Showing total 199 results

1. Why Don't Developers Detect Improper Input Validation? '; DROP TABLE Papers; --.

Author

Braz, Larissa, Fregnan, Enrico, Çalikli, Gül, and Bacchelli, Alberto

Subjects

SOFTWARE engineering, COMPUTER science, COMPUTER software development, ARTIFICIAL intelligence, CODE review (Computer science)

Abstract

Improper Input Validation (IIV) is a software vulnerability that occurs when a system does not safely handle input data. Even though IIV is easy to detect and fix, it still commonly happens in practice. In this paper, we study to what extent developers can detect IIV and investigate underlying reasons. This knowledge is essential to better understand how to support developers in creating secure software systems. We conduct an online experiment with 146 participants, of which 105 report at least three years of professional software development experience. Our results show that the existence of a visible attack scenario facilitates the detection of IIV vulnerabilities and that a significant portion of developers who did not find the vulnerability initially could identify it when warned about its existence. Yet, a total of 60 participants could not detect the vulnerability even after the warning. Other factors, such as the frequency with which the participants perform code reviews, influence the detection of IIV. [ABSTRACT FROM AUTHOR]

Published

2021

2. A Case Study on Applications of the Hook Model in Software Products.

Author

Lukyanchikova, Elena, Askarbekuly, Nursultan, Aslam, Hamna, and Mazzara, Manuel

Subjects

SOFTWARE product line engineering, COMPUTER software development, SOFTWARE engineering, COMPUTER security, COMPUTER science

Abstract

The Hook model is used in digital products to engage and retain users through the mechanism of habit formation. This paper explores the use of Hook model techniques in two mobile applications, one being a popular taxi service (Uber taxi) and the other a social network (Instagram). The goal of this paper is to explore the Hook cycle patterns in the two products, and to identify commonalities and differences in how they are applied. Our results suggest that Hook cycle patterns appear with similar frequency; however, Instagram includes more internal Trigger calls. Uber uses fewer triggers to encourage usage, most probably because users already have a specific need for the application. For the same reason, Uber has less opportunity to fail in the reward delivery, while Instagram can use the failure (in providing a reward) as another trigger if the usage habit is already established. In addition, we introduce two types of Hook cycle patterns: internal (within a single use case) and external (transition between use cases). The insights obtained through the case studies serve as a practical reference for developing engaging and retention-focused applications. [ABSTRACT FROM AUTHOR]

Published

2023

3. On the Naming of Methods: A Survey of Professional Developers.

Author

Alsuhaibani, Reem S., Newman, Christian D., Decker, Michael J., Collard, Michael L., and Maletic, Jonathan I.

Subjects

SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER software development, PROGRAMMING languages, COMPUTER science

Abstract

This paper describes the results of a large (+1100 responses) survey of professional software developers concerning standards for naming source code methods. The various standards for source code method names are derived from and supported in the software engineering literature. The goal of the survey is to determine if there is a general consensus among developers that the standards are accepted and used in practice. Additionally, the paper examines factors such as years of experience and programming language knowledge in the context of survey responses. The survey results show that participants very much agree about the importance of various standards and how they apply to names and that years of experience and the programming language has almost no effect on their responses. The results imply that the given standards are both valid and to a large degree complete. The work provides a foundation for automated method name assessment during development and code reviews. [ABSTRACT FROM AUTHOR]

Published

2021

4. A Defect Detection Method for the Primary Stage of Software Development.

Author

Qiang Zhi, Wanxu Pu, Jianguo Ren, and Zhengshu Zhou

Subjects

COMPUTER software development, SOFTWARE requirements specifications, SOFTWARE engineering, COMPUTER software quality control, SOFTWARE engineers

Abstract

In the early stage of software development, a software requirements specification (SRS) is essential, and whether the requirements are clear and explicit is the key. However, due to various reasons, there may be a large number of misunderstandings. To generate high-quality software requirements specifications, numerous researchers have developed a variety of ways to improve the quality of SRS. In this paper, we propose a questions extraction method based on SRS elements decomposition, which evaluates the quality of SRS in the form of numerical indicators. The proposed method not only evaluates the quality of SRSs but also helps in the detection of defects, especially the description problem and omission defects in SRSs. To verify the effectiveness of the proposed method, we conducted a controlled experiment to compare the ability of checklist-based review (CBR) and the proposed method in the SRS review. The CBR is a classic method of reviewing SRS defects. After a lot of practice and improvement for a long time, CBR has excellent review ability in improving the quality of software requirements specifications. The experimental results with 40 graduate students majoring in software engineering confirmed the effectiveness and advantages of the proposed method. However, the shortcomings and deficiencies of the proposed method are also observed through the experiment. Furthermore, the proposed method has been tried out by engineers with practical work experience in software development industry and received good feedback. [ABSTRACT FROM AUTHOR]

Published

2023

5. Formal Foundation, Approach, and Smart Tool for Software Models' Comparison.

Author

Chebanyuk, Olena V. and Salem, Abdel-Badeeh M.

Subjects

COMPUTER software development, UNIFIED modeling language, SOFTWARE engineering, COMPUTER science, SOFTWARE architecture, COMPUTER programming

Abstract

Software models' comparison is an operation performed in all software development lifecycle processes. Comparison is one of the steps of software models refactoring, refinement, merging, quality estimation, etc. Such operations take place in different tasks in requirement analysis, software designing, testing, reengineering, etc. This article proposes analytical foundations for software models' representation and corresponding technique for their comparison. To describe software model structure it is proposed to use graph representation. Software models' comparison technique based on subgraphs matching is proposed. Following this technique important steps of software tool realization are described, namely, (i) grounding of the choice of development environment and tools for XMI files processing; (ii) the algorithm for extracting software model structure from XMI file; (iii) software models' comparison algorithm realization; (iv) description of software architecture. Peculiarity of proposed software tool is a possibility for visualizing elements of two software models that do not match each other directly in modeling environment. Data are extracted from XMI files by means of LINQ queries. After that they are stored in graph triples. To perform visualization, it is proposed to modify "layout" files, designed by Microsoft Visual Studio environment. Other important feature of the tool is a possibility to compare software models, designed in different modeling environments. It is done by means of involving new LINQ queries, considering specifics of storing software models in different modeling environments. Paper contains case study, explaining the process of software models'analytical representation, and comparison technique implementation. [ABSTRACT FROM AUTHOR]

Published

2018

6. 9.6 Million Links in Source Code Comments: Purpose, Evolution, and Decay.

Author

Hideaki Hata, Treude, Christoph, Kula, Raula Gaikovina, and Takashi Ishio

Subjects

SOURCE code, ARTIFICIAL intelligence, COMPUTER science, SOFTWARE engineering, COMPUTER software development

Abstract

Links are an essential feature of the World Wide Web, and source code repositories are no exception. However, despite their many undisputed benefits, links can suffer from decay, insufficient versioning, and lack of bidirectional traceability. In this paper, we investigate the role of links contained in source code comments from these perspectives. We conducted a large-scale study of around 9.6 million links to establish their prevalence, and we used a mixed-methods approach to identify the links' targets, purposes, decay, and evolutionary aspects. We found that links are prevalent in source code repositories, that licenses, software homepages, and specifications are common types of link targets, and that links are often included to provide metadata or attribution. Links are rarely updated, but many link targets evolve. Almost 10% of the links included in source code comments are dead. We then submitted a batch of link-fixing pull requests to open source software repositories, resulting in most of our fixes being merged successfully. Our findings indicate that links in source code comments can indeed be fragile, and our work opens up avenues for future work to address these problems. [ABSTRACT FROM AUTHOR]

Published

2019

7. The Seven Sins: Security Smells in Infrastructure as Code Scripts.

Author

Rahman, Akond, Parnin, Chris, and Williams, Laurie

Subjects

ARTIFICIAL intelligence, SOFTWARE engineering, COMPUTER science, COMPUTER software development, OPEN source software

