Journal of Systems and Software最新文献

{"title":"StoneDetector : Conventional and versatile code clone detection for Java","authors":"Thomas S. Heinze ,&nbsp;André Schäfer ,&nbsp;Wolfram Amme","doi":"10.1016/j.jss.2026.112799","DOIUrl":"10.1016/j.jss.2026.112799","url":null,"abstract":"<div><div>Copy &amp; paste is a widespread practice when developing software and, thus, duplicated and subsequently modified code occurs frequently in software projects. Since such code clones, i.e., identical or similar fragments of code, can bloat software projects and cause issues like bug or vulnerability propagation, their identification is of importance. In this paper, we present StoneDetector and its underlying method for finding code clones in Java source and Bytecode. StoneDetector implements a conventional clone detection approach based upon the textual comparison of paths derived from the code’s representation by dominator trees. In this way, the tool does not only find exact and syntactically similar near-miss code clones, but also code clones that are harder to detect due to their larger variety in the syntax. We demonstrate StoneDetector’s versatility as a conventional clone detection tool and analyze its various available configuration parameters, including the usage of different string metrics, hashing algorithms, etc. In our exhaustive evaluation with other conventional clone detectors on several state-of-the-art benchmarks, we can show StoneDetector’s performance and scalability in finding code clones in both, Java source and Bytecode.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"236 ","pages":"Article 112799"},"PeriodicalIF":4.1,"publicationDate":"2026-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146174701","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Sustainability and performance trustworthiness of IoT monitoring software architectures in the Edge","authors":"Juan Sebastián Ochoa ,&nbsp;Vanessa Rodríguez-Horcajo ,&nbsp;Jennifer Pérez ,&nbsp;Juan Garbajosa ,&nbsp;Norberto Cañas ,&nbsp;Javier García-Martín ,&nbsp;Daniel Guamán","doi":"10.1016/j.jss.2026.112801","DOIUrl":"10.1016/j.jss.2026.112801","url":null,"abstract":"<div><div>Identifying and implementing sustainable solutions to address the high energy consumption of ICT solutions has become a necessity in Industry 4.0. Therefore, the construction of Green software products is a priority for its customers, who need to trust that their software products are sustainable to fulfil the sustainability policies of their companies. We present sustainability as a key attribute in addressing the trustworthiness of software architectures. This work is focused on IoT monitoring software architectures in the Edge, since IoT energy consumption is a critical issue for sustainability due to the huge amount of power connections required by IoT devices and the high energy consumption needed for processing and transmitting their data. We present an exploratory research study conducted to determine how to design trustworthy IoT monitoring software architectures in the Edge considering two critical attributes, performance and sustainability. Specifically, this study evaluates how the configuration of the components that comprise Edge IoT monitoring architectures may influence their energy consumption and response time. This work presents the experimental results of the exploratory study and its findings, in which the energy consumption and response time of four different software architecture configurations of an indoor environmental monitoring IoT system are measured. From the execution of thirty experiments, this study reveals the importance of balancing the monitoring activities between the Edge nodes and servers, and it indicates that it is possible to construct trustworthy IoT monitoring software architectures in the Edge with software components that reduce both energy consumption and response time.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"236 ","pages":"Article 112801"},"PeriodicalIF":4.1,"publicationDate":"2026-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146174712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Microservice logs analysis employing AI: A systematic literature review","authors":"Md Arfan Uddin,&nbsp;Shakthi Weerasinghe,&nbsp;Darek Gajewski,&nbsp;Melika Akbarsharifi,&nbsp;Roxana Akbarsharifi,&nbsp;Christopher Stoner,&nbsp;Tomas Cerny,&nbsp;Sen He","doi":"10.1016/j.jss.2026.112786","DOIUrl":"10.1016/j.jss.2026.112786","url":null,"abstract":"<div><div><strong>Background</strong>: Microservice architectures generate massive volumes of fragmented log data. While complicating unified monitoring and diagnosis, traditional approaches are typically overwhelmed, leading to delayed incident detection and costly system failures. Artificial Intelligence (AI) techniques, particularly machine learning and large language models, have emerged as promising solutions for automating log analysis and addressing these operational challenges. <strong>Objective</strong>: The objective of this study is to systematically review and synthesize existing research on AI techniques for microservice log analysis, evaluating their enterprise deployment readiness and identifying current capabilities, limitations, and priority areas for future investigation. <strong>Method</strong>: We conducted a systematic literature review of 2208 papers from peer-reviewed academic literature, published between 2018 and 2025. Through a rigorous filtering process, we identified 82 primary studies that thoroughly examine the use of AI for microservice log analysis across tools, techniques, datasets, and challenges. <strong>Results</strong>: While AI techniques are frequently applied to anomaly detection and root cause analysis, this review reveals a critical disconnect between research advances and industry needs. 