Showing total 1,667 results

1. (Re)Use of Research Results (Is Rampant): Prior pessimism about reuse in software engineering research may have been a result of using the wrong methods to measure the wrong things.

Author

BALDASSARRE, MARIA TERESA, ERNST, NEIL, HERMANN, BEN, MENZIES, TIM, and YEDIDA, RAHUL

Subjects

SOFTWARE engineering, RESEARCH evaluation, OPEN data movement, RESEARCH methodology, INFORMATION sharing

Abstract

This article discusses the reuse of research results in the field of software engineering and how it can be quantified to indicate the health of the field overall. Topics include how the authors generated and applied their reuse graphs to published research in software engineering and the value of these graphs. The authors ask the software engineering community to use open source tools and work within the community to share artifacts from published research to allow for reproduction of research results.

Published

2023

2. A Study on the Prevalence of Human Values in Software Engineering Publications, 2015 - 2018.

Author

Perera, Harsha, Hussain, Waqar, Whittle, Jon, Nurwidyantoro, Arif, Mougouei, Davoud, Shams, Rifat Ara, and Oliver, Gillian

Subjects

SOFTWARE engineering, COMPUTER software development, DEEP learning, SOCIOECONOMICS, SOCIAL sciences

Abstract

Failure to account for human values in software (e.g., equality and fairness) can result in user dissatisfaction and negative socioeconomic impact. Engineering these values in software, however, requires technical and methodological support throughout the development life cycle. This paper investigates to what extent top Software Engineering (SE) conferences and journals have included research on human values in SE. We investigate the prevalence of human values in recent (2015 - 2018) publications in these top venues. We classify these publications, based on their relevance to di erent values, against a widely used value structure adopted from the social sciences. Our results show that: (a) only a small proportion of the publications directly consider values, classified as directly relevant publications; (b) for the majority of the values, very few or no directly relevant publications were found; and (c) the prevalence of directly relevant publications was higher in SE conferences compared to SE journals. This paper shares these and other insights that may motivate future research on human values in software engineering. [ABSTRACT FROM AUTHOR]

Published

2020

3. Drawing Services: Towards a Paper-Based Interface for End-User Service Orchestration.

Author

Borggräfe, Björn, Dörner, Christian, Heß, Jan, and Pipek, Volkmar

Subjects

END users (Information technology), SOFTWARE engineering, INFORMATION technology, SOFTWARE architecture, COMPUTER systems

Abstract

One of the challenges end-users face in order to maintain and enhance their IT infrastructures is the simplicity and ease of use of the configuration/design-time interfaces. In this paper we describe our approach of using existing technologies for paper-based interfaces to allow end-users to orchestrate services in a Service-Oriented Architecture (SOA). We gathered first experiences with paper-based interfaces for IT configuration by developing an end-user-developable paper-based remote interface for interactive TV applications. Further we conducted a workshop to evaluate how end-user can orchestrate services. Here, we discuss the usefulness of a paper-based interface for the orchestration of services, from an end-user perspective and how the experiences from our prototype and the workshop can inform the design of a paper-based orchestration prototype for SOA. [ABSTRACT FROM AUTHOR]

Published

2008

4. Why Don't Developers Detect Improper Input Validation? '; DROP TABLE Papers; --.

Author

Braz, Larissa, Fregnan, Enrico, Çalikli, Gül, and Bacchelli, Alberto

Subjects

SOFTWARE engineering, COMPUTER science, COMPUTER software development, ARTIFICIAL intelligence, CODE review (Computer science)

Abstract

Improper Input Validation (IIV) is a software vulnerability that occurs when a system does not safely handle input data. Even though IIV is easy to detect and fix, it still commonly happens in practice. In this paper, we study to what extent developers can detect IIV and investigate underlying reasons. This knowledge is essential to better understand how to support developers in creating secure software systems. We conduct an online experiment with 146 participants, of which 105 report at least three years of professional software development experience. Our results show that the existence of a visible attack scenario facilitates the detection of IIV vulnerabilities and that a significant portion of developers who did not find the vulnerability initially could identify it when warned about its existence. Yet, a total of 60 participants could not detect the vulnerability even after the warning. Other factors, such as the frequency with which the participants perform code reviews, influence the detection of IIV. [ABSTRACT FROM AUTHOR]

Published

2021

5. On the TechniquesWe Create, the Tools We Build, and Their Misalignments: a Study of KLEE.

Author

Rizzi, Eric F., Elbaum, Sebastian, and Dwyer, Matthew B.

Subjects

EMPIRICAL research, LABOR incentives, SOFTWARE engineering, CAREER development, SOFTWARE refactoring

Abstract

Our community constantly pushes the state-of-the-art by introducing "new" techniques. These techniques often build on top of, and are compared against, existing systems that realize previously published techniques. The underlying assumption is that existing systems correctly represent the techniques they implement. This paper examines that assumption through a study of KLEE, a popular and well-cited tool in our community. We briefly describe six improvements we made to KLEE, none of which can be considered "new" techniques, that provide order-of-magnitude performance gains. Given these improvements, we then investigate how the results and conclusions of a sample of papers that cite KLEE are affected. Our findings indicate that the strong emphasis on introducing "new" techniques may lead to wasted effort, missed opportunities for progress, an accretion of artifact complexity, and questionable research conclusions (in our study, 27% of the papers that depend on KLEE can be questioned). We conclude by revisiting initiatives that may help to realign the incentives to better support the foundations on which we build. [ABSTRACT FROM AUTHOR]

Published

2016

6. Writing Good Software Engineering Research Papers: Revisited.

Author

Theisen, Christopher, Dunaiski, Marcel, Williams, Laurie, and Visser, Willem

Subjects

SOFTWARE engineering, COMPUTER software research, SOFTWARE engineering conferences, MINING software, SOFTWARE architecture

Abstract

With the goal of helping software engineering researchers understand how to improve their papers, Mary Shaw presented "Writing Good Software Engineering Research Papers" in 2003. Shaw analyzed the abstracts of the papers submitted to the 2002 International Conference of Software Engineering (ICSE) to determine trends in research question type, contribution type, and validation approach. We revisit Shaw's work to see how the software engineering research community has evolved since 2002. The goal of this paper is to aid software engineering researchers in understanding trends in research question design, research question type, and validation approach by analyzing the abstracts of the papers submitted to ICSE 2016. We implemented Shaw's recommendation for replicating her study through the use of multiple coders and the calculation of inter-rater reliability and demonstrate that her approach can be repeated. Our results indicate that reviewers have increased expectations that papers have solid evaluations of the research contribution. Additionally, the 2016 results include at least 17% mining software repository (MSR) papers, a category of papers not seen in 2002. The advent of MSR papers has increased the use of generalization/ characterization research questions, the production of empirical report contribution, and validation by evaluation. [ABSTRACT FROM AUTHOR]

Published

2017

7. Test Optimization in DNN Testing: A Survey.

Author

Hu, Qiang, Guo, Yuejun, Xie, Xiaofei, Cordy, Maxime, Ma, Lei, Papadakis, Mike, and Le Traon, Yves

Subjects

ARTIFICIAL neural networks, SOFTWARE engineering, MACHINE learning

Abstract

This article presents a comprehensive survey on test optimization in deep neural network (DNN) testing. Here, test optimization refers to testing with low data labeling effort. We analyzed 90 papers, including 43 from the software engineering (SE) community, 32 from the machine learning (ML) community, and 15 from other communities. Our study: (i) unifies the problems as well as terminologies associated with low-labeling cost testing, (ii) compares the distinct focal points of SE and ML communities, and (iii) reveals the pitfalls in existing literature. Furthermore, we highlight the research opportunities in this domain. [ABSTRACT FROM AUTHOR]

Published

2024

8. OperettA : A prototype tool for the design, analysis and development of multi-agent organizations (Demo Paper)

Author

Dignum, V. and Okouya, Daniel

Subjects

tool support, agent organizations, Wiskunde en Informatica, software engineering

Abstract

OperettA is a graphical tool that supports the design, verification and simulation of OperA models. It ensures consistency between different design parts, provides a formal specification of the organization model, and is prepared to generate a simulation of the application domain.

