Ufuktepe, Ekincan
Loading...
Profile URL
Name Variants
Ufuktepe, E
Ufuktepe, E.
Ufuktepe, E.
Job Title
Email Address
Main Affiliation
03.04. Department of Computer Engineering
Status
Former Staff
Website
ORCID ID
Scopus Author ID
Turkish CoHE Profile ID
Google Scholar ID
WoS Researcher ID
Sustainable Development Goals
1NO POVERTY
0
Research Products
2ZERO HUNGER
0
Research Products
3GOOD HEALTH AND WELL-BEING
0
Research Products
4QUALITY EDUCATION
0
Research Products
5GENDER EQUALITY
0
Research Products
6CLEAN WATER AND SANITATION
0
Research Products
7AFFORDABLE AND CLEAN ENERGY
0
Research Products
8DECENT WORK AND ECONOMIC GROWTH
0
Research Products
9INDUSTRY, INNOVATION AND INFRASTRUCTURE
2
Research Products
10REDUCED INEQUALITIES
0
Research Products
11SUSTAINABLE CITIES AND COMMUNITIES
0
Research Products
12RESPONSIBLE CONSUMPTION AND PRODUCTION
0
Research Products
13CLIMATE ACTION
0
Research Products
14LIFE BELOW WATER
0
Research Products
15LIFE ON LAND
0
Research Products
16PEACE, JUSTICE AND STRONG INSTITUTIONS
0
Research Products
17PARTNERSHIPS FOR THE GOALS
0
Research Products
Documents
18
Citations
74
h-index
5
Documents
18
Citations
52
Scholarly Output
15
Articles
6
Views / Downloads
11126/5865
Supervised MSc Theses
1
Supervised PhD Theses
1
WoS Citation Count
41
Scopus Citation Count
49
Patents
1
Projects
0
WoS Citations per Publication
2.73
Scopus Citations per Publication
3.27
Open Access Source
12
Supervised Theses
2
| Journal | Count |
|---|---|
| International Journal of Software Engineering and Knowledge Engineering | 2 |
| 18th IEEE International Conference on Software Quality, Reliability, and Security Companion, QRS-C 2018 | 1 |
| 2016 IEEE 40th Annual Computer Software and Applications Conference | 1 |
| 2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C) | 1 |
| 9th Turkish National Software Engineering Symposium, UYMS 2015 | 1 |
Current Page: 1 / 3
Scopus Quartile Distribution
Competency Cloud
15 results
Scholarly Output Search Results
Now showing 1 - 10 of 15
Article Citation - WoS: 7Citation - Scopus: 8Tracking Code Bug Fix Ripple Effects Based on Change Patterns Using Markov Chain Models(Institute of Electrical and Electronics Engineers Inc., 2022) Ufuktepe, Ekincan; Tuğlular, Tuğkan; Palaniappan, KanappanChange impact analysis evaluates the changes that are made in the software and finds the ripple effects, in other words, finds the affected software components. Code changes and bug fixes can have a high impact on code quality by introducing new vulnerabilities or increasing their severity. A recent high-visibility example of this is the code changes in the log4j web software CVE-2021-45105 to fix known vulnerabilities by removing and adding method called change types. This bug fix process exposed further code security concerns. In this article, we analyze the most common set of bug fix change patterns to have a better understanding of the distribution of software changes and their impact on code quality. To achieve this, we implemented a tool that compares two versions of the code and extracts the changes that have been made. Then, we investigated how these changes are related to change impact analysis. In our case study, we identified the change types for bug-inducing and bug fix changes using the Quixbugs dataset. Furthermore, we used 13 of the projects and 621 bugs from Defects4J to identify the common change types in bug fixes. Then, to find the change types that cause an impact on the software, we performed an impact analysis on a subset of projects and bugs of Defects4J. The results have shown that, on average, 90% of the bug fix change types are adding a new method declaration and changing the method body. Then, we investigated if these changes cause an impact or a ripple effect in the software by performing a Markov chain-based change impact analysis. The results show that the bug fix changes had only impact rates within a range of 0.4-5%. Furthermore, we performed a statistical correlation analysis to find if any of the bug fixes have a significant correlation with the impact of change. The results have shown that there is a negative correlation between caused impact with the change types adding new method declaration and changing method body. On the other hand, we found that there is a positive correlation between caused impact and changing the field type.Doctoral Thesis Test Case Prioritization for Regression Testing Using Change Impact Analysis(Izmir Institute of Technology, 