Abstract

Practitioners use infrastructure as code (IaC) scripts to provision servers and development environments. While developing IaC scripts, practitioners may inadvertently introduce security smells. Security smells are recurring coding patterns that are indicative of security weakness and can potentially lead to security breaches. The goal of this paper is to help practitioners avoid insecure coding practices while developing infrastructure as code (IaC) scripts through an empirical study of security smells in IaC scripts. We apply qualitative analysis on 1,726 IaC scripts to identify seven security smells. Next, we implement and validate a static analysis tool called Security Linter for Infrastructure as Code scripts (SLIC) to identify the occurrence of each smell in 15,232 IaC scripts collected from 293 open source repositories. We identify 21,201 occurrences of security smells that include 1,326 occurrences of hard-coded passwords. We submitted bug reports for 1,000 randomly-selected security smell occurrences.We obtain 212 responses to these bug reports, of which 148 occurrences were accepted by the development teams to be fixed. We observe security smells can have a long lifetime, e.g., a hard-coded secret can persist for as long as 98 months, with a median lifetime of 20 months. [ABSTRACT FROM AUTHOR]

Published

2019

8. Software Design Studio: A Practical Example.

Author

Lee, Jaejoon, Kotonya, Gerald, Whittle, Jon, and Bull, Christopher

Subjects

SOFTWARE engineering, COMPUTER software, COMPUTER software development, COMPUTER science, SYSTEMS development

Abstract

We have been generally successful for transferring software engineering knowledge to industry through various forms of education. However, many challenges in software engineering training remain. A key amongst these is how best to energise software engineering education with real-world software engineering practices. This paper describes our experience of delivering a radically different approach based on the notion of a Software Design Studio. The Software Design Studio is both a lab for students engaged in conceiving, designing and developing software products as well as an approach for teaching software engineering in the lab which emphasizes practical hands-on work and experimentation. The feedback on the Software Design Studio -- from both staff and students -- has been outstanding. Although the programme is designed as a small, elite programme there is interest to see if the teaching methods can be transferred across to the much larger undergraduate programme in Computer Science. In this paper, we provide a detailed description of how our studio works in practice so that others, thinking of taking a studio or studio-inspired approach, can use in designing their own courses. [ABSTRACT FROM AUTHOR]

Published

2015

9. AID: An automated detector for gender-inclusivity bugs in OSS project pages.

Author

Chatterjee, Amreeta, Guizani, Mariam, Stevens, Catherine, Emard, Jillian, May, Mary Evelyn, Burnett, Margaret, Ahmed, Iftekhar, and Sarma, Anita

Subjects

OPEN source software, SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER science, COMPUTER software development

Abstract

The tools and infrastructure used in tech, including Open Source Software (OSS), can embed "inclusivity bugs"-- features that disproportionately disadvantage particular groups of contributors. To see whether OSS developers have existing practices to ward off such bugs, we surveyed 266 OSS developers. Our results show that a majority (77%) of developers do not use any inclusivity practices, and 92% of respondents cited a lack of concrete resources to enable them to do so. To help fill this gap, this paper introduces AID, a tool that automates the GenderMag method to systematically find gender-inclusivity bugs in software. We then present the results of the tool's evaluation on 20 GitHub projects. The tool achieved precision of 0.69, recall of 0.92, an F-measure of 0.79 and even captured some inclusivity bugs that human GenderMag teams missed. [ABSTRACT FROM AUTHOR]

Published

2021

10. Understanding Bounding Functions in Safety-Critical UAV Software.

Author

Xiaozhou Liang, Burns, John Henry, Sanchez, Joseph, Dantu, Karthik, Ziarek, Lukasz, and Liu, Yu David

Subjects

DRONE aircraft, COMPUTER software development, SOFTWARE engineering, COMPUTER science, OPEN source software

Abstract

Unmanned Aerial Vehicles (UAVs) are an emerging computation platform known for their safety-critical need. In this paper, we conduct an empirical study on a widely used open-source UAV software framework, Paparazzi, with the goal of understanding the safety-critical concerns of UAV software from a bottom-up developer-in-the-field perspective. We set our focus on the use of Bounding Functions (BFs), the runtime checks injected by Paparazzi developers on the range of variables. Through an in-depth analysis on BFs in the Paparazzi autopilot software, we found a large number of them (109 instances) are used to bound safety-critical variables essential to the cyber-physical nature of the UAV, such as its thrust, its speed, and its sensor values. The novel contributions of this study are two fold. First, we take a static approach to classify all BF instances, presenting a novel datatype-based 5-category taxonomy with fine-grained insight on the role of BFs in ensuring the safety of UAV systems. Second, we dynamically evaluate the impact of the BF uses through a differential approach, establishing the UAV behavioral difference with and without BFs. The two-pronged static and dynamic approach together illuminates a rarely studied design space of safety-critical UAV software systems. [ABSTRACT FROM AUTHOR]

Published

2021

11. Supporting Quality Assurance with Automated Process-Centric Quality Constraints Checking.

Author

Mayr-Dorn, Christoph, Cleland-Huang, Jane, Vierhauser, Michael, Egyed, Alexander, Bichler, Stefan, Mehofer, Thomas, and Keplinger, Felix

Subjects

QUALITY assurance, SOFTWARE engineering, COMPUTER software development, ARTIFICIAL intelligence, COMPUTER science

Abstract

Regulations, standards, and guidelines for safety-critical systems stipulate stringent traceability but do not prescribe the corresponding, detailed software engineering process. Given the industrial practice of using only semi-formal notations to describe engineering processes, processes are rarely "executable" and developers have to spend significant manual effort in ensuring that they follow the steps mandated by quality assurance. The size and complexity of systems and regulations makes manual, timely feedback from Quality Assurance (QA) engineers infeasible. In this paper we propose a novel framework for tracking processes in the background, automatically checking QA constraints depending on process progress, and informing the developer of unfulfilled QA constraints. We evaluate our approach by applying it to two different case studies; one open source community system and a safety-critical system in the air-traffic control domain. Results from the analysis show that trace links are often corrected or completed after the fact and thus timely and automated constraint checking support has significant potential on reducing rework. [ABSTRACT FROM AUTHOR]

Published

2021

12. It Takes Two to TANGO: Combining Visual and Textual Information for Detecting Duplicate Video-Based Bug Reports.

Author

Cooper, Nathan, Bernal-Cárdenas, Carlos, Chaparro, Oscar, Moran, Kevin, and Poshyvanyk, Denys

Subjects

GRAPHICAL user interfaces, SOFTWARE engineering, COMPUTER software development, COMPUTER science, MOBILE apps

Abstract

When a bug manifests in a user-facing application, it is likely to be exposed through the graphical user interface (GUI). Given the importance of visual information to the process of identifying and understanding such bugs, users are increasingly making use of screenshots and screen-recordings as a means to report issues to developers. However, when such information is reported en masse, such as during crowd-sourced testing, managing these artifacts can be a time-consuming process. As the reporting of screen-recordings in particular becomes more popular, developers are likely to face challenges related to manually identifying videos that depict duplicate bugs. Due to their graphical nature, screen-recordings present challenges for automated analysis that preclude the use of current duplicate bug report detection techniques. To overcome these challenges and aid developers in this task, this paper presents TANGO, a duplicate detection technique that operates purely on video-based bug reports by leveraging both visual and textual information. TANGO combines tailored computer vision techniques, optical character recognition, and text retrieval. We evaluated multiple configurations of TANGO in a comprehensive empirical evaluation on 4,860 duplicate detection tasks that involved a total of 180 screen-recordings from six Android apps. Additionally, we conducted a user study investigating the effort required for developers to manually detect duplicate video-based bug reports and compared this to the effort required to use TANGO. The results reveal that TANGO's optimal configuration is highly effective at detecting duplicate video-based bug reports, accurately ranking target duplicate videos in the top-2 returned results in 83% of the tasks. Additionally, our user study shows that, on average, TANGO can reduce developer effort by over 60%, illustrating its practicality. [ABSTRACT FROM AUTHOR]

