Journal of Software-Evolution and Process最新文献

{"title":"Improvement of Software Testing Processes With Test Maturity Model Integration","authors":"Gökhan Şit,&nbsp;Süleyman Ersöz,&nbsp;Mehmet Burak Bilgin","doi":"10.1002/smr.70031","DOIUrl":"https://doi.org/10.1002/smr.70031","url":null,"abstract":"<div>\u0000 \u0000 <p>In this study, a maturity-level determination and assessment method developed for companies operating in the software industry to perform TMMi Levels 2 and 3 assessments in-house, with the goal of improving testing processes, is presented. With this method, it is aimed to help companies to conduct their own self-assessments and improve their testing processes before participating in high-budget audits. The validity of this method was tested in practice for TMMi Levels 2 and 3 assessments. Companies can prepare for a formal TMMi audit by using the test maturity-level determination methodology developed in this study, or they can simply improve their processes to produce higher quality products. Additionally, if they already have TMMi certification, they can regularly self-audit to ensure continuity and compliance. Demonstrating how TMMi can be applied in practice and providing a guide to test process maturity determination are key contributions of this work.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 5","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144117832","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Functional Size Measurement With Conceptual Models: A Systematic Literature Review","authors":"Ala Arman,&nbsp;Emiliano Di Reto,&nbsp;Massimo Mecella,&nbsp;Giuseppe Santucci","doi":"10.1002/smr.70030","DOIUrl":"https://doi.org/10.1002/smr.70030","url":null,"abstract":"&lt;p&gt;The demand for efficient functional size measurement (FSM) methods in the competitive software market today is undeniable. However, incomplete and imprecise system specifications pose significant challenges, particularly in scenarios that require fast, flexible, and accurate software size estimation, such as public tenders. Although the integration of conceptual models within FSMs offers a promising solution to these issues, a systematic exploration of such methods remains largely unexplored. This work evaluates FSM methods that integrate conceptual models by analyzing studies from the past 20 years. It highlights key contributions and advances in proposed conceptual model-based FSM methods. In addition, the study examines their limitations and challenges, offering insights for future improvements. A systematic literature review (SLR) was conducted to guide the research process. The review was organized around three research questions, each targeting the study's key objectives: (1) to explore FSM methods utilizing conceptual models, (2) to summarize proposals for their improvement, and (3) to identify the limitations of the proposed enhancements. Primary studies span two decades (2004–2024), with peaks in 2008 and 2015, averaging one to two studies annually. Of the 1371 initial studies, 13 were selected using strict criteria. These studies are categorized into &lt;i&gt;Measurement Techniques&lt;/i&gt; (30.77%), &lt;i&gt;Automation&lt;/i&gt; (38.46%), and &lt;i&gt;Application-Specific&lt;/i&gt; topics (30.77%). The contributions of the primary studies are analyzed in terms of their approaches &lt;i&gt;Repeatability&lt;/i&gt; and &lt;i&gt;Validation&lt;/i&gt;. &lt;i&gt;Repeatability&lt;/i&gt; is assessed by examining whether the primary studies proposed a formal model when using real datasets. In contrast, &lt;i&gt;Validation&lt;/i&gt; focuses on whether the studies were tested in real-world projects. A total of 46.15% of the primary studies utilize formal models, whereas 53.85% rely on nonformal models, although dataset size is often unspecified. Most studies validate their methods using 1 to 30 projects. Common Software Measurement International Consortium (COSMIC) is the most widely used FSM method (69.23%), followed by the Function Point Analysis (FPA) (15.38%) and custom Methods (15.38%), with conceptual UML models appearing in 84.61% of the studies. Key limitations, including &lt;i&gt;Scalability and Generalizability&lt;/i&gt;, &lt;i&gt;Complexity Robustness&lt;/i&gt;, and &lt;i&gt;Flexibility&lt;/i&gt;, persist across all categories. Notably, &lt;i&gt;Scalability and Generalizability&lt;/i&gt; was identified as a limitation in 75% of &lt;i&gt;Measurement Techniques&lt;/i&gt; studies, 80% of &lt;i&gt;Automation&lt;/i&gt; studies, and 75% of &lt;i&gt;Application-Specific&lt;/i&gt; studies, while &lt;i&gt;Flexibility&lt;/i&gt; challenges were most pronounced, affecting 100% of &lt;i&gt;Application-Specific&lt;/i&gt; studies. The limited number of primary studies underscores a substantial research gap in conceptual model-based FSM methods. Future research should focus on developing formal models to enhance theoretical rigor, lever","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 5","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/smr.70030","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144108838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Overcoming