65 studies rely on synthetic or private datasets that poorly reflect production complexities. Approximately two-thirds (65.85%) of papers adopt standardized evaluation benchmarks, with 59.76% using the standard Precision-Recall-F1 classification metrics. Hence, unresolved scalability, generalizability, and data accessibility remain the key challenges that prevent widespread adoption of AI-based microservice log analysis in enterprise environments. <strong>Conclusion</strong>: AI has strong potential for advancing log analysis in microservices. Future research should prioritize open datasets, robust benchmarking, and the use of these AI methods for deeper contextual understanding such as understanding why anomalies propagate across services and how they may impact business operations.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"236 ","pages":"Article 112786"},"PeriodicalIF":4.1,"publicationDate":"2026-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146174703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An empirical eye-tracking study of cross-lingual program comprehension and debugging","authors":"Ameer Mohammed,&nbsp;Reem Albaghli,&nbsp;Hanaa Alrushood,&nbsp;Fatme Ghaddar","doi":"10.1016/j.jss.2026.112793","DOIUrl":"10.1016/j.jss.2026.112793","url":null,"abstract":"<div><div>The ability for students to effectively adapt to new programming languages is a desirable skill that is useful for careers demanding rapid adoption of different languages. This study aims to measure the cognitive load required to generalize programming skills from one language to another across three different tasks: code comprehension, syntactic debugging, and semantic debugging. Participants with basic background in either Java or Python (but not both) were asked to explain a given code segment or identify the syntactic/semantic bug for code written in Python. The cognitive load (i.e., mental effort) to tackle the three tasks in Python for Java-trained students is then measured by employing eye-tracking technology and compared against Python-trained students to determine the overhead in processing these tasks. Our results show that the difference in cognitive load between Java and Python students was more significant when focusing on conditional or iterative constructs compared to other statements in the code. These findings suggest that certain code elements require more effort than others when trying to understand code in a new language, guiding educators toward focusing more on those challenging areas when instructing students with existing knowledge in a different programming language.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"236 ","pages":"Article 112793"},"PeriodicalIF":4.1,"publicationDate":"2026-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146039477","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"LogGen: Integrating traditional model and LLM with code analysis for precise log generation","authors":"Min Li ,&nbsp;Gou Tan ,&nbsp;Pengfei Chen ,&nbsp;Chuanfu Zhang","doi":"10.1016/j.jss.2026.112816","DOIUrl":"10.1016/j.jss.2026.112816","url":null,"abstract":"<div><div>Logging is a crucial method for the runtime monitoring and measurement of program states. However, in large-scale projects, variations in developer experience lead to significant differences in the key information within log statements, making it challenging to maintain uniform log formats. Therefore, we propose <em>LogGen</em>, a log generation framework that combines a traditional model with Large Language Models (LLMs). It learns from existing projects and automatically inserts log statements into new code, addressing the challenge of LLMs struggling to pinpoint accurate log positions. By leveraging LLM code summarization and integrating function-level semantic information, <em>LogGen</em> constructs more robust features, enabling the traditional model to achieve high accuracy in log positioning. Additionally, <em>LogGen</em> extracts log styles and function call chains from projects to create a knowledge database. LLMs can produce more precise log statements by combining our knowledge with the Retrieval-Augmented Generation (RAG) framework. We evaluate <em>LogGen</em> on long-term developed Java and C++ projects, showing that it surpasses the state-of-the-art log generation methods by 41.6% in F1 of log position and 36.2% in text BLEU-4 score, exhibiting stronger robustness against code and knowledge changes.