Published

2021

13. Prioritize Crowdsourced Test Reports via Deep Screenshot Understanding.

Author

Shengcheng Yu, Chunrong Fang, Zhenfei Cao, Xu Wang, Tongyu Li, and Zhenyu Chen

Subjects

CROWDSOURCING, MOBILE apps, SOFTWARE engineering, COMPUTER software development, COMPUTER science

Abstract

Crowdsourced testing is increasingly dominant in mobile application (app) testing, but it is a great burden for app developers to inspect the incredible number of test reports. Many researches have been proposed to deal with test reports based only on texts or additionally simple image features. However, in mobile app testing, texts contained in test reports are condensed and the information is inadequate. Many screenshots are included as complements that contain much richer information beyond texts. This trend motivates us to prioritize crowdsourced test reports based on a deep screenshot understanding. In this paper, we present a novel crowdsourced test report prioritization approach, namely DEEPPRIOR. We first represent the crowdsourced test reports with a novelly introduced feature, namely DEEPFEATURE, that includes all the widgets along with their texts, coordinates, types, and even intents based on the deep analysis of the app screenshots, and the textual descriptions in the crowdsourced test reports. DEEPFEATURE includes the Bug Feature, which directly describes the bugs, and the Context Feature, which depicts the thorough context of the bug. The similarity of the DEEPFEATURE is used to represent the test reports' similarity and prioritize the crowdsourced test reports. We formally define the similarity as DEEPSIMILARITY. We also conduct an empirical experiment to evaluate the effectiveness of the proposed technique with a large dataset group. The results show that DEEPPRIOR is promising, and it outperforms the state-of-the-art approach with less than half the overhead. [ABSTRACT FROM AUTHOR]

Published

2021

14. Does mutation testing improve testing practices?

Author

Petrović, Goran, Ivanković, Marko, Fraser, Gordon, and Just, René

Subjects

MUTATION (Phonetics), SOFTWARE engineering, COMPUTER software development, COMPUTER science, COMPUTER software quality control

Abstract

Various proxy metrics for test quality have been defined in order to guide developers when writing tests. Code coverage is particularly well established in practice, even though the question of how coverage relates to test quality is a matter of ongoing debate. Mutation testing offers a promising alternative: Artificial defects can identify holes in a test suite, and thus provide concrete suggestions for additional tests. Despite the obvious advantages of mutation testing, it is not yet well established in practice. Until recently, mutation testing tools and techniques simply did not scale to complex systems. Although they now do scale, a remaining obstacle is lack of evidence that writing tests for mutants actually improves test quality. In this paper we aim to fill this gap: By analyzing a large dataset of almost 15 million mutants, we investigate how these mutants influenced developers over time, and how these mutants relate to real faults. Our analyses suggest that developers using mutation testing write more tests, and actively improve their test suites with high quality tests such that fewer mutants remain. By analyzing a dataset of past fixes of real high-priority faults, our analyses further provide evidence that mutants are indeed coupled with real faults. In other words, had mutation testing been used for the changes introducing the faults, it would have reported a live mutant that could have prevented the bug. [ABSTRACT FROM AUTHOR]

Published

2021

15. Interpretation-enabled Software Reuse Detection Based on a Multi-Level Birthmark Model.

Author

Xi Xu, Qinghua Zheng, Zheng Yan, Ming Fan, Ang Jia, and Ting Liu

Subjects

ARTIFICIAL intelligence, SOFTWARE engineering, COMPUTER software development, SEMANTICS, COMPUTER science

Abstract

Software reuse, especially partial reuse, poses legal and security threats to software development. Since its source codes are usually unavailable, software reuse is hard to be detected with interpretation. On the other hand, current approaches suffer from poor detection accuracy and efficiency, far from satisfying practical demands. To tackle these problems, in this paper, we propose ISRD, an interpretation-enabled software reuse detection approach based on a multi-level birthmark model that contains function level, basic block level, and instruction level. To overcome obfuscation caused by cross-compilation, we represent function semantics with Minimum Branch Path (MBP) and perform normalization to extract core semantics of instructions. For efficiently detecting reused functions, a process for "intent search based on anchor recognition" is designed to speed up reuse detection. It uses strict instruction match and identical library call invocation check to find anchor functions (in short anchors) and then traverses neighbors of the anchors to explore potentially matched function pairs. Extensive experiments based on two real-world binary datasets reveal that ISRD is interpretable, effective, and efficient, which achieves 97:2% precision and 94:8% recall. Moreover, it is resilient to cross-compilation, outperforming state-of- the-art approaches. [ABSTRACT FROM AUTHOR]

Published

2021

16. CENTRIS: A Precise and Scalable Approach for Identifying Modified Open-Source Software Reuse.

Author

Seunghoon Woo, Sunghan Park, Seulbae Kim, Heejo Lee, and Hakjoo Oh

Subjects

OPEN source software, COMPUTER software development, SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER science

Abstract

Open-source software (OSS) is widely reused as it provides convenience and efficiency in software development. Despite evident benefits, unmanaged OSS components can introduce threats, such as vulnerability propagation and license violation. Unfortunately, however, identifying reused OSS components is a challenge as the reused OSS is predominantly modified and nested. In this paper, we propose CENTRIS, a precise and scalable approach for identifying modified OSS reuse. By segmenting an OSS code base and detecting the reuse of a unique part of the OSS only, CENTRIS is capable of precisely identifying modified OSS reuse in the presence of nested OSS components. For scalability, CENTRIS eliminates redundant code comparisons and accelerates the search using hash functions. When we applied CENTRIS on 10,241 widely-employed GitHub projects, comprising 229,326 versions and 80 billion lines of code, we observed that modified OSS reuse is a norm in software development, occurring 20 times more frequently than exact reuse. Nonetheless, CENTRIS identified reused OSS components with 91% precision and 94% recall in less than a minute per application on average, whereas a recent clone detection technique, which does not take into account modified and nested OSS reuse, hardly reached 10% precision and 40% recall. [ABSTRACT FROM AUTHOR]

Published

2021

17. A Context-based Automated Approach for Method Name Consistency Checking and Suggestion.

Author

Yi Li, Shaohua Wang, and Nguyen, Tien N.

Subjects

CODE review (Computer science), SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER science, COMPUTER software development

Abstract

Misleading method names in software projects can confuse developers, which may lead to software defects and affect code understandability. In this paper, we present DEEPNAME, a context-based, deep learning approach to detect method name inconsistencies and suggest a proper name for a method. The key departure point is the philosophy of "Show Me Your Friends, I'll Tell You Who You Are". Unlike the state-of-the-art approaches, in addition to the method's body, we also consider the interactions of the current method under study with the other ones including the caller and callee methods, and the sibling methods in the same enclosing class. The sequences of sub-tokens in the program entities' names in the contexts are extracted and used as the input for an RNN-based encoder-decoder to produce the representations for the current method. We modify that RNN model to integrate the copy mechanism and our newly developed component, called the non-copy mechanism, to emphasize on the possibility of a certain sub-token not to be copied to follow the current sub-token in the currently generated method name. We conducted several experiments to evaluate DEEPNAME on large datasets with +14M methods. For consistency checking, DEEPNAME improves the state-of-the-art approach by 2.1%, 19.6%, and 11.9% relatively in recall, precision, and F-score, respectively. For name suggestion, DEEPNAME improves relatively over the state-of-the-art approaches in precision (1.8%-30.5%), recall (8.8%-46.1%), and F-score (5.2%-38.2%). To assess DEEPNAME's usefulness, we detected inconsistent methods and suggested new method names in active projects. Among 50 pull requests, 12 were merged into the main branch. In total, in 30/50 cases, the team members agree that our suggested method names are more meaningful than the current names. [ABSTRACT FROM AUTHOR]

Published

2021

18. Extracting Concise Bug-Fixing Patches from Human-Written Patches in Version Control Systems.

Author

Yanjie Jiang, Hui Liu, Nan Niu, Lu Zhang, and Yamin Hu

Subjects

REVISION control (Computer science), SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER software development, COMPUTER science

