While Deep Neural Networks (DNNs) have established the fundamentals of image-based autonomous driving systems, they may exhibit erroneous behaviors and cause fatal accidents. To address safety issues in a recent set testing techniques been designed to automatically generate artificial scenes enrich test suite, e.g., generating new input images transformed from original ones. However, these are insufficient due two limitations: first, many such synthetic often lack diversity scenes, hence...

Learning-based fault localization has been intensively studied recently. Prior studies have shown that traditional Learning-to-Rank techniques can help precisely diagnose locations using various dimensions of fault-diagnosis features, such as suspiciousness values computed by off-the-shelf techniques. However, with the increasing features considered advanced techniques, it be quite challenging for algorithms to automatically identify effective existing/latent features. In this work, we...

Automatic program understanding and generation techniques could significantly advance the productivity of programmers have been widely studied by academia industry. Recently, advent pre-trained paradigm enlightens researchers to develop general-purpose models which can be applied for a broad range tasks. Such models, derived self-supervised objectives on large unlabelled corpora, fine-tuned in downstream tasks (such as code search generation) with minimal adaptations. Although these claim...

Deep Neural Networks (DNNs) have been widely applied in autonomous systems such as self-driving vehicles. Recently, DNN testing has intensively studied to automatically generate adversarial examples, which inject small-magnitude perturbations into inputs test DNNs under extreme situations. While existing techniques prove be effective, particularly for driving, they mostly focus on generating digital perturbations, e.g., changing image pixels, may never happen the physical world. Thus, there...

Summary Fog computing is used as a popular extension of cloud for variety emerging applications. To incorporate various design choices and customized policies in fog paradigm, Microservices proposed new software architecture, which easy to modify quick deploy applications because its significant features, ie, fine granularity loose coupling. Unfortunately, the architecture vulnerable due wildly distributed interfaces that are easily attacked. However, industry has not been fully aware...

Code summarization (aka comment generation) provides a high-level natural language description of the function performed by code, which can benefit software maintenance, code categorization and retrieval. To best our knowledge, state-of-the-art approaches follow an encoder-decoder framework encodes source into hidden space later decodes it space. Such suffer from following drawbacks: (a) they are mainly input representing as sequence tokens while ignoring hierarchy; (b) most encoders only...

Defect prediction aims to automatically identify potential defective code with minimal human intervention and has been widely studied in the literature. Just-in-Time (JIT) defect focuses on program changes rather than whole programs, adopted continuous testing. CC2Vec, state-of-the-art JIT tool, first constructs a hierarchical attention network (HAN) learn distributed vector representations of both additions deletions, then concatenates them two other embedding vectors representing commit...

Coverage-guided fuzzing has become mainstream in to automatically expose program vulnerabilities. Recently, a group of fuzzers are proposed adopt random search mechanism namely Havoc, explicitly or implicitly, augment their edge exploration. However, they only tend the default setup Havoc as an implementation option while none them attempts explore its power under diverse setups inspect rationale for potential improvement. In this paper, address such issues, we conduct first empirical study...

Manual debugging is notoriously tedious and time-consuming. Therefore, various automated fault localization techniques have been proposed to help with manual debugging. Among the existing techniques, spectrum-based (SBFL) one of most widely studied due being lightweight. The focus SBFL consider how differentiate program entities (i.e., dimension in spectra); indeed, this aligned ultimate goal finding faulty lines code. Our key insight enhance by additionally considering tests other spectra),...

While Deep Neural Networks (DNNs) have established the fundamentals of DNN-based autonomous driving systems, they may exhibit erroneous behaviors and cause fatal accidents. To resolve safety issues a recent set testing techniques been designed to automatically generate test cases, e.g., new input images transformed from original ones. Unfortunately, many such generated often render inferior authenticity, lacking accurate semantic information scenes hence compromising resulting efficacy...

The use of Internet Things (IoT) has introduced genuine concerns regarding data security and its privacy when are in collection, exchange, use. Meanwhile, blockchain offers a distributed encrypted ledger designed to allow the creation immutable tamper-proof records at different locations. While may enhance IoT with innate security, integrity, autonomous governance, management allocation still remain an architectural concern. In this article, we propose novel context-aware mechanism for...

