Internet of Things (IoT) applications are exposed to harsh conditions due to factors such as device failure, network problems, or implausible sensor values. We investigate how the inherent encapsulation of component and connector (C&C) architectures can be used to develop and deploy reliable IoT applications. Existing C&C languages for the development of IoT applications mainly focus on the description

Software systems are increasingly depending on data, particularly with the rising use of machine learning, and developers are looking for new sources of data. Open Data Ecosystems (ODE) is an emerging concept for data sharing under public licenses in software ecosystems, similar to Open Source Software (OSS). It has certain similarities to Open Government Data (OGD), where public agencies share data

The COVID-19 outbreak, also known as the coronavirus pandemic, has left its mark on every aspect of our lives and at the time of this writing is still an ongoing battle. Beyond the immediate global-wide health response, the pandemic has triggered a significant number of IT initiatives to track, visualize, analyze and potentially mitigate the phenomenon. For individuals or organizations interested in

An important prerequisite for determining whether a certain product is producible in any given production facility is an accurate assessment of which production lines and/or the machines are able to execute the necessary production steps. Not only the static information about the capabilities of the machines, but also the conditions of machines and tools are significant for this analysis. Because of

Edge Computing proposes to use the nearby devices in the frontier/Edge of the access network for deploying application tasks of IoT-based systems. However, the functionality of such cyber–physical systems, which is usually distributed in several devices and computers, imposes specific requirements on the infrastructure to run properly. The evolution of an application to meet new user requirements and

Metamorphic testing is a technique that makes use of some necessary properties of the software under test, termed as metamorphic relations, to construct new test cases, namely follow-up test cases, based on some existing test cases, namely source test cases. Due to the ability of verifying testing results without the need of test oracles, it has been widely used in many application domains and detected

Artificial Intelligence (AI) systems are becoming increasingly widespread and exert a growing influence on society at large. The growing impact of these systems has also highlighted potential issues that may arise from their utilization, such as data privacy issues, resulting in calls for ethical AI systems. Yet, how to develop ethical AI systems remains an important question in the area. How should

Automated production systems (aPS) are highly customized systems that consist of hardware and software. Such aPS are controlled by a programmable logic controller (PLC), often in accordance with the IEC 61131-3 standard that divides system implementation into so-called program organization units (POUs) as the smallest software unit and is comprised of multiple textual (Structured Text (ST)) and graphical

As a part of the digital revolution of railway systems, an autonomous driving train will use a complete and precise map of railway infrastructure to conduct operational actions. Nevertheless, the full autonomy of trains depends on the safety decisions management capacity both on-board and track-side. These decisions must be refined into safety requirements in order to continuously check the consistency

The evolution analysis on Web service ecosystems has become a critical problem as the frequency of service changes on the Internet increases rapidly. Developers need to understand these evolution patterns to assist in their decision-making on service selection. ProgrammableWeb is a popular Web service ecosystem on which several evolution analyses have been conducted in the literature. However, the

Most modern software systems (operating systems like Linux or Android, Web browsers like Firefox or Chrome, video encoders like ffmpeg, x264 or VLC, mobile and cloud applications, etc.) are highly configurable. Hundreds of configuration options, features, or plugins can be combined, each potentially with distinct functionality and effects on execution time, security, energy consumption, etc. Due to

Code comments are the primary means to document implementation and facilitate program comprehension. Thus, their quality should be a primary concern to improve program maintenance. While much effort has been dedicated to detecting bad smells, such as clones in code, little work has focused on comments. In this paper we present our solution to detect clones in comments that developers should fix. RepliComment

Researcher bias occurs when researchers influence the results of an empirical study based on their expectations, either consciously or unconsciously. Researcher bias might be due to the use of Questionable Research Practices (QRPs). In research fields like medicine, blinding techniques have been applied to counteract researcher bias. In this paper, we present two studies to increase our body of knowledge

Cyber-Physical Systems (CPS) are heterogeneous and require cross-domain expertise to model. The complexity of these systems leads to questions about prevalent modeling approaches, their ability to integrate heterogeneous models, and their relevance to the application domains and stakeholders. The methodology for Multi-Paradigm Modeling (MPM) of CPS is not yet fully established and standardized, and

Context: Microservices Architecture (MSA) has received significant attention in the software industry. However, little empirical evidence exists on design, monitoring, and testing of microservices systems. Objective: This research aims to gain a deep understanding of how microservices systems are designed, monitored, and tested in the industry. Methods: A mixed-methods study was conducted with 106

