| Home | Call for Papers | Program | Organization |
| 12:00pm | Welcome! |
| Dr. Chris Brown (Virginia Tech) |
| Technical Session: Debugging, Testing, and Security |
| 12:05pm | Leveraging Large Language Model for Debugging Production Failure |
| Taufiq Daryanto (Virginia Tech) | |
| Debugging production failures in modern software is challenging and time-consuming for developers. Prior research has shown that logs can assist debugging, and Large Language Models (LLMs) with relevant context can be helpful. However, there is limited research on systematically using LLMs to aid debugging by incorporating logs. To address this gap, we introduce a system that utilizes LLMs with retrieval-augmented generation (RAG) based on the log and codebase to help users identify possible causes and potential fixes for issues. In this study, we also conducted a pilot study to gather software engineers' opinions on this system. The pilot study serves as a preliminary investigation to enhance the tool for further research. |
| 12:25pm | AutoBreak: An Automatic Breakpoint Insertion Tool |
| Minhyuk Ko and Edward Shiung (Virginia Tech) | |
| Research shows that debugging is a painful task, and a lot of developers find learning how to use a debugger is a big challenge. To mitigate this issue, various tools that assist in learning debugging techniques have been introduced. However, due to the various limitations that they have, most of them have failed to commercialize. We introduce AutoBreak, an automatic breakpoint insertion tool, which leverages the power of abstract syntax tree (AST) to automatically generate breakpoints on behalf of programmers. AST allowed AutoBreak to identify breakpoint insertion locations and insert breakpoints in a matter of milliseconds. We believe our tool will be able to streamline the process of learning how to set breakpoints in Java programming language. |
| 12:45pm | Generating Tests for C# with LLMs |
| Hunter Leary, Francis Obeng, Mehmet Yardimci, Rayhan Biju (Virginia Tech) | |
| Software testing is a costly, complex, and time-consuming process for software engineers. As software increases in complexity so too will these software testing problems. To alleviate some of the problems, automated software testing has been proposed as a solution. However, traditional automated software testing tools, though performative and scalable, ultimately fail to deliver. Recent advances in the power and availability of machine learning present an opportunity within automated software testing. However, the use of machine learning within automated software testing tools is not thoroughly explored. To address this research gap, we explore the utility of Large Language Models (LLMs) within automated software testing. In this paper, we present a novel approach to collecting software tests and source code from GitHub. We use our dataset to finetune several LLMs and compare the models against each other and models using RAG (Retrieval Augmented Generation). We hope that this paper can serve as a foundation for future research in using machine learning for automated software testing. This study introduces an innovative approach to automatically generate tests for C# projects, leveraging CodeLlama to enhance test quality and efficiency. |
| 1:05pm | Simplifying Security for Engineers: LLM Summarization for Human-Centric DAST Reports |
| Arpit Thool (Virginia Tech) | |
| Dynamic Application Security Testing (DAST) tools test web application security by simulating attacks on its front end and evaluating it externally like a malicious attacker. The goal is to identify vulnerabilities and provide recommendations for improving security. However, typically the security alerts generated by these tools are lengthy and contain numerous details that may not be relevant to a software engineer seeking a quick overview of the result. Therefore, it can take time to grasp the alert's gist. Software engineers often dislike traditional security alerts, so we propose using Large Language Models (LLMs) to summarize the alerts generated by DAST tools, creating summarized and informative security alerts. We generated sample security alerts using two DAST tools: BurpSuite and OWASP ZAP. Then, we summarized these alerts using different LLM models and surveyed 48 software practitioners to determine the effectiveness of these summaries. The results indicate that summarized versions of these alerts are preferred over the original ones. The proposed approach can significantly improve the security of software products, making the security alerts more accessible to stakeholders and hence contribute towards making the software product more robust and resilient to cyber threats. |
| 1:25pm | Break |
| Social Session: Design, Research, and Community |
| 1:40pm | Software Engineers Don't Understand Users - A Ticketmaster case study on dark patterns |
| Jeffrey Smith (Virginia Tech) | |
