Ali Mesbah

Contextual information plays a vital role for software developers when understanding and fixing a bug. Context can also be important in deep learning-based program repair to provide extra information about the bug and its fix. Existing techniques, however, treat context in an arbitrary manner, by extracting code in close proximity of the buggy statement within the enclosing file, class, or method, without any analysis to find actual relations with the bug. To reduce noise, they use a predefined maximum limit on the number of tokens to be used as context. We present a program slicing-based approach, in which instead of arbitrarily including code as context, we analyze statements that have a control or data dependency on the buggy statement. We propose a novel concept called dual slicing, which leverages the context of both buggy and fixed versions of the code to capture relevant repair ingredients. We present our technique and tool called KATANA, the first to apply slicing-based context for a program repair task. The results show KATANA effectively preserves sufficient information for a model to choose contextual information while reducing noise. We compare against four recent state-of-the-art context-aware program repair techniques. Our results show KATANA fixes between 1.5 to 3.7 times more bugs than existing techniques.

View record

Training a deep learning model on source code has gained significant traction recently. Since such models reason about vectors of numbers, source code needs to be converted to a code representation and then will be transformed into vectors. Numerous approaches have been proposed to represent source code, from sequences of tokens to abstract syntax trees. However, there is no systematic study to understand the effect of code representation on learning performance. Through a controlled experiment, we examine the impact of various code representations on model accuracy and usefulness in learning-based program repair. We train 21 different models, including 14 different homogeneous code representations, four mixed representations for the buggy and fixed code, and three different embeddings. We also conduct a user study to qualitatively evaluate the usefulness of inferred fixes in different code representations. Our results highlight the importance of code representation and its impact on learning and usefulness. Our findings indicate that (1) while code abstractions help the learning process, they can adversely impact the usefulness of inferred fixes from a developer’s point of view; this emphasizes the need to look at the patches generated from the end user’s perspective, which is often neglected in the literature, (2) mixed representations can outperform homogeneous code representations, (3) bug type can affect the effectiveness of different code representations; although current techniques use a single code representation for all bug types, there is no single best code representation applicable to all bug types. This calls for the need to look at the repair task from the practitioner’s in mind which is often overlooked in the literature. We emphasize the effectiveness of code representation varies significantly depending on the bug types.

View record

IoT systems are rapidly adopted in various domains, from embedded systems tosmart homes. Despite their growing adoption and popularity, there has been nothorough study to understand IoT development challenges from the practitioners’point of view. We provide the first systematic study of bugs and challenges thatIoT developers face in practice, through a large-scale empirical investigation. Wecollected 5,565 bug reports from 91 representative IoT project repositories and categorizeda random sample of 323 based on the observed failures, root causes, andthe locations of the faulty components. In addition, we conducted nine interviewswith IoT experts to uncover more details about IoT bugs and to gain insight intoIoT developers’ challenges. Lastly, we surveyed 194 IoT developers to validateour findings and gain further insights. We propose the first bug taxonomy for IoTsystems based on our results.We highlight frequent bug categories and their root causes, correlations betweenthem, and common pitfalls and challenges that IoT developers face. Werecommend future directions for IoT areas that require research and developmentattention.

View record

Test suite effectiveness is measured by assessing the portion of faults that canbe detected by tests. To precisely measure a test suite’s effectiveness, oneneed to pay attention to both tests and the set of faults used. Code coverageis a popular test adequacy criterion in practice. Code coverage, however,remains controversial as there is a lack of coherent empirical evidence for itsrelation with test suite effectiveness. More recently, test suite size has beenshown to be highly correlated with effectiveness. However, previous studiestreat test methods as the smallest unit of interest, and ignore potential factorsinfluencing the correlation between test suite size and test suite effectiveness.We propose to go beyond test suite size, by investigating test assertions insidetest methods. First, we empirically evaluate the relationship between a testsuite’s effectiveness and the (1) number of assertions, (2) assertion coverage,and (3) different types of assertions. We compose 6,700 test suites in total,using 24,000 assertions of five real-world Java projects. We find that thenumber of assertions in a test suite strongly correlates with its effectiveness,and this factor positively influences the relationship between test suite sizeand effectiveness. Our results also indicate that assertion coverage is stronglycorrelated with effectiveness. Second, instead of only focusing on the testingside, we propose to investigate test suite effectiveness also by consideringfault types (the ways faults are generated) and faults in different types ofstatements. Measuring a test suite’s effectiveness can be influenced by usingfaults with different characteristics. Assessing test suite effectiveness withoutpaying attention to the distribution of faults is not precise. Our resultsindicate that fault type and statement type where the fault is located cansignificantly influence a test suite’s effectiveness.