Published

2008

9. The Business of Software: The Ontology of Paper.

Author

Armour, Phillip G.

Subjects

COMPUTER-aided software engineering, SOFTWARE engineering, COMPUTER software development software, DEVELOPMENT of application software, COMPUTER programmers, COMPILERS (Computer programs), HISTORY, COMPUTER network resources

Abstract

The article discusses software engineering in which software is used to develop software. Compilers convert a text form of instructions into machine instructions executable by a machine, the author states. Topics include integrated development environments (IDEs) which are mostly word processors with specific look-up processes, what the act of putting knowledge onto pieces of paper does to the knowledge itself, and computer-aided software engineering (CASE) tools used to store knowledge in a variety of formats including tables.

Published

2009

10. Cognition in Software Engineering: A Taxonomy and Survey of a Half-Century of Research.

Author

FAGERHOLM, FABIAN, FELDERER, MICHAEL, FUCCI, DAVIDE, UNTERKALMSTEINER, MICHAEL, MARCULESCU, BOGDAN, MARTINI, MARKUS, WALLGREN TENGBERG, LARS GÖRAN, FELDT, ROBERT, LEHTELÄ, BETTINA, NAGYVÁRADI, BALÁZS, and KHATTAK, JEHAN

Subjects

SOFTWARE engineers, COGNITION, CONTROL (Psychology), COGNITIVE ability, SOFTWARE engineering, COGNITIVE bias

Abstract

Cognition plays a fundamental role in most software engineering activities. This article provides a taxonomy of cognitive concepts and a survey of the literature since the beginning of the Software Engineering discipline. The taxonomy comprises the top-level concepts of perception, attention, memory, cognitive load, reasoning, cognitive biases, knowledge, social cognition, cognitive control, and errors, and procedures to assess them both qualitatively and quantitatively. The taxonomy provides a useful tool to filter existing studies, classify new studies, and support researchers in getting familiar with a (sub) area. In the literature survey, we system)atically collected and analysed 311 scientific papers spanning five decades and classified them using the cog)nitive concepts from the taxonomy. Our analysis shows that the most developed areas of research correspond to the four life-cycle stages, software requirements, design, construction, and maintenance. Most research is quantitative and focuses on knowledge, cognitive load, memory, and reasoning. Overall, the state of the art appears fragmented when viewed from the perspective of cognition. There is a lack of use of cognitive con)cepts that would represent a coherent picture of the cognitive processes active in specific tasks. Accordingly, we discuss the research gap in each cognitive concept and provide recommendations for future research. [ABSTRACT FROM AUTHOR]

Published

2022

11. Towards transformation guidelines from secure tropos to misuse cases (position paper).

Author

Ahmed, Naved and Matulevicius, Raimundas

Subjects

ENGINEERING, SOFTWARE engineering, RISK management in business, COMPUTER software development, COMPUTER software

Abstract

(IS) requires that the security concerns should be properly articulated well ahead in early requirement engineering (RE) along with other functional and non-functional requirements. In this paper, based on the domain model for IS security risk management (SRM) we propose a set of transformation guidelines to translate Secure Tropos models to the misuse case diagrams. We believe that such a model translation would help developers to elicit real security needs by integrating the security analysis starting from early requirement stages to all the stages of development process. The translation aligns the IS security concerns with functional requirements and maintains traceability of the security decisions to their origin. [ABSTRACT FROM AUTHOR]

Published

2011

12. Opinion Mining for Software Development: A Systematic Literature Review.

Author

BIN LIN, CASSEE, NATHAN, SEREBRENIK, ALEXANDER, BAVOTA, GABRIELE, NOVIELLI, NICOLE, and LANZA, MICHELE

Subjects

SENTIMENT analysis, COMPUTER software development, SOFTWARE development tools, MOBILE apps, SOFTWARE engineering

Abstract

Opinion mining, sometimes referred to as sentiment analysis, has gained increasing attention in software engineering (SE) studies. SE researchers have applied opinion mining techniques in various contexts, such as identifying developers’ emotions expressed in code comments and extracting users’ critics toward mobile apps. Given the large amount of relevant studies available, it can take considerable time for researchers and developers to figure out which approaches they can adopt in their own studies and what perils these approaches entail. We conducted a systematic literature review involving 185 papers. More specifically, we present (1) welldefined categories of opinion mining-related software development activities, (2) available opinion mining approaches, whether they are evaluated when adopted in other studies, and how their performance is compared, (3) available datasets for performance evaluation and tool customization, and (4) concerns or limitations SE researchers might need to take into account when applying/customizing these opinion mining techniques. The results of our study serve as references to choose suitable opinion mining tools for software development activities and provide critical insights for the further development of opinion mining techniques in the SE domain. [ABSTRACT FROM AUTHOR]

Published

2022

13. Editorial: ICSE and the Incredible Contradictions of Software Engineering.

Author

Pezzè, Mauro

Subjects

SOFTWARE engineering, VIRTUAL reality software, CONTRADICTION

Abstract

The article offers information on the changing timelines of the International Conference on Software Engineering (ICSE), highlighting a shift from a 7-month delay between submission and presentation to a 13-month delay, impacting the sharing of new ideas in the fast-evolving field of software engineering. Topics include the significance of software in the current technological revolution, with disciplines like AI, machine learning, and virtual reality being fundamentally software-based.

Published

2024

14. How Productivity and Impact Differ Across Computer Science Subareas.

Author

WAINER, JACQUES, ECKMANN, MICHAEL, GOLDENSTEIN, SIOME, and ROCHA, ANDERSON

Subjects

COMPUTER science research, SCHOLARLY publishing, BIBLIOGRAPHICAL citations, SOFTWARE engineering, SCHOLARLY periodicals, COMPUTER scientists

Abstract

The article discusses publishing practices within subareas of computer science as of August 2013, suggesting that publishing practices in fields such as image processing and software engineering may require different practices and presenting the results of a study concerning subarea productivity. Topics include the importance of journal publications in subareas such as computer architecture, research evaluation methodologies, paper citation rates, and the number of students managed by computer science researchers in various subareas.

Published

2013

15. Editorial: A Retrospective and Prospective Reflection.

Author

PEZZÈ, MAURO

Subjects

SOFTWARE engineering, SOFTWARE engineers, COMPUTER software security

Abstract

An editorial is presented on portraits of relevant research software engineering areas. Topics include extraordinary growth of TOSEM consolidating and extending the traditional role as the premier journal for leading software engineering research; and encouraging repeatability, reproducibility, and replicability of the results by complementing the excellent experience of software engineering.

Published

2022

16. Advancing Test Automation Technology to Meet the Challenges of Model-Driven Software Development -- Report on the 3rd Workshop on Automation of Software Test.