Software testing is often hindered where it is impossible or impractical to determine the correctness of the behaviour or output of the software under test (SUT), a situation known as the oracle problem. An example of an area facing the oracle problem is automatic image classification, using machine learning to classify an input image as one of a set of predefined classes. An approach to software testing

Regression is one of the most commonly used statistical techniques. However, testing regression systems is a great challenge because of the absence of test oracle in general. In this paper, we show that Metamorphic Testing is an effective approach to test multiple linear regression systems. In doing so, we identify intrinsic mathematical properties of linear regression, and then propose 11 Metamorphic

Ansible, a popular Infrastructure-as-Code platform, provides reusable collections of tasks called roles. Roles are often contributed by third parties, and like general-purpose libraries, they evolve. Therefore, new releases of roles need to be tagged with version numbers, for which Ansible recommends adhering to the semantic versioning format. However, roles significantly differ from general-purpose

Since Smart Cyber–Physical Systems (sCPS) are complex and decentralized systems of dynamically cooperating components, architecture-based adaptation is of high importance in their design. In this context, a key challenge is that they typically operate in uncertain environments. Thus, an inherent requirement in sCPS design is the need to deal with the uncertainty of data coming from the environment

Developers often depend on code search engines to obtain solutions for their programming tasks. However, finding an expected solution containing code examples along with their explanations is challenging due to several issues. There is a vocabulary mismatch between the search keywords (the query) and the appropriate solutions. Semantic gap may increase for similar bag of words due to antonyms and negation

Context: Artificial intelligence (AI) has made its way into everyday activities, particularly through new techniques such as machine learning (ML). These techniques are implementable with little domain knowledge. This, combined with the difficulty of testing AI systems with traditional methods, has made system trustworthiness a pressing issue. Objective: This paper studies the methods used to validate

The JavaScript language did not specify, until ECMAScript 6 (ES6), native features for streamlining encapsulation and modularity. Developer community filled the gap with a proliferation of design patterns and module formats, with impact on code reusability, portability and complexity of build configurations. This work studies the automated refactoring of legacy ES5 code to ES6 modules with fine-grained

Massive cloud infrastructure capabilities, including efficient, scalable, and elastic computing resources, have led to a widespread adoption of Internet of Things (IoT) cloud-enabled services. This involves giving complete control to cloud service providers (CSPs) of sensitive IoT data by moving data storage and processing in cloud. An efficient and lightweight advanced encryption standard (AES) cryptosystem

Software testing depends on effective oracles. Implicit oracles, such as checks for program crashes, are widely applicable but narrow in scope. Oracles based on formal specifications can reveal application-specific failures, but specifications are expensive to obtain and maintain. Metamorphic oracles are somewhere in-between. They test equivalence among different procedures to detect semantic failures

Argument selection defects, in which the programmer chooses the wrong argument to pass to a parameter from a potential set of arguments in a function call, is a widely investigated problem. The compiler can detect such misuse of arguments only through the argument and parameter type for statically typed programming languages. When adjacent parameters have the same type or can be converted between one

Lack of awareness and knowledge of microservices-specific security challenges and solutions often leads to ill-informed security decisions in microservices system development. We claim that identifying and leveraging security discussions scattered in existing microservices systems can partially close this gap. We define security discussion as “a paragraph from developer discussions that includes design

One way to speed up static programme analysis is to make use of today’s multi-core CPUs by parallelising the analysis. Existing work on parallel analysis usually targets traditional data-flow analyses for static, first-order languages such as C. Less attention has been given so far to the parallelisation of more general analyses that can also target dynamic, higher-order languages such as JavaScript

Most software maintenance and evolution tasks require developers to understand the source code of their software systems. Software developers usually inspect class comments to gain knowledge about program behavior, regardless of the programming language they are using. Unfortunately, (i) different programming languages present language-specific code commenting notations and guidelines; and (ii) the

The success of learning techniques in solving a variety of hard AI problems promotes the flourish of recognition-based applications. Many state-of-the-art text localization systems, which can detect and report the positions of text segments in an image, are mainly implemented with learning-based techniques. Data-driven learning raises a series of questions on how to verify, validate and evaluate such

