To distribute or not to distribute? Why licensing bugs matter

To distribute or not to distribute? Why licensing bugs matter Vendome et al., ICSE'18 Software licensing can quickly get quite complicated, with over 100 known open source licenses out there, and distributions often including components with a mix of licenses. Unsurprisingly, developers find it hard to determine appropriate licenses for their work, and to interpret … Continue reading To distribute or not to distribute? Why licensing bugs matter

Automated localization for unreproducible builds

Automated localization for unreproducible builds Ren et al., ICSE'18 Reproducible builds are an important component of integrity in the software supply chain. Attacks against package repositories and build environments may compromise binaries and produce packages with backdoors (see this report for a recent prominent example of compromised packages on DockerHub). If the same source files … Continue reading Automated localization for unreproducible builds

Generalized data structure synthesis

Generalized data structure synthesis Loncaric et al., ICSE'18 Many systems have a few key data structures at their heart. Finding correct and efficient implementations for these data structures is not always easy. Today’s paper introduces Cozy (https://cozy.uwplse.org), which can handle this task for you given a high-level specification of the state, queries, and update operations … Continue reading Generalized data structure synthesis

ConflictJS: finding and understanding conflicts between JavaScript libraries

ConflictJS: finding and understanding conflicts between JavaScript libraries Patra et al., ICSE'18 The JavaScript ecosystem is fertile ground for dependency hell. With so many libraries being made available and the potential for global namespace clashes, it’s easy for libraries to break each other. Sometimes in an obvious to spot way (that’s a good day!), and … Continue reading ConflictJS: finding and understanding conflicts between JavaScript libraries

Debugging with intelligence via probabilistic inference

Debugging with intelligence via probabilistic inference Xu et al., ICSE'18 Xu et al. have built a automated debugger that can take a single failing test execution, and with minimal interaction from a human, pinpoint the root cause of the failure. What I find really exciting about it, is that instead of brute force there’s a … Continue reading Debugging with intelligence via probabilistic inference