Journal of Systems and Software最新文献

{"title":"FSECAM: A contextual thematic approach for linking feature to multi-level software architectural components","authors":"","doi":"10.1016/j.jss.2024.112245","DOIUrl":"10.1016/j.jss.2024.112245","url":null,"abstract":"<div><div>Linking software features to code components is commonly performed during software development and maintenance, including to implement a feature, document code, design test cases, trace requirements, track changes, and support inspection of safety–critical software by government and other third parties. However, manually mapping features to code is error-prone and time consuming, even for developers familiar with a system. To overcome these challenges several studies proposed automated techniques to reduce human intervention when linking features to code components. Nonetheless, three challenges remain: (i) accuracy, (ii) cost, and (iii) explainability. Linking of irrelevant code snippets causes an extra burden of analyses. If the approach lacks explainability, then a tool is less useful for many crucial systems such as safety–critical software. Moreover, heavyweight techniques such as those that require generating execution traces of every scenario or require training deep-learning models are costly and limit small companies from integrating them into their development process.</div><div>We propose a contextual thematic approach that extracts the most relevant theme properties of the feature/requirement to address the aforementioned challenges. Our experiments with two proprietary projects reveal significant enhancement of performance (precision and F1 scores are more than 50% in ideal cases) in linking features to three abstractions of code components, i.e., modules, classes, and methods. Our approach is also capable of linking commits to issues in a promising way. Contextual theme extraction enhances the subjective explainability which has not yet been solved with existing approaches. Moreover, we extract several critical characteristics of the feature documents and code structures that are important to consider in both manual and automated techniques. Finally, we present the FSECAM tool for linking features to code components, which can be immediately deployed within the development process and used without much effort and cost in linking code components and commits.</div><div><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board</em>.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142441784","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Exploring emergent microservice evolution in elastic deployment environments","authors":"","doi":"10.1016/j.jss.2024.112252","DOIUrl":"10.1016/j.jss.2024.112252","url":null,"abstract":"<div><div>Microservices have become an important technology to enable the dynamic composition of large-scale self-adaptive systems. Although modern microservice ecosystems provide a variety of autonomous adaptation mechanisms, when focusing on the microservice itself, they can only account for changes in the sheer increase in workload volume. On the other hand, when workload patterns change, efficient treatment requires the intervention of DevOps experts to manually evolve the internal architecture of services. Given the need to quickly adapt systems to respond to changes, solely relying on DevOps to react to workload pattern changes becomes a bottleneck for future systems. To address this issue, we advance the concept of emergent microservices, that autonomously adapt and evolve their internal architectural composition to better handle changes in the pattern of incoming requests without human intervention. We demonstrate the effectiveness of our approach by exploring this novel concept in the context of a microservice-based Smart City platform.</div><div><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board</em>.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142444757","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Information needs in bug reports for web applications","authors":"","doi":"10.1016/j.jss.2024.112230","DOIUrl":"10.1016/j.jss.2024.112230","url":null,"abstract":"<div><div>Given the widespread popularity and increasing reliance on long-lived web applications (such as Netflix and Facebook), effective and efficient bug reproduction is essential to maintain functionality and user satisfaction throughout the application’s lifetime. Developers use bug reports to localize, reproduce, and eventually fix software bugs. However, the content of bug reports is not always helpful (e.g., due to incomplete or missing information). In this study, we explore what type of information is often missing in bug reports and how that information is presented in them. We manually analyzed the initial and final versions of 1000 bug reports from 10 popular open-source web-based applications. The analysis revealed that, regardless of the type of software (e.g., e-commerce software or personal tools), diagnostic suggestions from developers and end-user usage information are often missing in initial bug reports but only added later throughout the lifetime of a bug report. Also, textual descriptions and screenshots are used most to describe bugs, regardless of the type of bug (e.g., a functional or performance error). The study highlighted the need for improved bug reporting templates and tools to improve bug report quality and efficiency in web application development and maintenance.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142427420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Development and benchmarking of multilingual code clone detector","authors":"","doi":"10.1016/j.jss.2024.112215","DOIUrl":"10.1016/j.jss.2024.112215","url":null,"abstract":"<div><div>The diversity of programming languages is growing, making the language extensibility of code clone detectors crucial. However, this is challenging for most existing clone detection detectors because the source code handler needs modifications, which requires specialist-level knowledge of the targeted language and is time-consuming. Multilingual code clone detectors make it easier to add new language support by providing syntax information of the target language only. To address the shortcomings of existing multilingual detectors for language scalability and detection performance, we propose a multilingual code block extraction method based on ANTLR parser generation, and implement a multilingual code clone detector (MSCCD), which supports the most significant number of languages currently available and has the ability to detect Type-3 code clones. We follow the methodology of previous studies to evaluate the detection performance of the Java language. Compared to ten state-of-the-art detectors, MSCCD performs at an average level while it also supports a significantly larger number of languages. Furthermore, we propose the first multilingual syntactic code clone evaluation benchmark based on the CodeNet database. Our results reveal that even when applying the same detection approach, performance can vary markedly depending on the language of the source code under investigation. Overall, MSCCD is the most balanced one among the evaluated tools when considering detection performance and language extensibility.