2019) Ufuktepe, Ekincan; Tuğlular, TuğkanThe test case prioritization aims to order test cases to increase rate of fault detection, and to reduce the time for detecting faults. In this study, a static source code analysis based approach, that uses change impact analysis is proposed. The proposed change impact analysis approach uses program slicing technique, method change information and Bayesian Network. With respect to the change impact analysis results, two test case prioritization approaches called LoM and LoM-Addtl are proposed, which is inspired by the "Law of Minimum" from biology and agronomy. The change impact analysis and test case prioritization approaches are performed on three well-known projects. The proposed change impact analysis results are evaluated with precision and recall metrics. On the other hand, the proposed test case prioritization methods LoM and LoM-Addtl are compared with five other test case prioritization techniques and evaluated with the APFD measure. The results of the change impact analysis showed that when a software has completed 75% of its development, 97%-100% of the affected methods and changed methods are predicted. On the other hand, the LoM and LoM-Addtl test case prioritization approaches showed consistent results when compared to the traditional test case prioritization techniques. However, it has been observed that, LoM and LoM-Addtl performed better than the traditional methods when version jumps are smaller. Furthermore, following an Additional in LoM (LoM-Addtl) has shown better results compare to LoM.Conference Object Citation - WoS: 4Citation - Scopus: 5Code Change Sniffer: Predicting Future Code Changes With Markov Chain(Institute of Electrical and Electronics Engineers, 2021) Ufuktepe, Ekincan; Tuğlular, TuğkanCode changes are one of the essential processes of software evolution. These changes are performed to fix bugs, improve quality of software, and provide a better user experience. However, such changes made in code could lead to ripple effects that can cause unwanted behavior. To prevent such issues occurring after code changes, code change prediction, change impact analysis techniques are used. The proposed approach uses static call information, forward slicing, and method change information to build a Markov chain, which provides a prediction for code changes in the near future commits. For static call information, we utilized and compared call graph and effect graph. We performed an evaluation on five open-source projects from GitHub that varies between 5K-26K lines of code. To measure the effectiveness of our proposed approach, recall, precision, and f-measure metrics have been used on five open-source projects. The results show that the Markov chain that is based on call graph can have higher precision compared to effect graph. On the other hand, for small number of cases higher recall values are obtained with effect graph compared to call graph. With a Markov chain model based on call graph and effect graph, we can achieve recall values between 98%-100%. © 2021 IEEE.Conference Object Javascript Kütüphaneleri için Girdi Doğrulama Analizi(CEUR Workshop Proceedings, 2015) Ufuktepe, Ekincan; Tuğlular, TuğkanBugün artık mobil ve web temelli yazılımlar günlük hayatın bir parçası olmuştur. Bu yazılımlar içinde JavaScript kütüphanelerinin kullanımı da son yıllarda önemli artış göstermiştir. Bu kütüphaneler sağladıkları uygulama programlama arayüzleri ile daha ziyade söz verdikleri işlevleri yerine getirmekte ancak beklenmeyen girdilere karşı dayanıklı bir yapı sunamamak-tadır. Bu çalışmada mobil ve web temelli yazılımlarda yoğun olarak kullanılmakta olan beş JavaScript kütüphanesine ait işlevlerin aldığı para-metreler ile kullandıkları global değişkenler üzerinde doğrulama yapıp yap-madıkları analiz edilmiştir. Bunun için bir girdi doğrulama modeli ortaya konmuştur. Bu model üzerinde geliştirilen algoritma ile JavaScript programları için tip analiz yapan TAJS yazılımı genişletilmiş ve beş JavaScript kütüphane-sine uygulanmış ve elde edilen sonuçlar paylaşılmıştır.Conference Object Citation - WoS: 3Citation - Scopus: 2Heterogeneous Modeling and Testing of Software Product Lines(IEEE, 2021) Belli, Fevzi; Tuğlular, Tuğkan; Ufuktepe, EkincanSoftware product line (SPL) engineering is a widely accepted approach to systematically realizing software reuse in an industrial environment. Feature models, a centerpiece of most SPL engineering techniques, are appropriate to model the