Abstract

High-quality and large-scale repositories of real bugs and their concise patches collected from real-world applications are critical for research in the software engineering community. In such a repository, each real bug is explicitly associated with its fix. Therefore, on one side, the real bugs and their fixes may inspire novel approaches for finding, locating, and repairing software bugs; on the other side, the real bugs and their fixes are indispensable for rigorous and meaningful evaluation of approaches for software testing, fault localization, and program repair. To this end, a number of such repositories, e.g., Defects4J, have been proposed. However, such repositories are rather small because their construction involves expensive human intervention. Although bug-fixing code commits as well as associated test cases could be retrieved from version control systems automatically, existing approaches could not yet automatically extract concise bug-fixing patches from bug-fixing commits because such commits often involve bug-irrelevant changes. In this paper, we propose an automatic approach, called BugBuilder, to extracting complete and concise bug-fixing patches from human-written patches in version control systems. It excludes refactorings by detecting refactorings involved in bug-fixing commits, and reapplying detected refactorings on the faulty version. It enumerates all subsets of the remaining part and validates them on test cases. If none of the subsets has the potential to be a complete bug-fixing patch, the remaining part as a whole is taken as a complete and concise bug-fixing patch. Evaluation results on 809 real bug-fixing commits in Defects4J suggest that BugBuilder successfully generated complete and concise bug-fixing patches for forty percent of the bug-fixing commits, and its precision (99%) was even higher than human experts. [ABSTRACT FROM AUTHOR]

Published

2021

19. How Developers Optimize Virtual Reality Applications: A Study of Optimization Commits in Open Source Unity Projects.

Author

Nusrat, Fariha, Hassan, Foyzul, Hao Zhong, and Xiaoyin Wang

Subjects

VIRTUAL reality, SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER science, COMPUTER software development

Abstract

Virtual Reality (VR) is an emerging technique that provides immersive experience for users. Due to the high computation cost of rendering real-time animation twice (for both eyes) and the resource limitation of wearable devices, VR applications often face performance bottlenecks and performance optimization plays an important role in VR software development. Performance optimizations of VR applications can be very different from those in traditional software as VR involves more elements such as graphics rendering and real-time animation. In this paper, we present the first empirical study on 183 realworld performance optimizations from 45 VR software projects. In particular, we manually categorized the optimizations into 11 categories, and applied static analysis to identify how they affect different life-cycle phases of VR applications. Furthermore, we studied the complexity and design / behavior effects of performance optimizations, and how optimizations are different between large organizational software projects and smaller personal software projects. Our major findings include: (1) graphics simplification (24.0%), rendering optimization (16.9%), language / API optimization (15.3%), heap avoidance (14.8%), and value caching (12.0%) are the most common categories of performance optimization in VR applications; (2) game logic updates (30.4%) and before-scene initialization (20.0%) are the most common lifecycle phases affected by performance issues; (3) 45.9% of the optimizations have behavior and design effects and 39.3% of the optimizations are systematic changes; (4) the distributions of optimization classes are very different between organizational VR projects and personal VR projects. [ABSTRACT FROM AUTHOR]

Published

2021

20. Software Evolution Rules with Condition Constrains to Support Component Type Matching Based on Bigraph.

Author

Lu, Chao-Ze, Zeng, Guo-Sun, and Liu, Wen-Juan

Subjects

COMPUTER software development, SOFTWARE engineering, PROGRAMMING languages, SOFTWARE architecture, COMPUTER science

Abstract

With the gradual maturity of component oriented software development method, component-based software evolution technology has become hot research in academia and industry. Although many evolution rules are designed, they rarely consider component type-mismatched problem in evolution rules. This has led to evolution rules that often run error in software evolution execution. Hence, focusing on the mismatch problem of component type in software evolution, this paper addresses various evolution rules with condition constrains to support component type matching. First, we use the bigraph theory to model the software architecture and employ bigraph term language to describe the basic component evolution operations. Second, we join type system into the term language and use the type term language to express the condition constraints on position and connection for component evolution rules. These condition constraints can guarantee the type-matched among components that participate in software evolution. Furthermore, we show that the component type-matched still kept during a number of different evolution rules are used in the whole software evolution reaction system. Finally, two cases study of evolution progress of ATM system and tourism information system are presented. Two cases illustrate the effectiveness of our approach. [ABSTRACT FROM AUTHOR]

Published

2018

21. 15 Years of Software Regression Testing Techniques - A Survey.

Author

Rosero, Raúl H., Gómez, Omar S., and Rodríguez, Glen

Subjects

REGRESSION testing (Computer science), DEBUGGING, COMPUTER software development, SOFTWARE engineering, COMPUTER science

Abstract

Software regression testing techniques verify previous functionalities each time software modifications occur or new characteristics are added. With the aim of gaining a better understanding of this subject, in this work we present a survey of software regression testing techniques applied in the last 15 years; taking into account its application domain, kind of metrics they use, its application strategies and the phase of the software development process where they are applied. From an outcome of 460 papers, a set of 25 papers describing the use of 31 software testing regression techniques were identified. Results of this survey suggest that at the time of applying a regression testing techniques, metrics like cost and fault detection efficiency are the most relevant. Most of the techniques were assessed with instrumented programs (experimental cases) under academic settings. Conversely, we observe a minimum set of software regression techniques applied in industrial settings, mainly, under corrective and maintenance approaches. Finally, we observe a trend using some regression techniques under agile approaches. [ABSTRACT FROM AUTHOR]

Published

2016

22. A Study on the Lifecycle of Flaky Tests.

Author

Lam, Wing, Muşlu, Kıvanç, Sajnani, Hitesh, and Thummalapenta, Suresh

Subjects

SOFTWARE engineering, COMPUTER software development, ARTIFICIAL intelligence, REGRESSION testing (Computer science), COMPUTER science

Abstract

During regression testing, developers rely on the pass or fail outcomes of tests to check whether changes broke existing functionality. Thus, flaky tests, which nondeterministically pass or fail on the same code, are problematic because they provide misleading signals during regression testing. Although flaky tests are the focus of several existing studies, none of them study (1) the reoccurrence, runtimes, and time-before-fix of flaky tests, and (2) flaky tests indepth on proprietary projects. This paper fills this knowledge gap about flaky tests and investigates whether prior categorization work on flaky tests also apply to proprietary projects. Specifically, we study the lifecycle of flaky tests in six large-scale proprietary projects at Microsoft.We find, as in prior work, that asynchronous calls are the leading cause of flaky tests in these Microsoft projects. Therefore, we propose the first automated solution, called Flakiness and Time Balancer (FaTB), to reduce the frequency of flaky-test failures caused by asynchronous calls. Our evaluation of five such flaky tests shows that FaTB can reduce the running times of these tests by up to 78% without empirically affecting the frequency of their flaky-test failures. Lastly, our study finds several cases where developers claim they "fixed" a flaky test but our empirical experiments show that their changes do not fix or reduce these tests' frequency of flaky-test failures. Future studies should be more cautious when basing their results on changes that developers claim to be "fixes". [ABSTRACT FROM AUTHOR]

Published

2020

23. 7th International Workshop on Modeling in Software Engineering (MiSE 2015).

Author

Gray, Jeff, Chechik, Marsha, Kulkarni, Vinay, and Paige, Richard F.

