-
An Empirical Study on the Classification of Bug Reports with Machine Learning
Authors:
Renato Andrade,
César Teixeira,
Nuno Laranjeiro,
Marco Vieira
Abstract:
Software defects are a major threat to the reliability of computer systems. The literature shows that more than 30% of bug reports submitted in large software projects are misclassified (i.e., are feature requests, or mistakes made by the bug reporter), leading developers to place great effort in manually inspecting them. Machine Learning algorithms can be used for the automatic classification of…
▽ More
Software defects are a major threat to the reliability of computer systems. The literature shows that more than 30% of bug reports submitted in large software projects are misclassified (i.e., are feature requests, or mistakes made by the bug reporter), leading developers to place great effort in manually inspecting them. Machine Learning algorithms can be used for the automatic classification of issue reports. Still, little is known regarding key aspects of training models, such as the influence of programming languages and issue tracking systems. In this paper, we use a dataset containing more than 660,000 issue reports, collected from heterogeneous projects hosted in different issue tracking systems, to study how different factors (e.g., project language, report content) can influence the performance of models in handling classification of issue reports. Results show that using the report title or description does not significantly differ; Support Vector Machine, Logistic Regression, and Random Forest are effective in classifying issue reports; programming languages and issue tracking systems influence classification outcomes; and models based on heterogeneous projects can classify reports from projects not present during training. Based on findings, we propose guidelines for future research, including recommendations for using heterogeneous data and selecting high-performing algorithms.
△ Less
Submitted 1 March, 2025;
originally announced March 2025.
-
ONDA: ONline Database Architect
Authors:
Nuno Laranjeiro,
Alexandre Miguel Pinto
Abstract:
Database modeling is a key activity towards the fulfillment of storage requirements. Despite the availability of several database modeling tools for developers, these often come with associated costs, setup complexities, usability challenges, or dependency on specific operating systems. In this paper we present ONDA, a web-based tool developed at the University of Coimbra, that allows the creation…
▽ More
Database modeling is a key activity towards the fulfillment of storage requirements. Despite the availability of several database modeling tools for developers, these often come with associated costs, setup complexities, usability challenges, or dependency on specific operating systems. In this paper we present ONDA, a web-based tool developed at the University of Coimbra, that allows the creation of Entity-Relationship diagrams, visualization of physical models, and generation of SQL code for various database engines. ONDA is freely available at https://onda.dei.uc.pt and was created with the intention of supporting teaching activities at university-level database courses. At the time of writing, the tool being used by more than three hundred university students every academic year.
△ Less
Submitted 29 January, 2024;
originally announced January 2024.
-
Analyzing the Impact of Elusive Faults on Blockchain Reliability
Authors:
Fernando Richter Vidal,
Naghmeh Ivaki,
Nuno Laranjeiro
Abstract:
Blockchain recently became very popular due to its use in cryptocurrencies and potential application in various domains (e.g., retail, healthcare, insurance). The smart contract is a key part of blockchain systems and specifies an agreement between transaction participants. Nowadays, smart contracts are being deployed carrying residual faults, including severe vulnerabilities that lead to differen…
▽ More
Blockchain recently became very popular due to its use in cryptocurrencies and potential application in various domains (e.g., retail, healthcare, insurance). The smart contract is a key part of blockchain systems and specifies an agreement between transaction participants. Nowadays, smart contracts are being deployed carrying residual faults, including severe vulnerabilities that lead to different types of failures at runtime. Fault detection tools can be used to detect faults that may then be removed from the code before deployment. However, in the case of smart contracts, the common opinion is that tools are immature and ineffective. In this work, we carry out a fault injection campaign to empirically analyze the runtime impact that realistic faults present in smart contracts may have on the reliability of blockchain systems. We place particular attention on the faults that elude popular smart contract verification tools and show if and in which ways the faults lead the blockchain system to fail at runtime. Results show general poor detection and, to some extent, complementary performance by the three tools used. The results also show that several elusive faults are responsible for severe blockchain failures.
