In requirements engineering (RE), an early yet critical activity consists in eliciting the requirements from various stakeholders, who usually have different assumptions, knowledge, and intentions. The goal during elicitation is to understand what stakeholders expect from a given software, expectations which then feed the analysis, prioritization, validation, and ultimately specification activities

Mobile application reviews are considered a rich source of information for software engineers to provide a general understanding of user requirements and technical feedback to avoid main programming issues. Previous researches have used traditional data mining techniques to classify user reviews into several software maintenance tasks. In this paper, we aim to use associative classification (AC) algorithms

Monitoring for cloud is the key technology to know the status and the availability of the resources and services present in the current infrastructure. However, cloud monitoring faces a lot of challenges due to inefficient monitoring capability and enormous resource consumption. We study the adaptive monitoring for cloud computing platform, and focus on the problem of balancing monitoring capability

Bad modularized concerns are a known deficiency of legacy systems, making their maintenance increasingly harder and expensive. An alternative is to conduct a modularity-oriented modernization (MOM), whose goal is to restructure concerns for making them more modular. Architecture-driven modernization (ADM) is a model-based alternative for that—it is a kind of reengineering that employs standard metamodels

Product line (PL)-based development is a thriving research area to develop software-intensive systems. Feature models (FMs) facilitate derivation of valid products from a PL by managing commonalities and variabilities among software products. However, the researchers in academia as well as in the industries experience difficulties in quality assessment of FMs. The increasing complexity and size of

In software engineering predictive modeling, early prediction of software modules or classes that possess high maintainability effort is a challenging task. Many prediction models are constructed to predict the maintainability of software classes or modules by applying various machine learning (ML) techniques. If the software modules or classes need high maintainability, effort would be reduced in

Self-admitted technical debt refers to sub-optimal development solutions that are expressed in written code comments or commits. We reproduce and improve on a prior work by Yan et al. (2018) on detecting commits that introduce self-admitted technical debt. We use multiple natural language processing methods: Bag-of-Words, topic modeling, and word embedding vectors. We study 5 open-source projects.

Having systems that can adapt themselves in case of faults or changing environmental conditions is of growing interest for industry and especially for the automotive industry considering autonomous driving. In autonomous driving, it is vital to have a system that is able to cope with faults in order to enable the system to reach a safe state. In this paper, we present an adaptive control method that

Many Java programs encode temporal behaviors in their source code, typically mixing three features provided by the Java language: (1) pausing the execution for a limited amount of time, (2) waiting for an event that has to occur before a deadline expires, and (3) comparing timestamps. In this work, we show how to exploit modern SMT solvers together with static analysis in order to produce a network

Improving code quality without changing its functionality, e.g., by refactoring or optimization, is an everyday programming activity. Good programming practice requires that each such change should be followed by a check if the change really preserves the code behavior. If such a check is performed by testing, it can be time consuming and still cannot guarantee the absence of differences in behavior

Some countries have adopted the diagnosis-related groups (DRG) system to pay hospitals according to the number and complexity of patients they treat. Translating diseases and procedures into medical codes based on international standards such as ICD-9-CM or ICD-10-CM/PCS is at the core of the DRG systems. However, certain types of coding errors undermine this system, namely, upcoding, in which data

Abstract This paper presents a methodology for Mining Association Rules from Code (MARC), aiming at capturing program structure, facilitating system understanding and supporting software management. MARC groups program entities (paragraphs or statements) based on similarities, such as variable use, data types and procedure calls. It comprises three stages: code parsing/analysis, association rule mining

Abstract Software systems are commonly implemented with the support of libraries, which provide features via APIs. Ideally, APIs should have some characteristics, for example, they should be well documented and stable so that client systems can confidently rely on them. However, not all APIs are equal in number of clients: while some APIs are very popular and used worldwide, other may face much lower

Abstract Component-based software engineering is a common approach in the development and evolution of contemporary software systems. Different component sourcing options are available, such as: (1) Software developed internally (in-house), (2) Software developed outsourced, (3) Commercial off-the-shelf software, and (4) Open-Source Software. However, there is little available research on what attributes