Java Virtual Machine (JVM) provides the runtime environment for programs, which allows to be "write once, run anywhere". JVM plays a decisive role in correctness of all programs running on it. Therefore, ensuring and robustness implementations is essential programs. To date, various techniques have been proposed expose bugs via generating potential bug-revealing test However, diversity effectiveness generated by existing research are far from enough since they mainly focus minor...

To date, various hybrid fuzzers have been proposed for maximal program vulnerability exposure by integrating the power of fuzzing strategies and concolic executors. While existing shown their superiority over conventional coverage-guided fuzzers, they seldom follow equivalent evaluation setups, e.g., benchmarks seed corpora. Thus, there is a pressing need comprehensive study on to provide implications guidance future research in this area. end, paper, we conduct first extensive...

While third-party libraries (TPLs) are extensively reused to enhance productivity during software development, they can also introduce potential security risks such as vulnerability propagation. Software composition analysis (SCA), proposed identify TPLs for reducing risks, has become an essential procedure within modern DevSecOps. As one of the mainstream SCA techniques, binary-to-source identifies source projects contained in binary files via code matching, which is a major challenge...

Major depressive disorder (MDD) is approximately twice as common in females than males. Furthermore, female patients with MDD tend to manifest comorbid anxiety. Few studies have explored the potential anatomical and functional brain changes associated females. Therefore, purpose of present study was investigate underlying females, especially within context anxiety.In this study, we recruited antidepressant-free (N = 35) healthy controls (HC; N 23). The severity depression anxiety were...

Automated code completion, aiming at generating subsequent tokens from unfinished code, has significantly benefited recent progress in pre-trained Large Language Models (LLMs). However, these models often suffer coherence issues and hallucinations when dealing with complex logic or extrapolating beyond their training data. Existing Retrieval Augmented Generation (RAG) techniques partially address by retrieving relevant a separate encoding model where the retrieved snippet serves as...

Deep Neural Networks (DNNs) have been widely applied in many autonomous systems such as driving. Recently, DNN testing has intensively studied to automatically generate adversarial examples, which inject small-magnitude perturbations into inputs test DNNs under extreme situations. While existing techniques prove be effective, they mostly focus on generating digital (particularly for driving), e.g., changing image pixels, may never happen physical world. There is a critical missing piece the...

Performance anomaly alerting based on trace data plays an important role in assuring the quality of online service systems. However, engineers find that many anomalies reported by existing techniques are not interest for them to take further actions. For a large scale with hundreds different microservices, current methods either fire lots false alarms applying simple thresholds temporal metrics (i.e., latency), or run complex end-to-end deep learning model limited interpretability. Engineers...

As a widely-used platform to support various Java-bytecode-based applications, Java Virtual Machine (JVM) incurs severe performance loss caused by its real-time program interpretation mechanism. To tackle this issue, the Just-in- Time compiler (JIT) has been widely adopted strengthen efficacy of JVM. Therefore, how effectively and efficiently detect JIT bugs becomes critical ensure correctness In paper, we propose coverage-guided fuzzing framework, namely JITfuzz, automatically bugs....

Fuzzing nowadays has been commonly modeled as an optimization problem, e.g., maximizing code coverage under a given time budget via typical search-based solutions such evolutionary algorithms. However, are widely argued to cause inefficient computing resource usage, i.e., mutations. To address this issue, two neural program-smoothing-based fuzzers, Neuzz and MTFuzz, have recently proposed approximate program branching behaviors network models, which input byte sequences of seed output...

IoT systems have gained increasing attentions in research community and industry. Tens of billions devices are now connected to the Internet quintillion bytes data generated from sensing every day. One important applications industry is monitoring, fault detection, diagnosis manufacturing (MFDM). However, current practices development such individualized with each company developing their own solutions. To address this issue, we propose a SaaS-centered framework for system health management....

Existing software composition analysis (SCA) techniques for the C/C++ ecosystem tend to identify reused components through feature matching between target project and collected third-party libraries (TPLs). However, duplication caused by internal code clone can cause inaccurate SCA results. To mitigate this issue, Centris, a state-of-the-art technique ecosystem, was proposed adopt function-level detection derive TPL dependencies eliminating redundant features before performing tasks....