View record

Smartphones and the applications (apps), which run on them, have grown tremendously over the past few years. To capitalize on this growth and attract more users, developing the same app for different platforms has become a common industry practice. However, each mobile platform has its own development language, Application program interfaces (APIs), software development kits (SDKs) and online stores for distributing apps to users. To understand the characteristics of and differences in how users perceive the same app implemented for and distributed through different platforms, we present a large-scale comparative study of cross-platform apps. We mine the characteristics of 80,000 app-pairs (160K apps in total) from a corpus of 2.4 million apps collected from the Apple and Google Play app stores. We quantitatively compare their app-store attributes, such as stars, versions, and prices. We measure the aggregated user-perceived ratings and find many differences across the platforms. Further, we employ machine learning to classify 1.7 million textual user reviews obtained from 2,000 of the mined app-pairs. We analyze discrepancies and root causes of user complaints to understand cross-platform development challenges that impact cross-platform user-perceived ratings. We also follow up with the developers to understand the reasons behind identified differences.Further, we take a closer look at a special category of cross-platform apps, which are built using Cross Platform Tools (CPTs). CPTs allow developers to use a common code-base to simultaneously create apps for multiple platforms. Apps created using these CPTs are called hybrid apps. We mine 15,512 hybrid apps; measure their aggregated user-perceived ratings and compare them to native apps of the same category.

View record

Testing has become a wide-spread practice among practitioners. Test cases are written to verify that production code functions as expected and are modified alongside the production code. Over time the quality of the test code can degrade. The test code might contain bugs, or it can accumulate redundant test cases or very similar ones with many redundant parts. The work presented in this dissertation has focused on addressing these issues by characterizing bugs in test code, and proposing a test model to analyze test cases and support test reorganization. To characterize the prevalence and root causes of bugs in the test code, we mine the bug repositories and version control systems of 448 Apache Software Foundation projects. Our results show that around half of all the projects had bugs in their test code; the majority of test bugs are false alarms, i.e., test fails while the production code is correct, while a minority of these bugs result in silent horrors, i.e., test passes while the production code is incorrect; missing and incorrect assertions are the dominant root cause of silent horror bugs; semantic, flaky, environment related bugs are the dominant root cause categories of false alarms. We present a test model for analyzing tests and performing test reorganization tasks in test code. Redundancies increase the maintenance overhead of the test suite and increase the test execution time without increasing the test suite coverage and effectiveness. We propose a technique that uses our test model to reorganize test cases in a way that reduces the redundancy in the test suite. We implement our approach in a tool and evaluate it on four open-source softwares. Our empirical evaluation shows that our approach can reduce the number of redundant test cases up to 85% and the test execution time by up to 2.5% while preserving the test suite’s behaviour.

View record

Modern web applications make extensive use of JavaScript, which is now estimated to be one of the most widely used languages in the world. Callbacks are a popular language feature in JavaScript. However, they are also a source of comprehension and maintainability issues. We studied several features of callback usage across a large number of JavaScript applications and found out that over 43 of all callback-accepting function call sites are anonymous, the majority of callbacks are nested, and more than half of all callbacks are invoked asynchronously. Promises have been introduced as an alternative to callbacks for composing complex asynchronous execution flow and as a robust mechanism for error checking in JavaScript. We use our observations of callback usage to build a developer tool that refactors asynchronous callbacks into Promises. We show that our technique and tool is broadly applicable to a wide range of JavaScript applications.