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"236 ","pages":"Article 112816"},"PeriodicalIF":4.1,"publicationDate":"2026-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146174705","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards the automated extraction and refactoring of NoSQL schemas from application code","authors":"Carlos J. Fernandez-Candel ,&nbsp;Anthony Cleve ,&nbsp;Jesus J. Garcia-Molina","doi":"10.1016/j.jss.2026.112787","DOIUrl":"10.1016/j.jss.2026.112787","url":null,"abstract":"<div><div>Most NoSQL systems adopt a schema-on-read approach to promote flexibility and agility: the structure of the stored data is not constrained by predefined schemas. However, the absence of explicit schema declarations does not imply the absence of schemas themselves. In practice, schemas are implicit in both the application code and the stored data, and are essential for building tools such as data modelers, query optimizers, data migrators, or for performing database refactorings. As a result, NoSQL schema inference (also known as schema extraction or discovery) has gained attention from the database community, with most approaches focusing on extracting schemas from data. In contrast, the source code analysis remains less explored for this purpose.</div><div>In this paper, we present a static code analysis strategy to extract logical schemas from NoSQL applications. Our solution is based on a model-driven reverse engineering process composed of a chain of platform-independent model transformations. The extracted schema conforms to the U-Schema unified metamodel, which can represent both NoSQL and relational schemas. To support this process, we define a metamodel capable of representing the core elements of object-oriented languages. Application code is first injected into a code model, from which a control flow model is derived. This, in turn, enables the generation of a model representing both data access operations and the structure of stored data. From these models, the U-Schema logical schema is inferred. Additionally, the extracted information can be used to identify refactoring opportunities. We illustrate this capability through the detection of join-like query patterns and the automated application of field duplication strategies to eliminate expensive joins. All stages of the process are described in detail, and the approach is validated through a round-trip experiment in which a application using a MongoDB store is automatically generated from a predefined schema. The inferred schema is then compared to the original to assess the accuracy of the extraction process.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"236 ","pages":"Article 112787"},"PeriodicalIF":4.1,"publicationDate":"2026-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146080867","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An empirical assessment of go linters on real-world issues","authors":"Jianwei Wu ,&nbsp;James Clause","doi":"10.1016/j.jss.2026.112797","DOIUrl":"10.1016/j.jss.2026.112797","url":null,"abstract":"<div><div>Lightweight static code analysis tools (linters) are commonly used to inspect complex code, locate format violations, detect software vulnerabilities, and fix bugs. However, developers often lack a good understanding of the capabilities of linters for newer languages like Golang. In this paper, we evaluated existing Go linters by surveying professional developers about real-world issues in the industrial workflow at MathWorks. Because of the early adoption of Go linters, we continued to observe issues that disrupted our development workflow. This paper presents our practical experience with Go linters, highlighting specific issues that often escaped detection and the consequences of these gaps. The results of the evaluation show that the linters are often unable to detect issues and, even when they are able to, they are insufficient to guide developers to valid solutions. These results provide a better understanding of the capabilities of Go linters and facilitate the development of better tools in the future.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"236 ","pages":"Article 112797"},"PeriodicalIF":4.1,"publicationDate":"2026-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146080857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Smart contract vulnerabilities, tools, and benchmarks: An updated systematic literature review","authors":"Gerardo Iuliano,&nbsp;Dario Di Nucci","doi":"10.1016/j.jss.2026.112788","DOIUrl":"10.1016/j.jss.2026.112788","url":null,"abstract":"<div><div>Smart contracts are self-executing programs on blockchain platforms like Ethereum, which have revolutionized decentralized finance by enabling trustless transactions and the operation of decentralized applications. Despite their potential, the security of smart contracts remains a critical concern due to their immutability and transparency, which expose them to malicious actors. Numerous solutions for vulnerability detection have been proposed, but it is still unclear which one is the most effective. This paper presents a systematic literature review that explores vulnerabilities in Ethereum smart contracts, focusing on automated detection tools and benchmark evaluation. We reviewed 3380 studies from five digital libraries and five major software engineering conferences, applying a structured selection process that resulted in 222 high-quality studies. The key results include a hierarchical taxonomy of 192 vulnerabilities grouped into 13 categories, a comprehensive list of 219 detection tools with corresponding functionalities, methods, and code transformation techniques, a mapping between our taxonomy and the list of tools, and a collection of 133 benchmarks used for tool evaluation. We conclude with a discussion about the insights into the current state of Ethereum smart contract security and directions for future research.