Browsing by Author "Ufuktepe, Ekincan"

Now showing 1 - 13 of 13

Citation - WoS: 2
Citation - Scopus: 1
Application of the Law of Minimum and Dissimilarity Analysis to Regression Test Case Prioritization
(Ieee-inst Electrical Electronics Engineers inc, 2023) Ufuktepe, Ekincan; Tuglular, Tugkan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Regression testing is one of the most expensive processes in testing. Prioritizing test cases in regression testing is critical for the goal of detecting the faults sooner within a large set of test cases. We propose a test case prioritization (TCP) technique for regression testing called LoM-Score inspired by the Law of Minimum (LoM) from biology. This technique calculates the impact probabilities of methods calculated by change impact analysis with forward slicing and orders test cases according to LoM. However, this ordering doesn't consider the possibility that consecutive test cases may be covering the same methods repeatedly. Thereby, such ordering can delay the time of revealing faults that exist in other methods. To solve this problem, we enhance the LoM-Score TCP technique with an adaptive approach, namely with a dissimilarity-based coordinate analysis approach. The dissimilarity-based coordinate analysis uses Jaccard Similarity for calculating the similarity coefficients between test cases in terms of covered methods and the enhanced technique called Dissimilarity-LoM-Score (Dis-LoM-Score) applies a penalty with respective on the ordered test cases. We performed our case study on 10 open-source Java projects from Defects4J, which is a dataset of real bugs and an infrastructure for controlled experiments provided for software engineering researchers. Then, we hand-seeded multiple mutants generated by Major, which is a mutation testing tool. Then we compared our TCP techniques LoM-Score and Dis-LoM-Score with the four traditional TCP techniques based on their Average Percentage of Faults Detected (APFD) results.
Citation - WoS: 1
Citation - Scopus: 5
Automation Architecture for Bayesian Network Based Test Case Prioritization and Execution
(Ieee, 2016) Ufuktepe, Ekincan; Tuglular, Tugkan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
An automation architecture for Bayesian Network based test case prioritization is designed for software written in Java programming language following the approach proposed by Mirarab and Tahvildari [2]. The architecture is implemented as an integration of a series of tools and called Bayesian Network based test case prioritization and execution platform. The platform is triggered by a change in the source code, then it collects necessary information to be supplied to Bayesian Network and uses Bayesian Network evaluation results to run high priority unit tests.
Bir yazılımın dayanıklılığını ölçmeye yönelik bir yöntem
(Türk Patent ve Marka Kurumu, 2021-06-21) Tuğlular, Tuğkan; Ufuktepe, Ekincan; Tuğlular, Tuğkan; Izmir Institute of Technology; Izmir Institute of Technology
Buluş, bir yazılımın girdilere karşı dayanıklılığını ölçmeye yönelik; FIPS (Fonksiyon 5 Girdi Parametresi Durumu) düğümleri (A) ile, kod içerisinde birbirinden bağımsız olarak girdilere karşı zafiyetler için gerekli önlemlerin alınıp alınmadığını kontrol edilerek sayısal değerlerin alınması, FIPS düğümlerinde (A) alınan bu değerlerin incelenen zafiyetlere ilişkin zafiyet düğümlerine (B) aktarılması ve bilgilerin işlenmesi, zafiyet düğümlerinde (B) işlenen bilgilerin uygulama düğümüne (C) aktarılması, 10 uygulama düğümünün (C) gelen bilgileri değerlendirerek, yazılımın genel olarak dayanıklılığına dair çıkarsama yaparak bir ölçüm vermesi işlem adımlarını içeren bir yöntem ile ilgilidir.