Subjects

COMPUTER software development, SOFTWARE engineering, COMPUTER science, COMPUTER software, AUTOMATION

Abstract

Models are an important tool in conquering the increasing complexity of modern software systems. Key industries are strategically directing their development environments towards more extensive use of modeling techniques. MiSE 2015 aimed to understand, through critical analysis, the current and future uses of models in the engineering of software-intensive systems. The MiSE workshop series has proven to be an effective forum for discussing modeling techniques from both the MDE and software engineering perspectives. An important goal of this workshop is to foster exchange between these two communities. In 2015 the focus was on considering the current state of tool support and the challenges that need to be addressed to improve the maturity of tools. There was also analysis of successful applications of modeling techniques in specific application domains, with attempts to determine how the participants' experiences can be carried over to other domains. [ABSTRACT FROM AUTHOR]

Published

2015

24. Leveraging Artifact Trees to Evolve and Reuse Safety Cases.

Author

Agrawal, Ankit, Khoshmanesh, Seyedehzahra, Vierhauser, Michael, Rahimi, Mona, Cleland-Huang, Jane, and Lutz, Robyn

Subjects

DRONE aircraft, ARTIFICIAL intelligence, COMPUTER science, COMPUTER software development, SOFTWARE engineering

Abstract

Safety Assurance Cases (SACs) are increasingly used to guide and evaluate the safety of software-intensive systems. They are used to construct a hierarchically organized set of claims, arguments, and evidence in order to provide a structured argument that a system is safe for use. However, as the system evolves and grows in size, a SAC can be difficult to maintain. In this paper we utilize design science to develop a novel solution for identifying areas of a SAC that are affected by changes to the system. Moreover, we generate actionable recommendations for updating the SAC, including its underlying artifacts and trace links, in order to evolve an existing safety case for use in a new version of the system. Our approach, Safety Artifact Forest Analysis (SAFA), leverages traceability to automatically compare software artifacts from a previously approved or certified version with a new version of the system. We identify, visualize, and explain changes in a Delta Tree. We evaluate our approach using the Dronology system for monitoring and coordinating the actions of cooperating, small Unmanned Aerial Vehicles. Results from a user study show that SAFA helped users to identify changes that potentially impacted system safety and provided information that could be used to help maintain and evolve a SAC1. [ABSTRACT FROM AUTHOR]

Published

2019

25. Test-Driven Code Review: An Empirical Study.

Author

Spadini, Davide, Palomba, Fabio, Baum, Tobias, Hanenberg, Stefan, Bruntink, Magiel, and Bacchelli, Alberto

Subjects

CODE review (Computer science), COMPUTER science, SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER software development

Abstract

Test-Driven Code Review (TDR) is a code review practice in which a reviewer inspects a patch by examining the changed test code before the changed production code. Although this practice has been mentioned positively by practitioners in informal literature and interviews, there is no systematic knowledge of its effects, prevalence, problems, and advantages. In this paper, we aim at empirically understanding whether this practice has an effect on code review effectiveness and how developers' perceive TDR.We conduct (i) a controlled experiment with 93 developers that perform more than 150 reviews, and (ii) 9 semi-structured interviews and a survey with 103 respondents to gather information on how TDR is perceived. Key results from the experiment show that developers adopting TDR find the same proportion of defects in production code, but more in test code, at the expenses of fewer maintainability issues in production code. Furthermore, we found that most developers prefer to review production code as they deem it more critical and tests should follow from it. Moreover, general poor test code quality and no tool support hinder the adoption of TDR. Public preprint: [https: //doi.org/10.5281/zenodo.2551217], data and materials: [https:// doi.org/10.5281/zenodo.2553139]. [ABSTRACT FROM AUTHOR]

Published

2019

26. FOCUS: A Recommender System for Mining API Function Calls and Usage Patterns.

Author

Nguyen, Phuong T., Di Rocco, Juri, Di Ruscio, Davide, Ochoa, Lina, Degueule, Thomas, and Di Penta, Massimiliano

Subjects

RECOMMENDER systems, COMPUTER science, SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER software development

Abstract

Software developers interact with APIs on a daily basis and, therefore, often face the need to learn how to use new APIs suitable for their purposes. Previous work has shown that recommending usage patterns to developers facilitates the learning process. Current approaches to usage pattern recommendation, however, still suffer from high redundancy and poor run-time performance. In this paper, we reformulate the problem of usage pattern recommendation in terms of a collaborative- filtering recommender system. We present a new tool, FOCUS, which mines open-source project repositories to recommend API method invocations and usage patterns by analyzing how APIs are used in projects similar to the current project. We evaluate FOCUS on a large number of Java projects extracted from GitHub and Maven Central and find that it outperforms the stateof- the-art approach PAM with regards to success rate, accuracy, and execution time. Results indicate the suitability of contextaware collaborative-filtering recommender systems to provide API usage patterns. [ABSTRACT FROM AUTHOR]

Published

2019

27. When Code Completion Fails: Case Study on Real-World Completions.

Author

Hellendoorn, Vincent J., Proksch, Sebastian, Gall, Harald C., and Bacchelli, Alberto

Subjects

ARTIFICIAL intelligence, SOFTWARE engineering, COMPUTER science, COMPUTER software development, APPLICATION program interfaces

Abstract

Code completion is commonly used by software developers and is integrated into all major IDE's. Good completion tools can not only save time and effort but may also help avoid incorrect API usage. Many proposed completion tools have shown promising results on synthetic benchmarks, but these benchmarks make no claims about the realism of the completions they test. This lack of grounding in real-world data could hinder our scientific understanding of developer needs and of the efficacy of completion models. This paper presents a case study on 15,000 code completions that were applied by 66 real developers, which we study and contrast with artificial completions to inform future research and tools in this area.We find that synthetic benchmarks misrepresent many aspects of real-world completions; tested completion tools were far less accurate on real-world data.Worse, on the few completions that consumed most of the developers' time, prediction accuracy was less than 20% -- an effect that is invisible in synthetic benchmarks. Our findings have ramifications for future benchmarks, tool design and real-world efficacy: Benchmarks must account for completions that developers use most, such as intra-project APIs; models should be designed to be amenable to intra-project data; and real-world developer trials are essential to quantifying performance on the least predictable completions, which are both most time-consuming and far more typical than artificial data suggests. We publicly release our preprint [https://doi.org/10.5281/zenodo.2565673] and replication data and materials [https://doi.org/10.5281/zenodo.2562249]. [ABSTRACT FROM AUTHOR]

Published

2019

28. SLF: Fuzzing without Valid Seed Inputs.

Author

Wei You, Xuwei Liu, Shiqing Ma, Perry, David, Xiangyu Zhang, and Bin Liang

Subjects

MUTATION (Phonetics), COMPUTER software development, ARTIFICIAL intelligence, SOFTWARE engineering, COMPUTER science

Abstract

Fuzzing is an important technique to detect software bugs and vulnerabilities. It works by mutating a small set of seed inputs to generate a large number of new inputs. Fuzzers' performance often substantially degrades when valid seed inputs are not available. Although existing techniques such as symbolic execution can generate seed inputs from scratch, they have various limitations hindering their applications in real-world complex software. In this paper, we propose a novel fuzzing technique that features the capability of generating valid seed inputs. It piggy-backs on AFL to identify input validity checks and the input fields that have impact on such checks. It further classifies these checks according to their relations to the input. Such classes include arithmetic relation, object offset, data structure length and so on. A multi-goal search algorithm is developed to apply class-specific mutations in order to satisfy inter-dependent checks all together. We evaluate our technique on 20 popular benchmark programs collected from other fuzzing projects and the Google fuzzer test suite, and compare it with existing fuzzers AFL and AFLFast, symbolic execution engines KLEE and S2E, and a hybrid tool Driller that combines fuzzing with symbolic execution. The results show that our technique is highly effective and efficient, out-performing the other tools. [ABSTRACT FROM AUTHOR]

Published

2019

29. DIFFUZZ: Differential Fuzzing for Side-Channel Analysis.

Author

Nilizadeh, Shirin, Noller, Yannic, and Păsăreanu, Corina S.

