Background: The migration from a monolithic system to microservices requires a deep refactoring of the system. Therefore, such a migration usually has a big economic impact and companies tend to postpone several activities during this process, mainly to speed up the migration itself, but also because of the demand for releasing new features. Objective: We monitored the technical debt of an SME while

Offshore outsourcing is a common way of working, but sourcing collaborations do not always last, and sometimes vendors are switched. Vendor switching results in a complex form of relationship, in which the competing outgoing and incoming vendors are expected to cooperate. The success of such transitions highly depends on successful knowledge transfer and thus the willingness of the outgoing vendor

Regression test case prioritization (RTCP) aims to improve the rate of fault detection by executing more important test cases as early as possible. Various RTCP techniques have been proposed based on different coverage criteria. Among them, a majority of techniques leverage code coverage information to guide the prioritization process, with code units being considered individually, and in isolation

Given the relevance of coordination in the field of global software engineering, this work was carried out to further understand coordination mechanisms. Specifically, we investigated meetings and the collaboration tool Slack. We conducted a longitudinal case study using a mixed-methods approach with surveys, observations, interviews, and chat logs. Our quantitative results show that employees in global

Keeping track of modern software applications while dynamically changing requires strong interaction of evolution activities on development level and adaptation activities on operation level. Knowledge about software architecture is key for both, developers while evolving the system and operators while adapting the system. Existing architectural models used in development differ from those used in

A common feature of the Internet of Things (IoT) is the high heterogeneity, regarding network protocols, data formats, hardware and software platforms. Aiming to deal with such a degree of heterogeneity, several frameworks have applied the Model-Driven Development (MDD) to build IoT applications. On the software architecture viewpoint, the literature has shown that the Service-Oriented Architecture

Platform as a Service (PaaS) cloud domain brings great benefits of an elastic platform with many prefabricated services, but at the same time challenges software architects who need to navigate a rich set of services, variability of PaaS cloud environment and quality conflicts in existing design tactics, which makes it almost impossible to foresee the impact of architectural design decisions on the

Context: Software architecture is a knowledge-intensive field. One mechanism for storing architecture knowledge is the recognition and description of architectural patterns. Selecting architectural patterns is a challenging task for software architects, as knowledge about these patterns is scattered among a wide range of literature. Method: We report on a systematic literature review, intending to

The major challenge that a developer confronts when building IoT systems is the management of a plethora of technologies implemented with various constraints, from different manufacturers, that at the end need to cooperate. In this paper we argue that developers can benefit from IoT frameworks by reusing their components so as to build in less time and effort IoT systems that can easily integrate new

Identifier names are the atoms of program comprehension. Weak identifier names decrease developer productivity and degrade the performance of automated approaches that leverage identifier names in source code analysis; threatening many of the advantages which stand to be gained from advances in artificial intelligence and machine learning. Therefore, it is vital to support developers in naming and

Function-as-a-Service (FaaS) is one form of the serverless cloud computing paradigm and is defined through FaaS platforms (e.g., AWS Lambda) executing event-triggered code snippets (i.e., functions). Many studies that empirically evaluate the performance of such FaaS platforms have started to appear but we are currently lacking a comprehensive understanding of the overall domain. To address this gap

The combination of scale and distribution in software projects makes the onboarding of new developers problematic. To the best of our knowledge, there is no research on the relationship between onboarding strategies and the performance evolution of newcomers in large-scale, globally distributed projects. Furthermore, there are no approaches to support the development of strategies to systematically

The last years have elevated the importance of cyber–physical systems like IoT applications, smart cars, or industrial control systems, and, therefore, these systems have also come into the focus of attackers. In contrast to software products running on PCs or smartphones, updating and maintaining cyber–physical systems presents a major challenge. This challenge, combined with the often decades-long

Socio-technical systems (STS) are inherently complex due to the heterogeneity of its intertwined components. Therefore, ensuring STS security continues to pose significant challenges. Persistent security issues in STS are extremely critical to address as threats to security can affect entire enterprises, resulting in significant recovery costs. A profound understanding of the problems across multiple

