Computer Engineering / Bilgisayar Mühendisliği

Permanent URI for this collectionhttps://hdl.handle.net/11147/10

Browse

Filters

2015 - 201942020 - 20235

Settings

Author: search.filters.author.Ufuktepe, Ekincan

Search Results

Now showing 1 - 9 of 9
  • Article
    Citation - Scopus: 5
    Unifying Behavioral and Feature Modeling for Testing of Software Product Lines
    (World Scientific Publishing, 2023) Belli, Fevzi; Tuğlular, Tuğkan; Ufuktepe, Ekincan
    Existing software product line (SPL) engineering testing approaches generally provide positive testing that validates the SPL's functionality. Negative testing is commonly neglected. This research aims to unify behavioral and feature models of an SPL, enable testing before and after variability binding for domain-centric and product-centric testing, and combine positive and negative testing for a holistic testing view. This study suggests behavioral modeling with event sequence graphs (ESGs). This heterogeneous modeling strategy supports bottom-up domain testing and top-down product testing with the feature model. This new feature-oriented ESG test creation method generates shorter test sequences than the original ESG optimum test sequences. Statechart and original ESG test-generating methods are compared. Positive testing findings are similar. The Statechart technique generated 12 test cases with 59 events, whereas the ESG technique created six test cases with 60 events. The ESG technique generated 205 negative test cases with 858 events with the Test Suite Designer tool. However, the Conformiq Designer tool for the Statechart technique does not have a negative test case generation capability. It is shown that the proposed ESG-based holistic approach confirms not only the desirable (positive) properties but also the undesirable (negative) ones. As an additional research, the traditional ESG test-generating approach is compared to the new feature-oriented method on six SPLs of different sizes and features. Our case study results show that the traditional ESG test generation approach demonstrated higher positive test generation scores compare to the proposed feature-oriented test generation approach. However, our proposed feature-oriented test generation approach is capable of generating shorter test sequences, which could be beneficial for reducing the execution time of test cases compared to traditional ESG approach. Finally, our case study has also shown that regardless of the test generation approach, there has been found no significant difference between the Bottom-up and Top-down test strategies with respect to their positive test generation scores. © World Scientific Publishing Company.
  • Article
    Citation - WoS: 3
    Citation - Scopus: 4
    Application of the Law of Minimum and Dissimilarity Analysis To Regression Test Case Prioritization
    (IEEE, 2023) Ufuktepe, Ekincan; Tuğlular, Tuğkan
    Regression testing is one of the most expensive processes in testing. Prioritizing test cases in regression testing is critical for the goal of detecting the faults sooner within a large set of test cases. We propose a test case prioritization (TCP) technique for regression testing called LoM-Score inspired by the Law of Minimum (LoM) from biology. This technique calculates the impact probabilities of methods calculated by change impact analysis with forward slicing and orders test cases according to LoM. However, this ordering doesn't consider the possibility that consecutive test cases may be covering the same methods repeatedly. Thereby, such ordering can delay the time of revealing faults that exist in other methods. To solve this problem, we enhance the LoM-Score TCP technique with an adaptive approach, namely with a dissimilarity-based coordinate analysis approach. The dissimilarity-based coordinate analysis uses Jaccard Similarity for calculating the similarity coefficients between test cases in terms of covered methods and the enhanced technique called Dissimilarity-LoM-Score (Dis-LoM-Score) applies a penalty with respective on the ordered test cases. We performed our case study on 10 open-source Java projects from Defects4J, which is a dataset of real bugs and an infrastructure for controlled experiments provided for software engineering researchers. Then, we hand-seeded multiple mutants generated by Major, which is a mutation testing tool. Then we compared our TCP techniques LoM-Score and Dis-LoM-Score with the four traditional TCP techniques based on their Average Percentage of Faults Detected (APFD) results.
  • Conference Object
    Citation - WoS: 3
    Citation - Scopus: 2
    Heterogeneous Modeling and Testing of Software Product Lines
    (IEEE, 2021) Belli, Fevzi; Tuğlular, Tuğkan; Ufuktepe, Ekincan
    Software product line (SPL) engineering is a widely accepted approach to systematically realizing software reuse in an industrial environment. Feature models, a centerpiece of most SPL engineering techniques, are appropriate to model the variability and the structure of SPLs, but not their behavior. This paper uses the idea to link feature modeling to model-based behavior modeling and to determine the test direction (top-down or bottom-up) based on the variability binding. This heterogeneous modeling enables a holistic system testing for validating both desirable (positive) and undesirable (negative) properties of the SPL and variants. The proposed approach is validated by a non-trivial example and evaluated by comparison.
  • Article
    Citation - WoS: 7
    Citation - Scopus: 8
    Tracking Code Bug Fix Ripple Effects Based on Change Patterns Using Markov Chain Models
    (Institute of Electrical and Electronics Engineers Inc., 2022) Ufuktepe, Ekincan; Tuğlular, Tuğkan; Palaniappan, Kanappan
    Change impact analysis evaluates the changes that are made in the software and finds the ripple effects, in other words, finds the affected software components. Code changes and bug fixes can have a high impact on code quality by introducing new vulnerabilities or increasing their severity. A recent high-visibility example of this is the code changes in the log4j web software CVE-2021-45105 to fix known vulnerabilities by removing and adding method called change types. This bug fix process exposed further code security concerns. In this article, we analyze the most common set of bug fix change patterns to have a better understanding of the distribution of software changes and their impact on code quality. To achieve this, we implemented a tool that compares two versions of the code and extracts the changes that have been made. Then, we investigated how these changes are related to change impact analysis. In our case study, we identified the change types for bug-inducing and bug fix changes using the Quixbugs dataset. Furthermore, we