Event Sourcing (ES) systems use an event log with the double purpose of keeping application state and providing decoupled communication. While ES systems keep track of all business events, other untracked events, either from internal components or from external systems may still cause failures. Determining the root cause of such failures usually involves complex procedures based on replaying the event

Mutation testing is the art of generating syntactic versions (called mutants) of a base program, and is widely used in software testing, most notably the assessment of test suites. Mutants are useful only to the extent that they are semantically distinct from the base program, but some may well be semantically equivalent to the base program, despite being syntactically distinct. Much research has been

Search-based model-driven engineering is the application of search-based techniques to specific problems that are related to software engineering that is driven using software models. In this work, we make use of measures from the literature to report feature location problems in models (size and volume of the model and density, multiplicity, and dispersion of the feature being located) and a set of

Software defect predictors exploring developer perspective reveal that code changes made by separate developers tend to have different defect patterns. Personalized defect prediction also contributes to this view and gives promising results. We aim to investigate the performance of personalized defect predictors compared to those of traditional models. We conduct an empirical study on six open-source

Architecture information is vital for Open Source Software (OSS) development, and mailing list is one of the widely used channels for developers to share and communicate architecture information. This work investigates the nature of architecture information communication (i.e., why, who, when, and what) by OSS developers via developer mailing lists. We employed a multiple case study approach to extract

Identifying the failure modes of cloud computing systems is a difficult and time-consuming task, due to the growing complexity of such systems, and the large volume and noisiness of failure data. This paper presents a novel approach for analyzing failure data from cloud systems, in order to relieve human analysts from manually fine-tuning the data for feature engineering. The approach leverages Deep

The database and the database management system (DBMS) are two of the main components of any information system. Structured Query Language (SQL) is the most popular query language for retrieving data from the database, as well as for many other data management tasks. During system development and maintenance, software developers use a considerable amount of time to interpret compiler error messages

The design of embedded real-time systems requires specific toolchains to guarantee time constraints and safe behavior. These tools and their artifacts need to be managed in a coherent way all along the design process and need to address timing constraints and execution semantic in a holistic way during the system’s modeling, verification, and implementation phases. However, modeling languages used

A code comment generation system can summarize the semantic information of source code and generate a natural language description, which can help developers comprehend programs and reduce time cost spent during software maintenance. Most of state-of-the-art approaches use RNN (Recurrent Neural Network)-based encoder–decoder neural networks. However, this kind of method may not generate high-quality

BPMN collaboration models have acquired increasing relevance in software development since they shorten the communication gap between domain experts and IT specialists and permit clarifying the characteristics of software systems needed to provide automatic support for the activities of complex organizations. Nonetheless, the lack of effective formal verification capabilities can hinder the full adoption

In the context of a software testing company, we have deployed the model-based testing (MBT) approach to take the company’s test automation practices to higher levels of maturity and capability. We have chosen, from a set of open-source/commercial MBT tools, an open-source tool named GraphWalker, and have pragmatically used MBT for end-to-end test automation of several large web and mobile applications

Context: Advancements in machine learning (ML) lead to a shift from the traditional view of software development, where algorithms are hard-coded by humans, to ML systems materialized through learning from data. Therefore, we need to revisit our ways of developing software systems and consider the particularities required by these new types of systems. Objective: The purpose of this study is to systematically

Context: Architecture Tactics (ATs) are architectural building blocks that provide general architectural solutions for addressing Quality Attributes (QAs) issues. Mining and analysing QA–AT knowledge can help the software architecture community better understand architecture design. However, manually capturing and mining this knowledge is labour-intensive and difficult. Objective: Using Stack Overflow

Choosing the right configuration for Spark deployed in the public cloud to ensure the efficient running of periodic jobs is hard, because there can be a huge configuration space to explore which is composed of numerous performance-related parameters in different dimensions (e.g., application-level and cloud-level). Choosing poorly will not only significantly degrade performance but may also lead to

Software architectures based on containers and microservices are often used to develop and manage large-scale distributed applications. Still, large vertical deployments spanning over multiple cloud and edge infrastructures are cumbersome to negotiate for, as each infrastructure provider is usually unique concerning prices, management strategies and Quality-of-Service (QoS) levels. In this scenario

Cyber-Physical Systems (CPSes) have been investigated as a key area of research since they are the core of Internet of Things. CPSs integrate computing and communication with control and monitoring of entities in the physical world. Due to the tight coupling of cyber and physical domains, and to the possible catastrophic consequences of the malicious attacks on critical infrastructures, security is

This paper is the updated version (2013–2020) of the series of papers on emerging themes, top scholars and institutes on software engineering (SE), published by the Journal of Systems and Software for almost 25 years. The paper reports the findings of a bibliometric study by applying the systematic mapping technique on top-quality software engineering venues (handling a dataset of 11.668 studies).