Author

Hong Zhu, Wong, W. Eric, and Belli, Fevzi

Subjects

CONFERENCES & conventions, SOFTWARE engineering, COMPUTER software development, MODEL-driven software architecture, COMPUTER software usability

Abstract

The Third Workshop on Automation of Software Test (AST 2008) at the 30th International Conference on Software Engineering (ICSE 2008) sets a special theme on model-based software testing. Nine full research papers and six short papers will be presented in four sessions at the workshop. This report summarizes the organization of the workshop as well as the sessions and papers to be presented at the workshop. [ABSTRACT FROM AUTHOR]

Published

2008

17. A Systematic Literature Review on Federated Machine Learning: From a Software Engineering Perspective.

Author

SIN KIT LO, QINGHUA LU, CHEN WANG, HYE-YOUNG PAIK, and LIMING ZHU

Subjects

SOFTWARE engineers, ARCHITECTURAL design, REQUIREMENTS engineering, MACHINE learning, SYSTEMS development, SOFTWARE engineering

Abstract

Federated learning is an emerging machine learning paradigm where clients train models locally and formulate a global model based on the local model updates. To identify the state-of-the-art in federated learning and explore how to develop federated learning systems, we perform a systematic literature review from a software engineering perspective, based on 231 primary studies. Our data synthesis covers the lifecycle of federated learning system development that includes background understanding, requirement analysis, architecture design, implementation, and evaluation. We highlight and summarise the findings from the results and identify future trends to encourage researchers to advance their current work. [ABSTRACT FROM AUTHOR]

Published

2022

18. Software Testing Effort Estimation and Related Problems: A Systematic Literature Review.

Author

BLUEMKE, ILONA and MALANOWSKA, AGNIESZKA

Subjects

COMPUTER software testing, SOFTWARE engineering, SOFTWARE engineers, COMPUTER software management

Abstract

Although testing effort estimation is a very important task in software project management, it is rarely described in the literature. There are many difficulties in finding any useful methods or tools for this purpose. Solutions to many other problems related to testing effort calculation are published much more often. There is also no research focusing on both testing effort estimation and all related areas of software engineering. To fill this gap, we performed a systematic literature review on both questions. Although our primary objective was to find some tools or implementable metods for test effort estimation, we have quickly discovered many other interesting topics related to the main one. The main contribution of this work is the presentation of the testing effort estimation task in a very wide context, indicating the relations with other research fields. This systematic literature review presents a detailed overview of testing effort estimation task, including challenges and approaches to automating it and the solutions proposed in the literature. It also exhaustively investigates related research topics, classifying publications that can be found in connection to the testing effort according to seven criteria formulated on the basis of our research questions. We present here both synthesis of our finding and the deep analysis of the stated research problems. [ABSTRACT FROM AUTHOR]

Published

2022

19. Machine Learning for Detecting Data Exfiltration: A Review.

Author

SABIR, BUSHRA, ULLAH, FAHEEM, BABAR, M. ALI, and GAIRE, RAJ

Subjects

MACHINE learning, SOFTWARE engineers, KEY performance indicators (Management), SOFTWARE engineering

Abstract

Context: Research at the intersection of cybersecurity, Machine Learning (ML), and Software Engineering (SE) has recently taken significant steps in proposing countermeasures for detecting sophisticated data exfiltration attacks. It is important to systematically reviewand synthesize the ML-based data exfiltration countermeasures for building a body of knowledge on this important topic. Objective: This article aims at systematically reviewing ML-based data exfiltration countermeasures to identify and classify ML approaches, feature engineering techniques, evaluation datasets, and performance metrics used for these countermeasures. This review also aims at identifying gaps in research on ML-based data exfiltration countermeasures. Method: We used Systematic Literature Review (SLR) method to select and review 92 papers. Results: The review has enabled us to: (a) classify the ML approaches used in the countermeasures into data-driven, and behaviordriven approaches; (b) categorize features into six types: behavioral, content-based, statistical, syntactical, spatial, and temporal; (c) classify the evaluation datasets into simulated, synthesized, and real datasets; and (d) identify 11 performance measures used by these studies. Conclusion: We conclude that: (i) The integration of data-driven and behavior-driven approaches should be explored; (ii) There is a need of developing high quality and large size evaluation datasets; (iii) Incremental ML model training should be incorporated in countermeasures; (iv) Resilience to adversarial learning should be considered and explored during the development of countermeasures to avoid poisoning attacks; and (v) The use of automated feature engineering should be encouraged for efficiently detecting data exfiltration attacks. [ABSTRACT FROM AUTHOR]

Published

2022

20. A Systematic Literature Review on the Use of Deep Learning in Software Engineering Research.

Author

WATSON, CODY, COOPER, NATHAN, PALACIO, DAVID NADER, MORAN, KEVIN, and POSHYVANYK, DENYS

Subjects

SOFTWARE engineers, SOFTWARE engineering, DEEP learning, MACHINE learning, CONCEPT learning

Abstract

An increasingly popular set of techniques adopted by software engineering (SE) researchers to automate development tasks are those rooted in the concept of Deep Learning (DL). The popularity of such techniques largely stems from their automated feature engineering capabilities, which aid in modeling software artifacts. However, due to the rapid pace at which DL techniques have been adopted, it is difficult to distill the current successes, failures, and opportunities of the current research landscape. In an effort to bring clarity to this cross-cutting area of work, from its modern inception to the present, this article presents a systematic literature review of research at the intersection of SE & DL. The review canvasses work appearing in the most prominent SE and DL conferences and journals and spans 128 papers across 23 unique SE tasks. We center our analysis around the components of learning, a set of principles that governs the application of machine learning techniques (ML) to a given problem domain, discussing several aspects of the surveyed work at a granular level. The end result of our analysis is a research roadmap that both delineates the foundations of DL techniques applied to SE research and highlights likely areas of fertile exploration for the future. [ABSTRACT FROM AUTHOR]

Published

2022

21. Supporting Emotional Intelligence, Productivity and Team Goals while Handling Software Requirements Changes.

Author

Madampe, Kashumi, Hoda, Rashina, and Grundy, John

Subjects

EMOTIONAL intelligence, SOFTWARE engineering, AGILE software development, TEAMS, EMOTIONS, COMPUTER software

Abstract

Background: Research shows that emotional intelligence (EI) should be used alongside cognitive intelligence during requirements change (RC) handling in Software Engineering (SE), especially in agile settings. Objective: We wanted to study the role of EI in-depth during RC handling. Method: We conducted a mixed-methods study (an interview study followed by a survey study) with 124 software practitioners. Findings: We found the causal condition, intervening condition and causes lead to key direct consequences of regulating own emotions, managing relationships, and extended consequences of sustaining productivity, setting and sustaining team goals. We found several strategies of supporting EI during RC handling. Further, we found strong correlations between six strategies and one being aware of own emotions, regulating own emotions, sustaining team productivity, and setting and sustaining team goals. Conclusion: Empathising with others and tracking commitments and decisions as a team are key strategies that have strong correlations between managing emotions, between sustaining team productivity, and between setting and sustaining team goals. To the best of our knowledge, the framework we present in this paper is the first theoretical framework on EI in SE research. We provide recommendations for software practitioners to consider during RC handling. [ABSTRACT FROM AUTHOR]

Published

2024

22. Emerging Trends in Software Metrics.

Author

Concas, Giulio, Tempero, Ewan, Zhang, Hongyu, and Di Penta, Massimiliano

Subjects

CONFERENCES & conventions, SOFTWARE measurement, COMPUTER software quality control, SOFTWARE engineering

Abstract

Welcome to the Second International Workshop on Emerging Trends in Software Metrics (WETSoM 2011), held in Honolulu, Hawaii, as satellite workshop of the 33rd ACM/IEEE International Conference on Software Engineering (ICSE 2011). The workshop aims at gathering together researchers and practitioners to discuss the progress of software metrics. This year we received 26 papers by 70 unique authors from 14 countries. Every paper was reviewed by members of an international programme committee. We accepted 9 full papers (of 20 submitted) and 6 short papers (4 of the 6 submitted as short papers, and two long papers accepted as short papers). The program will feature technical sessions on (i) Software quality, (ii) Changes and defects, and (iii) challenges on software metrics, the latter followed by a working discussion on the topic. Last, but not least, we are honored to host a keynote by Professor Martin Shepperd, Brunel University, UK, on "Data Quality: Cinderella at the Software Metrics Ball". We would like to thank the authors and reviewers for their time and effort in providing a quality programme. Also, we would like to thank the ICSE 2011 organization for making this event possible, and the ICSE workshop chairs for proactively guiding us in the workshop organization process. [ABSTRACT FROM AUTHOR]

Published

2011

23. Double-Blind Review in Software Engineering Venues: The Community's Perspective.

Author

Bacchelli, Alberto and Beller, Moritz

Subjects

SOFTWARE engineering, COMPUTER software development, APPLICATION software, SOFTWARE maintenance, COMPUTER software developers

Abstract

The peer review process is central to the scientific method, the advancement and spread of research, as well as crucial for individual careers. However, the single-blind review mode currently used in most Software Engineering (SE) venues is susceptible to apparent and hidden biases, since reviewers know the identity of authors. We perform a study on the benefits and costs that are associated with introducing doubleblind review in SE venues. We surveyed the SE community's opinion and interviewed experts on double-blind reviewing. Our results indicate that the costs, mostly logistic challenges and side effects, outnumber its benefits and mostly regard difficulty for authors in blinding papers, for reviewers in understanding the increment with respect to previous work from the same authors, and for organizers to manage a complex transition. While the surveyed community largely consents on the costs of DBR, only less than one-third disagree with a switch to DBR for SE journals, all SE conferences, and, in particular, ICSE; the analysis of a survey with authors of submitted papers at ICSE 2016 run by the program chairs of that edition corroborates our result. [ABSTRACT FROM AUTHOR]

Published

2017

24. Stodgy by Design, and the Notion of &lsqou;Dumbing Up&rsqou;.

Author

Glass, Robert L.