Code smells can compromise software quality in the long term by inducing technical debt. For this reason, many approaches aimed at identifying these design flaws have been proposed in the last decade. Most of them are based on heuristics in which a set of metrics is used to detect smelly code components. However, these techniques suffer from subjective interpretations, a low agreement between detectors

The quality of model transformations (MT) has high impact on model-driven engineering (MDE) software development approaches, because of the central role played by transformations in MDE for refining, migrating, refactoring and other operations on models. For programming languages, a popular paradigm for code quality is the concept of technical debt (TD), which uses the analogy that quality flaws in

Bugs are inescapable during software development due to frequent code changes, tight deadlines, etc.; therefore, it is important to have tools to find these errors. One way of performing bug identification is to analyze the characteristics of buggy source code elements from the past and predict the present ones based on the same characteristics, using e.g. machine learning models. To support model

Source code is changed for a reason, e.g., to adapt, correct, or adapt it. This reason can provide valuable insight into the development process but is rarely explicitly documented when the change is committed to a source code repository. Automatic commit classification uses features extracted from commits to estimate this reason. We introduce source code density, a measure of the net size of a commit

Machine learning-based Vulnerability detection is an active research topic in software security. Different traditional machine learning-based and deep learning-based vulnerability detection methods have been proposed. To our best knowledge, we are the first to identify four impact factors and conduct a comparative study to investigate the performance influence of these factors. In particular, the quality

Static code analysis tools such as FindBugs and SonarQube are widely used on open-source and industrial projects to detect a variety of issues that may negatively affect the quality of software. Despite these tools’ popularity and high level of automation, several empirical studies report that developers normally fix only a small fraction (typically, less than 10% (Marcilio et al., 2019) of the reported

Model transformations are known as the main pillar of model-driven approaches. A model transformation is a program, written in a transformation language, to convert a model into another model or code. Similar to any other program, model transformations need to be verified. The problem is that some transformation errors, e.g., logical errors, can only be detected via execution. Our focus in this research

Background: In modern software systems’ maintenance and evolution, how to fix software bugs efficiently and effectively becomes increasingly more essential. A deep understanding of developers’/assignees’ familiarity with bugs could help project managers make a proper allotment of maintenance resources. However, to our knowledge, the effects of developer familiarity on bug fixing have not been studied

In empirical studies on processes, practices, and techniques of software engineering, automation and machine learning are gaining popularity. In order to extract knowledge from existing software projects, a sort of similarity analysis is often performed using different methodologies, data and metadata. This systematic literature review focuses therefore on existing approaches of similarity-, categorization-

This paper presents the design, development, and implementation of Kulla, a virtual container-centric construction model that mixes loosely coupled structures with a parallel programming model for building infrastructure-agnostic distributed and parallel applications. In Kulla, applications, dependencies and environment settings, are mapped with construction units called Kulla-Blocks. A parallel programming

Identifying the location of faults in programs has been recognized as one of the most manually and time cost activities during software debugging process. Fault localization techniques, which seek to identify faulty program statements as quickly as possible, can assist developers in alleviating the time and manual cost of software debugging. Mutation-based fault localization(MBFL) has a promising fault

During the last years the TD community is striving to offer methods and tools for reducing the amount of TD, but also understand the underlying concepts. One popular practice that still has not been investigated in the context of TD, is software reuse. The aim of this paper is to investigate the relation between white-box code reuse and TD principal and interest. In particular, we target at unveiling

Information system development (ISD) projects are an ever-growing field of project management (PM) with their unique features, and project failures in ISD are relatively common. In the broader context of PM, uncertainty is a studied, yet mercurial phenomenon. By contrast, uncertainty in ISD projects has received relatively little attention from scholars, and PM literature has not systematically focused

The declaration of the Agile Manifesto in 2001 was hailed as a paradigmatic shift in the development of software systems. Initially, agile development was typically deployed in projects with a single team with fewer than ten members. Recently, a new kind of agile development has emerged for larger projects that may be referred to as large-scale agile methodology (LSAM). The taxonomy of LSAM is more

Software reuse is a widely adopted practice among both researchers and practitioners. The relation between security and reuse can go both ways: a system can become more secure by relying on mature dependencies, or more insecure by exposing a larger attack surface via exploitable dependencies. To follow up on a previous study and shed more light on this subject, we further examine the association between

