challenges include dynamic content update and deep bugs hiding under complicated user interactions specific input values, which can only be triggered by certain action sequences the huge space of all possible sequences. In this paper, we propose WebExplor, an automatic end-to-end...

Software is constantly changing, requiring developers to perform several derived tasks in a timely manner, such as writing description for the intention of code change, or identifying defect-prone changes. Considering that cost dealing with these can account large proportion (typically around 70 percent) total development expenditure, automating processes will significantly lighten burdens developers. To achieve target, existing approaches mainly rely on training deep learning models from...

Smartphone applications have millions of users. Their energy efficiency is very important. However, we investigated 174 Android and found 33 them suffering serious inefficiency problems. Many these problems are due to ineffective use sensors their data. In this paper, propose a novel approach systematically diagnose in applications. We derive an application execution model from specifications, leverage it realistically simulate application's runtime behavior. Our can automatically analyze...

Wake locks are widely used in Android apps to protect critical computations from being disrupted by device sleeping. Inappropriate use of wake often seriously impacts user experience. However, little is known on how real-world and the impact their misuses. To bridge gap, we conducted a large-scale empirical study 44,736 commercial 31 open-source apps. By automated program analysis manual investigation, observed (1) common points where acquired released, (2) 13 types computational tasks that...

The control flows of Android apps are largely driven by the protocols that govern how callback APIs invoked in response to various events. When these evolve along with framework, changes their invocation can induce unexpected existing apps, causing compatibility issues. We refer issues as While framework updates have received due attention, little is known about impacts on app and thus induced. To bridge gap, we examined documentations conducted an empirical study 100 real-world investigate...

Android ecosystem is heavily fragmented. The numerous combinations of different device models and operating system versions make it impossible for app developers to exhaustively test their apps, thus various compatibility issues arise. Unfortunately, little known on the characteristics such fragmentation-induced issues. No mature tools exist help quickly diagnose fix these To bridge gap, we conducted an empirical study 220 real-world collected from five popular open-source apps. We further...

Bug-inducing commits provide important information to understand when and how bugs were introduced. Therefore, they have been extensively investigated by existing studies frequently leveraged facilitate bug fixings in industrial practices.

Unmanned aerial vehicles (UAVs) are becoming increasingly important and widely used in modern society. Software bugs these systems can cause severe issues, such as system crashes, hangs, undefined behaviors. Some also be exploited by hackers to launch security attacks, resulting catastrophic consequences. Therefore, techniques that help detect fix software UAVs highly desirable. However, although there many existing studies on various types of software, the characteristics UAV have never...

Machine learning (ML)-based Android malware detection has been one of the most popular research topics in mobile security community. An increasing number studies have demonstrated that machine is an effective and promising approach for detection, some works even claimed their proposed models could achieve 99% accuracy, leaving little room further improvement. However, numerous prior suggested unrealistic experimental designs bring substantial biases, resulting over-optimistic performance...

The login functionality, being the gateway to app usage, plays a critical role in both user experience and application security. As Android apps increasingly incorporate functionalities, they support variety of authentication methods with complicated processes, catering personalized experiences. However, complexities managing different operations processes make it difficult for developers handle them correctly. In this paper, we present first empirical study issues apps. We analyze 361 from...

The heavily fragmented Android ecosystem has induced various compatibility issues in apps. search space for such fragmentation-induced (FIC issues) is huge, comprising three dimensions: device models, OS versions, and APIs. FIC issues, especially those arising from evolve quickly with the frequent release of new models to market. As a result, an automated technique desired maintain timely knowledge which are mostly undocumented. In this paper, we propose technique, PIVOT, that automatically...

Various techniques have been proposed to detect smells in spreadsheets, which are susceptible errors. These typically spreadsheet through a mechanism based on fixed set of patterns or metric thresholds. Unlike conventional programs, tabulation styles vary greatly across spreadsheets. Smell detection thresholds, insensitive the varying styles, can miss many one while reporting spurious another. In this paper, we propose CUSTODES effectively cluster cells and these clusters. The clustering...

Popular Q&A sites like StackOverflow have collected numerous code snippets. However, many of them do not complete type information, making uncompilable and inapplicable to various software engineering tasks. This paper analyzes this problem, proposes a technique CSNIPPEX automatically convert snippets into compilable Java source files by resolving external dependencies, generating import declarations, fixing syntactic errors. We implemented as plug-in for Eclipse evaluated it with 242,175...

Misuses of library APIs are pervasive and often lead to software crashes vulnerability issues. Various static analysis tools have been proposed detect API misuses. They involve mining frequent patterns from a large number correct usage examples, which can be hard obtain in practice. also suffer low precision due an over-simplified assumption that deviation indicates misuse. We make two observations on the discovery misuse patterns. First, misuses represented as mutants corresponding usages....

Python is a popular dynamic programming language. In recent years, many frameworks implemented in have been widely used for data science and web development. Similar to other languages, the APIs provided by often evolve, which would inevitably induce compatibility issues client applications. While existing work has studied evolution of static languages such as Java, little known on how framework evolve characteristics induced evolution. To bridge this gap, we take first look at resulting We...

Front-running attacks have been a major concern on the blockchain. Attackers launch front-running by inserting additional transactions before upcoming victim to manipulate transaction executions and make profits. Recent studies shown that are prevalent Ethereum blockchain caused millions of US dollars loss. It is vulnerabilities in smart contracts, which programs invoked transactions, enable attack opportunities. Although techniques detect proposed, their performance real-world vulnerable...

Java projects are often built on top of various third-party libraries. If multiple versions a library exist the classpath, JVM will only load one version and shadow others, which we refer to as <i>dependency conflicts</i> . This would give rise <i>semantic conflict</i> (SC) issues, if APIs referenced by project have identical method signatures but inconsistent semantics across loaded shadowed SC issues difficult for developers diagnose in practice, since understanding them typically requires...

Due to the great advance in machine learning (ML) techniques, numerous ML models are expanding their application domains recent years. To adapt for resource-constrained platforms such as mobile and Internet of Things (IoT) devices, pre-trained often processed enhance efficiency compactness, using optimization techniques pruning quantization. Similar process other complex systems, e.g., program compilers databases, optimizations can contain bugs, leading severe consequences system crashes...