Journal of Systems and Software最新文献

An Attention-based Wide and Deep Neural Network for Reentrancy Vulnerability Detection in Smart Contracts

IF 3.7 2区计算机科学

Journal of Systems and Software Pub Date : 2025-02-03 DOI: 10.1016/j.jss.2025.112361

Samuel Banning Osei , Rubing Huang , Zhongchen Ma

{"title":"An Attention-based Wide and Deep Neural Network for Reentrancy Vulnerability Detection in Smart Contracts","authors":"Samuel Banning Osei , Rubing Huang , Zhongchen Ma","doi":"10.1016/j.jss.2025.112361","DOIUrl":"10.1016/j.jss.2025.112361","url":null,"abstract":"<div><div>In recent years, smart contracts have become integral to blockchain applications, offering decentralized, transparent, and tamper-proof execution of agreements. However, vulnerabilities in smart contracts pose significant security risks, leading to financial losses. This paper presents an Attention-based Wide and Deep Neural Network (AWDNN) for Reentrancy vulnerability Detection in Ethereum smart contracts. By emphasizing crucial smart contract features, AWDNN enhances its precision in identifying complex vulnerability patterns. Our approach includes three phases: code optimization, vectorization, and vulnerability detection. We streamline smart contract code by removing extraneous components and extracting key fragments. These fragments are transformed into vectors that capture the smart contract’s semantic features, and subsequently subjected through the wide and deep neural network to detect vulnerabilities. Experimental results show that our model performs well compared to existing tools. Future work aims to detect additional vulnerabilities and incorporate advanced vectorization techniques to enhance efficiency.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"223 ","pages":"Article 112361"},"PeriodicalIF":3.7,"publicationDate":"2025-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143215069","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Predicting test failures induced by software defects: A lightweight alternative to software defect prediction and its industrial application

IF 3.7 2区计算机科学

Journal of Systems and Software Pub Date : 2025-02-03 DOI: 10.1016/j.jss.2025.112360

Lech Madeyski , Szymon Stradowski

{"title":"Predicting test failures induced by software defects: A lightweight alternative to software defect prediction and its industrial application","authors":"Lech Madeyski , Szymon Stradowski","doi":"10.1016/j.jss.2025.112360","DOIUrl":"10.1016/j.jss.2025.112360","url":null,"abstract":"<div><h3>Context:</h3><div>Machine Learning Software Defect Prediction (ML SDP) is a promising method to improve the quality and minimise the cost of software development.</div></div><div><h3>Objective:</h3><div>We aim to: (1) apropose and develop a Lightweight Alternative to SDP (LA2SDP) that predicts test failures induced by software defects to allow pinpointing defective software modules thanks to available mapping of predicted test failures to past defects and corrected modules, (2) preliminary evaluate the proposed method in a real-world Nokia 5G scenario.</div></div><div><h3>Method:</h3><div>We train machine learning models using test failures that come from confirmed software defects already available in the Nokia 5G environment. We implement LA2SDP using five supervised ML algorithms, together with their tuned versions, and use eXplainable AI (XAI) to provide feedback to stakeholders and initiate quality improvement actions.</div></div><div><h3>Results:</h3><div>We have shown that LA2SDP is feasible in vivo using test failure-to-defect report mapping readily available within the Nokia 5G system-level test process, achieving good predictive performance. Specifically, CatBoost Gradient Boosting turned out to perform the best and achieved satisfactory Matthew’s Correlation Coefficient (MCC) results for our feasibility study.</div></div><div><h3>Conclusions:</h3><div>Our efforts have successfully defined, developed, and validated LA2SDP, using the sliding and expanding window approaches on an industrial data set.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"223 ","pages":"Article 112360"},"PeriodicalIF":3.7,"publicationDate":"2025-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143215068","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

The AmbiTRUS framework for identifying potential ambiguity in user stories

IF 3.7 2区计算机科学

Journal of Systems and Software Pub Date : 2025-01-31 DOI: 10.1016/j.jss.2025.112357