Citation - WoS: 4
Code Change Sniffer: Predicting Future Code Changes with Markov Chain
(Ieee Computer Soc, 2021) Ufuktepe, Ekincan; Tuglular, Tugkan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Code changes are one of the essential processes of software evolution. These changes are performed to fix bugs, improve quality of software, and provide a better user experience. However, such changes made in code could lead to ripple effects that can cause unwanted behavior. To prevent such issues occurring after code changes, code change prediction, change impact analysis techniques are used. The proposed approach uses static call information, forward slicing, and method change information to build a Markov chain, which provides a prediction for code changes in the near future commits. For static call information, we utilized and compared call graph and effect graph. We performed an evaluation on five open-source projects from GitHub that varies between 5K-26K lines of code. To measure the effectiveness of our proposed approach, recall, precision, and f-measure metrics have been used on five open-source projects. The results show that the Markov chain that is based on call graph can have higher precision compared to effect graph. On the other hand, for small number of cases higher recall values are obtained with effect graph compared to call graph. With a Markov chain model based on call graph and effect graph, we can achieve recall values between 98%-100%.
Citation - WoS: 4
Citation - Scopus: 5
Estimating software robustness in relation to input validation vulnerabilities using Bayesian networks
(Springer, 2018) Ufuktepe, Ekincan; Tuglular, Tugkan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Estimating the robustness of software in the presence of invalid inputs has long been a challenging task owing to the fact that developers usually fail to take the necessary action to validate inputs during the design and implementation of software. We propose a method for estimating the robustness of software in relation to input validation vulnerabilities using Bayesian networks. The proposed method runs on all program functions and/or methods. It calculates a robustness value using information on the existence of input validation code in the functions and utilizing common weakness scores of known input validation vulnerabilities. In the case study, ten well-known software libraries implemented in the JavaScript language, which are chosen because of their increasing popularity among software developers, are evaluated. Using our method, software development teams can track changes made to software to deal with invalid inputs.
Citation - WoS: 3
Citation - Scopus: 2
Heterogeneous Modeling and Testing of Software Product Lines
(Ieee Computer Soc, 2021) Belli, Fevzi; Tuglular, Tugkan; Ufuktepe, Ekincan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Software product line (SPL) engineering is a widely accepted approach to systematically realizing software reuse in an industrial environment. Feature models, a centerpiece of most SPL engineering techniques, are appropriate to model the variability and the structure of SPLs, but not their behavior. This paper uses the idea to link feature modeling to model-based behavior modeling and to determine the test direction (top-down or bottom-up) based on the variability binding. This heterogeneous modeling enables a holistic system testing for validating both desirable (positive) and undesirable (negative) properties of the SPL and variants. The proposed approach is validated by a non-trivial example and evaluated by comparison.
Measurement of JavaScript applications' readiness to untrusted data using Bayesian Networks
(Izmir Institute of Technology, 2014-07) Ufuktepe, Ekincan; Tuğlular, Tuğkan; Tuğlular, Tuğkan
Web applications have become an integral part of our daily lives. People mostly provide their important needs, such as people keep their private data, do their banking transactions, shopping etc. through web applications. Therefore, web applications have been an attractive target to malicious individuals and organizations. The usage of JavaScript language by web application developers is increasing very fast, especially after JavaScript started to service back-end developers as well. Therefore, JavaScript has incorporated both front-end and back-end developers. Concurrently, due to flexibility and its most popular library called jQuery, JavaScript has become an attractive to web application developers. OWASP updates the top 25 security vulnerabilities regularly. According the results, SQL Injection (CWE-89) and Operating System Command Injection (CWE-78) has taken the 1st place and Cross-Site Scripting (XSS) (CWE-79) has taken the 3rd place. The results shows that three input validation based vulnerabilities appear in the top three; therefore, it can be said that input validation vulnerabilities have become critical vulnerabilities of web applications. However, developers still fail to validate the inputs or use libraries to protect their web applications against input validation vulnerabilities. In this thesis, JavaScript application’s functions are analyzed to determine if their parameters are validated or not. Then, according to the invalidated inputs, a Bayesian Network to measure its readiness to input validation vulnerabilities is generated.
