Homing and synchronizing sequences (HSs and SSs) are used in Finite State Machine (FSM)-based testing for state identification when deriving a test suite with guaranteed fault coverage or when performing a non-intrusive (passive) testing or monitoring. However, such preset sequences do not always exist for nondeterministic FSMs or can be rather long if existing. Adaptive HSs and SSs are known to exist

Scrum is currently the most widely used agile methodology. However, it is regarded as a framework rather than a concrete process. Unfortunately, the resources available on Scrum do not explicitly define its variable parts and do not offer proper guidance on how to resolve those variabilities. Process (re)configuration is thus left to Scrum Retrospective sessions; this can delay the vital decisions

Use case points (UCP) method has been around for over two decades. Although there was a substantial criticism concerning the algebraic construction and factor assessment of UCP, it remains an efficient early size estimation method. Predicting software effort from UCP is still an ever-present challenge. The earlier version of UCP method suggested using productivity as a cost driver, where fixed or a

In previous research, we proposed the multiple modelling quality evaluation framework (MMQEF), which is a method and tool for evaluating modelling languages in model-driven engineering (MDE) environments. Rather than being exclusive, MMQEF attempts to complement other methods of evaluation of quality such as SEQUAL. However, to date, MMQEF has not been validated beyond some concept proofs. This paper

Software process standards and models are used in large- and medium-sized organizations to reach the Iron Triangle. In contrast, small and very small entities either ignore them or cannot apply them because these standards and models are technically and economically not affordable. Consequently, agile software development practices are usually used by small and very small organizations. The ISO/IEC

Design smell detection has proven to be an efficient strategy to improve software quality and consequently decrease maintainability expenses. This work explores the influence of the information about project context expressed as project domain and size category information, on the automatic detection of the god class design smell by machine learning techniques. A set of experiments using eight classifiers

The effectiveness of model-based testing (MBT) is mainly due to its potential for automation. If the model is formal and machine-readable, test cases can be derived automatically. One of the most used formal modeling techniques is the interpretation of a system as an extended finite state machine (EFSM). However, formal models are not a common practice in the industry. The Unified Modeling Language

Test automation brings the potential to reduce costs and human effort, but several aspects of software testing remain challenging to automate. One such example is automated performance testing to find performance breaking points. Current approaches to tackle automated generation of performance test cases mainly involve using source code or system model analysis or use-case-based techniques. However

This paper focuses on codes of conduct (CoC) of Free and Open Source Software (F/OSS) and their role in improving women’s participation in online communities of OSS. We investigated 355 F/OSS software package websites for the presence of codes of conduct and then analyzed these for diversity elements. Qualitative content analysis of the websites shows that less than 10% (28) of the analyzed websites

Model checking has advanced over the last decades to become an effective formal technique for verifying distributed and concurrent systems. As computers grew in memory and processing capacity, it became possible to exhaustively verify systems with billions of states, making it practical to model and verify real-world protocols and algorithms. However, writing a model is a manual task that potentially

Software testing (ST) has been considered as one of the most important and critical activities of the software development life cycle (SDLC) since it influences directly on quality. When a software project is planned, it is common practice to predict the corresponding ST effort (STEP) as a percentage of predicted SDLC effort. However, the effort range for ST has been reported between 10 and 60% of

Safety is one of the most important features of modern software systems, especially safety-critical systems such as nuclear power plants, which can be checked exactly by model checking. Model checking is a formal verification technique that analyzes system properties through exploring all reachable states (state space) of a model of a system. The problem of the technique is that it confronts the state

Community-aware metrics through socio-technical developer networks or organizational structures have already been studied in the software bug prediction field. Community smells are also proposed to identify communication and collaboration patterns in developer communities. Prior work reports a statistical association between community smells and code smells identified in software modules. We investigate

When deadlines and resources of software projects become scarce, testing is usually in the first row to have its activities aborted or reduced; however, if defects cannot be found, product quality can be affected. In the software development process, aborted or reduced activities that can bring short-term benefits, but can be harmful to the project in the long run, are considered Technical Debt (TD)

JavaScript is a popular programming language today with several implementations competing for market dominance. Although a specification document and a conformance test suite exist to guide engine development, bugs occur and have important practical consequences. Implementing correct engines is challenging because the spec is intentionally incomplete and evolves frequently. This paper investigates