Subjects

WRITING, GRADUATE education, SOFTWARE engineering, RESEARCH institutes, AEROSPACE industries

Abstract

This article relates the experience of the author on professional writing. Let us face it. Professional writing tends to be, well, stodgy. for years now, I have thought that was because professional writing had to be precise and rigorous. I turned my first paper in graduate school, as a highly successful ex-undergraduate, only to have that paper returned to me marked in a sea of red ink. The problem with the paper was my wording had been sloppy, imprecise and careless. But let us scroll ahead to the period where I joined the Software Engineering Institute (SEI) as a professional staff member, after years of work as a software practitioner in the aerospace industry. And something similar to the graduate school problem began happening all over again. My colleagues at the SEI paid my ideas and proposals scant attention, and when they did listen, it was only to reject them. Concerned with this unhappy turn of events, I searched through my behavior patterns to try to figure out what I was doing wrong. Then a guest lecturer from the industry came to the SEI and the audience paid him apt attention. He was saying the same kinds of things I had been saying that there are lessons to be learned from practitioners and industry. Now let us scroll ahead to the present. I have just received a rejection letter on a serious paper I had sent to perhaps the leading journal of our field. There were lots of substantive comments bout the paper, ones I will address in a revision before sending the paper to another journal. But there was one comment that really stuck in my craw. The comment criticized the paper for what it called casual language.

Published

2002

25. Editorial.

Author

Pezzè, Mauro

Subjects

SOFTWARE engineering, EMAIL

Abstract

An editorial is presented on the Association for Computing Machinery (ACM) Transactions on Software Engineering and Methodology editor-in-chief, and it is time for a retrospective assessment and a tuning of the prospective editorial plans. Topics include the healthy increase of published papers is the result of a growing number of new submissions, and reduced author revision turnaround times, and the good growth of high-quality submissions and great published papers.

Published

2020

26. The Business Impact of Inner Source and How to Quantify It.

Author

BUCHNER, STEFAN and RIEHLE, DIRK

Subjects

AGILE software development, SOFTWARE engineering, DATA analytics, INFORMATION technology, COMPUTER science conferences, TRANSBORDER data flow, LITERATURE reviews

Published

2024

27. Studying the Usage of Text-To-Text Transfer Transformer to Support Code-Related Tasks.

Author

Mastropaolo, Antonio, Scalabrino, Simone, Cooper, Nathan, Palacio, David Nader, Poshyvanyk, Denys, Oliveto, Rocco, and Bavota, Gabriele

Subjects

DEEP learning, NATURAL language processing, SOFTWARE engineering, ARTIFICIAL intelligence, OPEN source software

Abstract

Deep learning (DL) techniques are gaining more and more attention in the software engineering community. They have been used to support several code-related tasks, such as automatic bug fixing and code comments generation. Recent studies in the Natural Language Processing (NLP) field have shown that the Text-To-Text Transfer Transformer (T5) architecture can achieve state-of-the-art performance for a variety of NLP tasks. The basic idea behind T5 is to first pre-train a model on a large and generic dataset using a self-supervised task (e.g., filling masked words in sentences). Once the model is pre-trained, it is fine-tuned on smaller and specialized datasets, each one related to a specific task (e.g., language translation, sentence classification). In this paper, we empirically investigate how the T5 model performs when pre-trained and fine-tuned to support code-related tasks. We pre-train a T5 model on a dataset composed of natural language English text and source code. Then, we fine-tune such a model by reusing datasets used in four previous works that used DL techniques to: (i) fix bugs, (ii) inject code mutants, (iii) generate assert statements, and (iv) generate code comments. We compared the performance of this single model with the results reported in the four original papers proposing DL-based solutions for those four tasks. We show that our T5 model, exploiting additional data for the self-supervised pre-training phase, can achieve performance improvements over the four baselines. [ABSTRACT FROM AUTHOR]

Published

2021

28. Resource-Guided Configuration Space Reduction for Deep Learning Models.

Author

Yanjie Gao, Yonghao Zhu, Hongyu Zhang, Haoxiang Lin, and Mao Yang

Subjects

CONFIGURATION space, DEEP learning, SOFTWARE engineering, ARTIFICIAL intelligence, MACHINE learning

Abstract

Deep learning models, like traditional software systems, provide a large number of configuration options. A deep learning model can be configured with different hyperparameters and neural architectures. Recently, AutoML (Automated Machine Learning) has been widely adopted to automate model training by systematically exploring diverse configurations. However, current AutoML approaches do not take into consideration the computational constraints imposed by various resources such as available memory, computing power of devices, or execution time. The training with non-conforming configurations could lead to many failed AutoML trial jobs or inappropriate models, which cause significant resource waste and severely slow down development productivity. In this paper, we propose DnnSAT, a resource-guided AutoML approach for deep learning models to help existing AutoML tools efficiently reduce the configuration space ahead of time. DnnSAT can speed up the search process and achieve equal or even better model learning performance because it excludes trial jobs not satisfying the constraints and saves resources for more trials. We formulate the resource-guided configuration space reduction as a constraint satisfaction problem. DnnSAT includes a unified analytic cost model to construct common constraints with respect to the model weight size, number of floating-point operations, model inference time, and GPU memory consumption. It then utilizes an SMT solver to obtain the satisfiable configurations of hyperparameters and neural architectures. Our evaluation results demonstrate the effectiveness of DnnSAT in accelerating stateof- the-art AutoML methods (Hyperparameter Optimization and Neural Architecture Search) with an average speedup from 1.19X to 3.95X on public benchmarks. We believe that DnnSAT can make AutoML more practical in a real-world environment with constrained resources. [ABSTRACT FROM AUTHOR]

Published

2021

29. Code Prediction by Feeding Trees to Transformers.

Author

Seohyun Kim, Jinman Zhao, Yuchi Tian, and Chandra, Satish

Subjects

MACHINE learning, PYTHON programming language, ARTIFICIAL intelligence, SOFTWARE engineering, COMPUTER software development

Abstract

Code prediction, more specifically autocomplete, has become an essential feature in modern IDEs. Autocomplete is more effective when the desired next token is at (or close to) the top of the list of potential completions offered by the IDE at cursor position. This is where the strength of the underlying machine learning system that produces a ranked order of potential completions comes into play. We advance the state-of-the-art in the accuracy of code prediction (next token prediction) used in autocomplete systems. Our work uses Transformers as the base neural architecture. We show that by making the Transformer architecture aware of the syntactic structure of code, we increase the margin by which a Transformer-based system outperforms previous systems. With this, it outperforms the accuracy of several state-of-the-art next token prediction systems by margins ranging from 14% to 18%. We present in the paper several ways of communicating the code structure to the Transformer, which is fundamentally built for processing sequence data. We provide a comprehensive experimental evaluation of our proposal, along with alternative design choices, on a standard Python dataset, as well as on a company internal Python corpus. Our code and data preparation pipeline will be available in open source. [ABSTRACT FROM AUTHOR]

Published

2021

30. Developing Tools as Plug-ins.

Author

Bishop, Judith, Breitman, Karin, and Notkin, David

Subjects

COMPUTER software quality control, PROGRAMMING languages, ALGORITHMS, SOFTWARE engineering