During compilation from Java source code to bytecode, some information is irreversibly lost. In other words, compilation and decompilation of Java code is not symmetric. Consequently, decompilation, which aims at producing source code from bytecode, relies on strategies to reconstruct the information that has been lost. Different Java decompilers use distinct strategies to achieve proper decompilation

iStar is a goal-based requirement modelling language, being used both in industrial and academic projects of different domains. Often the language is extended to incorporate new constructs related to an application domain or to adjust it to practical situations during requirements modelling. These iStar extensions have been proposed in an ad hoc way resulting in many problems of incompleteness, inconsistency

Question and answer (Q&A) forums contain valuable information regarding software reuse, but they can be challenging to analyze due to their unstructured free text. Here we introduce a new approach (LANLAN), using word embeddings and machine learning, to harness information available in StackOverflow. Specifically, we consider two different kinds of user communication describing difficulties encountered

We propose inheritance and refinement relations for a CSP-based component model (BRIC), which supports a constructive design based on composition rules that preserve classical concurrency properties such as deadlock freedom. The proposed relations allow extension of functionality, whilst preserving behavioural properties. A notion of extensibility is defined on top of a behavioural relation called

Smart contracts are a new type of software that allows its users to perform irreversible transactions on a distributed persistent data storage called the blockchain. The nature of such contracts and the technical details of the blockchain architecture give raise to new kinds of faults, which require specific test behaviours to be exposed. In this paper we present SoCRATES, a generic and extensible

The popularity of social networks and the expansion of various second-generation Internet services have contributed to the increase of data, of different structuredness levels, in use. Relational databases (frequently called SQL databases) pose themselves as a logical choice for the management of data containing fixed or rarely changeable structure. The need for fast processing of vast quantities of

Traditional software reliability growth models enable quantitative assessment of the software testing process by characterizing the fault detection in terms of testing time or effort. However, the majority of these models do not identify specific testing activities underlying fault discovery and thus can only provide limited guidance on how to incrementally allocate effort. Although there are several

In this paper, we present a novel approach for within-project source code defect prediction. Since defect prediction datasets are typically imbalanced, and there are few defective examples, we treat defect prediction as anomaly detection. We present our Reconstruction Error Probability Distribution (REPD) model which can handle point and collective anomalies. We compare it on five different traditional

Vulnerability classification is an important activity in software development and software quality maintenance. A typical vulnerability classification model usually involves a stage of term selection, in which the relevant terms are identified via feature selection. It also involves a stage of term-weighting, in which the document weights for the selected terms are computed, and a stage for classifier

Unit tests are an important artifact that supports the software development process in several ways. For example, when a test fails, its name can provide the first step towards understanding the purpose of the test. Unfortunately, unit tests often lack descriptive names. In this paper, we propose a new, pattern-based approach that can help developers improve the quality of test names of JUnit tests

Spectrum-based fault localization (SBFL) is a promising approach to reduce the cost of program debugging and there has been a large body of research on introducing effective SBFL techniques. However, performance of these techniques can be adversely affected by the existence of coincidental correct (CC) test cases in the test suites. Such test cases execute the faulty statement but do not cause failures

Test suite minimization problem has been mainly addressed by employing heuristic techniques or integer linear programming focusing on a specific criterion or bi-criteria. These approaches fall short to compute optimal solutions especially when there exists overlap among test cases in terms of various criteria such as code coverage and the set of detected faults. Nonlinear formulations have also been

More than two decades of research have demonstrated an increasing need for software systems to be self-adaptive. Self-adaptation manages runtime dynamics, which are difficult to predict before deployment. A vast body of knowledge to develop Self-Adaptive Software Systems (SASS) has been established. However, we discovered a lack of process support to develop self-adaptive systems with reuse. The lack

Intelligent Transportation Systems (ITS) are attracting much attention from the industry, academia, and government in staging the new generation of transportation. In the coming years, the human-driven vehicles and autonomous vehicles would co-exist for a long time in uncertain environments. How to efficiently control the autonomous vehicle and improve the interaction accuracy as well as the human