Energy consumption of software has been becoming increasingly significant, since it can vary according to how the software has been developed. In recent years, developers and researchers have been interested in analyzing, among other things, how energy consumption evolves when changes occur from one version to another in any given software. Thus far, the only studies available are theoretical papers

Test-driven development (TDD) is a popular design approach used by the developers with testing being the important software development driving factor. On the other hand, mutation testing is considered one of the most effective testing techniques. However, there is not so much research on combining these two techniques together. In this paper, we propose a novel, hybrid approach called TDD+M which

Automotive test case specifications document test cases to be performed for a specific test object at a defined test level. They are a fundamental part of a structured automotive testing process, as required by the ISO 26262. The aim of our research is to identify challenges from a practitioner’s point of view that lead to poor quality of test case specifications and thus negatively impact time, cost

Conventional approaches for the validation of robotic systems include simulations and functional software testing. Although these approaches are interesting, they do not offer coverage information to guide the testing activity. In this sense, the introduction of coverage testing to the validation of mobile robotic systems seems to promise. This paper proposes a integration testing approach for robotic

Mutation testing is a well-established but costly technique to assess and improve the fault detection ability of test suites. This technique consists of introducing subtle changes in the code of a program, which are expected to be detected by the designed test cases. Among the strategies conceived to reduce its cost, evolutionary mutation testing (EMT) has been revealed as a promising approach to select

In requirements engineering (RE), an early yet critical activity consists in eliciting the requirements from various stakeholders, who usually have different assumptions, knowledge, and intentions. The goal during elicitation is to understand what stakeholders expect from a given software, expectations which then feed the analysis, prioritization, validation, and ultimately specification activities

Mobile application reviews are considered a rich source of information for software engineers to provide a general understanding of user requirements and technical feedback to avoid main programming issues. Previous researches have used traditional data mining techniques to classify user reviews into several software maintenance tasks. In this paper, we aim to use associative classification (AC) algorithms

Monitoring for cloud is the key technology to know the status and the availability of the resources and services present in the current infrastructure. However, cloud monitoring faces a lot of challenges due to inefficient monitoring capability and enormous resource consumption. We study the adaptive monitoring for cloud computing platform, and focus on the problem of balancing monitoring capability

Bad modularized concerns are a known deficiency of legacy systems, making their maintenance increasingly harder and expensive. An alternative is to conduct a modularity-oriented modernization (MOM), whose goal is to restructure concerns for making them more modular. Architecture-driven modernization (ADM) is a model-based alternative for that—it is a kind of reengineering that employs standard metamodels

Product line (PL)-based development is a thriving research area to develop software-intensive systems. Feature models (FMs) facilitate derivation of valid products from a PL by managing commonalities and variabilities among software products. However, the researchers in academia as well as in the industries experience difficulties in quality assessment of FMs. The increasing complexity and size of

In software engineering predictive modeling, early prediction of software modules or classes that possess high maintainability effort is a challenging task. Many prediction models are constructed to predict the maintainability of software classes or modules by applying various machine learning (ML) techniques. If the software modules or classes need high maintainability, effort would be reduced in

Self-admitted technical debt refers to sub-optimal development solutions that are expressed in written code comments or commits. We reproduce and improve on a prior work by Yan et al. (2018) on detecting commits that introduce self-admitted technical debt. We use multiple natural language processing methods: Bag-of-Words, topic modeling, and word embedding vectors. We study 5 open-source projects.

Having systems that can adapt themselves in case of faults or changing environmental conditions is of growing interest for industry and especially for the automotive industry considering autonomous driving. In autonomous driving, it is vital to have a system that is able to cope with faults in order to enable the system to reach a safe state. In this paper, we present an adaptive control method that

Many Java programs encode temporal behaviors in their source code, typically mixing three features provided by the Java language: (1) pausing the execution for a limited amount of time, (2) waiting for an event that has to occur before a deadline expires, and (3) comparing timestamps. In this work, we show how to exploit modern SMT solvers together with static analysis in order to produce a network

Improving code quality without changing its functionality, e.g., by refactoring or optimization, is an everyday programming activity. Good programming practice requires that each such change should be followed by a check if the change really preserves the code behavior. If such a check is performed by testing, it can be time consuming and still cannot guarantee the absence of differences in behavior