Citation - WoS: 1
Citation - Scopus: 1
A Metric for Measuring Test Input Generation Effectiveness of Test Generation Methods for Boolean Expressions
(Ieee, 2021) Ufuktepe, Deniz Kavzak; Ufuktepe, Ekincan; Ayav, Tolga; Ayav, Tolga; Bilgisayar Mühendisliği Bölümü
The literature includes several methods to generate test inputs for Boolean expressions. The effectiveness of those methods needs to be analyzed by extensive comparisons. To this end, mutation analysis is often benefited by applying a distinctively selected set of mutants on each test generation method. Mutation analysis provides substantive information about the effectiveness of a test suite by indicating the percentage of killed mutants, which is a common metric. However, as we claim and show in this paper, this metric alone is not sufficient to demonstrate the effectiveness of the methods. For a test generation method, the amount of generated test inputs is also an important attribute to evaluate effectiveness. To the best of our knowledge, there is no metric that measures the effectiveness within a scale taking into account several attributes. In this study, we propose a new metric to measure the effectiveness of test input generation methods, which takes into account both the number of killed mutants and the number of test inputs. We demonstrate our new metric on three well-known test input generation methods for Boolean expressions.
Citation - WoS: 8
A Program Slicing-based Bayesian Network Model for Change Impact Analysis
(Ieee Computer Soc, 2018) Ufuktepe, Ekincan; Tuglular, Tugkan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Change impact analysis plays an important role in identifying potential affected areas that are caused by changes that are made in a software. Most of the existing change impact analysis techniques are based on architectural design and change history. However, source code-based change impact analysis studies are very few and they have shown higher precision in their results. In this study, a static method-granularity level change impact analysis, that uses program slicing and Bayesian Network technique has been proposed. The technique proposes a directed graph model that also represents the call dependencies between methods. In this study, an open source Java project with 8999 to 9445 lines of code and from 505 to 528 methods have been analyzed through 32 commits it went. Recall and f-measure metrics have been used for evaluation of the precision of the proposed method, where each software commit has been analyzed separately.
Citation - WoS: 3
Citation - Scopus: 4
The Relation between Bug Fix Change Patterns and Change Impact Analysis
(Ieee Computer Soc, 2021) Ufuktepe, Ekincan; Tuglular, Tugkan; Palaniappan, Kannappan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Change impact analysis analyzes the changes that are made in the software and finds the ripple effects, in other words, finds the affected software components. In this study, we analyze the bug fix change patterns to have a better understanding of what types of changes are common in fixing bugs. To achieve this, we implemented a tool that compares two versions of codes and detects the changes that are made. Then, we investigated how these changes are related to change impact analysis. In our case study, we used 13 of the projects and 621 bugs from Defects4J to identify the common change types in bug fixed. Then, to find the change types related to cause an impact in the software, we performed an impact analysis on a subset of projects and bugs of Defects4J. The results have shown that, on average, 90% of the bug fix change types are adding a new method declaration and changing the method body. Then, we investigated if these changes cause an impact or a ripple effect in the software by performing a Markov chain-based change impact analysis. The results show that the bug fix changes had only impact rates within a range of 0.4%-5%. Furthermore, we performed a statistical correlation analysis to find if any of the bug fixes have a significant correlation on the impact of change. The results have shown that there is a negative correlation between caused impact with the change types adding new method declaration and changing method body. On the other hand, we found that there is a positive correlation between caused impact and changing the field type.
Test case prioritization for regression testing using change impact analysis
(Izmir Institute of Technology, 2019-06) Ufuktepe, Ekincan; Tuğlular, Tuğkan; Tuğlular, Tuğkan
The test case prioritization aims to order test cases to increase rate of fault detection, and to reduce the time for detecting faults. In this study, a static source code analysis based approach, that uses change impact analysis is proposed. The proposed change impact analysis approach uses program slicing technique, method change information and Bayesian Network. With respect to the change impact analysis results, two test case prioritization approaches called LoM and LoM-Addtl are proposed, which is inspired by the "Law of Minimum" from biology and agronomy. The change impact analysis and test case prioritization approaches are performed on three well-known projects. The proposed change impact analysis results are evaluated with precision and recall metrics. On the other hand, the proposed test case prioritization methods LoM and LoM-Addtl are compared with five other test case prioritization techniques and evaluated with the APFD measure. The results of the change impact analysis showed that when a software has completed 75% of its development, 97%-100% of the affected methods and changed methods are predicted. On the other hand, the LoM and LoM-Addtl test case prioritization approaches showed consistent results when compared to the traditional test case prioritization techniques. However, it has been observed that, LoM and LoM-Addtl performed better than the traditional methods when version jumps are smaller. Furthermore, following an Additional in LoM (LoM-Addtl) has shown better results compare to LoM.