Subjects

HEURISTIC algorithms, ARTIFICIAL intelligence, SOFTWARE engineering, COMPUTER science, COMPUTER software development

Abstract

Side-channel attacks allow an adversary to uncover secret program data by observing the behavior of a program with respect to a resource, such as execution time, consumed memory or response size. Side-channel vulnerabilities are difficult to reason about as they involve analyzing the correlations between resource usage over multiple program paths. We present DIFFUZZ, a fuzzing-based approach for detecting side-channel vulnerabilities related to time and space. DIFFUZZ automatically detects these vulnerabilities by analyzing two versions of the program and using resource-guided heuristics to find inputs that maximize the difference in resource consumption between secretdependent paths. The methodology of DIFFUZZ is general and can be applied to programs written in any language. For this paper, we present an implementation that targets analysis of JAVA programs, and uses and extends the KELINCI and AFL fuzzers. We evaluate DIFFUZZ on a large number of JAVA programs and demonstrate that it can reveal unknown sidechannel vulnerabilities in popular applications.We also show that DIFFUZZ compares favorably against BLAZER and THEMIS, two state-of-the-art analysis tools for finding side-channels in JAVA programs. [ABSTRACT FROM AUTHOR]

Published

2019

30. DLFinder: Characterizing and Detecting Duplicate Logging Code Smells.

Author

Zhenhao Li, Tse-Hsun Chen, Peter, Jinqiu Yang, and Weiyi Shang

Subjects

SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER science, COMPUTER software development, DEBUGGING

Abstract

Developers rely on software logs for a wide variety of tasks, such as debugging, testing, program comprehension, verification, and performance analysis. Despite the importance of logs, prior studies show that there is no industrial standard on how to write logging statements. Recent research on logs often only considers the appropriateness of a log as an individual item (e.g., one single logging statement); while logs are typically analyzed in tandem. In this paper, we focus on studying duplicate logging statements, which are logging statements that have the same static text message. Such duplications in the text message are potential indications of logging code smells, which may affect developers' understanding of the dynamic view of the system. We manually studied over 3K duplicate logging statements and their surrounding code in four large-scale open source systems: Hadoop, CloudStack, ElasticSearch, and Cassandra. We uncovered five patterns of duplicate logging code smells. For each instance of the code smell, we further manually identify the problematic (i.e., require fixes) and justifiable (i.e., do not require fixes) cases. Then, we contact developers in order to verify our manual study result. We integrated our manual study result and developers' feedback into our automated static analysis tool, DLFinder, which automatically detects problematic duplicate logging code smells.We evaluated DLFinder on the four manually studied systems and two additional systems: Camel and Wicket. In total, combining the results of DLFinder and our manual analysis, we reported 82 problematic code smell instances to developers and all of them have been fixed. [ABSTRACT FROM AUTHOR]

Published

2019

31. An overview of the unified modeling language and diagrammatic modeling language design in software engineering.

Author

AkkøK, M. Naci

Subjects

INFORMATION modeling, SOFTWARE engineering, COMPUTER software development, UNIFIED modeling language, COMPUTER science, SYSTEM analysis

Abstract

The need to manage the immense complexity in software engineering makes tools and methods essential, and requires that they be designed in accordance with well- defined principles. Surprisingly, there is yet no explicit body of knowledge for designing diagrammatic modeling languages (DMLs), despite the fact that they are used extensively as the primary conceptual modeling tools in software engineering. This paper provides an overview of the new and growing field of DML design that aims at compiling such a body of knowledge. The paper starts with relevant definitions and a brief introduction of the current defacto standard DML of software engineering called the Unified Modeling Language (UML), and offers a short account of efforts and directions in DML design. [ABSTRACT FROM AUTHOR]

Published

2002

32. Modeling event-based communication in component-based software architectures for performance predictions.

Author

Rathfelder, Christoph, Klatt, Benjamin, Sachs, Kai, and Kounev, Samuel

Subjects

MODEL-driven software architecture, SOFTWARE engineering, COMPUTER software development, COMPUTER systems, COMPUTER science

Abstract

Event-based communication is used in different domains including telecommunications, transportation, and business information systems to build scalable distributed systems. Such systems typically have stringent requirements for performance and scalability as they provide business and mission critical services. While the use of event-based communication enables loosely-coupled interactions between components and leads to improved system scalability, it makes it much harder for developers to estimate the system's behavior and performance under load due to the decoupling of components and control flow. In this paper, we present our approach enabling the modeling and performance prediction of event-based systems at the architecture level. Applying a model-to-model transformation, our approach integrates platform-specific performance influences of the underlying middleware while enabling the use of different existing analytical and simulation-based prediction techniques. In summary, the contributions of this paper are: (1) the development of a meta-model for event-based communication at the architecture level, (2) a platform aware model-to-model transformation, and (3) a detailed evaluation of the applicability of our approach based on two representative real-world case studies. The results demonstrate the effectiveness, practicability and accuracy of the proposed modeling and prediction approach. [ABSTRACT FROM AUTHOR]

Published

2014

33. Positive effects of utilizing relationships between inconsistencies for more effective inconsistency resolution (NIER track).

Author

Nöhrer, Alexander, Reder, Alexander, and Egyed, Alexander

Subjects

COMPUTER software development, COMPUTER software testing, COMPUTER simulation, SOFTWARE engineering, COMPUTER science

Abstract

State-of-the-art modeling tools can help detect inconsistencies in software models. Some can even generate fixing actions for these inconsistencies. However such approaches handle inconsistencies individually, assuming that each single inconsistency is a manifestation of an individual defect. We believe that inconsistencies are merely expressions of defects. That is, inconsistencies highlight situations under which defects are observable. However, a single defect in a software model may result in many inconsistencies and a single inconsistency may be the result of multiple defects. Inconsistencies may thus be related to other inconsistencies and we believe that during fixing, one should consider clusters of such related inconsistencies. This paper provides first evidence and emerging results that several inconsistencies can be linked to a single defect and show that with such knowledge only a subset of fixes need to be considered during inconsistency resolution. [ABSTRACT FROM AUTHOR]

Published

2011

34. Leveraging software architectures to guide and verify the development of sense/compute/control applications.

Author

Cassou, Damien, Balland, Emilie, Consel, Charles, and Lawall, Julia

Subjects

COMPUTER software development, SOFTWARE architecture, SOFTWARE verification, COMPUTER science, SOFTWARE engineering

Abstract

A software architecture describes the structure of a computing system by specifying software components and their interactions. Mapping a software architecture to an implementation is a well known challenge. A key element of this mapping is the architecture's description of the data and control-flow interactions between components. The characterization of these interactions can be rather abstract or very concrete, providing more or less implementation guidance, programming support, and static verification. In this paper, we explore one point in the design space between abstract and concrete component interaction specifications. We introduce a notion of interaction contract that expresses allowed interactions between components, describing both data and control-flow constraints. This declaration is part of the architecture description, allows generation of extensive programming support, and enables various verifications. We instantiate our approach in an architecture description language for Sense/Compute/Control applications, and describe associated compilation and verification strategies [ABSTRACT FROM AUTHOR]

Published

2011

35. Design and Analysis Using Software Engineering Techniques: A Case Study.

Author

Chakraborty, Pinaki

Subjects

COMPUTER software development, SOFTWARE engineering, SADT (System analysis), USE cases (Systems engineering), COMPUTER interfaces, DATA flow computing, COMPUTER science, SMALL business

Abstract

The role of tacit knowledge is quite important in the field of software development. So, the experience gained from one software development project can be used in other similar projects. The current paper discusses the use of techniques from Software Engineering to design and analyze a software system developed for a medium-sized manufacturing enterprise. The Structured Analysis and Design Technique (SADT) has been first used to construct a model of the problem. Then the design has been presented using Use Case Diagram, Entity Relationship Diagram and Dataflow Diagram. An interface multiplexing technique has been used to replace a number of similar interfaces to communicate with the users by a few generic ones which are dynamic in nature. The use of this technique has reduced the size of the source code by more than 40%. After developing the software, a proper analysis has been carried out in terms of software metrics. The size metrics analysis has identified the components that needed the maximum effort to develop. Alternatively, the information flow metric analysis has highlighted that the degree of cohesion and coupling of the components of the software. This analysis verified that the design of the software is cohesive and efficient. [ABSTRACT FROM AUTHOR]

Published

2010

36. Domain science and engineering from computer science to the sciences of informatics. Part I: Engineering.

Author

Bjørner, D.