Some countries have adopted the diagnosis-related groups (DRG) system to pay hospitals according to the number and complexity of patients they treat. Translating diseases and procedures into medical codes based on international standards such as ICD-9-CM or ICD-10-CM/PCS is at the core of the DRG systems. However, certain types of coding errors undermine this system, namely, upcoding, in which data

Test automation enables continuous testing, a cornerstone of agile methods, and DevOps. Assertions play a fundamental role in test automation, and recently competing assertion libraries for unit testing frameworks, such as, for example, JUnit or TestNG, emerged. Thus, it is imperative to gauge assertion libraries in terms of developer/tester productivity, allowing SQA managers and software testers

Bug datasets have been created and used by many researchers to build and validate novel bug prediction models. In this work, our aim is to collect existing public source code metric-based bug datasets and unify their contents. Furthermore, we wish to assess the plethora of collected metrics and the capabilities of the unified bug dataset in bug prediction. We considered 5 public datasets and we downloaded

Today, many tools exist that attempt to find possible vulnerabilities in Android applications, e.g., FlowDroid, Fortify, or AppScan. However, all these tools aim to detect vulnerabilities or (sometimes) tainted flows and present the reviewer detected possible issues of an analyzed Android application. None of these tools supports the identification of implemented security features in code, although

Automatic test case generation is usually based on models of the software under test. However, those models may not exist or may be outdated and so, the test case generation must resort to other artifacts. In a software maintenance context, test cases must adapt to software changes and should be improved continuously to test adequately the new versions of the software. Mutation testing is a fault-based

Data is of ever-growing importance and is widely considered to be a company’s most valuable asset. Since data is becoming the main driver of business value, data quality and, specifically, data security are of paramount importance to companies. Various regulations related to data cybersecurity have been drawn up, such as the GDPR and the Cybersecurity Act, thus proving the importance placed on data

It is already common to compute quantitative metrics of requirements to assess their quality. However, the risk is to build assessment methods and tools that are both arbitrary and rigid in the parameterization and combination of metrics. Specifically, we show that a linear combination of metrics is insufficient to adequately compute a global measure of quality. In this work, we propose to develop

Quality of web service becomes more and more interesting as a distinguishing criterion to select a unique web service from all candidate ones. The quality assessment issue, especially regarding the volatility of the web services environment, is one among the main challenges in this context. In this paper, we propose a service-based system for web services monitoring. Compared with other efforts in

We study the problem of online runtime verification of real-time event streams. Our monitors can observe concurrent systems with a shared clock, but where each component reports observations as signals that arrive to the monitor at different speeds and with different and varying latencies. We start from specifications in a fragment of the TeSSLa specification language, where streams (including inputs

In the context of access control systems, testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. In XACML-based access control systems, incoming access requests are transmitted to the policy decision point (PDP) that grants or denies the access based on the defined XACML policies. The criticality of a PDP component requires an intensive

Code smells are characteristics of the software that indicates a code or design problem which can make software hard to understand, evolve, and maintain. There are several code smell detection tools proposed in the literature, but they produce different results. This is because smells are informally defined or subjective in nature. Machine learning techniques help in addressing the issues of subjectivity

Software engineering (SE) experiments suffer from threats to validity that may impact their results. Replication allows researchers building on top of previous experiments’ weaknesses and increasing the reliability of the findings. Illustrating the benefits of replication to increase the reliability of the findings and uncover moderator variables. We replicate an experiment on test-driven development

Quality requirements (QRs) are a key artifact needed to ensure the quality and success of a software system. Despite their importance, QRs rarely get the same degree of attention as their functional counterpart in agile software development (ASD) projects. Moreover, crucial information that can be obtained from software development repositories (e.g., JIRA, GitHub) is not fully exploited, or is even

Self-adaptive systems dynamically change their structure and behavior in response to changes in their execution environment to ensure the quality of the services they provide. Self-adaptive systems are usually built of a managed part, which implements their functionality, and a managing part, which implements the self-adaptive mechanisms. Hence, the complexity of self-adaptive systems results also

Web applications are deployed on machines around the globe and offer almost universal accessibility. These applications assure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements is data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements often result in security leaks that malicious users