| There has always been a conflict between software engineers and the end users stemming largely from communication gaps and differing goals. This tension is magnified in the pursuit of crafting the ideal product; a common issue in the development that causes these conflicts are user interface elements and design practices that make a software difficult to use. These issues are often called Dark Patterns. Ticketmaster is a major website known to be plagued by Dark Patterns, many of which can be spotted by users not even knowledgeable about dark patterns as a software engineering concept. In the case study of Ticketmaster, a mock ticket purchasing website has been developed and aims to show the obvious dark patterns and to help educate users about the possible dark patterns. Some of these dark patterns in the website are copies from the original website design, but some dark patterns are also accidentally created during the mock website development. Through analysis of the website design, development, and user surveys, this study final significant patterns in software engineer’s behavior which influences the creation of dark patterns. |
| 2:00pm | ResearchBot: Bridging the Gap between Academic Research and Practical Programming Communities |
| Ritvik Prabhu, Sahar Farzanehpour, Swetha Rajeev, Huayu Liang (Virginia Tech) | |
| Software developers commonly rely on platforms like Stack Overflow for problem-solving and learning. However, academic research is an untapped resource that could benefit industry practitioners. The challenge lies in connecting the innovative insights from academia to real-world problems developers face. This project introduces ResearchBot, a tool designed to bridge this academia-industry gap. ResearchBot employs a modular approach, encompassing understanding the question, curating queries to obtain the relevant papers, summarizing paper contents and finally answering user questions based on the paper summary. It sifts through academic papers in the CrossRef repository, a comprehensive database containing metadata about scholarly articles, conference proceedings, books, and datasets. This repository is curated by the CrossRef organization, which provides Digital Object Identifier (DOI) services and facilitates the exchange of scholarly information among researchers, publishers, and libraries. The core objective of ResearchBot is to democratize access to academic knowledge for industry professionals. By providing concise summaries of cutting-edge research directly in response to practical questions, ResearchBot facilitates the application of academic insights to industry challenges. Ultimately, it aims to foster collaboration between academia and industry, driving innovation and informed decision-making in software development. |
| 2:20pm | AskAResearcher - A Platform for Integrating Research to Industry in Software Engineering |
| Shawal Khalid, Dibyendu Brinto Bose, and Xiaoxiao Gan (Virginia Tech) | |
| The persistent gap between software engineering researchers and industry practitioners remains a significant challenge. Prior studies have shown that the priorities and focus areas of academic researchers do not always align with the real-world needs and challenges faced by professionals in the field. This disconnect hinders the effective translation of state-of-the-art research outcomes into practical solutions that can benefit modern software development practices. We propose "AskAResearcher" platform - an innovative online medium that fosters a more collaborative and mutually beneficial exchange between the academic and industry communities in software engineering. The platform is implemented as a website, with a React and Bootstrap frontend, and a Python Flask API backend. By facilitating this direct Q/A dialogue between researchers and developers, AskAResearcher enables to better understand the challenges faced by industry professionals, allowing them to align their research agendas more closely with practical requirements. It also provides industry practitioners with a direct avenue to communicate their pain points and requirements to the research community, increasing the relevance and applicability of academic work. |
| 2:40pm | Can Programmers Communicate? Exploring Code Switching in Software Engineering for Improved Collaboration |
| Andrew Jelson, Emily Atland, and Mary Catherine McGranahan (Virginia Tech) | |
| In the field of software engineering, effective communication stands as a cornerstone for successful collaboration and project outcomes. However, the intricate nature of conveying high-level software concepts to diverse stakeholders often presents challenges. This project aims to investigate code-switching among software engineers, exploring how they adapt their communication styles when interacting with various groups involved in the development process. In this study, we conducted an audio survey in which we asked software engineers to describe a project to a series of different personas. These personas varied by age, gender, race, and job description. We analyzed responses for sentiment, potential biases, language patterns, and communication strategies. Drawing inspiration from the field of psychology, particularly the concept of code-switching, we seek to uncover the nuances of language adaptation and its implications in software engineering contexts. This paper aims to provide valuable insight into the dynamics of human interaction in software development. This research not only contributes to a deeper understanding of communication within software engineering but also offers practical implications for enhancing collaboration, mitigating conflicts, and ultimately improving the quality of software products. |