Data Shortage in Critical Domains With Data Augmentation for Natural Language Software Requirements","authors":"Robin Korfmann,&nbsp;Patrick Beyersdorffer,&nbsp;Rainer Gerlich,&nbsp;Jürgen Münch,&nbsp;Marco Kuhrmann","doi":"10.1002/smr.70027","DOIUrl":"https://doi.org/10.1002/smr.70027","url":null,"abstract":"<p>Natural language processing (NLP) offers the potential to automate quality assurance of software requirement specifications. In particular, large-scale projects involving numerous suppliers can benefit from this improvement. However, due to privacy restrictions especially in highly restrictive industries, the availability of software requirements specification documents for training NLP tools is severely limited. Also, domain- and project-specific vocabulary, as such in the aerospace domain, require specialized models for processing effectively. To provide a sufficient amount of data to train such models, we studied algorithms for the augmentation of textual data. Four algorithms have been investigated by expanding a given set of requirements from the European Space projects generating correct and incorrect requirements. The initial study yielded data of poor quality due to the particularities of the domain-specific vocabulary, yet laid the foundation for the algorithms' improvement, which, eventually, resulted in an increased set of requirements, which is 20 times the size of the seed set. A complementing experiment demonstrated the usability of augmented requirements to support AI-based quality assurance of software requirements. Furthermore, a selected improvement of the augmentation algorithms demonstrated notable quality improvements by doubling the number of correctly augmented requirements.</p>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 5","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/smr.70027","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143939432","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An Approach Based on Metadata to Implement Convention Over Configuration Decoupled From Framework Logic","authors":"Everaldo Gomes,&nbsp;Eduardo Guerra,&nbsp;Phyllipe Lima,&nbsp;Paulo Meirelles","doi":"10.1002/smr.70028","DOIUrl":"https://doi.org/10.1002/smr.70028","url":null,"abstract":"<p>Frameworks are essential for software development, providing code design and facilitating reuse for their users. Well-known Java frameworks and APIs rely on metadata configuration through code annotations, using Reflection API to consume and process them. Code elements that share the same annotations often exhibit similarities, creating the opportunity to use conventions as a metadata source. This paper proposes a model for defining Convention over Configuration (CoC) for annotation usage, decoupled from the metadata reading logic. With this model, if a convention is present, the framework will automatically consider that element to be annotated. We implemented this model in the Esfinge Metadata API and evaluated it in an experiment where participants implemented the CoC pattern using two approaches: our proposed one and the Java Reflection API. As a result, 75% of participants implemented our approach faster than with just the Reflection API, and we observed a higher failure rate with the Reflection API than with the Esfinge API. Moreover, the code produced with our approach also resulted in fewer lines of code. Based on these results, we confirmed that the proposed approach fulfilled its goal of supporting the definition of conventions decoupled from the framework logic, thereby improving code readability and maintainability.</p>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 5","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/smr.70028","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143930498","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Novel Vulnerability-Detection Method Based on the Semantic Features of Source Code and the LLVM Intermediate Representation","authors":"Jinfu Chen,&nbsp;Jiapeng Zhou,&nbsp;Wei Lin,&nbsp;Dave Towey,&nbsp;Saihua Cai,&nbsp;Haibo Chen,&nbsp;Jingyi Chen,&nbsp;Yemin Yin","doi":"10.1002/smr.70026","DOIUrl":"https://doi.org/10.1002/smr.70026","url":null,"abstract":"<div>\u0000 \u0000 <p>With the increasingly frequent attacks on software systems, software security is an issue that must be addressed. Within software security, automated detection of software vulnerabilities is an important subject. Most existing vulnerability detectors rely on the features of a single code type (e.g., source code or intermediate representation [IR]), which may lead to both the global features of the code slices and the memory operation information not being captured or considered. In particular, vulnerability detection based on source-code features cannot usually include some macro or type definition content. In this paper, we propose a vulnerability-detection method that combines the semantic features of source code and the low level virtual machine (LLVM) IR. Our proposed approach starts by slicing (C/C++) source files using improved slicing techniques to cover more comprehensive code information. It then extracts semantic information from the LLVM IR based on the executable source code. This can enrich the features fed to the artificial neural network (ANN) model for learning. We conducted an experimental evaluation using a publicly-available dataset of 11,381 C/C++ programs. The experimental results show the vulnerability-detection accuracy of our proposed method to reach over 96% for code slices generated according to four different slicing criteria. This outperforms most other compared detection methods.