used 13 of the projects and 621 bugs from Defects4J to identify the common change types in bug fixes. Then, to find the change types that cause an impact on the software, we performed an impact analysis on a subset of projects and bugs of Defects4J. The results have shown that, on average, 90% of the bug fix change types are adding a new method declaration and changing the method body. Then, we investigated if these changes cause an impact or a ripple effect in the software by performing a Markov chain-based change impact analysis. The results show that the bug fix changes had only impact rates within a range of 0.4-5%. Furthermore, we performed a statistical correlation analysis to find if any of the bug fixes have a significant correlation with the impact of change. The results have shown that there is a negative correlation between caused impact with the change types adding new method declaration and changing method body. On the other hand, we found that there is a positive correlation between caused impact and changing the field type.
  • Conference Object
    Citation - WoS: 4
    Citation - Scopus: 5
    Code Change Sniffer: Predicting Future Code Changes With Markov Chain
    (Institute of Electrical and Electronics Engineers, 2021) Ufuktepe, Ekincan; Tuğlular, Tuğkan
    Code changes are one of the essential processes of software evolution. These changes are performed to fix bugs, improve quality of software, and provide a better user experience. However, such changes made in code could lead to ripple effects that can cause unwanted behavior. To prevent such issues occurring after code changes, code change prediction, change impact analysis techniques are used. The proposed approach uses static call information, forward slicing, and method change information to build a Markov chain, which provides a prediction for code changes in the near future commits. For static call information, we utilized and compared call graph and effect graph. We performed an evaluation on five open-source projects from GitHub that varies between 5K-26K lines of code. To measure the effectiveness of our proposed approach, recall, precision, and f-measure metrics have been used on five open-source projects. The results show that the Markov chain that is based on call graph can have higher precision compared to effect graph. On the other hand, for small number of cases higher recall values are obtained with effect graph compared to call graph. With a Markov chain model based on call graph and effect graph, we can achieve recall values between 98%-100%. © 2021 IEEE.
  • Article
    Citation - WoS: 6
    Citation - Scopus: 6
    Estimating Software Robustness in Relation To Input Validation Vulnerabilities Using Bayesian Networks
    (Springer Verlag, 2018) Ufuktepe, Ekincan; Tuğlular, Tuğkan
    Estimating the robustness of software in the presence of invalid inputs has long been a challenging task owing to the fact that developers usually fail to take the necessary action to validate inputs during the design and implementation of software. We propose a method for estimating the robustness of software in relation to input validation vulnerabilities using Bayesian networks. The proposed method runs on all program functions and/or methods. It calculates a robustness value using information on the existence of input validation code in the functions and utilizing common weakness scores of known input validation vulnerabilities. In the case study, ten well-known software libraries implemented in the JavaScript language, which are chosen because of their increasing popularity among software developers, are evaluated. Using our method, software development teams can track changes made to software to deal with invalid inputs.
  • Conference Object
    Citation - WoS: 8
    Citation - Scopus: 9
    A Program Slicing-Based Bayesian Network Model for Change Impact Analysis
    (Institute of Electrical and Electronics Engineers Inc., 2018) Ufuktepe, Ekincan; Tuğlular, Tuğkan
    Change impact analysis plays an important role in identifying potential affected areas that are caused by changes that are made in a software. Most of the existing change impact analysis techniques are based on architectural design and change history. However, source code-based change impact analysis studies are very few and they have shown higher precision in their results. In this study, a static method-granularity level change impact analysis, that uses program slicing and Bayesian Network technique has been proposed. The technique proposes a directed graph model that also represents the call dependencies between methods. In this study, an open source Java project with 8999 to 9445 lines of code and from 505 to 528 methods have been analyzed through 32 commits it went. Recall and f-measure metrics have been used for evaluation of the precision of the proposed method, where each software commit has been analyzed separately.
  • Conference Object
    Citation - WoS: 1
    Citation - Scopus: 5
    Automation Architecture for Bayesian Network Based Test Case Prioritization and Execution
    (Institute of Electrical and Electronics Engineers Inc., 2016) Ufuktepe, Ekincan; Tuğlular, Tuğkan
    An automation architecture for Bayesian Network based test case prioritization is designed for software written in Java programming language following the approach proposed by Mirarab and Tahvildari [2]. The architecture is implemented as an integration of a series of tools and called Bayesian Network based test case prioritization and execution platform. The platform is triggered by a change in the source code, then it collects necessary information to be supplied to Bayesian Network and uses Bayesian Network evaluation results to run high priority unit tests.
  • Conference Object
    Javascript Kütüphaneleri için Girdi Doğrulama Analizi
    (CEUR Workshop Proceedings, 2015) Ufuktepe, Ekincan; Tuğlular, Tuğkan
    Bugün artık mobil ve web temelli yazılımlar günlük hayatın bir parçası olmuştur. Bu yazılımlar içinde JavaScript kütüphanelerinin kullanımı da son yıllarda önemli artış göstermiştir. Bu kütüphaneler sağladıkları uygulama programlama arayüzleri ile daha ziyade söz verdikleri işlevleri yerine getirmekte ancak beklenmeyen girdilere karşı dayanıklı bir yapı sunamamak-tadır. Bu çalışmada mobil ve web temelli yazılımlarda yoğun olarak kullanılmakta olan beş JavaScript kütüphanesine ait işlevlerin aldığı para-metreler ile kullandıkları global değişkenler üzerinde doğrulama yapıp yap-madıkları analiz edilmiştir. Bunun için bir girdi doğrulama modeli ortaya konmuştur. Bu model üzerinde geliştirilen algoritma ile JavaScript programları için tip analiz yapan TAJS yazılımı genişletilmiş ve beş JavaScript kütüphane-sine uygulanmış ve elde edilen sonuçlar paylaşılmıştır.