View record

Cascading Style Sheets (CSS) is widely used in today's web applications to separate presentation semantics from HTML content. Despite the simple syntax of CSS, the language has some characteristics, such as inheritance,cascading and specificity, which make authoring and maintaining CSS a challenging task. In this thesis, we describe a set of 26 CSS smells and errors, collected from various development resources and propose an automated technique to detect them. Additionally, we conduct a large empirical study on 500 websites, 5060 CSS files in total which consist of more than 10 millionlines of CSS code, to investigate which smells and errors are more prevalent and to what extent they occur in CSS code of today's web applications. Finally, we propose a model based on the findings of our empirical study that is capable of predicting the total number of CSS code smells in any given website which can be used by developers as a CSS code quality guidance. A study of unused CSS code on 187 websites and its results are also described in this thesis.

View record

Client-side JavaScript is increasingly used for enhancing web application functionality, interactivity, and responsiveness. Through the execution of JavaScript code in browsers, the DOM tree representing a webpage at runtime, can be incrementally updated without requiring a URL change. This dynamically updated content is hidden from general search engines. We present the first empirical study on measuring and characterizing the hidden-web induced as a result of client-side JavaScript execution. Our study reveals that this type of hidden-web content is prevalent in online web applications today: from the 500 websites we analyzed, 95% contain client-side hidden-web content; On those websites that contain client-side hidden-web content, (1) on average, 62% of the web states are hidden, (2) per hidden state, there is an average of 19 kilobytes of data that is hidden from which 0.6 kilobytes contain textual content, (3) the DIV element is the most common clickable element used (61%) to initiate this type of hidden-web state transition, and (4) on average 25 minutes is required to dynamically crawl 50 DOM states. Further, our study indicates that there is a correlation between DOM tree size and hidden-web content, but no correlation exists between the amount of JavaScript code and client-side hidden-web.

View record

Today, a considerable portion of our society relies on Web applications to perform numerous tasks in every day life; for example, transferring money over wire or purchasing flight tickets. To ascertain such pervasive Web applications perform robustly, various tools are introduced in the software engineering research community and the industry. Web application crawlers are an instance of such tools used in testing and analysis of Web applications. Software testing, and in particular testing Web applications, play an imperative role in ensuring the quality and reliability of software systems. In this thesis, we aim at optimizing the crawling of modern Web applications in terms of memory and time performances.Modern Web applications are event driven and have dynamic states in contrast to classic Web applications. Aiming at improving the crawling process of modern Web applications, we focus on state transition management and scalability of the crawling process. To improve the time performance of the state transition management mechanism, we propose three alternative techniques revised incrementally. In addition, aiming at increasing the state coverage, i.e. increasing the number of states crawled in a Web application, we propose an alternative solution, reducing the memory consumption, for storage and retrieval of dynamic states in Web applications. Moreover, a memory analysis is performed by using memory profiling tools to investigate the areas of memory performance optimization.The enhancements proposed are able to improve the time performance of the state transition management by 253.34%. That is, the time consumption of the default state transition management is 3.53 times the proposed solution time, which in turn means time consumption is reduced by 71.69%. Moreover, the scalability of the crawling process is improved by 88.16%. That is, the proposed solution covers a considerably greater number of states in crawling Web applications. Finally, we identified the bottlenecks of scalability so as to be addressed in future work.

View record

Developers often write test cases that assert the behaviour of a web application from an end-user’s perspective. However, when such test cases fail, it is difficult to relate the assertion failure to the faulty line of code. The challenges mainly stem from the existing disconnect between front-end test cases that assert the DOM and the application’s underlying JavaScript code. We propose an automated technique to help developers localize the fault related to a test failure. Through a combination of selective code instrumentation and dynamic backward slicing, our technique bridges the gap between test cases and program code. Through an interactive visualization, our approach, implemented in a tool called Camellia, allows developers to easily understand the dynamic behaviour of their application and its relation to the test cases. The results of our controlled experiment show that Camellia improves the fault localization accuracy of developers by a factor of two. Moreover, the implemented approach incurs a low performance overhead.

View record