Anis R. Amna , Yves Wautelet , Stephan Poelmans , Samedi Heng , Geert Poels

{"title":"The AmbiTRUS framework for identifying potential ambiguity in user stories","authors":"Anis R. Amna , Yves Wautelet , Stephan Poelmans , Samedi Heng , Geert Poels","doi":"10.1016/j.jss.2025.112357","DOIUrl":"10.1016/j.jss.2025.112357","url":null,"abstract":"<div><div>Ambiguity in natural language-based requirements is a well-known issue, often addressed as a singular problem despite its complexity. Studies reveal that ambiguity in user stories can manifest differently depending on the linguistic levels.</div><div>This study introduces the ambiguity analysis framework (AmbiTRUS) to address these diverse manifestations by composing quality criteria for 13 types of ambiguity problems, classified across four linguistic levels and linked to four types of requirements quality problems. The proposed quality criteria were selected and adapted from three established user story quality frameworks: the QUS framework, the Agile Requirements Verification framework, and the INVEST framework.</div><div>To assess the potential effectiveness of AmbiTRUS, a controlled laboratory experiment with advanced MSc students representing novice practitioners of the intended users of the framework. While the experiment did not demonstrate clear effectiveness, users found the framework useful despite its complexity.</div><div>Insights from the experiment allowed redefining the framework's quality criteria. The main lesson learned from the experiment is the need for tool support in applying AmbiTRUS, particularly using NLP techniques to verify the quality criteria. The development of such an NLP-based tool and the evaluation of AmbiTRUS through a usability study of the tool are the next steps in our research.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"223 ","pages":"Article 112357"},"PeriodicalIF":3.7,"publicationDate":"2025-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143215070","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An empirical analysis of feature fusion task heads of ViT pre-trained models on OOD classification tasks

IF 3.7 2区计算机科学

Journal of Systems and Software Pub Date : 2025-01-30 DOI: 10.1016/j.jss.2025.112358

Mingxing Zhang, Jun Ai, Tao Shi

引用次数: 0

CG-FL: A data augmentation approach using context-aware genetic algorithm for fault localization

IF 3.7 2区计算机科学

Journal of Systems and Software Pub Date : 2025-01-29 DOI: 10.1016/j.jss.2025.112359

Jian Hu

{"title":"CG-FL: A data augmentation approach using context-aware genetic algorithm for fault localization","authors":"Jian Hu","doi":"10.1016/j.jss.2025.112359","DOIUrl":"10.1016/j.jss.2025.112359","url":null,"abstract":"<div><div>Fault localization (FL) is a critical step in software debugging. Coverage-based fault localization (CFL) as one of the most promising FL technique utilizes coverage information obtained from program entities executed by test cases to determine the entities that are more likely to be faulty. However, CFL faces two main issues that limit its effectiveness. Firstly, the code coverage data contains numerous irrelevant statements for the observed failure, which makes the search scope too large for FL. Secondly, the input coverage data is highly imbalanced due to the presence of significantly more passing test cases than failing test cases, which makes the FL model bias to the passing test cases. To address these problems, we propose CG-FL, a data augmentation approach using context-aware genetic algorithm. Specifically, CG-FL first uses program slicing to construct a failure context for FL. Subsequently, CG-FL generate synthesized failing test cases through the application of the genetic algorithm. To evaluate the effectiveness of CG-FL, we compared it with six state-of-the-art FL methods and three representative data augmentation methods on 420 versions of 9 benchmarks. The experimental findings clearly indicate that CG-FL substantially enhances the effectiveness of the six FL methods and outperforms the three data augmentation methods.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"222 ","pages":"Article 112359"},"PeriodicalIF":3.7,"publicationDate":"2025-01-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143104116","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

MPLinker: Multi-template Prompt-tuning with adversarial training for Issue–commit Link recovery

IF 3.7 2区计算机科学

Journal of Systems and Software Pub Date : 2025-01-28 DOI: 10.1016/j.jss.2025.112351