Software defect prediction aims to identify the potential defects of new software modules in advance by constructing an effective prediction model. However, the model performance is susceptible to irrelevant and redundant features. In addition, previous studies mainly use traditional data mining or machine learning techniques for defect prediction, the prediction performance is not superior enough

JavaScript (JS) is one of the most popular programming languages due to its flexibility and versatility, but maintaining JS code is tedious and error-prone. In our research, we conducted an empirical study to characterize the relationship between co-changed software entities (e.g., functions and variables), and built a machine learning (ML)-based approach to recommend additional entity to edit given

Context: In the light of the swift and iterative nature of Agile Software Development (ASD) practices, establishing deeper insights into capability measurement within the context of team formation is crucial, as the capability of individuals and teams can affect team performance and productivity Although a former Systematic Literature Review (SLR) synthesized the state of the art in relation to capability

Context: Microservice is an architectural style that separates large systems into small functional units to provide better modularity. A key challenge of microservice architecture design frequently discussed in the literature is the identification and decomposition of the service modules. Besides this, two other key challenges can be identified, including the deployment of the modules on the corresponding

Cyber–Physical Systems (CPS) refer to a new generation of systems where the cyber and physical layers are –strongly– interconnected. The development of these systems requires two fundamental parts. First, the design of sustainable architectures –centered on adaptation, throughout a System-Development Life-Cycle (SDLC)– to develop robust and economically profitable products. Second, the use of self-adaptive

Context: Code Review (CR) is the cornerstone for software quality assurance and a crucial practice for software development. As CR research matures, it can be difficult to keep track of the best practices and state-of-the-art in methodology, dataset, and metric. Objective: This paper investigates the potential of benchmarking by collecting methodology, dataset, and metric of CR studies. Methods: A

Mob programming is an emergent practice in the industry, attracting increasing attention from the research community. Superficially a simple concept – similar to pair programming, but with more people – many of the same concerns arise as with pair programming, only more so: can it truly be efficient, is it for everybody, and what are the benefits and risks involved? In this paper we show that while

Adaptive random testing (ART) improves the failure-detection effectiveness of random testing by leveraging properties of the clustering of failure-causing inputs of most faulty programs: ART uses a sampling mechanism that evenly spreads test cases within a software’s input domain. The widely-used Fixed-Sized-Candidate-Set ART (FSCS-ART) sampling strategy faces a quadratic time cost, which worsens as

Program semantic properties such as class names, method names, and variable names and types play an important role in software development and maintenance. Method names are of particular importance because they provide the cornerstone of abstraction for developers to communicate with each other for various purposes (e.g., code review and program comprehension). Existing method name prediction approaches

The quality assurance for machine learning systems is becoming increasingly critical nowadays. While many efforts have been paid on trained models from such systems, we focus on the quality of these systems themselves, as the latter essentially decides the quality of numerous models thus trained. In this article, we focus particularly on detecting bugs in implementing one class of model-training systems

Background: Metrics teams play an increasingly important role in handling data and information in modern software development organizations; they manage their companies’ measurement programs, collect and process data, and develop and distribute information products. Metrics teams can comprise several roles, and their set-up can differ between companies, as can the metrics maturity of host organizations

Software reference architectures have played an essential role in software systems development due to the possibility of knowledge reuse. Although increasingly adopted by industry, these architectures are not yet completely understood. This work presents a panorama on existing software reference architectures, characterizing them according to their context, goals, perspectives, application domains

While dependency analysis is foundational to much program analysis, many techniques have limited scalability and handle only monolingual systems. We present a novel dependency analysis technique that aims to approximate program dependency from a relatively small number of perturbed executions. Our technique, MOAD (Modeling Observation-based Approximate Dependency), reformulates program dependency as

The scope of automotive functions has grown from a single vehicle as an entity to multiple vehicles working together as an entity, referred to as cooperative driving. The current automotive safety standard, ISO 26262, is designed for single vehicles. With the increasing number of cooperative driving capable vehicles on the road, it is now imperative to systematically assess the functional safety of