Test automation enables continuous testing, a cornerstone of agile methods, and DevOps. Assertions play a fundamental role in test automation, and recently competing assertion libraries for unit testing frameworks, such as, for example, JUnit or TestNG, emerged. Thus, it is imperative to gauge assertion libraries in terms of developer/tester productivity, allowing SQA managers and software testers

Bug datasets have been created and used by many researchers to build and validate novel bug prediction models. In this work, our aim is to collect existing public source code metric-based bug datasets and unify their contents. Furthermore, we wish to assess the plethora of collected metrics and the capabilities of the unified bug dataset in bug prediction. We considered 5 public datasets and we downloaded

Today, many tools exist that attempt to find possible vulnerabilities in Android applications, e.g., FlowDroid, Fortify, or AppScan. However, all these tools aim to detect vulnerabilities or (sometimes) tainted flows and present the reviewer detected possible issues of an analyzed Android application. None of these tools supports the identification of implemented security features in code, although

Automatic test case generation is usually based on models of the software under test. However, those models may not exist or may be outdated and so, the test case generation must resort to other artifacts. In a software maintenance context, test cases must adapt to software changes and should be improved continuously to test adequately the new versions of the software. Mutation testing is a fault-based

Data is of ever-growing importance and is widely considered to be a company’s most valuable asset. Since data is becoming the main driver of business value, data quality and, specifically, data security are of paramount importance to companies. Various regulations related to data cybersecurity have been drawn up, such as the GDPR and the Cybersecurity Act, thus proving the importance placed on data

It is already common to compute quantitative metrics of requirements to assess their quality. However, the risk is to build assessment methods and tools that are both arbitrary and rigid in the parameterization and combination of metrics. Specifically, we show that a linear combination of metrics is insufficient to adequately compute a global measure of quality. In this work, we propose to develop

Quality of web service becomes more and more interesting as a distinguishing criterion to select a unique web service from all candidate ones. The quality assessment issue, especially regarding the volatility of the web services environment, is one among the main challenges in this context. In this paper, we propose a service-based system for web services monitoring. Compared with other efforts in

We study the problem of online runtime verification of real-time event streams. Our monitors can observe concurrent systems with a shared clock, but where each component reports observations as signals that arrive to the monitor at different speeds and with different and varying latencies. We start from specifications in a fragment of the TeSSLa specification language, where streams (including inputs

In the context of access control systems, testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. In XACML-based access control systems, incoming access requests are transmitted to the policy decision point (PDP) that grants or denies the access based on the defined XACML policies. The criticality of a PDP component requires an intensive

Code smells are characteristics of the software that indicates a code or design problem which can make software hard to understand, evolve, and maintain. There are several code smell detection tools proposed in the literature, but they produce different results. This is because smells are informally defined or subjective in nature. Machine learning techniques help in addressing the issues of subjectivity

Software engineering (SE) experiments suffer from threats to validity that may impact their results. Replication allows researchers building on top of previous experiments’ weaknesses and increasing the reliability of the findings. Illustrating the benefits of replication to increase the reliability of the findings and uncover moderator variables. We replicate an experiment on test-driven development

Quality requirements (QRs) are a key artifact needed to ensure the quality and success of a software system. Despite their importance, QRs rarely get the same degree of attention as their functional counterpart in agile software development (ASD) projects. Moreover, crucial information that can be obtained from software development repositories (e.g., JIRA, GitHub) is not fully exploited, or is even

Self-adaptive systems dynamically change their structure and behavior in response to changes in their execution environment to ensure the quality of the services they provide. Self-adaptive systems are usually built of a managed part, which implements their functionality, and a managing part, which implements the self-adaptive mechanisms. Hence, the complexity of self-adaptive systems results also

Web applications are deployed on machines around the globe and offer almost universal accessibility. These applications assure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements is data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements often result in security leaks that malicious users

Brazilian Federal Institutes of Education, Science and Technology (FIs) have expanded through multicampi structure, which has led to profound changes in their administrative and academic organization. As consequence of this expansion, the demand for services, systems, and information technology (IT) solutions has increased; and the support service’s provision has become much more relevant. However

Cloud computing serves as a platform for diverse types of applications, from low-priority to critical. Some of these applications require high levels of system availability and reliability. Developing methods for cloud computing availability and reliability evaluation is of utmost importance. In this paper, we propose a set of models for availability and reliability evaluation of a virtualized system

Continuous integration practice mandates to continuously introduce incremental changes into code, but doing so may introduce new faults too. These faults could be detected automatically through regression testing, but this practice becomes prohibitive as the cost of executing the tests grows. This problem is preponderant in end-to-end testing where the whole system is requested for test execution.