Abstract

We would like to welcome you to this, the first workshop on Developing Tools as Plug-Ins (TOPI 2011). Tools and environments to increase software quality and productivity have always been an important aspect of software engineering. There are two major ways for programmers to communicate with the computer - programming languages and tools. Through languages, programmers encode decisions, actions and algorithms, while tools have the added advantage of providing analysis, synthesis and visualization. At the same time, software development environments have grown in power: today's environments, such as Visual Studio, Eclipse or an Emacs configuration, bear little resemblance to those of two decades ago. Syntactic and documentation support, recommendations for fixes and re-factorings, relatively seamless integration with version control and debugging tools, and more, are not only available, but are expected by modern programmers. Plug-ins are the modern approach towards incrementally adding new tools into these rich environments. Proving for plug-ins is necessary because it is at best very hard to get programmers to try a new tool without integrating it into an existing environment. Indeed, our knowledge of how to solve software engineering problems is increasingly being encapsulated in tools. These tools are at their strongest when they operate in a pre-existing development environment. This approach allows integration with existing elements such as compilers, debuggers, profilers, visualizers as well as numerous other development and, often, runtime tools. However, building tools as plug-ins can be challenging. How do they interact with the core environment? How do they interact with one another - especially since each developer may choose a different set of plug-ins? How can we share tools across different, and future, core development environments? These are all questions that will be addressed during TOPI 2011. The workshop received 32 submissions from 21 countries. They attested to the interest in the topic and to the diversity of IDEs currently in use today, including Visual Studio 2010, Eclipse and MonoDevelop. Each paper was reviewed by three member of the PC, and then there followed a vigorous online meeting. From this, we selected 14 full papers and 8 short papers, giving an acceptance rate of 68%. Through these papers, we shall address the following themes: *identify recent successful tools as plug-ins *categorize the characteristics of good plug-ins *understand interoperability requirements to making tools available across platforms *list which tools lend themselves best to the plug-in approach *specify the medium and long term challenges of tools as plug-ins So, while we are more concerned in this workshop with understanding the characteristics and creation of tools as plug-ins, than of the tools themselves, we did accept some papers with very interesting tools, including those from industry. The workshop will be opened with a welcoming session by the chairs, followed by a keynote by Tom Ball from Microsoft Research on the Software Engineering of Plug-in Architectures. The talk will be punctuated by personal insights and Tom's long experience as a research leader. In the following two sessions, selected papers describing successful plug-in experience and practice will be presented. We want to try and identify patterns and commonalities that could be used to characterize "good" plug-ins. The goal was to come out with a first version of a framework that could be used to classify plug-in tools. During the third session we invited a discussion around presentations that tackled the barriers of making plug-ins available across different platforms. Rather than arguing for an agnostic approach, the goal is to better understand the differences and identify opportunities to interact and cooperate. The last session of the workshop is dedicated to presentations that look into the future of tools as plug-ins, followed by a brainstorming session on medium and long term challenges of plug-in development. The papers to be presented at TOPI 2011 indicate that developing better ways to plug tools into modern environments, and developing better ways for those tools to interact with other related tools in these environments, is definitively a critical research topic. [ABSTRACT FROM AUTHOR]

Published

2011

31. Rise of Distributed Deep Learning Training in the Big Model Era: From a Software Engineering Perspective.

Author

XUANZHE LIU, DIANDIAN GU, ZHENPENG CHEN, JINFENG WEN, ZILI ZHANG, YUN MA, HAOYU WANG, and XIN JIN

Subjects

SOFTWARE engineering, DEEP learning, DEBUGGING, DISTRIBUTED computing, LANGUAGE models, CLOUD computing, COMPUTER software

Abstract

Deep learning (DL) has become a key component of modern software. In the “big model” era, the rich features of DL-based software (i.e., DL software) substantially rely on powerful DL models, e.g., BERT, GPT-3, and the recently emerging GPT-4, which are trained on the powerful cloud with large datasets. Hence, training effective DL models has become a vital stage in the whole software lifecycle. When training deep learning models, especially those big models, developers need to parallelize and distribute the computation and memory resources amongst multiple devices (e.g., a cluster of GPUs) in the training process, which is known as distributed deep learning training, or distributed training for short. However, the unique challenges that developers encounter in distributed training process have not been studied in the software engineering community. Given the increasingly heavy dependence of current DL-based software on distributed training, this paper aims to fill in the knowledge gap and presents the first comprehensive study on developers’ issues in distributed training. To this end, we focus on popular DL frameworks that support distributed training (including TensorFlow, PyTorch, Keras, and Horovod) and analyze 1,131 real-world developers’ issues about using these frameworks reported on Stack Overflow and GitHub. We construct a fine-grained taxonomy consisting of 30 categories regarding the fault symptoms and summarize common fix patterns for different symptoms. We find that: (1) many distributed-specific faults and non-distributed-specific faults inherently share the same fault symptoms, making it challenging to debug; (2) most of the fault symptoms have frequent fix patterns; (3) about half of the faults are related to system-level configurations. Based on the results, we suggest actionable implications on research avenues that can potentially facilitate the distributed training to develop DL-based software, such as focusing on the frequent and common fix patterns when designing testing or debugging tools, developing efficient testing and debugging techniques for communication configuration along with the synthesis of network configuration analysis, designing new multi-device checkpoint-and-replay techniques to help reproduction, and designing serverless APIs for cloud platforms. [ABSTRACT FROM AUTHOR]

Published

2023

32. 8th International Workshop on Automation of Software Test (AST 2013).

Author

Hong Zhu, Muccini, Henry, and Zhenyu Chen

Subjects

ADULT education workshops, SOFTWARE engineers, COMPUTER software testing, SOFTWARE engineering, COMPUTER software industry, CONFERENCES & conventions

Abstract

This paper is a report on The 8th IEEE/ACM International Workshop on Automation of Software Test (AST 2013) at the 35th International Conference on Software Engineering (ICSE 2013). It sets a special theme on testing-as-a-service (TaaS). Keynote speech and charette discussions are organized around this special theme. Eighteen full research papers and six short papers will be presented in the two-day workshop. The report will give the background of the workshop and the selection of the special theme, and report on the organization of the workshop. The provisional program will be presented with a list of the sessions and papers to be presented at the workshop. [ABSTRACT FROM AUTHOR]

Published

2013

33. Adapting Requirements Models to Varying Environments.

Author

Alrajeh, Dalal, Cailliau, Antoine, and van Lamsweerde, Axel

Subjects

ARTIFICIAL intelligence, COMPUTER software development, SOFTWARE engineering, COMPUTER programming, SOFTWARE libraries (Computer programming)

Abstract

The engineering of high-quality software requirements generally relies on properties and assumptions about the environment in which the software-to-be has to operate. Such properties and assumptions, referred to as environment conditions in this paper, are highly subject to change over time or from one software variant to another. As a consequence, the requirements engineered for a specific set of environment conditions may no longer be adequate, complete and consistent for another set. The paper addresses this problem through a tool-supported requirements adaptation technique. A goal-oriented requirements modelling framework is considered to make requirements' refinements and dependencies on environment conditions explicit. When environment conditions change, an adapted goal model is computed that is correct with respect to the new environment conditions. The space of possible adaptations is not fixed a priori; the required changes are expected to meet one or more environment-independent goal(s) to be satisfied in any version of the system. The adapted goal model is generated using a new counterexample-guided learning procedure that ensures the correctness of the updated goal model, and prefers more local adaptations and more similar goal models. [ABSTRACT FROM AUTHOR]

Published

2020

34. An Evidence-Based Inquiry into the Use of Grey Literature in Software Engineering.

Author

He Zhang, Xin Zhou, Xin Huang, Huang Huang, and Babar, Muhammad Ali

Subjects

SOFTWARE engineering, COMPUTER software development, GREY literature, ARTIFICIAL intelligence, META-analysis