Citation - WoS: 6
Citation - Scopus: 7
Tracking Code Bug Fix Ripple Effects Based on Change Patterns Using Markov Chain Models
(Ieee-inst Electrical Electronics Engineers inc, 2022) Ufuktepe, Ekincan; Tuglular, Tugkan; Palaniappan, Kannappan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Change impact analysis evaluates the changes that are made in the software and finds the ripple effects, in other words, finds the affected software components. Code changes and bug fixes can have a high impact on code quality by introducing new vulnerabilities or increasing their severity. A recent high-visibility example of this is the code changes in the log4j web software CVE-2021-45105 to fix known vulnerabilities by removing and adding method called change types. This bug fix process exposed further code security concerns. In this article, we analyze the most common set of bug fix change patterns to have a better understanding of the distribution of software changes and their impact on code quality. To achieve this, we implemented a tool that compares two versions of the code and extracts the changes that have been made. Then, we investigated how these changes are related to change impact analysis. In our case study, we identified the change types for bug-inducing and bug fix changes using the Quixbugs dataset. Furthermore, we used 13 of the projects and 621 bugs from Defects4J to identify the common change types in bug fixes. Then, to find the change types that cause an impact on the software, we performed an impact analysis on a subset of projects and bugs of Defects4J. The results have shown that, on average, 90% of the bug fix change types are adding a new method declaration and changing the method body. Then, we investigated if these changes cause an impact or a ripple effect in the software by performing a Markov chain-based change impact analysis. The results show that the bug fix changes had only impact rates within a range of 0.4-5%. Furthermore, we performed a statistical correlation analysis to find if any of the bug fixes have a significant correlation with the impact of change. The results have shown that there is a negative correlation between caused impact with the change types adding new method declaration and changing method body. On the other hand, we found that there is a positive correlation between caused impact and changing the field type.
Citation - WoS: 0
Citation - Scopus: 0
Unifying Behavioral and Feature Modeling for Testing of Software Product Lines
(World Scientific Publ Co Pte Ltd, 2023) Belli, Fevzi; Tuglular, Tugkan; Ufuktepe, Ekincan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Existing software product line (SPL) engineering testing approaches generally provide positive testing that validates the SPL's functionality. Negative testing is commonly neglected. This research aims to unify behavioral and feature models of an SPL, enable testing before and after variability binding for domain-centric and product-centric testing, and combine positive and negative testing for a holistic testing view. This study suggests behavioral modeling with event sequence graphs (ESGs). This heterogeneous modeling strategy supports bottom-up domain testing and top-down product testing with the feature model. This new feature-oriented ESG test creation method generates shorter test sequences than the original ESG optimum test sequences. Statechart and original ESG test-generating methods are compared. Positive testing findings are similar. The Statechart technique generated 12 test cases with 59 events, whereas the ESG technique created six test cases with 60 events. The ESG technique generated 205 negative test cases with 858 events with the Test Suite Designer tool. However, the Conformiq Designer tool for the Statechart technique does not have a negative test case generation capability. It is shown that the proposed ESG-based holistic approach confirms not only the desirable (positive) properties but also the undesirable (negative) ones. As an additional research, the traditional ESG test-generating approach is compared to the new feature-oriented method on six SPLs of different sizes and features. Our case study results show that the traditional ESG test generation approach demonstrated higher positive test generation scores compare to the proposed feature-oriented test generation approach. However, our proposed feature-oriented test generation approach is capable of generating shorter test sequences, which could be beneficial for reducing the execution time of test cases compared to traditional ESG approach. Finally, our case study has also shown that regardless of the test generation approach, there has been found no significant difference between the Bottom-up and Top-down test strategies with respect to their positive test generation scores.