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 5","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143888815","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"ECP: Coprocessor Architecture to Protect Program Logic Consistency","authors":"Yang Gao,&nbsp;Siqi Lu,&nbsp;Yongjuan Wang,&nbsp;Haopeng Fan,&nbsp;Qingdi Han,&nbsp;Jingsheng Li","doi":"10.1002/smr.70023","DOIUrl":"https://doi.org/10.1002/smr.70023","url":null,"abstract":"<div>\u0000 \u0000 <p>Contemporary program protection methods focus on safeguarding either program generation, storage, or execution; however, no unified protection strategy exists for ensuring the security of a full program lifecycle. In this study, we combine the static security of program generation with the dynamic security of process execution and propose a novel program logic consistency security property. An encryption core processing (ECP) architecture is presented that provides coprocessor solutions to protect the program logic consistency at the granularity of instructions and data flows. The new authenticated encryption mode in the architecture uses the offset value of the program's instructions and data in relation to the segment-based address as its encryption parameters. Lightweight cryptographic primitives are adopted to ensure that the hardware burden added by the ECP is limited, especially under <span></span><math>\u0000 <semantics>\u0000 <mrow>\u0000 <mo>×</mo>\u0000 </mrow>\u0000 <annotation>$$ times $$</annotation>\u0000 </semantics></math>64 architectures. We prove that the proposed scheme in the ECP architecture satisfies indistinguishability under chosen plaintext attack and demonstrate the effectiveness of the architecture against various attacks. Additionally, a theoretical performance analysis is provided for estimating the overhead introduced by the ECP architecture.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 4","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143865784","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Community Detection of Directed Network for Software Ecosystems Based on a Two-Step Information Dissemination Model","authors":"Huijie Tu,&nbsp;Xiangjuan Yao,&nbsp;Tingting Hou,&nbsp;Dunwei Gong,&nbsp;Mengyi Yang","doi":"10.1002/smr.70025","DOIUrl":"https://doi.org/10.1002/smr.70025","url":null,"abstract":"<div>\u0000 \u0000 <p>A software ecosystem is a complex system that allows developers to cooperate with each other. Community is a universal and important topological property of networks. Detecting the communities of the software ecosystem is of great significance for analyzing its structural characteristics, discovering its hidden patterns, and predicting its behavior. Traditional community detection algorithms of complex networks are mostly for undirected networks. For the social network, the direction of information dissemination between developers cannot be ignored. In addition, the existing algorithms of community detection usually only consider direct influence between individuals while neglecting indirect relationships. To solve these problems, this paper presents a community detection method based on a two-step information dissemination model for the software ecosystem. First, a two-step information dissemination model is established to calculate the information gain of nodes. Second, a ranking method of developers' comprehensive influence is given through their influence vectors and information gains. Finally, communities are detected by taking the influential nodes as the cluster centers and the probability of information dissemination as the clustering direction. The proposed method is applied to community detection of typical software ecosystems in GitHub. The experimental results show that our method has good performance in the identification of community structure.