Brazilian Federal Institutes of Education, Science and Technology (FIs) have expanded through multicampi structure, which has led to profound changes in their administrative and academic organization. As consequence of this expansion, the demand for services, systems, and information technology (IT) solutions has increased; and the support service’s provision has become much more relevant. However

Cloud computing serves as a platform for diverse types of applications, from low-priority to critical. Some of these applications require high levels of system availability and reliability. Developing methods for cloud computing availability and reliability evaluation is of utmost importance. In this paper, we propose a set of models for availability and reliability evaluation of a virtualized system

Continuous integration practice mandates to continuously introduce incremental changes into code, but doing so may introduce new faults too. These faults could be detected automatically through regression testing, but this practice becomes prohibitive as the cost of executing the tests grows. This problem is preponderant in end-to-end testing where the whole system is requested for test execution.

As a consequence to factors such as progress made by the attackers, release of new technologies and use of increasingly complex systems, and threats to applications security have been continuously evolving. Security of code and privacy of data must be implemented in both design and programming practice to face such scenarios. In such a context, this paper proposes a software development approach, Privacy

Open source software (OSS) allows developers to study, change, and improve the code free of charge. There are several high-quality software projects which deliver stable and well-documented products. Most OSS forges typically sustain active user and expert communities which in turn provide decent levels of support both with respect to answering user questions as well as to repairing reported software

Self-adaptive systems have to implement adaptation policies described by sets of rules that express how the components are reconfigured within the system, the priority of a given reconfiguration to happen, when a given (sequence of) event(s) occurs, and when specific conditions on the system state are satisfied. However, when this priority is given by a fuzzy value (e.g., high, medium, low) depending

Master data management (MDM) can provide an integrated and unified view of key business entities to offer better support in business processes. Due to the very nature of master data-based applications, it is possible to use data with the highest possible level of quality. MDM can help ensure that some common concerns, like duplicates or inconsistencies, are prevented by sharing a ‘single version of

Gap analysis is a common approach in industry to evaluate the gaps between the implemented software processes and the requirements of process quality frameworks or standard norms. Gap analysis processes are usually executed by means of questionnaires that need to be crafted ad hoc according to specific appraisal goals. The approaches used for developing, compiling and evaluating the answers given to

Traditional runtime quantitative verification approaches for self-adaptive systems usually rely on the use of state-transition models to describe the system behaviour and check property violation at runtime. More recently, some approaches have advocated the use of scenarios as a strategy for representing both the normal and adaptive system behaviour. However, the use of scenarios as a runtime entity

Symptoms of software aging include performance degradation and failure occurrence increasing when software systems run for a period of time. Therefore, software aging is closely related to system performance. Understanding and analyzing performance issues in the software system is critical to mastering software aging information. Instead of focusing on normal valid bug reports (VBRs), this paper advocates

Vulnerability severity prediction (VSP) models provide useful insight for vulnerability prioritization and software maintenance. Previous studies have proposed a variety of machine learning algorithms as an important paradigm for VSP. However, to the best of our knowledge, there are no other existing research studies focusing on investigating how a subset of features can be used to improve VSP. To

This paper presents COnfECt, a model learning approach, which aims at recovering the functioning of a component-based system from its execution traces. We refer here to non concurrent systems whose internal interactions among components are not observable from the environment. COnfECt is specialised into the detection of components of a black-box system and in the inference of models called systems

Modern software development relies on a combination of development and re-use of technical asset, e.g., software components, libraries, and APIs. In the past, re-use was mostly conducted with internal assets but today external; open source, customer off-the-shelf (COTS), and assets developed through outsourcing are also common. This access to more asset alternatives presents new challenges regarding

In service-oriented environments, abstract business processes can be implemented by concrete services to build complex applications. Given global user constraints, service selection allows to identify the best combination of services with respect to the business constraints. Generally, the selection problem is challenging, but it is particularly complex when dealing with QoS (quality of service) values

Continuously running software systems suffer from performance degradation due to aging phenomena and resource exhaustion that are mainly due to error conditions accumulation or due to exhaustion of system resources such as the physical memory. To counteract such phenomena, a periodic preemptive rollback to prevent software failures in the future, called software rejuvenation, can be applied. During