While developers are aware of the importance of comprehensively testing patches, the large effort involved in coming up with relevant test cases means that such testing rarely happens in practice. Furthermore, even when test cases are written to cover the patch, they often exercise the same behaviour in the old and the new version of the code. In this article, we present a symbolic execution-based technique that is designed to generate test inputs that cover the new program behaviours introduced by a patch. The technique works by executing both the old and the new version in the same symbolic execution instance, with the old version shadowing the new one. During this combined shadow execution, whenever a branch point is reached where the old and the new version diverge, we generate a test case exercising the divergence and comprehensively test the new behaviours of the new version. We evaluate our technique on the Coreutils patches from the CoREBench suite of regression bugs, and show that it is able to generate test inputs that exercise newly added behaviours and expose some of the regression bugs.

Software effort estimation studies still suffer from discordant empirical results (i.e. conclusion instability) due mainly to the lack of rigorous benchmarking methods. So far only one baseline method, namely Automatically Transformed Linear Model (ATLM), has been proposed yet it has not been extensively assessed. In this paper, we propose a novel method based on Linear Programming (dubbed as Linear Programming for Effort Estimation, LP4EE) and carry out a thorough empirical study to evaluate the effectiveness of both LP4EE and ATLM for benchmarking widely used effort estimation techniques. The results of our study confirm the need to benchmark every other proposal against robust baselines and reveal that LP4EE is not only more accurate than ATLM for 66% of the experiments but also more robust against different data splits for 41% of the cases. Therefore, suggesting that using LP4EE as a baseline method can help reduce conclusion instability. We make publicly available an open-source implementation of LP4EE in order to facilitate its adoption as a benchmark in future studies.

CafeOBJ is a language for specifying a wide variety of software and hardware systems, and verifying properties of them. CafeOBJ makes it possible to verify properties by using either proof scores, which consists of reducing goal-related terms in user-defined modules, and by using theorem proving. While the former is more flexible, it lacks the formal support to ensure a property has been really proven. On the other hand, theorem proving might be too strict, and hence it hardens the verification of properties. In order to take advantage of the benefits of both techniques, we have extended CafeInMaude, a CafeOBJ interpreter implemented in Maude, with the CafeInMaude Proof Assistant (CiMPA) and the CafeInMaude Proof Generator (CiMPG). CiMPA is a proof assistant for proving inductive properties on CafeOBJ specifications that uses Maude metalevel features to allow programmers to create and manipulate CiMPA proofs. CiMPG provides a set of annotations for identifying proof scores and generating CiMPA scripts for these proof scores. We present CiMPA and CiMPG, detailing the behavior of CiMPA and the algorithm underlying CiMPG and illustrating the approach by using the QLOCK protocol. Finally, we present some benchmarks that give us confidence in the matureness and usefulness of these tools.