Journal of Systems and Software最新文献

{"title":"Software architecture-based self-adaptation in robotics","authors":"Elvin Alberts ,&nbsp;Ilias Gerostathopoulos ,&nbsp;Ivano Malavolta ,&nbsp;Carlos Hernández Corbato ,&nbsp;Patricia Lago","doi":"10.1016/j.jss.2024.112258","DOIUrl":"10.1016/j.jss.2024.112258","url":null,"abstract":"<div><h3>Context:</h3><div>Robotics software architecture-based self-adaptive systems (RSASSs) are robotics systems made robust to runtime uncertainty by adapting their software architectures. The research landscape of RSASS approaches is multidisciplinary and fragmented, with many aspects still unexplored or ineffectively shared among communities involved.</div></div><div><h3>Objective:</h3><div>We aim at identifying, classifying, and analyzing the state of the art of existing approaches for RSASSs from the following perspectives: (i) the key characteristics of approaches and (ii) the evaluation strategies applied by researchers.</div></div><div><h3>Method:</h3><div>We apply the systematic mapping research method. We selected <span><math><mrow><mn>37</mn></mrow></math></span> primary studies via automatic, manual, and snowballing-based search and selection procedures. We rigorously defined and applied a classification framework composed of 32 parameters and synthesize the obtained data to produce a comprehensive overview of the state of the art.</div></div><div><h3>Results:</h3><div>This work contributes (i) a rigorously defined classification framework for studies on RSASSs, (ii) a systematic map of the research efforts on RSASSs, (iii) a discussion of emerging findings and implications for future research, and (iv) a publicly available replication package.</div></div><div><h3>Conclusion:</h3><div>This study provides a solid evidence-based overview of the state of the art in RSASS approaches. Its results can benefit RSASS researchers at different levels of seniority and involvement in RSASS research.</div><div><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board</em>.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"219 ","pages":"Article 112258"},"PeriodicalIF":3.7,"publicationDate":"2024-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142535187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DLAP: A Deep Learning Augmented Large Language Model Prompting framework for software vulnerability detection","authors":"Yanjing Yang ,&nbsp;Xin Zhou ,&nbsp;Runfeng Mao ,&nbsp;Jinwei Xu ,&nbsp;Lanxin Yang ,&nbsp;Yu Zhang ,&nbsp;Haifeng Shen ,&nbsp;He Zhang","doi":"10.1016/j.jss.2024.112234","DOIUrl":"10.1016/j.jss.2024.112234","url":null,"abstract":"<div><div>Software vulnerability detection is generally supported by automated static analysis tools, which have recently been reinforced by deep learning (DL) models. However, despite the superior performance of DL-based approaches over rule-based ones in research, applying DL approaches to software vulnerability detection in practice remains a challenge. This is due to the complex structure of source code, the black-box nature of DL, and the extensive domain knowledge required to understand and validate the black-box results for addressing tasks after detection. Conventional DL models are trained by specific projects and, hence, excel in identifying vulnerabilities in these projects but not in others. These models with poor performance in vulnerability detection would impact the downstream tasks such as location and repair. More importantly, these models do not provide explanations for developers to comprehend detection results. In contrast, Large Language Models (LLMs) with prompting techniques achieve stable performance across projects and provide explanations for results. However, using existing prompting techniques, the detection performance of LLMs is relatively low and cannot be used for real-world vulnerability detections. This paper contributes <strong>DLAP</strong>, a <u><strong>D</strong></u>eep <u><strong>L</strong></u>earning <u><strong>A</strong></u>ugmented LLMs <u><strong>P</strong></u>rompting framework that combines the best of both DL models and LLMs to achieve exceptional vulnerability detection performance. Experimental evaluation results confirm that DLAP outperforms state-of-the-art prompting frameworks, including role-based prompts, auxiliary information prompts, chain-of-thought prompts, and in-context learning prompts, as well as fine-turning on multiple metrics.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"219 ","pages":"Article 112234"},"PeriodicalIF":3.7,"publicationDate":"2024-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142535184","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Scaling up statistical model checking of cyber-physical systems via algorithm ensemble and parallel simulations over HPC infrastructures","authors":"Leonardo Picchiami ,&nbsp;Maxime Parmentier ,&nbsp;Axel Legay ,&nbsp;Toni Mancini ,&nbsp;Enrico Tronci","doi":"10.1016/j.jss.2024.112238","DOIUrl":"10.1016/j.jss.2024.112238","url":null,"abstract":"<div><div>Model-based formal verification of industry-relevant Cyber-Physical Systems (CPSs) is often a computationally prohibitive task. In most cases, the complexity of the models precludes any prospect of symbolic analysis, leaving numerical simulation as the only viable option. Unfortunately, exhaustive simulation of a CPS model over the entire set of plausible operational scenarios is rarely possible in practice, and alternative strategies such as Statistical Model Checking (SMC) must be used instead.</div><div>In this article, we show that the number of model simulations (samples) required by SMC techniques to converge can be significantly reduced by considering multiple (an <em>ensemble</em> of) Adaptive Stopping Algorithms (SAs) at once, and that the simulations themselves (by far the most expensive step of the entire workload) can be efficiently sped up by exploiting massively parallel platforms.