Refactoring and smells have been well researched by the software-engineering research community these past decades. Several secondary studies have been published on code smells, discussing their implications on software quality, their impact on maintenance and evolution, and existing tools for their detection. Other secondary studies addressed refactoring, discussing refactoring techniques, opportunities

Crowdsourcing, a distributed human problem-solving paradigm is an active research area which has attracted significant attention in the fields of computer science, business, and information systems. Crowdsourcing holds novelty with advantages like open innovation, scalability, and cost-efficiency. Although considerable research work is performed, however, a survey on the crowdsourcing process-technology

Context Previous research in the Technical Debt (TD) field has mainly focused on the technical and economic aspects, while its human aspect has received minimal attention. Objective This paper aims to understand how software developers’ morale is influenced by TD and how their morale is influenced by TD management activities. Furthermore, this study correlates the morale with the amount of wastage

Background Software defect prediction is one of the most important research topics in software engineering. An important product measure to determine the effectiveness of software processes is the defect density (DD). Cased-based reasoning (CBR) has been the prediction technique most widely applied in the software prediction field. The CBR involves k-nearest neighborhood for finding the number (k)

Nowadays spreadsheets are very popular and being widely used. However, they can be prone to various defects and cause severe consequences when end users poorly maintain them. Our research communities have proposed various techniques for automated detection of spreadsheet defects, but they commonly fall short of effectiveness, either due to their limited scope or relying on strict patterns. In this

Continuous Integration (CI) is an important practice in agile development. With the growth of integration system, running all tests to verify the quality of submitted code, is clearly uneconomical. This paper aims at selecting a proper test subset for continuous integration so as to reduce test cost as much as possible without sacrificing quality. We first propose a static test case selection framework

[Context] Systematic Literature Reviews (SLRs) have been adopted by the Software Engineering (SE) community for approximately 15 years to provide meaningful summaries of evidence on several topics. Many of these SLRs are now potentially outdated, and there are no systematic proposals on when to update SLRs in SE. [Objective] The goal of this paper is to provide recommendations on when to update SLRs

Software developers use version control systems for collaborative coding. These systems are integrated into several software development platforms (including GitLab and GitHub) which support additional software engineering functionalities. Using these platforms in an educational context allows students to gain skills relevant to industry, whilst providing a means of keeping track of their activities

Many Android developers fail to properly implement SSL/TLS during the development of an app, which may result in Man-In-The-Middle (MITM) attacks or phishing attacks. In this work, we design and implement a tool called DCDroid to detect these vulnerabilities with the combination of static and dynamic analysis. In static analysis, we focus on four types of vulnerable schema and locate the potential

Context: Startups aim at scaling their business, often by developing innovative products with limited human and financial resources. The development of software products in the startup context is known as opportunistic, agility-driven, and with high tolerance for technical debt. The special context of hardware startups calls for a better understanding of state-of-the-practice of hardware startups’

Context Long-term software projects employ different software developers who collaborate on shared artifacts. The accumulation of changes pushed by different developers leave traces on the underlying code, that have an effect on its future maintainability, and even reuse. Objective This study focuses on the how the changes by different developers might have an impact on the code: we investigate whether

Model-Based Testing (MBT) has been successfully applied to Software Product Lines (SPL). This paper provides a panorama of state-of-the-art on MBT of SPLs. We performed a systematic mapping for answering questions related with domains, approaches, solution types, variability, test case automation, artifacts, and evaluation. We built a roadmap from 44 selected studies. Main obtained results are: Software

Current cloud computing frameworks host millions of physical servers that utilize cloud computing resources in the form of different virtual machines. Cloud Data Center (CDC) infrastructures require significant amounts of energy to deliver large scale computational services. Moreover, computing nodes generate large volumes of heat, requiring cooling units in turn to eliminate the effect of this heat

The Static Single Assignment (SSA) form is an intermediate representation used for the analysis and optimization of programs in modern compilers. The ϕ-function placement is the most computationally expensive part of converting any program into its SSA form. The most widely-used ϕ-function placement algorithms are based on computing dominance frontiers (DF). However, this kind of algorithms works under