Abstract

Context: Following on other scientific disciplines, such as health sciences, the use of Grey Literature (GL) has become widespread in Software Engineering (SE) research. Whilst the number of papers incorporating GL in SE is increasing, there is little empirically known about different aspects of the use of GL in SE research. Method: We used a mixed-methods approach for this research. We carried out a Systematic Literature Review (SLR) of the use of GL in SE, and surveyed the authors of the selected papers included in the SLR (as GL users) and the invited experts in SE community on the use of GL in SE research. Results: We systematically selected and reviewed 102 SE secondary studies that incorporate GL in SE research, from which we identified two groups based on their reporting: 1) 76 reviews only claim their use of GL; 2) 26 reviews report the results by including GL.We also obtained 20 replies from the GL users and 24 replies from the invited SE experts. Conclusion: There is no common understanding of the meaning of GL in SE. Researchers define the scopes and the definitions of GL in a variety of ways.We found five main reasons of using GL in SE research. The findings have enabled us to propose a conceptual model for how GL works in SE research lifecycle. There is an apparent need for research to develop guidelines for using GL in SE and for assessing quality of GL. The current work can provide a panorama of the state-of-the-art of using GL in SE for the follow-up research, as to determine the important position of GL in SE research. [ABSTRACT FROM AUTHOR]

Published

2020

35. A Common Terminology for Software Risk Management.

Author

MASSO, JHON, GARCÍA, FÉLIX, PARDO, CÉSAR, PINO, FRANCISCO J., and PIATTINI, MARIO

Subjects

VALUE creation, SOFTWARE engineering, TERMS & phrases, SOFTWARE engineers, ONTOLOGIES (Information retrieval), ONTOLOGY

Abstract

In order to improve and sustain their competitiveness over time, organisations nowadays need to undertake different initiatives to adopt frameworks, models and standards that will allow them to align and improve their business processes. In spite of these efforts, organisations may still encounter governance and management problems. This is where Risk Management (RM) can play a major role, since its purpose is to contribute to the creation and preservation of value in the context of the organisation’s processes. RM is a complex and subjective activity that requires experience and a high level of knowledge about risks, and it is for this reason that standardisation institutions and researchers have made great efforts to define initiatives to overcome these challenges. However, the RM field nevertheless presents a lack of uniformity in its terms and concepts, due to the different contexts and scopes of application, a situation that can generate ambiguities and misunderstandings. To address these issues, this paper aims to present an ontology called SRMO (Software Risk Management Ontology), which seeks to unify the terms and concepts associated with RM and provide an integrated and holistic view of risk. In doing so, the Pipeline framework has been applied in order to assure and verify the quality of the proposed ontology, and it has been implemented in Protégé and validated by means of competency questions. Three application scenarios of this ontology demonstrating their usefulness in the software engineering field are presented in this paper. We believe that this ontology can be useful for organisations that are interested in: (i) establishing an RM strategy from an integrated approach, (ii) defining the elements that help to identify risks and the criteria that support decision-making in risk assessment, and (iii) helping the involved stakeholders during the process of risk management. [ABSTRACT FROM AUTHOR]

Published

2022

36. An Empirical Study of the Effectiveness of an Ensemble of Stand-alone Sentiment Detection Tools for Software Engineering Datasets.

Author

UDDIN, GIAS, GUÉHÉNUC, YANN-GAËL, KHOMH, FOUTSE, and ROY, CHANCHAL K.

Subjects

SENTIMENT analysis, SOFTWARE engineers, SOFTWARE development tools, SOFTWARE engineering, EMPIRICAL research, DEEP learning

Abstract

Sentiment analysis in software engineering (SE) has shown promise to analyze and support diverse development activities. Recently, several tools are proposed to detect sentiments in software artifacts. While the tools improve accuracy over off-the-shelf tools, recent research shows that their performance could still be unsatisfactory. A more accurate sentiment detector for SE can help reduce noise in analysis of software scenarios where sentiment analysis is required. Recently, combinations, i.e., hybrids of stand-alone classifiers are found to offer better performance than the stand-alone classifiers for fault detection. However, we are aware of no such approach for sentiment detection for software artifacts.We report the results of an empirical study that we conducted to determine the feasibility of developing an ensemble engine by combining the polarity labels of stand-alone SE-specific sentiment detectors. Our study has two phases. In the first phase, we pick five SEspecific sentiment detection tools from two recently published papers by Lin et al. [29, 30], who first reported negative results with stand alone sentiment detectors and then proposed an improved SE-specific sentiment detector, POME [29]. We report the study results on 17,581 units (sentences/documents) coming from six currently available sentiment benchmarks for software engineering. We find that the existing tools can be complementary to each other in 85-95% of the cases, i.e., one iswrong but another is right. However, a majority voting-based ensemble of those tools fails to improve the accuracy of sentiment detection. We develop Sentisead, a supervised tool by combining the polarity labels and bag of words as features. Sentisead improves the performance (F1-score) of the individual tools by 4% (over Senti4SD [5]) – 100% (over POME [29]). The initial development of Sentisead occurred before we observed the use of deep learning models for SE-specific sentiment detection. In particular, recent papers show the superiority of advanced language-based pre-trained transformermodels (PTM) over rule-based and shallow learning models. Consequently, in a second phase, we compare and improve Sentisead infrastructure using the PTMs. We find that a Sentisead infrastructure with RoBERTa as the ensemble of the five stand-alone rule-based and shallow learning SE-specific tools from Lin et al. [29, 30] offers the best F1-score of 0.805 across the six datasets, while a stand-alone RoBERTa shows an F1-score of 0.801. [ABSTRACT FROM AUTHOR]

Published

2022

37. Trends in Topics at SE Conferences (1993-2013).

Author

Mathew, George, Agrawal, Amritanshu, and Menzies, Tim

Subjects

SOFTWARE engineering conferences, DEFECT tracking (Computer software development), DEBUGGING, BIBLIOMETRICS, DATA mining

Abstract

Using topic modeling, we analyse the titles and abstracts of nearly 10,000 papers from 20 years published in 11 top-ranked Software Engineering(SE) conferences between 1993 to 2013. Seven topics are identified as the dominant themes in modern software engineering. We show that these topics are not static; rather, some of them are becoming decidedly less prominent over time (modeling) while others are become very prominent indeed (defect analysis). By clustering conferences according to the topics they publish, we identify four large groups of SE conferences; e.g. ASE, FSE and ICSE publish mostly the same work (exceptions: there are more program analysis results in FSE than in ASE or ICSE). Using these results, we offer numerous recommendations including how to plan an individuals research program; when to make or merge conferences; and how to encourage a broader range of topics at SE conferences. An extended version of this paper, that analyzes more conferences and papers, is available on https://goo.gl/mVdyfj. [ABSTRACT FROM AUTHOR]

Published

2017

38. Coz: Finding Code that Counts with Causal Profiling.

Author

Curtsinger, Charlie and Berger, Emery D.

Subjects

SOFTWARE engineering, DYNAMIC programming, PROGRAM transformation, COMPUTER programming software, COMPUTER programming management

Abstract

Improving performance is a central concern for software developers. To locate optimization opportunities, developers rely on software profilers. However, these profilers only report where programs spend their time: optimizing that code may have no impact on performance. Past profilers thus both waste developer time and make it difficult for them to uncover significant optimization opportunities. This paper introduces causal profiling. Unlike past profiling approaches, causal profiling indicates exactly where programmers should focus their optimization efforts, and quantifies their potential impact. Causal profiling works by running performance experiments during program execution. Each experiment calculates the impact of any potential optimization by virtually speeding up code: inserting pauses that slow down all other code running concurrently. The key insight is that this slowdown has the same relative effect as running that line faster, thus "virtually" speeding it up. We present Coz, a causal profiler, which we evaluate on a range of highly-tuned applications such as Memcached, SQLite, and the PARSEC benchmark suite. Coz identifies previously unknown optimization opportunities that are both significant and targeted. Guided by Coz, we improve the performance of Memcached by 9%, SQLite by 25%, and accelerate six PARSEC applications by as much as 68%; in most cases, these optimizations involve modifying under 10 lines of code. [ABSTRACT FROM AUTHOR]