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142432478","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"GeQuPI: Quantum Program Improvement with Multi-Objective Genetic Programming","authors":"","doi":"10.1016/j.jss.2024.112223","DOIUrl":"10.1016/j.jss.2024.112223","url":null,"abstract":"<div><div>Processing quantum information poses novel challenges regarding the debugging of faulty quantum programs. Notably, the lack of accessible information on intermediate states during quantum processing, renders traditional debugging techniques infeasible. Moreover, even correct quantum programs might not be processable, as current quantum computers are limited in computation capacity. Thus, quantum program developers have to consider trade-offs between accuracy (i.e., probabilistically correct functionality) and computational cost of the proposed solutions. Manually finding sufficiently accurate and efficient solutions is a challenging task, even for quantum computing experts. To tackle these challenges, we propose a quantum program improvement framework for an automated generation of accurate and efficient solutions, coined Genetic Quantum Program Improver (<span>GeQuPI</span>). In particular, we focus on the tasks of debugging and optimization of quantum programs. Our framework uses techniques from quantum information theory and applies multi-objective genetic programming, which can be further hybridized with quantum-aware optimizers. To demonstrate the benefits of <span>GeQuPI</span>, it is applied to 47 quantum programs reused from literature and openly published libraries. The results show that our approach is capable of correcting faulty programs and optimize inefficient ones for the majority of the studied cases, showing average optimizations of 35% with respect to computational cost.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142444756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An empirical study of AI techniques in mobile applications","authors":"","doi":"10.1016/j.jss.2024.112233","DOIUrl":"10.1016/j.jss.2024.112233","url":null,"abstract":"<div><div>The integration of artificial intelligence (AI) into mobile applications has significantly transformed various domains, enhancing user experiences and providing personalized services through advanced machine learning (ML) and deep learning (DL) technologies. AI-driven mobile apps typically refer to applications that leverage ML/DL technologies to perform key tasks such as image recognition and natural language processing. Despite existing research exploring how mobile apps exploit AI techniques, they have the following main limitations: (1) Most existing studies focus on DL-based apps, with limited research on ML-based apps. (2) Existing research typically focuses on investigating the apps and the technologies utilized in the apps, lacking user-level analysis. (3) The number of apps studied is limited, with only 1,000 to 2,000 ML/DL apps identified after filtering. To fill the gap, in this paper, we conducted the most extensive empirical study on AI applications, exploring on-device ML apps, on-device DL apps, and AI service-supported (cloud-based) apps. Our study encompasses 56,682 real-world AI applications, focusing on three crucial perspectives: <strong>(1) Application analysis</strong>, where we analyze the popularity of AI apps and investigate the update states of AI apps; <strong>(2) Framework and model analysis</strong>, where we analyze AI framework usage and AI model protection; <strong>(3) User analysis</strong>, where we examine user privacy protection and user review attitudes. Our study has strong implications for AI app developers, users, and AI R&amp;D. On one hand, our findings highlight the growing trend of AI integration in mobile applications, demonstrating the widespread adoption of various AI frameworks and models. On the other hand, our findings emphasize the need for robust model protection to enhance app security. Additionally, our study highlights the importance of user privacy and presents user attitudes towards the AI technologies utilized in current AI apps. We provide our AI app dataset (currently the most extensive AI app dataset) as an open-source resource for future research on AI technologies utilized in mobile applications.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142427419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Symbolic testing of floating-point bugs and exceptions","authors":"","doi":"10.1016/j.jss.2024.112226","DOIUrl":"10.1016/j.jss.2024.112226","url":null,"abstract":"<div><div>Numerical software are susceptible to floating-point bugs and exceptions, which may lead to severe threats like denial of service attacks. Static analysis techniques such as symbolic execution are effective in detecting general bugs which often cause memory error or program crash. Unfortunately, these methods do not deal well with numerical code as they do not support floating-point constraints and math functions symbolically. In this paper, we propose a new analysis framework YUSE, which can detect floating-point bugs by constructing constraints and exploring paths which contain floating-point expressions. Specifically, we introduce interval computation and interval constraint propagation in non-relational numerical abstract domains, and symbolically model math functions, to accurately detect floating-point bugs and exceptions. Moreover, we leverage two-phase constraint solving to enhance YUSE’s performance. Experimental results show that YUSE outperforms two state-of-the-art tools, Frama-c and Fpse-study, in terms of effectiveness and efficiency, with 1.4<span><math><mo>×</mo></math></span> and 7.1<span><math><mo>×</mo></math></span> faster than Frama-c and Fpse-study, respectively. Moreover, YUSE found 20 new bugs in real-world software, 12 of which were assigned CVE IDs and 8 of which were confirmed by developers.