As a consequence to factors such as progress made by the attackers, release of new technologies and use of increasingly complex systems, and threats to applications security have been continuously evolving. Security of code and privacy of data must be implemented in both design and programming practice to face such scenarios. In such a context, this paper proposes a software development approach, Privacy

Open source software (OSS) allows developers to study, change, and improve the code free of charge. There are several high-quality software projects which deliver stable and well-documented products. Most OSS forges typically sustain active user and expert communities which in turn provide decent levels of support both with respect to answering user questions as well as to repairing reported software

Self-adaptive systems have to implement adaptation policies described by sets of rules that express how the components are reconfigured within the system, the priority of a given reconfiguration to happen, when a given (sequence of) event(s) occurs, and when specific conditions on the system state are satisfied. However, when this priority is given by a fuzzy value (e.g., high, medium, low) depending

Master data management (MDM) can provide an integrated and unified view of key business entities to offer better support in business processes. Due to the very nature of master data-based applications, it is possible to use data with the highest possible level of quality. MDM can help ensure that some common concerns, like duplicates or inconsistencies, are prevented by sharing a ‘single version of

Gap analysis is a common approach in industry to evaluate the gaps between the implemented software processes and the requirements of process quality frameworks or standard norms. Gap analysis processes are usually executed by means of questionnaires that need to be crafted ad hoc according to specific appraisal goals. The approaches used for developing, compiling and evaluating the answers given to

Traditional runtime quantitative verification approaches for self-adaptive systems usually rely on the use of state-transition models to describe the system behaviour and check property violation at runtime. More recently, some approaches have advocated the use of scenarios as a strategy for representing both the normal and adaptive system behaviour. However, the use of scenarios as a runtime entity

Symptoms of software aging include performance degradation and failure occurrence increasing when software systems run for a period of time. Therefore, software aging is closely related to system performance. Understanding and analyzing performance issues in the software system is critical to mastering software aging information. Instead of focusing on normal valid bug reports (VBRs), this paper advocates

This paper presents COnfECt, a model learning approach, which aims at recovering the functioning of a component-based system from its execution traces. We refer here to non concurrent systems whose internal interactions among components are not observable from the environment. COnfECt is specialised into the detection of components of a black-box system and in the inference of models called systems

In service-oriented environments, abstract business processes can be implemented by concrete services to build complex applications. Given global user constraints, service selection allows to identify the best combination of services with respect to the business constraints. Generally, the selection problem is challenging, but it is particularly complex when dealing with QoS (quality of service) values

Continuously running software systems suffer from performance degradation due to aging phenomena and resource exhaustion that are mainly due to error conditions accumulation or due to exhaustion of system resources such as the physical memory. To counteract such phenomena, a periodic preemptive rollback to prevent software failures in the future, called software rejuvenation, can be applied. During

This paper presents a methodology for Mining Association Rules from Code (MARC), aiming at capturing program structure, facilitating system understanding and supporting software management. MARC groups program entities (paragraphs or statements) based on similarities, such as variable use, data types and procedure calls. It comprises three stages: code parsing/analysis, association rule mining and

Due to the widespread use of Android devices and apps, it is important to develop tools and techniques to improve app quality and performance. Our work focuses on a problem related to hardware sensors on Android devices: the failure to disable unneeded sensors, which leads to sensor leaks and thus battery drain. We propose the Sentinel testing tool to uncover such leaks. The tool performs static analysis

The embedded systems domain has grown exponentially over the past years. The industry is forced by the market to rapidly improve and release new products to beat the competition. Frenetic development rhythms thus shape this domain and give rise to several new challenges for software design and development. One of them is dealing with trade-offs between run-time and design-time quality attributes. To

Refactoring a software artifact is an embedded task in the maintenance phase of the software life cycle. To reduce the time and effort required for this task, researchers proposed methods to automate the software refactoring process at the design and code levels. In this paper, we conducted a systematic literature review of papers that suggest, propose, or implement an automated refactoring process