</div><div>With three industry-scale CPS models, we experimentally show that the use of an ensemble of two state-of-the-art SAs (<span><math><mi>AA</mi></math></span> and EBGStop) may require dozens of millions fewer samples when compared to running a single algorithm, with reductions in sample size of up to 78%. Furthermore, we show that our implementation, by massively parallelizing system model simulations on a HPC infrastructure, yields speed-ups for the completion time of the verification tasks which are practically linear with respect to the number of computational nodes, thus achieving an efficiency of virtually 100%, even on very large platforms. This makes it possible to complete tasks of model-based SMC verification for complex CPSs in a matter of hours or days, whereas a naïve sequential execution would require from months to many years.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"219 ","pages":"Article 112238"},"PeriodicalIF":3.7,"publicationDate":"2024-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142535183","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Leveraging belief uncertainty for informed decision making in software product line evolution","authors":"Jose-Miguel Horcas ,&nbsp;Lola Burgueño ,&nbsp;Jörg Kienzle","doi":"10.1016/j.jss.2024.112235","DOIUrl":"10.1016/j.jss.2024.112235","url":null,"abstract":"<div><div>Software Product Lines (SPL) are not static software artifacts, but they evolve over time. The planning, realization, and release of a SPL requires many high-level decisions involving many different stakeholders with different expertise. Taking their opinions into account to make the right decisions is not trivial. Currently there are no mechanisms to assist stakeholders in the decision making process in an informed manner. In this paper, we propose the use of belief uncertainty in conjunction with feature models to assist in the evolution of SPLs by explicitly quantifying opinions and their associated uncertainty. We present a novel approach in which subjective logic is used to represent the opinions of stakeholders in three evolution scenarios, namely feature model evolution, next release problem and variability reduction. We apply our approach to the evolution of the Xiaomi MiBand SmartWatch SPL over the time period from July 2014 to October 2023. We present an implementation of our approach and evaluate its scalability.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"219 ","pages":"Article 112235"},"PeriodicalIF":3.7,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142535188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Syntax-preserving program slicing for C-based software product lines","authors":"Lea Gerling","doi":"10.1016/j.jss.2024.112255","DOIUrl":"10.1016/j.jss.2024.112255","url":null,"abstract":"<div><div>Program slicing is a well-established technique for identifying a reduced subset of a program based on pre-defined criteria, leading to complexity reduction in subsequent activities. Despite extensive study over the past 40 years, slicing techniques for software product lines <em>(SPLs)</em> remain notably scarce. The absence of dedicated SPL slicing approaches hinders their efficient analysis and maintenance, limiting the ability to focus only on relevant parts of the SPL. One reason for this deficiency is the complex nature of a common variability implementation: the use of C preprocessor <span>#ifdef</span>-annotations within C code. A slicing approach for C-based SPLs must address the intricate interplay between the C code and the functionality introduced by the C preprocessor. Effectively handling these intricacies will unleash the full potential of SPL analysis. In this paper, we present a novel syntax-preserving program slicing approach for C-based SPLs. Unlike existing methods, our approach enables the computation of program slices through an integrated analysis of both C and CPP code, while preserving the original program syntax (no element of its syntax is disregarded or changed). This preservation ensures that the resulting program slices remain <em>authentic</em> subsets of the SPL, making them suitable inputs for variability-aware analyses. Additionally, we demonstrate the practical applicability of these slices in the context of software transplantation, showcasing their potential for facilitating functionality transfer between different program versions. In contrast to existing transplantation approaches, our solution works without test cases, removing the need for product configuration and execution. Consequently, the variability implementation (along with all other contained preprocessor code) is preserved during the transplantation. We empirically evaluate our approach on four distinct open-source SPLs, showcasing its effectiveness in generating diverse program slices tailored to different slicing criteria. We asses the accuracy of our code representation, the time required for slicing and transplantation, the size reduction achieved through the slices, and the functionality of our variability-aware transplantation approach.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"219 ","pages":"Article 112255"},"PeriodicalIF":3.7,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142534967","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Applying SOLID principles for the refactoring of legacy code: An experience report","authors":"Ivan Yanakiev ,&nbsp;Bogdan-Mihai Lazar ,&nbsp;Andrea Capiluppi","doi":"10.1016/j.jss.2024.112254","DOIUrl":"10.1016/j.jss.2024.112254","url":null,"abstract":"<div><div>The presence of technical debt in legacy systems is an inevitable consequence of years of development. Metrics play a significant role in informing the prioritisation process of maintenance activities to reduce this debt. However, it is important to note that not all metrics are equally important or readily available in real industrial settings.