{"title":"Model-Based Systems Engineering and TCAS II: Thirty Years Later","authors":"Mats P.E. Heimdahl, Nancy G. Leveson","doi":"10.1109/tse.2025.3537537","DOIUrl":"https://doi.org/10.1109/tse.2025.3537537","url":null,"abstract":"","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"50 1","pages":""},"PeriodicalIF":7.4,"publicationDate":"2025-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143072459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A Reflection on “Advances in Software Inspections”","authors":"Adam A. Porter, Harvey Siy, Lawrence Votta","doi":"10.1109/tse.2025.3537080","DOIUrl":"https://doi.org/10.1109/tse.2025.3537080","url":null,"abstract":"","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"47 1","pages":""},"PeriodicalIF":7.4,"publicationDate":"2025-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143072457","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"PATEN: Identifying Unpatched Third-Party APIs via Fine-Grained Patch-Enhanced AST-Level Signature","authors":"Li Lin;Jialin Ye;Chao Wang;Rongxin Wu","doi":"10.1109/TSE.2025.3537102","DOIUrl":"10.1109/TSE.2025.3537102","url":null,"abstract":"Using a third-party library (TPL) API that is still unpatched with respect to known vulnerabilities would introduce severe security threats, and thus it is important to detect unpatched API as early as possible. Existing vulnerability detection methods often fail to identify subtle differences between patched and vulnerable versions of code, leading to high rates of false positives and missed vulnerabilities. Addressing these limitations, we propose a novel approach that employs a fine-grained, patch-enhanced Abstract Syntax Tree (AST) level signature. This approach consists of two key steps: patch-induced AST difference extraction and vulnerability trace refinement. These steps enable the detailed analysis of structural changes due to patches and enhance the accuracy of vulnerability detection by focusing on the critical elements of code changes. Building on this methodology, we introduce PATEN, a tool designed to accurately detect unpatched TPL APIs. Our evaluation, conducted on a large dataset, demonstrates that PATEN significantly outperforms the state-of-the-art approaches. Specifically, PATEN identified 82 critical vulnerabilities across numerous open-source projects, demonstrating a substantial advancement in the field of unpatched TPL API detection and highlighting its practical implications for improving software security.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"51 4","pages":"990-1006"},"PeriodicalIF":6.5,"publicationDate":"2025-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143072405","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"How Do Developers Structure Unit Test Cases? An Empirical Analysis of the AAA Pattern in Open Source Projects","authors":"Chenhao Wei;Lu Xiao;Tingting Yu;Sunny Wong;Abigail Clune","doi":"10.1109/TSE.2025.3537337","DOIUrl":"10.1109/TSE.2025.3537337","url":null,"abstract":"The AAA (Arrange, Act, Assert) pattern provides a unified structure for unit test cases, potentially benefiting comprehension and maintenance. However, its adoption and implementation in practice remain insufficiently understood. This study investigates the prevalence of AAA pattern usage, identifies recurring deviations and design issues within AAA structures, and assesses developers’ receptiveness to AAA-based improvements. We conducted an empirical study on 735 real-life unit test cases randomly selected from seven open-source projects. We manually analyzed these test cases, identified AAA-related issues, and proposed fixes to developers. Our analysis found that 77% of test cases follow the AAA structure. We identified three recurring patterns deviating from AAA and four design issues within A blocks. Comparison with classic test smells revealed unique insights provided by AAA analysis. Of 27 improvement proposals sent to developers, 78% received positive feedback. These findings show that the AAA pattern is widely adopted in practice, but deviations from and design issues within AAA patterns are common. Our analysis provides a novel perspective on test case quality, complementing traditional test smell analysis. The high acceptance rate of our improvement proposals suggests that developers value AAA-based enhancements. These findings can guide the development of tools for improving AAA practice in unit tests.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"51 4","pages":"1007-1038"},"PeriodicalIF":6.5,"publicationDate":"2025-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143072458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Simplifying and Isolating Failure-Inducing Input: A Retrospective on Delta Debugging","authors":"Andreas Zeller, Ralf Hildebrandt","doi":"10.1109/tse.2025.3537167","DOIUrl":"https://doi.org/10.1109/tse.2025.3537167","url":null,"abstract":"","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"8 1","pages":""},"PeriodicalIF":7.4,"publicationDate":"2025-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143072462","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Ten Years of Journal First Publication in Software Engineering","authors":"Matthew B. Dwyer","doi":"10.1109/tse.2025.3536852","DOIUrl":"https://doi.org/10.1109/tse.2025.3536852","url":null,"abstract":"","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"11 1","pages":""},"PeriodicalIF":7.4,"publicationDate":"2025-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143071728","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"AFLNet Five Years Later: On Coverage-Guided Protocol Fuzzing","authors":"Ruijie Meng;Van-Thuan Pham;Marcel Böhme;Abhik Roychoudhury","doi":"10.1109/TSE.2025.3535925","DOIUrl":"10.1109/TSE.2025.3535925","url":null,"abstract":"Protocol implementations are stateful which makes them difficult to test: Sending the same test input message twice might yield a different response every time. Our proposal to consider a sequence of messages as a seed for coverage-directed greybox fuzzing, to associate each message with the corresponding protocol state, and to maximize the coverage of both the state space and the code was first published in 2020 in a short tool demonstration paper. AFLNet was the first code- and state-coverage-guided protocol fuzzer; it used the response code as an indicator of the current protocol state. Over the past five years, the tool paper has gathered hundreds of citations, the code repository was forked almost 200 times and has seen over thirty pull requests from practitioners and researchers, and our initial proposal has been improved upon in many significant ways. In this paper, we first provide an extended discussion and a full empirical evaluation of the technical contributions of AFLNet and then reflect on the impact that our approach and our tool had in the past five years, on both the research and the practice of protocol fuzzing.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"51 4","pages":"960-974"},"PeriodicalIF":6.5,"publicationDate":"2025-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10858174","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143071729","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Retrospective on: Constraint-Based Automatic Test Data Generation","authors":"Jeff Offutt, Richard DeMillo","doi":"10.1109/tse.2025.3535662","DOIUrl":"https://doi.org/10.1109/tse.2025.3535662","url":null,"abstract":"","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"27 1","pages":""},"PeriodicalIF":7.4,"publicationDate":"2025-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143071727","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}