variability and the structure of SPLs, but not their behavior. This paper uses the idea to link feature modeling to model-based behavior modeling and to determine the test direction (top-down or bottom-up) based on the variability binding. This heterogeneous modeling enables a holistic system testing for validating both desirable (positive) and undesirable (negative) properties of the SPL and variants. The proposed approach is validated by a non-trivial example and evaluated by comparison.Conference Object Citation - WoS: 3Citation - Scopus: 4The Relation Between Bug Fix Change Patterns and Change Impact Analysis(Institute of Electrical and Electronics Engineers, 2021) Ufuktepe,E.; Tuglular,T.; Palaniappan,K.Change impact analysis analyzes the changes that are made in the software and finds the ripple effects, in other words, finds the affected software components. In this study, we analyze the bug fix change patterns to have a better understanding of what types of changes are common in fixing bugs. To achieve this, we implemented a tool that compares two versions of codes and detects the changes that are made. Then, we investigated how these changes are related to change impact analysis. In our case study, we used 13 of the projects and 621 bugs from Defects4J to identify the common change types in bug fixed. Then, to find the change types related to cause an impact in the software, we performed an impact analysis on a subset of projects and bugs of Defects4J. The results have shown that, on average, 90% of the bug fix change types are adding a new method declaration and changing the method body. Then, we investigated if these changes cause an impact or a ripple effect in the software by performing a Markov chain-based change impact analysis. The results show that the bug fix changes had only impact rates within a range of 0.4%-5%. Furthermore, we performed a statistical correlation analysis to find if any of the bug fixes have a significant correlation on the impact of change. The results have shown that there is a negative correlation between caused impact with the change types adding new method declaration and changing method body. On the other hand, we found that there is a positive correlation between caused impact and changing the field type. © 2021 IEEE.Article A New Approach To Event- and Model-Based Feature-Driven Software Testing and Comparison With Similar Approaches(2022) Belli, Fevzi; Tuğlular, Tuğkan; Ufuktepe, EkincanA software can be thought as a composition of features. Feature-oriented software development (FOSD) builds the development process on features. Part of the FOSD process is testing, and accordingly, it should be feature-driven. In model-based testing, test cases are systematically generated using the model. This research concentrates on event-based graphical models and utilizes event sequence graphs (ESGs). We develop a new test sequence generation algorithm for ESGs and named it short and frequent test sequences (SFT). Then we compare it with the existing test sequence generation algorithm called TSD. Moreover, we introduce two model-building approaches, namely daisy and swim lane, for ESGs and analyze their effects on feature-driven testing. For the evaluation, we use five different feature-driven software models. The evaluation results shows that both modeling approaches are advantageous in certain test objectives. For testing the software product as a whole, test sequence(s) should be generated by TSD from daisy modeled ESG. If a certain feature within the software product or its interaction with another feature is to be tested, then test sequence(s) should be generated by SFT from swim lane modeled ESG.Master Thesis Measurement of Javascript Applications' Readiness To Untrusted Data Using Bayesian Networks(Izmir Institute of Technology, 2014) Ufuktepe, Ekincan; Tuğlular, TuğkanWeb applications have become an integral part of our daily lives. People mostly provide their important needs, such as people keep their private data, do their banking transactions, shopping etc. through web applications. Therefore, web applications have been an attractive target to malicious individuals and organizations. The usage of JavaScript language by web application developers is increasing very fast, especially after JavaScript started to service back-end developers as well. Therefore, JavaScript has incorporated both front-end and back-end developers. Concurrently, due to flexibility and its most popular library