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142427415","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A generalized, rule-based method for the detection of intermittent faults in software programs","authors":"","doi":"10.1016/j.jss.2024.112228","DOIUrl":"10.1016/j.jss.2024.112228","url":null,"abstract":"<div><div>Intermittent faults are a very common problem in the software world, and are very hard to locate and correct, due to the fact that they manifest their presence only under certain circumstances. Most of the existing approaches for intermittent fault identification assume that suitable instrumentation has been provided in the program, typically in the form of assertions that dictate which program states are considered to be erroneous, by examining variable values. This approach is, however, inefficient, since only errors for which appropriate instrumentation has been provided will be uncovered. In this paper we propose a method that can be used to detect probable sources of intermittent faults within a program. Our method proposes certain points in the code, whose data interdependencies combined with their execution interweaving indicate that they could be the root cause of intermittent faults. The approach presented in this paper extends our previous work, by examining shared variable access sequences and taking into account not only direct dependencies between shared variables, but additionally indirect ones, i.e. cases where values of local variables are computed using values of some shared variable(s), and subsequently the local variable values are used to set the value of other shared variables. The detection of suspicious access pattern, which may indicate the presence of intermittent faults, is formalized through the introduction of generalized rules; these rules are combined with model-based checking to ensure that all program execution paths are covered. The list of suspicious locations within the code is finally presented to the developer, who will decide after a thorough examination of the code, to accept or reject each of the proposals.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142427416","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Model-based safety analysis of requirement specifications","authors":"","doi":"10.1016/j.jss.2024.112231","DOIUrl":"10.1016/j.jss.2024.112231","url":null,"abstract":"<div><div>Model-based design primarily aims to establish a communication framework throughout a system’s design. Moreover, models with formal semantics allow verification based on rigorous methods, including the analysis of system safety. However, building formal models is a tedious manual process and cannot be easily applied to real problems.</div><div>A key gap that hinders automation of model development is that there is no systematic way to connect system requirements with the activity of model-based design. In this article, we introduce a workflow to tackle this gap and ultimately automate the analysis of system safety using formal methods.</div><div>We extend our previous work on boilerplate-based specification of system requirements with ontological semantics towards specifying FDIR (Failure, Detection, Isolation, Recovery) requirements. The workflow is centered around the automated generation of a model skeleton in SLIM, a component-based formal modeling language, from a set of ontology-based requirement specifications. Our approach has been implemented into a dedicated tool, which not only provides visualization of the ontology relations, but also supports traceability of the analysis findings back to the requirements specification. Finally, we provide results on the safety analysis of a real star-tracker system based on a SLIM model derived by minimally changing the auto-generated model skeleton.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142427418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CoMPers: A configurable conflict management framework for personalized collaborative modeling","authors":"","doi":"10.1016/j.jss.2024.112227","DOIUrl":"10.1016/j.jss.2024.112227","url":null,"abstract":"<div><h3>Context:</h3><div>Modeling is an activity in the software development life cycle where experts and stakeholders collaborate as a team. In collaborative modeling, adhering to the optimistic versioning paradigm allows users to make concurrent changes to the same model, but conflicts may arise. To achieve an integrated and consistent merged model, conflicts must be resolved.</div></div><div><h3>Objective:</h3><div>The primary objective of this study was to provide a customizable and extensible framework for conflict management in personalized change propagation during collaborative modeling.</div></div><div><h3>Methods:</h3><div>We propose CoMPers, a customizable and extensible conflict management framework designed to address various conflicts encountered in collaborative modeling. We present the duel algorithm for automatically detecting and resolving conflicts according to user preferences. The framework utilizes personalized change propagation to customize collaboration and supports the conflict management process by executing the duel algorithm based on user preferences. As a proof-of-concept, we have implemented the CoMPers framework and extended the EMF.cloud modeling framework to demonstrate its applicability.</div></div><div><h3>Results:</h3><div>We have constructed a proof-of-concept implementation and conducted a real-world case study, a benchmark experiment, and a user experience evaluation. Our findings demonstrate that: (1) CoMPers enables collaborators to configure propagation strategies according to their habits; (2) CoMPers successfully identifies all anticipated conflicts and achieves a 100% accuracy in conflict handling; (3) The majority of participants agreed that CoMPers is user-friendly for collaborative modeling.</div></div><div><h3>Conclusion:</h3><div>This paper presents the CoMPers framework, which is based on personalized change propagation, and helps collaborators customize conflict management activities. The results confirm the feasibility and advantages of consistent and concurrent modeling within the collaborative CoMPers platform, with an acceptable functionality for approximately ten collaborators.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142358798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}