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 4","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143866021","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Requirements Engineering Model (REM): An Assessment Model for Software Vendor Organizations","authors":"Muhammad Yaseen,&nbsp;Zara Karamat","doi":"10.1002/smr.70020","DOIUrl":"https://doi.org/10.1002/smr.70020","url":null,"abstract":"<div>\u0000 \u0000 <p>Requirements engineering (RE) is important phase of software development life cycle. Among different RE phases include, requirements elicitation, requirements analysis, requirements specification, requirements validation, and requirements management. There is essential need of an assessment model where software organization can measure their level of capability to implement requirements engineering. Besides so much advances in this field, there is no such assessment model where organizations can find their level of maturity towards requirements engineering process. In this research, requirements engineering model (REM) is designed and implemented via case studies from different software organizations. For designing REM, literature review of different models was conducted, and levels of REM were finalized. In the first phase, success factors of successful software requirements implementation were identified via systematic literature review (SLR). Furthermore, the identified CSFs are organized into five levels based on Capability Maturity Model Integration (CMMI) and Software Outsourcing Vendors' Readiness Model (SOVRM). Using Motorola assessment technique, REM was evaluated via case studies from different software organizations. As a result of SLR, total of 50 success factors from different phases of requirements engineering were identified from 191 papers and then mapped to five levels of REM. Three case studies were conducted from different companies to evaluate REM. The outcome analysis of case studies shows that different organizations are on different maturity levels of requirements implementation.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 4","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143866022","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Evaluation Framework for Smart Contract Fuzzers","authors":"Peixuan Feng,&nbsp;Yongjuan Wang,&nbsp;Siqi Lu,&nbsp;Qingjun Yuan,&nbsp;Gang Yu,&nbsp;Xiangyu Wang,&nbsp;Jianan Liu,&nbsp;Huaiguang Wu","doi":"10.1002/smr.70021","DOIUrl":"https://doi.org/10.1002/smr.70021","url":null,"abstract":"<div>\u0000 \u0000 <p>With the widespread application of smart contracts in economics and asset management, the security of smart contracts has been widely addressed by academia and industry. Fuzz is an effective technique for vulnerability detection. Several fuzzers are currently available for smart contracts, how to choose the most appropriate tools to test smart contracts is a problem that needs to be solved. To this end, we propose an evaluation framework for a smart contract fuzzers, which sets eight evaluation indicators from five aspects to comprehensively evaluate the usability, transparency, detection ability, branch coverage, and design of oracle of the smart contract fuzzers. In order to verify the scientificity and rationality of the framework, we selected six state-of-the-art (SOTA) smart contract fuzzers for evaluation. By evaluating the usability of six fuzzers, the level of difficulty in using them was verified; by evaluating the transparency of six fuzzers, the usability of the tool's output information during use was verified; the branch coverage and rationality of oracle design of the six fuzzers was validated by evaluating their detection ability on the dataset. The final evaluation results validated the effectiveness of our proposed framework in guiding users to choose smart contract fuzzers.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 4","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-04-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143861710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Manipulating a CI/CD Pipeline in an IoT Embedded Project: A Quasi-Experiment","authors":"Igor Pereira,&nbsp;Tiago Carneiro,&nbsp;Eduardo Figueiredo","doi":"10.1002/smr.70022","DOIUrl":"https://doi.org/10.1002/smr.70022","url":null,"abstract":"<div>\u0000 \u0000 <p>Given the multidisciplinary complexity of embedded Internet of Things (IoT) projects and the demand for qualified professionals, this study investigates the influence of continuous integration and continuous delivery (CI/CD) skills and developers' perceptions regarding applying these practices in this domain. We conducted a quasi-experiment with 98 students from three undergraduate courses at two Brazilian federal universities, analyzing the impact of developer skills on CI/CD. The results showed that developers with no previous CI/CD skills faced more significant difficulties in practical activities. It was interesting to note that most participants in our sample already had some experience with real software development projects. However, most have never had real experience with an embedded IoT project or CI/CD tools. The approach we followed resulted in 92% success. Attendees expressed interest in more hands-on training on CI/CD pipeline, DevOps, and embedded IoT projects. We also noticed a great need for them to have more practical experience with Git, GitHub, GitHub Actions, and GNU/Linux.</p>\u0000 </div>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 4","pages":""},"PeriodicalIF":1.7,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143835891","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}