△ Less
Submitted 11 April, 2023;
originally announced April 2023.
-
OpenSCV: An Open Hierarchical Taxonomy for Smart Contract Vulnerabilities
Authors:
Fernando Richter Vidal,
Naghmeh Ivaki,
Nuno Laranjeiro
Abstract:
Smart contracts are nowadays at the core of most blockchain systems, as they specify and allow an agreement between entities that wish to perform a transaction. As any computer program, smart contracts are subject to the presence of residual faults, including severe security vulnerabilities, which require that the vulnerable contract is terminated in the blockchain. In this context, research began…
▽ More
Smart contracts are nowadays at the core of most blockchain systems, as they specify and allow an agreement between entities that wish to perform a transaction. As any computer program, smart contracts are subject to the presence of residual faults, including severe security vulnerabilities, which require that the vulnerable contract is terminated in the blockchain. In this context, research began to be developed to prevent the deployment of smart contract holding vulnerabilities, mostly in the form of vulnerability detection tools. Along with these efforts, several and heterogeneous vulnerability classification schemes arised (e.g., most notably DASP and SWC). At the time of writing, these are mostly outdated initiatives, despite the fact that smart contract vulnerabilities are continuously being discovered and the associated rich information being mostly disregarded. In this paper, we propose OpenSCV, a new and Open hierarchical taxonomy for Smart Contract Vulnerabilities, which is open to community contributions and matches the current state of the practice, while being prepared to handle future modifications and evolution. The taxonomy was built based on the analysis of research on vulnerability classification, community-maintained classification schemes, and research on smart contract vulnerability detection. We show how OpenSCV covers the announced detection ability of current vulnerability detection tools, and highlight its usefulness as a resource in smart contract vulnerability research.
△ Less
Submitted 7 April, 2023; v1 submitted 25 March, 2023;
originally announced March 2023.
-
Using Fault Injection to Assess Blockchain Systems in Presence of Faulty Smart Contracts
Authors:
Ákos Hajdu,
Naghmeh Ivaki,
Imre Kocsis,
Attila Klenik,
László Gönczy,
Nuno Laranjeiro,
Henrique Madeira,
András Pataricza
Abstract:
Blockchain has become particularly popular due to its promise to support business-critical services in very different domains (e.g., retail, supply chains, healthcare). Blockchain systems rely on complex middleware, like Ethereum or Hyperledger Fabric, that allow running smart contracts, which specify business logic in cooperative applications. The presence of software defects or faults in these c…
▽ More
Blockchain has become particularly popular due to its promise to support business-critical services in very different domains (e.g., retail, supply chains, healthcare). Blockchain systems rely on complex middleware, like Ethereum or Hyperledger Fabric, that allow running smart contracts, which specify business logic in cooperative applications. The presence of software defects or faults in these contracts has notably been the cause of failures, including severe security problems. In this paper, we use a software implemented fault injection (SWIFI) technique to assess the behavior of permissioned blockchain systems in the presence of faulty smart contracts. We emulate the occurrence of general software faults (e.g., missing variable initialization) and also blockchain-specific software faults (e.g., missing require statement on transaction sender) in smart contracts code to observe the impact on the overall system dependability (i.e., reliability and integrity). We also study the effectiveness of formal verification (i.e., done by solc-verify) and runtime protections (e.g., using the assert statement) mechanisms in detection of injected faults. Results indicate that formal verification as well as additional runtime protections have to complement built-in platform checks to guarantee the proper dependability of blockchain systems and applications. The work presented in this paper allows smart contract developers to become aware of possible faults in smart contracts and to understand the impact of their presence. It also provides valuable information for middleware developers to improve the behavior (e.g., overall fault tolerance) of their systems.
△ Less
Submitted 22 October, 2020; v1 submitted 20 June, 2020;
originally announced June 2020.