Published

2018

39. A Neural Model for Generating Natural Language Summaries of Program Subroutines.

Author

LeClair, Alexander, Siyuan Jiang, and McMillan, Collin

Subjects

NATURAL languages, SOURCE code, MACHINE translating, SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER science

Abstract

Source code summarization -- creating natural language descriptions of source code behavior -- is a rapidly-growing research topic with applications to automatic documentation generation, program comprehension, and software maintenance. Traditional techniques relied on heuristics and templates built manually by human experts. Recently, data-driven approaches based on neural machine translation have largely overtaken template-based systems. But nearly all of these techniques rely almost entirely on programs having good internal documentation; without clear identifier names, the models fail to create good summaries. In this paper, we present a neural model that combines words from code with code structure from an AST. Unlike previous approaches, our model processes each data source as a separate input, which allows the model to learn code structure independent of the text in code. This process helps our approach provide coherent summaries in many cases even when zero internal documentation is provided. We evaluate our technique with a dataset we created from 2.1m Java methods. We find improvement over two baseline techniques from SE literature and one from NLP literature. [ABSTRACT FROM AUTHOR]

Published

2019

40. Parallel Refinement for Multi-Threaded Program Verification.

Author

Liangze Yin, Wei Dong, Wanwei Liu, and Ji Wang

Subjects

ABSTRACTION (Computer science), SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER programmers, COMPUTER programming

Abstract

Program verification is one of the most important methods to ensuring the correctness of concurrent programs. However, due to the path explosion problem, concurrent program verification is usually time consuming, which hinders its scalability to industrial programs. Parallel processing is a mainstream technique to deal with those problems which require mass computing. Hence, designing parallel algorithms to improve the performance of concurrent program verification is highly desired. This paper focuses on parallelization of the abstraction refinement technique, one of the most efficient techniques for concurrent program verification. We present a parallel refinement framework which employs multiple engines to refine the abstraction in parallel. Different from existing work which parallelizes the search process, our method achieves the effect of parallelization by refinement constraint and learnt clause sharing, so that the number of required iterations can be significantly reduced. We have implemented this framework on the scheduling constraint based abstraction refinement method, one of the best methods for concurrent program verification. Experiments on SV-COMP 2018 show the encouraging results of our method. For those complex programs requiring a large number of iterations, our method can obtain a linear reduction of the iteration number and significantly improve the verification performance. [ABSTRACT FROM AUTHOR]

Published

2019

41. A Survey of Source Code Search: A 3-Dimensional Perspective.

Author

Sun, Weisong, Fang, Chunrong, Ge, Yifei, Hu, Yuling, Chen, Yuchen, Zhang, Quanjun, Ge, Xiuting, Liu, Yang, and Chen, Zhenyu

Subjects

SOURCE code, SOFTWARE productivity, MATHEMATICAL optimization, SOFTWARE engineering, COMPUTER software quality control, SQL, MACHINE translating

Abstract

(Source) code search is widely concerned by software engineering researchers because it can improve the productivity and quality of software development. Given a functionality requirement usually described in a natural language sentence, a code search system can retrieve code snippets that satisfy the requirement from a large-scale code corpus, e.g., GitHub. To realize effective and efficient code search, many techniques have been proposed successively. These techniques improve code search performance mainly by optimizing three core components, including query understanding component, code understanding component, and query-code matching component. In this article, we provide a 3-dimensional perspective survey for code search. Specifically, we categorize existing code search studies into query-end optimization techniques, code-end optimization techniques, and match-end optimization techniques according to the specific components they optimize. These optimization techniques are proposed to enhance the performance of specific components, and thus the overall performance of code search. Considering that each end can be optimized independently and contributes to the code search performance, we treat each end as a dimension. Therefore, this survey is 3-dimensional in nature, and it provides a comprehensive summary of each dimension in detail. To understand the research trends of the three dimensions in existing code search studies, we systematically review 68 relevant literatures. Different from existing code search surveys that only focus on the query end or code end or introduce various aspects shallowly (including codebase, evaluation metrics, modeling technique, etc.), our survey provides a more nuanced analysis and review of the evolution and development of the underlying techniques used in the three ends. Based on a systematic review and summary of existing work, we outline several open challenges and opportunities at the three ends that remain to be addressed in future work. [ABSTRACT FROM AUTHOR]

Published

2024

42. 10th International Workshop on Automation of Software Test (AST 2015).

Author

Subramanyan, Rajesh, Mariani, Leonardo, and Dan Hao

Subjects

SOFTWARE engineering, ADULT education workshops, COMPUTER software development, COMPUTER programming, AUTOMATION

Abstract

This paper is a report on The 10th IEEE/ACM International Workshop on Automation of Software Test (AST 2015) at the 37th International Conference on Software Engineering (ICSE 2015). It sets a special theme on testing oracles. Keynote speeches and charette discussions are organized around this special theme. 16 full research papers and 2 keynotes will be presented in the two-day workshop. The report will give the background of the workshop and the selection of the special theme, and report on the organization of the workshop. The provisional program will be presented with a list of the sessions and papers to be presented at the workshop. [ABSTRACT FROM AUTHOR]

Published

2015

43. App's Auto-Login Function Security Testing via Android OS-Level Virtualization.

Author

Wenna Song, Jiang Ming, Lin Jiang, Han Yan, Yi Xiang, Yuan Chen, Jianming Fu, and Guojun Peng

Subjects

MOBILE apps, COMPUTER operating systems, ARTIFICIAL intelligence, COMPUTER science, SOFTWARE engineering

Abstract

Limited by the small keyboard, most mobile apps support the automatic login feature for better user experience. Therefore, users avoid the inconvenience of retyping their ID and password when an app runs in the foreground again. However, this auto-login function can be exploited to launch the so-called "data-clone attack": once the locally-stored, auto-login depended data are cloned by attackers and placed into their own smartphones, attackers can break through the login-device number limit and log in to the victim's account stealthily. A natural countermeasure is to check the consistency of device-specific attributes. As long as the new device shows different device fingerprints with the previous one, the app will disable the auto-login function and thus prevent data-clone attacks. In this paper, we develop VPDroid, a transparent Android OS-level virtualization platform tailored for security testing. With VPDroid, security analysts can customize different device artifacts, such as CPU model, Android ID, and phone number, in a virtual phone without user-level API hooking. VPDroid's isolation mechanism ensures that user-mode apps in the virtual phone cannot detect device-specific discrepancies. To assess Android apps' susceptibility to the data-clone attack, we use VPDroid to simulate data-clone attacks with 234 most-downloaded apps. Our experiments on five different virtual phone environments show that VPDroid's device attribute customization can deceive all tested apps that perform device-consistency checks, such as Twitter, WeChat, and PayPal. 19 vendors have confirmed our report as a zero-day vulnerability. Our findings paint a cautionary tale: only enforcing a device-consistency check at client side is still vulnerable to an advanced data-clone attack. [ABSTRACT FROM AUTHOR]

Published

2021

44. Semantic Web Accessibility Testing via Hierarchical Visual Analysis.

Author

Bajammal, Mohammad and Mesbah, Ali

Subjects

SEMANTIC Web, PEOPLE with disabilities, SOFTWARE product line engineering, ARTIFICIAL intelligence, COMPUTER software development, SOFTWARE engineering

Abstract

Web accessibility, the design of web apps to be usable by users with disabilities, impacts millions of people around the globe. Although accessibility has traditionally been a marginal afterthought that is often ignored in many software products, it is increasingly becoming a legal requirement that must be satisfied. While some web accessibility testing tools exist, most only perform rudimentary syntactical checks that do not assess the more important high-level semantic aspects that users with disabilities rely on. Accordingly, assessing web accessibility has largely remained a laborious manual process requiring human input. In this paper, we propose an approach, called AXERAY, that infers semantic groupings of various regions of a web page and their semantic roles. We evaluate our approach on 30 real-world websites and assess the accuracy of semantic inference as well as the ability to detect accessibility failures. The results show that AXERAY achieves, on average, an F-measure of 87% for inferring semantic groupings, and is able to detect accessibility failures with 85% accuracy. [ABSTRACT FROM AUTHOR]