Subjects

COMPUTER science, COMPUTER programming education, SOFTWARE engineering, FORMAL methods (Computer science), COMPUTER software development, INFORMATION science

Abstract

In this paper, we wish to advocate that departments of computer science put emphasis on teaching programming and software engineering based on formal methods; and more emphasis on research into formal methods for the trustworthy development of software. We also wish to advocate that the concepts of domain science and domain engineering become an indispensable part of the science of informatics and of software engineering. [ABSTRACT FROM AUTHOR]

Published

2010

37. From Cards to Code: How Extreme Programming Re-Embodies Programming as a Collective Practice.

Author

MacKenzie, Adrian and Monk, Simon

Subjects

ELECTRONIC data processing, SOFTWARE engineering, COMPUTER software development, KNOWLEDGE management, COMPUTER science

Abstract

This paper discusses Extreme Programming (XP), a relatively new and increasingly popular `user-centred' software design approach. Extreme Programming proposes that collaborative software development should be centred on the practices of programming. That proposal contrasts strongly with more heavily instrumented, formalised and centrally managed software engineering methodologies. The paper maps the interactions of an Extreme Programming team involved in building a commercial organisational knowledge management system. Using ethnographic techniques, it analyses how this particular style of software development developed in a given locality, and how it uniquely hybridised documents, conversations, software tools and office layout in that locality. It examines some of the many artifices, devices, techniques and talk that come together as a complicated contemporary software system is produced. It argues that XP's emphasis on programming as the core activity and governing metaphor can only be understood in relation to competing overtly formal software engineering approaches and the organisational framing of software development. XP, it suggests, gains traction by re-embodying the habits of programming as a collective practice. [ABSTRACT FROM AUTHOR]

Published

2004

38. Drawing Insight from Student Perceptions of Reflective Design Learning.

Author

Wilkins, Thomas V. and Georgas, John C.

Subjects

COMPUTER science, SOFTWARE engineering, SOFTWARE frameworks, EDUCATIONAL intervention, COMPUTER software development

Abstract

While design and designing are core elements in computer science and software engineering, conventional curricular structures do not adequately support design learning. Current methods tend to isolate the study of design within specific subject matter and lack a strong emphasis on reflection. This paper reports on insights and lessons learned from a user study in the context of ongoing work on developing an educational intervention that better supports design learning with a particular emphasis on learner-driven reflection. Insights drawn from this study relate to general aspects of design learning, such as the importance of collaborative reflection and the impact of learner perceptions regarding their abilities, as well as to specific improvements to our approach. [ABSTRACT FROM AUTHOR]

Published

2015

39. Evolution of Software Development Strategies.

Author

Falkner, Katrina, Szabo, Claudia, Vivian, Rebecca, and Falkner, Nickolas

Subjects

COMPUTER software development, SOFTWARE engineering, SOFTWARE engineers, COMPUTER science, DEEP learning

Abstract

The development of discipline-specific cognitive and meta-cognitive skills is fundamental to the successful mastery of software development skills and processes. This development happens over time and is influenced by many factors, however its understanding by teachers is crucial in order to develop activities and materials to transform students from novice to expert software engineers. In this paper, we analyse the evolution of learning strategies of novice, first year students, to expert, final year students. We analyse reflections on software development processes from students in an introductory software development course, and compare them to those of final year students, in a distributed systems development course. Our study shows that computer science - specific strategies evolve as expected, with the majority of final year students including design before coding in their software development process, but that several areas still require scaffolding activities to assist in learning development. [ABSTRACT FROM AUTHOR]

Published

2015

40. Software engineering programmes are not computer science programmes.

Author

Parnas, David Lorge

Subjects

SOFTWARE engineering, COMPUTER science, ENGINEERING education, ENGINEERS, PROFESSIONAL education, COMPUTER software development, COMPUTER software, ENGINEERING teachers, COMPUTER programmers

Abstract

Programmes in “Software Engineering” have become a source of contention in many universities. Some Computer Science departments, many of which have used that phrase to describe individual courses for decades, claim software engineering as part of their discipline. However, Engineering faculties claim “Software Engineering” as a new speciality in the family of engineering disciplines. This paper discusses the differences between traditional computer science programmes and most engineering programmes and argues that we need programmes that follow the traditional engineering approach to professional education and educate engineers whose speciality within engineering is software construction. One such programme is described. [ABSTRACT FROM AUTHOR]

Published

1998

41. Systems engineering for software engineers.

Author

Sommerville, Ian

Subjects

SOFTWARE engineering, COMPUTER science, SYSTEMS engineering, COMPUTER software developers, COMPUTER software development, SOFTWARE failures, BAGGAGE handling in airports, COMPUTER software, COMPUTER programmers

Abstract

This paper describes how we have modified a software engineering stream within a computer science course to include broader concepts of systems engineering. We justify this inclusion by showing how many reported problems with large systems are not just software problems but relate to system issues such as hardware and operational processes. We describe what we mean by ‘systems engineering’ and go on to discuss the particular course structure which we have developed. We explain, in some detail, the contents of two specific systems engineering courses (Software Intensive Systems Engineering and Critical Systems Engineering) and discuss the problems and challenges we have faced in making these changes. In the appendix, we provide details of the case studies which are used as linking themes in our courses. [ABSTRACT FROM AUTHOR]

Published

1998

42. The first decade of an undergraduate degree programme in software engineering.

Author

Cowling, A. J.

Subjects

SOFTWARE engineering, UNDERGRADUATE programs, ENGINEERING, COMPUTER science, COMPUTER software industry, ENGINEERING students, ENGINEERING education, COMPUTER software, COMPUTER software development

Abstract

This paper describes the development of an undergraduate degree programme in software engineering over the ten year period from 1988 to 1998. Particular emphasis is given to the fundamental principles that have been established to guide the creation and evolution of this programme during this period, and to ensure that it has been distinctively a course in software engineering rather than in any other branch of computing. To this end, the fundamental engineering characteristics of the programme are compared with those of undergraduate courses in other branches of engineering. Desirable future developments in this programme are then discussed, and finally the different principles identified in the paper are evaluated. [ABSTRACT FROM AUTHOR]

Published

1998

43. Forging a discipline: An outline history of software engineering education.

Author

James E. Tomayko

Subjects

SOFTWARE engineering, COMPUTER science, COMPUTER software, CURRICULUM planning, COMPUTER literacy, UNDERGRADUATE programs, COMPUTER training, COMPUTER software development, COMPUTERS

Abstract

Software engineering education has a 30-year history. It is a story of academics struggling to fulfill industry needs with almost no support from computer science curriculum designers. It is a story of industry finally winning over some of academia to teach software engineering rather than vanilla computer science. It is a story of a discipline still incomplete, but having made great strides in the last decade. This paper discusses the succeeding eras of software engineering education, from lone teachers to master's curricula to undergraduate degree programs. Even though the maturity of the discipline is as yet unattained, it will achieve adult status through practice, not by waiting for academia to glacially catch up. [ABSTRACT FROM AUTHOR]

Published

1998

44. A Successful Software Development.

Author

Wong, Carolyn

Subjects

COMPUTER software development, COMMAND & control systems, STRUCTURED programming, STRUCTURED walkthrough (Computer science), SOFTWARE engineering, COMPUTER science

Abstract

In 1980, System Development Corporation (SDC) delivered software for a modern air defense system (ADS) for a foreign country. Development of the ADS software was a successful SCD project where all products were delivered within budget and within an ambitious 25 month schedule. This paper describes SDC's approach and experience in developing ADS software. SDC's software development approach included the first time use of an oft-the-shelf operating system for a major air defense system, the application of a selective set of modern software development techniques, and use of a matrix management structure. SDC's successful application on ADS of a commercial (`pent- log system, a higher order language, a Program Design Language, a Pro- gram Production Library, structured walk-throughs, structured programming techniques, incremental build implementation and test procedures, interactive development, and word processing is described. A discussion of the advantages realized and difficulties encountered in the ADS matrix management structure is presented. The paper concludes with a summary of how SDC will develop software on future projects as a result of its experience on ADS. [ABSTRACT FROM AUTHOR]