Bangchao Wang , Yang Deng , Ruiqi Luo , Peng Liang , Tingting Bi

{"title":"MPLinker: Multi-template Prompt-tuning with adversarial training for Issue–commit Link recovery","authors":"Bangchao Wang , Yang Deng , Ruiqi Luo , Peng Liang , Tingting Bi","doi":"10.1016/j.jss.2025.112351","DOIUrl":"10.1016/j.jss.2025.112351","url":null,"abstract":"<div><div>In recent years, the pre-training, prompting and prediction paradigm, known as prompt-tuning, has achieved significant success in Natural Language Processing (NLP). Issue–commit Link Recovery (ILR) in Software Traceability (ST) plays an important role in improving the reliability, quality, and security of software systems. The current ILR methods convert the ILR into a classification task using pre-trained language models (PLMs) and dedicated neural networks. These methods do not fully utilize the semantic information embedded in PLMs, failing to achieve acceptable performance. To address this limitation, we introduce a novel paradigm: <strong>Multi-template Prompt-tuning</strong> with adversarial training for issue–commit <strong>Link</strong> recovery (MPLinker). MPLinker redefines the ILR task as a cloze task via template-based prompt-tuning and incorporates adversarial training to enhance model generalization and reduce overfitting. We evaluated MPLinker on six open-source projects using a comprehensive set of performance metrics. The experiment results demonstrate that MPLinker achieves an average F1-score of 96.10%, Precision of 96.49%, Recall of 95.92%, MCC of 94.04%, AUC of 96.05%, and ACC of 98.15%, significantly outperforming existing state-of-the-art methods. Overall, MPLinker improves the performance and generalization of ILR models and introduces innovative concepts and methods for ILR. The replication package for MPLinker is available at <span><span>https://github.com/WTU-intelligent-software-development/MPLinker</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"223 ","pages":"Article 112351"},"PeriodicalIF":3.7,"publicationDate":"2025-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143350866","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Different approaches for testing body sensor network applications

IF 3.7 2区计算机科学

Journal of Systems and Software Pub Date : 2025-01-28 DOI: 10.1016/j.jss.2025.112336

Samira Silva , Ricardo Caldas , Patrizio Pelliccione , Antonia Bertolino

{"title":"Different approaches for testing body sensor network applications","authors":"Samira Silva , Ricardo Caldas , Patrizio Pelliccione , Antonia Bertolino","doi":"10.1016/j.jss.2025.112336","DOIUrl":"10.1016/j.jss.2025.112336","url":null,"abstract":"<div><div>Body Sensor Networks (BSNs) offer a cost-effective way to monitor patients’ health and detect potential risks. Despite the growing interest attracted by BSNs, there is a lack of testing approaches for them. Testing a Body Sensor Network (BSN) is challenging due to its evolving nature, the complexity of sensor scenarios and their fusion, the potential necessity of third-party testing for certification, and the need to prioritize critical failures given limited resources. This paper addresses these challenges by proposing three BSN testing approaches: PASTA, ValComb, and TransCov. These approaches share common characteristics, which are described through a general framework called GATE4BSN. PASTA simulates patients with sensors and models sensor trends using a Discrete Time Markov Chain (DTMC). ValComb explores various health conditions by considering all sensor risk level combinations, while TransCov ensures full coverage of DTMC transitions. We empirically evaluate these approaches, comparing them with a baseline approach in terms of failure detection. The results demonstrate that PASTA, ValComb, and TransCov uncover previously undetected failures in an open-source BSN and outperform the baseline approach. Statistical analysis reveals that PASTA is the most effective, while ValComb is 76 times faster than PASTA and nearly as effective.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"223 ","pages":"Article 112336"},"PeriodicalIF":3.7,"publicationDate":"2025-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143377629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Hierarchical tree-based algorithms for efficient expression parsing and test sequence generation in software models

IF 3.7 2区计算机科学

Journal of Systems and Software Pub Date : 2025-01-27 DOI: 10.1016/j.jss.2025.112354

Yihao Li , Pan Liu

{"title":"Hierarchical tree-based algorithms for efficient expression parsing and test sequence generation in software models","authors":"Yihao Li , Pan Liu","doi":"10.1016/j.jss.2025.112354","DOIUrl":"10.1016/j.jss.2025.112354","url":null,"abstract":"<div><div>The software expression model serves as a formalized specification, accurately depicting software behavior and generating test sequences through algebraic operations derived from the model. Typically, automated algebraic manipulation involves constructing an abstract syntax tree (AST) for the expression, followed by traversing it to identify subexpressions. However, this approach introduces a significant amount of redundant algebraic operations, diminishing the efficiency of expression parsing. To address this challenge, this paper introduces HT-EP, an innovative hierarchical tree-based expression parsing algorithm. HT-EP transforms expressions into hierarchical trees, utilizing algebraic operations to process nodes efficiently and generate streamlined test sequences. Compared to ASTs, hierarchical trees exhibit a simplified structure with fewer nodes, enabling faster traversal. Our experiment involved 124 expressions from scholarly papers over the past six decades and core functional expressions from 15 open-source software projects. The goal was to assess the parsing and fault detection capabilities of HT-EP against four other expression parsing algorithms. Additionally, we compared the complexities of hierarchical trees and ASTs, exploring factors influencing hierarchical tree complexity. Experimental results reveal that the HT-EP algorithm excels in parsing and software fault detection capabilities compared to the other four algorithms. Furthermore, for expressions derived from real-world cases, HT-EP achieves an approximate 40% reduction in redundant algebraic operation steps and an average 63% reduction in runtime compared to AST-EP.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"223 ","pages":"Article 112354"},"PeriodicalIF":3.7,"publicationDate":"2025-01-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143183248","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A cross-continental analysis of how regional cues shape top stack overflow contributors