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"236 ","pages":"Article 112788"},"PeriodicalIF":4.1,"publicationDate":"2026-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146174708","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Age matters: Analyzing age-related discussions in app reviews","authors":"Shashiwadana Nirmani ,&nbsp;Garima Sharma ,&nbsp;Hourieh Khalajzadeh ,&nbsp;Mojtaba Shahin","doi":"10.1016/j.jss.2026.112800","DOIUrl":"10.1016/j.jss.2026.112800","url":null,"abstract":"<div><div>In recent years, mobile applications have become indispensable tools for managing various aspects of life. From enhancing productivity to providing personalized entertainment, mobile apps have revolutionized people’s daily routines. Despite this rapid growth and popularity, gaps remain in how these apps address the needs of users from different age groups. Users of varying ages face distinct challenges when interacting with mobile apps, from younger users dealing with inappropriate content to older users having difficulty with usability due to age-related vision and cognition impairments. Although there have been initiatives to create age-inclusive apps, a limited understanding of user perspectives on age-related issues may hinder developers from recognizing specific challenges and implementing effective solutions. In this study, we explore age discussions in app reviews to gain insights into how mobile apps should cater to users across different age groups. We manually curated a dataset of 4163 app reviews from the Google Play Store and identified 1429 age-related reviews and 2734 non-age-related reviews. We employed eight machine learning, deep learning, and large language models to automatically detect age discussions, with RoBERTa performing the best, achieving a precision of 92.46%. Additionally, a qualitative analysis of the 1429 age-related reviews uncovers six dominant themes reflecting user concerns: <em>Age Appropriateness of Content, Language and Recommendations, Age Verification and Access Barriers, Usability and Accessibility Across Ages, Privacy and Safety Concerns, Interactions and Relationships</em> and <em>Recommendations and Feature Requests</em>. Our findings reveal that users frequently encounter inappropriate content for children, struggle with strict or error-prone age verification systems, and emphasize the need for age-friendly accessibility and safety features. To address these issues, we offer actionable recommendations for app developers, including implementing flexible or gradient-based age restrictions, prioritizing safety features in kids’ apps, and strengthening parental controls.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"236 ","pages":"Article 112800"},"PeriodicalIF":4.1,"publicationDate":"2026-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146174709","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Fine-grained parametric bootstrap approach for NHPP-based software reliability modeling","authors":"Jingchi Wu,&nbsp;Tadashi Dohi,&nbsp;Junjun Zheng,&nbsp;Hiroyuki Okamura","doi":"10.1016/j.jss.2026.112789","DOIUrl":"10.1016/j.jss.2026.112789","url":null,"abstract":"<div><div>In software reliability, practitioners demand to estimate software reliability measures accurately from software fault-count data, for making the release decision and project management. To achieve these objectives, software fault-count processes are often described using software reliability models (SRMs) based on stochastic counting processes like non-homogeneous Poisson processes (NHPPs), and statistical point estimation of model parameters is carried out. Substituting the point estimates of model parameters into several software reliability measures, one gets the point estimates of desired reliability measures. However, since such point estimators tend to have high variances, the resulting release decision and project management plans are not reliable under uncertainty. Then, interval estimation of software reliability measures is expected to realize more robust decision making, but is quite difficult to obtain the analytical confidence regions. Bootstrap is a statistical method that generates realizations of statistical estimators by resampling fault-count data. It allows us to evaluate the statistical properties of software reliability measures under uncertainty. In this paper, we propose a fine-grained parametric bootstrap method for NHPP-based SRMs, where a thinning-like resampling algorithm is employed instead of intuitive resampling algorithms which generate the bootstrap data with ties problem. We compare our thinning-like resampling algorithm with the existing ones in both Monte Carlo simulation and empirical study. It can be shown that the model parameters and their associated software reliability measures estimated by our fine-grained parametric bootstrap method are more accurate and robust than the other bootstrap algorithms.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"236 ","pages":"Article 112789"},"PeriodicalIF":4.1,"publicationDate":"2026-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146080860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}