called jQuery, JavaScript has become an attractive to web application developers. OWASP updates the top 25 security vulnerabilities regularly. According the results, SQL Injection (CWE-89) and Operating System Command Injection (CWE-78) has taken the 1st place and Cross-Site Scripting (XSS) (CWE-79) has taken the 3rd place. The results shows that three input validation based vulnerabilities appear in the top three; therefore, it can be said that input validation vulnerabilities have become critical vulnerabilities of web applications. However, developers still fail to validate the inputs or use libraries to protect their web applications against input validation vulnerabilities. In this thesis, JavaScript application’s functions are analyzed to determine if their parameters are validated or not. Then, according to the invalidated inputs, a Bayesian Network to measure its readiness to input validation vulnerabilities is generated.Article Citation - Scopus: 5Unifying Behavioral and Feature Modeling for Testing of Software Product Lines(World Scientific Publishing, 2023) Belli, Fevzi; Tuğlular, Tuğkan; Ufuktepe, EkincanExisting software product line (SPL) engineering testing approaches generally provide positive testing that validates the SPL's functionality. Negative testing is commonly neglected. This research aims to unify behavioral and feature models of an SPL, enable testing before and after variability binding for domain-centric and product-centric testing, and combine positive and negative testing for a holistic testing view. This study suggests behavioral modeling with event sequence graphs (ESGs). This heterogeneous modeling strategy supports bottom-up domain testing and top-down product testing with the feature model. This new feature-oriented ESG test creation method generates shorter test sequences than the original ESG optimum test sequences. Statechart and original ESG test-generating methods are compared. Positive testing findings are similar. The Statechart technique generated 12 test cases with 59 events, whereas the ESG technique created six test cases with 60 events. The ESG technique generated 205 negative test cases with 858 events with the Test Suite Designer tool. However, the Conformiq Designer tool for the Statechart technique does not have a negative test case generation capability. It is shown that the proposed ESG-based holistic approach confirms not only the desirable (positive) properties but also the undesirable (negative) ones. As an additional research, the traditional ESG test-generating approach is compared to the new feature-oriented method on six SPLs of different sizes and features. Our case study results show that the traditional ESG test generation approach demonstrated higher positive test generation scores compare to the proposed feature-oriented test generation approach. However, our proposed feature-oriented test generation approach is capable of generating shorter test sequences, which could be beneficial for reducing the execution time of test cases compared to traditional ESG approach. Finally, our case study has also shown that regardless of the test generation approach, there has been found no significant difference between the Bottom-up and Top-down test strategies with respect to their positive test generation scores. © World Scientific Publishing Company.Article Citation - WoS: 6Citation - Scopus: 6Estimating Software Robustness in Relation To Input Validation Vulnerabilities Using Bayesian Networks(Springer Verlag, 2018) Ufuktepe, Ekincan; Tuğlular, TuğkanEstimating the robustness of software in the presence of invalid inputs has long been a challenging task owing to the fact that developers usually fail to take the necessary action to validate inputs during the design and implementation of software. We propose a method for estimating the robustness of software in relation to input validation vulnerabilities using Bayesian networks. The proposed method runs on all program functions and/or methods. It calculates a robustness value using information on the existence of input validation code in the functions and utilizing common weakness scores of known input validation vulnerabilities. In the case study, ten well-known software libraries implemented in the JavaScript language, which are chosen because of their increasing popularity among software developers, are evaluated. Using our method, software development teams can track changes made to software to deal with invalid inputs.