Yanrong Zhou’s research while affiliated with Shanghai Jiao Tong University and other places

Automated vulnerability detection is crucial to protect software systems. However, state-of-the-art approaches mainly focus on a single view of the source code, which often leads to incomplete code representation and low detection accuracy. To solve these problems, this paper proposes a novel automatic vulnerability detection model, DMVL4AVD, based on deep multi-view learning that represents source codes from three distinct views: code sequences, code property graphs, and code metrics. Different deep models are employed to extract features from each view. Firstly, the [CLS] vectors derived from encoder layers 1 to 12 of GraphCodeBERT are used as code sequence features which contain rich semantic information. Next, the gated graph neural network (GGNN) is exploited to learn the features of nodes in the code property graph, encompassing both syntactic and dependency information of the source code. During the extraction of graph features, node representation is augmented by incorporating the degree centrality of each node, along with its corresponding code and type attributes, resulting in a more comprehensive depiction of the graph's structure. Statistical metrics generated by the code analysis tool SourceMonitor are then processed through a 1-dimensional (1-D) CNN to produce metric features. Fused features from these three views are learned by a multilayer perceptron (MLP) to yield final classification results. Experimental results demonstrate the superiority of DMVL4AVD over existing approaches. The model performs significantly better than the studied baselines, achieving an average increase in accuracy of 6.79% and an average boost of 6.94% in precision compared to the approaches in the literature.

For automatic generation of test scenarios from UML (Unified Modeling Language) activity diagrams (ADs) are very important for improving test efficiency. However, state-of-the-art approaches mainly focus on simple approaches, without specifically considering the case of concurrent activity, which may result in the path explosion problem during the generation of test scenarios. In this paper, we put forward DFS-KeyLevel, a two-layer test scenario generation approach for UML Activity Diagram. First, the ADs of the software under test are modeled and preprocessed, and each concurrent module in each AD is simplified to a composite node. Then, primary test scenarios are generated from the concurrent activity modules using our proposed KeyLevel method. Next, the high-layer test scenarios are generated from the simplified AD with our improved Depth-First Search (DFS) algorithm. Finally, the primary and high-layer test scenarios are combined to generate the final test scenarios for the AD. The experimental results show that this DFS-KeyLevel is superior to the previous approaches. The DFS-KeyLevel can generate more test scenarios under constraints. Compared with DFS-LevelPermutes, the number of test scenarios generated by our DFS-KeyLevel is 1.13 times higher. Compared with Depth-First Search and Breadth-First Search (DFS-BFS) and Improved-DFS (IDFS), the DFS-KeyLevel produced 2.37 times test scenarios. The average coverage rates of staggered activities and total activity logical path coverage (TALPC) of the DFS-KeyLevel are 83.67% and 84% respectively, which is significantly higher than the above three approaches. In addition, when our method is applied to a real embedded system, it significantly reduces test scenarios generated to avoid path explosion while ensuring enough test scenarios.