Software systems are commonly implemented with the support of libraries, which provide features via APIs. Ideally, APIs should have some characteristics, for example, they should be well documented and stable so that client systems can confidently rely on them. However, not all APIs are equal in number of clients: while some APIs are very popular and used worldwide, other may face much lower usage

Android users are occasionally troubled by the slow UI responses and sudden application/OS crashes. These problems are mainly caused by software aging, a phenomenon of progressive degradation of performance and dependability typically observed in long-running software systems. A countermeasure to software aging is software rejuvenation, i.e., manual or scheduled restart at different levels, such as

Test data adequacy is a major challenge in software testing literature. The difficulty is to provide sufficient test data to assure the correctness of the program under test. Especially, in the case of latent faults, the fault does not reveal itself unless specific combinations of input values are used to run the program. In this respect, detection of subdomains of the input domain that cover a specific

Software aging is a phenomenon in which long-running software systems show an increasing failure rate and/or progressive performance degradation. Due to their nature, Aging-Related Bugs (ARBs) are hard to discover during software testing and are also challenging to reproduce. Therefore, automatically predicting ARBs before software release can help developers reduce ARB impact or avoid ARBs. Many bug

Software aging is a risk associated with the continuous operation of software, and it is essential and meaningful to develop anti-aging technology to offset or mitigate the aging phenomenon. While considerable attention has been devoted to software aging and anti-aging techniques, few studies have focused on single-event effect as a software-aging reason in the context of a space environment. In this

Today’s enterprise software systems are much more complicated than the past. Increasing numbers of dependent applications, heterogeneous technologies, and wide usage of Service-Oriented Architectures (SOA), where numerous services communicate with each other, makes testing of such systems challenging. For testing these software systems, the concept of service virtualization is gaining popularity. Service

The prediction of bug types provides useful insights into the software maintenance process. It can improve the efficiency of software testing and help developers adopt corresponding strategies to fix bugs before releasing software projects. Typically, the prediction tasks are performed through machine learning classifiers, which rely heavily on labeled data. However, for a software project that has

To survive in competitive marketplaces, most organizations have adopted agile methodologies to facilitate continuous integration and faster application delivery and rely on regression testing during application development to validate the quality and reliability of the software after changes have been made. Consequently, for large projects with cost and time constraints, it is extremely difficult to

Model-driven software development comes in different styles. While standard-based approaches leverage existing language standards (e.g., UML), tooling, and development processes, domain-specific modeling (DSM) requires languages and tool support to be created prior to the actual software development. The design, implementation, and testing of languages and tool support require a wide spectrum of methods

Component-based software engineering is a common approach in the development and evolution of contemporary software systems. Different component sourcing options are available, such as: (1) Software developed internally (in-house), (2) Software developed outsourced, (3) Commercial off-the-shelf software, and (4) Open-Source Software. However, there is little available research on what attributes of

Software development is a knowledge-intensive industry. For this reason, concentration of knowledge in software projects tends to be very risky, which increases the relevance of strategies that reveal how source code knowledge is distributed among team members. The truck factor (also known as the bus factor) is an increasingly popular concept—proposed by practitioners—that indicates the minimal number

Software testing is an integral part of software development that provides better-quality products and user experiences and helps build the reputation of software companies. Though software testers perform a role that requires specific tasks and skills, in-depth studies of software testers lag behind research studies of other roles within software development teams. In this paper, we aim to create

This paper investigates the problem of testing implementations of uniformity statistics. In this paper, we used metamorphic testing to address the oracle problem of checking the output of one or more test executions, for uniformity statistics. We defined a partial oracle that uses regression analysis (a regression model–based metamorphic relation). We investigated the effectiveness of our partial oracle

Global software development (GSD) is an area that receives much attention from researchers today. In this context, we undertook an investigation of the variation of risk profile in offshore-outsourced software projects, across the software life cycle. The scope of the investigation was limited to risks associated with technical aspects, methods, and procedures used in software development. Based on

Security patterns are a means to encapsulate and communicate proven security solutions. They are well-established approaches for integrating security into the software development process. The literature includes a large array of security patterns categorized into various catalogs, from which the designers can choose a pattern suitable to the problem at hand. Previous efforts to choose appropriate