Published

2021

45. How to Identify Boundary Conditions with Contrasty Metric?

Author

Weilin Luo, Hai Wan, Xiaotong Song, Binhao Yang, Hongzhen Zhong, and Yin Chen

Subjects

BOUNDARY value problems, COMPUTER software development, ARTIFICIAL intelligence, SOFTWARE engineering, SOFTWARE engineers

Abstract

The boundary conditions (BCs) have shown great potential in requirements engineering because a BC captures the particular combination of circumstances, i.e., divergence, in which the goals of the requirement cannot be satisfied as a whole. Existing researches have attempted to automatically identify lots of BCs. Unfortunately, a large number of identified BCs make assessing and resolving divergences expensive. Existing methods adopt a coarse-grained metric, generality, to filter out less general BCs. However, the results still retain a large number of redundant BCs since a general BC potentially captures redundant circumstances that do not lead to a divergence. Furthermore, the likelihood of BC can be misled by redundant BCs resulting in costly repeatedly assessing and resolving divergences. In this paper, we present a fine-grained metric to filter out the redundant BCs. We first introduce the concept of contrasty of BC. Intuitively, if two BCs are contrastive, they capture different divergences. We argue that a set of contrastive BCs should be recommended to engineers, rather than a set of general BCs that potentially only indicates the same divergence. Then we design a post-processing framework (PPFc) to produce a set of contrastive BCs after identifying BCs. Experimental results show that the contrasty metric dramatically reduces the number of BCs recommended to engineers. Results also demonstrate that lots of BCs identified by the state-of-the-art method are redundant in most cases. Besides, to improve efficiency, we propose a joint framework (JFc) to interleave assessing based on the contrasty metric with identifying BCs. The primary intuition behind JFc is that it considers the search bias toward contrastive BCs during identifying BCs, thereby pruning the BCs capturing the same divergence. Experiments confirm the improvements of JFc in identifying contrastive BCs. [ABSTRACT FROM AUTHOR]

Published

2021

46. "Ignorance and Prejudice" in Software Fairness.

Author

Zhang, Jie M. and Harman, Mark

Subjects

MACHINE learning, SOFTWARE engineers, SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER science

Abstract

Machine learning software can be unfair when making human-related decisions, having prejudices over certain groups of people. Existing work primarily focuses on proposing fairness metrics and presenting fairness improvement approaches. It remains unclear how key aspect of any machine learning system, such as feature set and training data, affect fairness. This paper presents results from a comprehensive study that addresses this problem. We find that enlarging the feature set plays a significant role in fairness (with an average effect rate of 38%). Importantly, and contrary to widely-held beliefs that greater fairness often corresponds to lower accuracy, our findings reveal that an enlarged feature set has both higher accuracy and fairness. Perhaps also surprisingly, we find that a larger training data does not help to improve fairness. Our results suggest a larger training data set has more unfairness than a smaller one when feature sets are insufficient; an important cautionary finding for practising software engineers. [ABSTRACT FROM AUTHOR]

Published

2021

47. Improving Fault Localization by Integrating Value and Predicate Based Causal Inference Techniques.

Author

Küçük, Yiğit, Henderson, Tim A. D., and Podgurski, Andy

Subjects

AUTOMATION, MACHINE learning, COMPUTER software development, ARTIFICIAL intelligence, SOFTWARE engineering

Abstract

Statistical fault localization (SFL) techniques use execution profiles and success/failure information from software executions, in conjunction with statistical inference, to automatically score program elements based on how likely they are to be faulty. SFL techniques typically employ one type of profile data: either coverage data, predicate outcomes, or variable values. Most SFL techniques actually measure correlation, not causation, between profile values and success/failure, and so they are subject to confounding bias that distorts the scores they produce. This paper presents a new SFL technique, named UniVal, that uses causal inference techniques and machine learning to integrate information about both predicate outcomes and variable values to more accurately estimate the true failure-causing effect of program statements. UniVal was empirically compared to several coverage-based, predicate-based, and value-based SFL techniques on 800 program versions with real faults. [ABSTRACT FROM AUTHOR]

Published

2021

48. On the Naming of Methods: A Survey of Professional Developers.

Author

Alsuhaibani, Reem S., Newman, Christian D., Decker, Michael J., Collard, Michael L., and Maletic, Jonathan I.

Subjects

SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER software development, PROGRAMMING languages, COMPUTER science

Abstract

This paper describes the results of a large (+1100 responses) survey of professional software developers concerning standards for naming source code methods. The various standards for source code method names are derived from and supported in the software engineering literature. The goal of the survey is to determine if there is a general consensus among developers that the standards are accepted and used in practice. Additionally, the paper examines factors such as years of experience and programming language knowledge in the context of survey responses. The survey results show that participants very much agree about the importance of various standards and how they apply to names and that years of experience and the programming language has almost no effect on their responses. The results imply that the given standards are both valid and to a large degree complete. The work provides a foundation for automated method name assessment during development and code reviews. [ABSTRACT FROM AUTHOR]

Published

2021

49. What helped, and what did not? An Evaluation of the Strategies to Improve Continuous Integration.

Author

Xianhao Jin and Servant, Francisco

Subjects

ARTIFICIAL intelligence, SOFTWARE engineering, COMPUTER software development, SOFTWARE maintenance, MOBILE apps

Abstract

Continuous integration (CI) is a widely used practice in modern software engineering. Unfortunately, it is also an expensive practice -- Google and Mozilla estimate their CI systems in millions of dollars. There are a number of techniques and tools designed to or having the potential to save the cost of CI or expand its benefit - reducing time to feedback. However, their benefits in some dimensions may also result in drawbacks in others. They may also be beneficial in other scenarios where they are not designed to help. In this paper, we perform the first exhaustive comparison of techniques to improve CI, evaluating 14 variants of 10 techniques using selection and prioritization strategies on build and test granularity. We evaluate their strengths and weaknesses with 10 different cost and time-to-feedback saving metrics on 100 real-world projects. We analyze the results of all techniques to understand the design decisions that helped different dimensions of benefit. We also synthesized those results to lay out a series of recommendations for the development of future research techniques to advance this area. [ABSTRACT FROM AUTHOR]

Published

2021

50. AutoCCAG: An Automated Approach to Constrained Covering Array Generation.

Author

Chuan Luo, Jinkun Lin, Shaowei Cai, Xin Chen, Bing He, Bo Qiao, Pu Zhao, Qingwei Lin, Hongyu Zhang, Wei Wu, Rajmohan, Saravanakumar, and Dongmei Zhang

Subjects

ARTIFICIAL intelligence, SOFTWARE engineering, COMPUTER software development, PROBLEM solving, ALGORITHMS

Abstract

Combinatorial interaction testing (CIT) is an important technique for testing highly configurable software systems with demonstrated effectiveness in practice. The goal of CIT is to generate test cases covering the interactions of configuration options, under certain hard constraints. In this context, constrained covering arrays (CCAs) are frequently used as test cases in CIT. Constrained Covering Array Generation (CCAG) is an NP-hard combinatorial optimization problem, solving which requires an effective method for generating small CCAs. In particular, effectively solving t-way CCAG with t > 4 is even more challenging. Inspired by the success of automated algorithm configuration and automated algorithm selection in solving combinatorial optimization problems, in this paper, we investigate the efficacy of automated algorithm configuration and automated algorithm selection for the CCAG problem, and propose a novel, automated CCAG approach called AutoCCAG. Extensive experiments on public benchmarks show that AutoCCAG can find much smaller-sized CCAs than current state-of-the-art approaches, indicating the effectiveness of AutoCCAG. More encouragingly, to our best knowledge, our paper reports the first results for CCAG with a high coverage strength (i.e., 5-way CCAG) on public benchmarks. Our results demonstrate that AutoCCAG can bring considerable benefits in testing highly configurable software systems. [ABSTRACT FROM AUTHOR]

Published

2021