Published

1984

45. On the Evolution of Solution Spaces Triggered by Emerging Technologies.

Author

Salado, Alejandro and Nilchiani, Roshanak

Subjects

COMPUTER software, COMPUTER systems, COMPUTER science, SOFTWARE engineering, COMPUTER software development

Abstract

The term solution space is widely used in the engineering community; yet there is little known about their evolution. Theoretical research in the field of systems science indicates that requirements can only reduce the solution space. Yet, some authors state that on the contrary requirements can be used to expand to or open new solution spaces. Furthermore, some practitioners defend that the requirement to use a previously nonexistent technology would actually increase the solution space or move it to a new area, while others state that more requirements make life more difficult. Who is right then? The present paper provides initial answers to this question using systems theory. In order to achieve this, the present paper differentiates between various types of solutions spaces, which depend on the systems they include. Finally, the paper provides practical examples to showcase the results of the theoretical findings within real contexts. [ABSTRACT FROM AUTHOR]

Published

2015

46. Costing for an Autonomous Future: A Discussion on Estimation for Unmanned Autonomous Systems.

Author

Ryan, Thomas R. and Valerdi, Ricardo

Subjects

COMPUTER software development, COMPUTER software, COMPUTER science, SOFTWARE engineering, COMPUTER systems

Abstract

This paper will produce three areas of discussion in the field of cost estimation for unmanned autonomous systems. First, this paper will propose a common definition of an Unmanned Autonomous system. Second, it will introduce a method to estimate the cost of unmanned autonomous systems utilizing existing parametric cost estimation tools: SEER – HDR, COCOMO II, COSYSMO, and two relationships – weight and performance. The third discussion will focus on challenges surrounding autonomy. To address these challenges from a cost perspective, this paper recommends modifications to parameters within COCOMO II – via the use of object oriented function points in lieu of current methods, and COSYSMO – via the introduction of two cost driving parameters, namely, TVED and HRI-T. Finally, in summary this paper will identify areas of further research. [ABSTRACT FROM AUTHOR]

Published

2015

47. Deriving performance-relevant infrastructure properties through model-based experiments with Ginpex.

Author

Hauck, Michael, Kuperberg, Michael, Huber, Nikolaus, and Reussner, Ralf

Subjects

APPLICATION software, SOFTWARE engineering, COMPUTER software development, MODEL-driven software architecture, COMPUTER science

Abstract

To predict the performance of an application, it is crucial to consider the performance of the underlying infrastructure. Thus, to yield accurate prediction results, performance-relevant properties and behaviour of the infrastructure have to be integrated into performance models. However, capturing these properties is a cumbersome and error-prone task, as it requires carefully engineered measurements and experiments. Existing approaches for creating infrastructure performance models require manual coding of these experiments, or ignore the detailed properties in the models. The contribution of this paper is the Goal-oriented INfrastructure Performance EXperiments ( Ginpex) approach, which introduces goal-oriented and model-based specification and generation of executable performance experiments for automatically detecting and quantifying performance-relevant infrastructure properties. Ginpex provides a metamodel for experiment specification and comes with predefined experiment templates that provide automated experiment execution on the target platform and also automate the evaluation of the experiment results. We evaluate Ginpex using three case studies, where experiments are executed to quantify various infrastructure properties. [ABSTRACT FROM AUTHOR]

Published

2014

48. Effects of stability on model composition effort: an exploratory study.

Author

Farias, Kleinner, Garcia, Alessandro, and Lucena, Carlos

Subjects

SOFTWARE engineering, COMPUTER software development, MODEL-driven software architecture, COMPUTER systems, COMPUTER science

Abstract

Model composition plays a central role in many software engineering activities, e.g., evolving design models to add new features. To support these activities, developers usually rely on model composition heuristics. The problem is that the models to-be-composed usually conflict with each other in several ways and such composition heuristics might be unable to properly deal with all emerging conflicts. Hence, the composed model may bear some syntactic and semantic inconsistencies that should be resolved. As a result, the production of the intended model is an error-prone and effort-consuming task. It is often the case that developers end up examining all parts of the output composed model instead of prioritizing the most critical ones, i.e., those that are likely to be inconsistent with the intended model. Unfortunately, little is known about indicators that help developers (1) to identify which model is more likely to exhibit inconsistencies, and (2) to understand which composed models require more effort to be invested. It is often claimed that software systems remaining stable over time tends to have a lower number of defects and require less effort to be fixed than unstable systems. However, little is known about the effects of software stability in the context of model evolution when supported by composition heuristics. This paper, therefore, presents an exploratory study analyzing stability as an indicator of inconsistency rate and resolution effort on model composition activities. Our findings are derived from 180 compositions performed to evolve design models of three software product lines. Our initial results, supported by statistical tests, also indicate which types of changes led to lower inconsistency rate and lower resolution effort. [ABSTRACT FROM AUTHOR]

Published

2014

49. Stateful component-based performance models.

Author

Happe, Lucia, Buhnova, Barbora, and Reussner, Ralf

Subjects

SOFTWARE engineering, COMPUTER software development, MODEL-driven software architecture, COMPUTER systems, COMPUTER science

Abstract

The accuracy of performance-prediction models is crucial for widespread adoption of performance prediction in industry. One of the essential accuracy-influencing aspects of software systems is the dependence of system behaviour on a configuration, context or history related state of the system, typically reflected with a (persistent) system attribute. Even in the domain of component-based software engineering, the presence of state-reflecting attributes (the so-called internal states) is a natural ingredient of the systems, implying the existence of stateful services, stateful components and stateful systems as such. Currently, there is no consensus on the definition or method to include state-related information in component-based prediction models. Besides the task to identify and localise different types of stateful information across component-based software architecture, the issue is to balance the expressiveness and complexity of prediction models via an effective abstraction of state modelling. In this paper, we identify and classify stateful information in component-based software systems, study the performance impact of the individual state categories, and discuss the costs of their modelling in terms of the increased model size. The observations are formulated into a set of heuristics-guiding software engineers in state modelling. Finally, practical effect of state modelling on software performance is evaluated on a real-world case study, the SPECjms2007 Benchmark. The observed deviation of measurements and predictions was significantly decreased by more precise models of stateful dependencies. [ABSTRACT FROM AUTHOR]

Published

2014

50. Mining Historical Test Logs to Predict Bugs and Localize Faults in the Test Logs.

Author

Amar, Anunay and Rigby, Peter C.

Subjects

COMPUTER software testing, SOFTWARE engineering, ARTIFICIAL intelligence, COMPUTER science, COMPUTER software development

Abstract

Software testing is an integral part of modern software development. However, test runs can produce thousands of lines of logged output that make it difficult to find the cause of a fault in the logs. This problem is exacerbated by environmental failures that distract from product faults. In this paper we present techniques with the goal of capturing the maximum number of product faults, while flagging the minimum number of log lines for inspection. We observe that the location of a fault in a log should be contained in the lines of a failing test log. In contrast, a passing test log should not contain the lines related to a failure. Lines that occur in both a passing and failing log introduce noise when attempting to find the fault in a failing log. We introduce an approach where we remove the lines that occur in the passing log from the failing log. After removing these lines, we use information retrieval techniques to flag the most probable lines for investigation. We modify TF-IDF to identify the most relevant log lines related to past product failures. We then vectorize the logs and develop an exclusive version of KNN to identify which logs are likely to lead to product faults and which lines are the most probable indication of the failure. Our best approach, LOGFAULTFLAGGER finds 89% of the total faults and flags less than 1% of the total failed log lines for inspection. LOGFAULTFLAGGER drastically outperforms the previous work CAM. We implemented LOGFAULTFLAGGER as a tool at Ericsson where it presents fault prediction summaries to base station testers. [ABSTRACT FROM AUTHOR]

Published

2019