IF 3.7 2区计算机科学

Journal of Systems and Software Pub Date : 2025-01-27 DOI: 10.1016/j.jss.2025.112338

Elijah Zolduoarrati , Sherlock A. Licorish , John Grundy

{"title":"A cross-continental analysis of how regional cues shape top stack overflow contributors","authors":"Elijah Zolduoarrati , Sherlock A. Licorish , John Grundy","doi":"10.1016/j.jss.2025.112338","DOIUrl":"10.1016/j.jss.2025.112338","url":null,"abstract":"<div><div>Stack Overflow offers valuable knowledge for software developers, but studies suggest digital information tends to cluster geographically, limiting access to necessary knowledge for innovation. This study explores posts of top contributors on Stack Overflow across the United States, Brazil, India, Egypt, the United Kingdom, and Australia. We analyse platform activities, conduct social network analysis, employ topic modelling paired with thematic analysis, before dissecting their knowledge sharing patterns via directed content analysis. Results indicate that cultural factors, entrepreneurial activities, tech ecosystem maturity, as well as workforce diversity in a region were found to shape how top contributors contribute. For instance, individualistic users communicate directly whilst collectivistic users prefer subtle communication and socio-emotional cues. Moreover, top contributors in nascent technology ecosystems were more likely to discuss fundamental concepts, while those in mature ecosystems focus on specialised niches. This study sheds light on how diversity in human aspects may influence the dynamics of CQA settings, where future researchers can explicate the extent of which latent contextual factors affect user contributions and community structure.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"223 ","pages":"Article 112338"},"PeriodicalIF":3.7,"publicationDate":"2025-01-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143277208","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

LogGzip: Towards log Parsing with lossless compression

IF 3.7 2区计算机科学

Journal of Systems and Software Pub Date : 2025-01-27 DOI: 10.1016/j.jss.2025.112349

Donghui Gao , Changjian Liu , Ningjiang Chen , Xiaochun Hu

{"title":"LogGzip: Towards log Parsing with lossless compression","authors":"Donghui Gao , Changjian Liu , Ningjiang Chen , Xiaochun Hu","doi":"10.1016/j.jss.2025.112349","DOIUrl":"10.1016/j.jss.2025.112349","url":null,"abstract":"<div><div>Automated analysis of complex logs from Internet of Things(IoT) devices facilitates failure diagnosis and system status monitoring. Log parsing, the first step in this process, converts raw logs into structured data. Due to the vast size and intricate structure of IoT system logs, parsers must effectively handle various log formats. Supervised learning parsers require labor-intensive manual data labeling. Clustering-based parsers, as an unsupervised method, minimize expert involvement and manual annotation. However, existing clustering-based parsers struggle with the diverse formats of log data and handling minor variations or noise within logs, due to their reliance on specific log structures or the need to transform logs into particular representations. To address the above problems, the paper proposes LogGzip, a clustering log parser based on the gzip lossless compressor. It employs a gzip compressor to measure differences in compressed lengths between logs to identify the complex patterns and regularities in the logs, and designs compression distance calculation method to construct a distance matrix as a measure of log event similarity. At the same time, the overhead in the compression process is reduced by building a compression dictionary. Finally, clustering analysis is performed using the similarity scores. Experimental results demonstrate that the parsing accuracy of LogGzip outperforms the existing state-of-the-art log parsers.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"223 ","pages":"Article 112349"},"PeriodicalIF":3.7,"publicationDate":"2025-01-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143378432","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0