</div><div>This paper summarises an experience report of refactoring activities performed at a Dutch partnering company, aimed at identifying, prioritising and repaying parts of the architectural technical debt accumulated in two decades of development.</div><div>Given the size of the refactoring task, a data-driven prioritisation was necessary, and based on the impact that the maintenance activity would have on the base system. However, the metrics available from the monitoring of the system formed a limited set, and were not always focused on architectural aspects. Even so, the impact analysis was performed and resulted in the selection of a subset of components that needed urgent maintenance.</div><div>The refactoring of the identified components was centred around the well-known SOLID design principles, particularly the Dependency Inversion (DI) principle. Additionally, a set of recurring actions was established into ‘refactoring patterns’ and systematically applied to more than 5,000 source, header and custom domain language files.</div><div>This work, albeit limited to the period where the activity was planned for, was well received by the industrial collaborator. The patterns have proven very valuable in the process of maintaining such a large project scope. The data-driven approach and the identified patterns have helped the team navigate this large space and consistently refactor similar architectural issues that fall under the same category.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"220 ","pages":"Article 112254"},"PeriodicalIF":3.7,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142551917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Unveiling the microservices testing methods, challenges, solutions, and solutions gaps: A systematic mapping study","authors":"Mingxuan Hui ,&nbsp;Lu Wang ,&nbsp;Hao Li ,&nbsp;Ren Yang ,&nbsp;Yuxin Song ,&nbsp;Huiying Zhuang ,&nbsp;Di Cui ,&nbsp;Qingshan Li","doi":"10.1016/j.jss.2024.112232","DOIUrl":"10.1016/j.jss.2024.112232","url":null,"abstract":"<div><div>Microservices architecture (MSA) is widely used by enterprises and related practitioners. Due to the importance of MSA in the industry, failure to identify its potential faults and errors will cause serious consequences. Consequently, it is imperative to conduct testing on the MSA to guarantee its quality and reliability. As a key task in the software development lifecycle, microservices testing can effectively identify defects and errors caused by incorrect or unexpected behavior of microservices software, ensuring the quality of microservices software. Currently, related reviews lack a comprehensive summary of the challenges and solutions faced by microservices testing. To fill this gap, this study provides a comprehensive review of the microservices testing. It analyzes 93 primary studies from 19595 pieces of research, eventually identifying nine categories of microservices testing methods, four types of challenges, and 5 specific solutions to challenges. The conclusion shows that the current part of microservices testing methods is significantly different from other architectural testing methods, lacking exploration of testing methods under different communication mechanisms. Furthermore, this paper discusses the above conclusions, providing directions to further narrow the gap in solutions to challenges and future development directions for microservices testing.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"220 ","pages":"Article 112232"},"PeriodicalIF":3.7,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142592845","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Challenges and opportunities: Implementing diversity and inclusion in software engineering university level education in Finland","authors":"Sonja M. Hyrynsalmi","doi":"10.1016/j.jss.2024.112239","DOIUrl":"10.1016/j.jss.2024.112239","url":null,"abstract":"<div><div>Considerable efforts have been made at the high school level to encourage girls to pursue software engineering careers and raise awareness about diversity within the field. Similarly, software companies have become more active in diversity and inclusion (D&amp;I) topics, aiming to create more inclusive work environments. However, the way diversity and inclusion are approached inside software engineering university education remains less clear. This study investigates the current state of D&amp;I in software engineering education and faculties in Finland. An online survey (N = 30) was conducted among Finnish software engineering university teachers to investigate which approaches and case examples of D&amp;I are most commonly used by software engineering teachers in Finland. In addition, it was researched how software engineering teachers perceive the importance of D&amp;I in their courses. As a result of the quantitative and thematic analysis, a framework to identify attitudes, approaches, challenges and pedagogical strategies when implementing D&amp;I themes in software engineering education is presented. This framework also offers a process for integrating D&amp;I themes for the curriculum or at the faculty level. The findings of this study emphasize that there is a continuing need for diverse-aware education and training. The results underline the responsibility of universities to ensure that future professionals are equipped with the necessary skills and knowledge to promote D&amp;I in the field of software engineering.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"219 ","pages":"Article 112239"},"PeriodicalIF":3.7,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142535181","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Power of Words in Agile vs. Waterfall Development: Written Communication in Hybrid Software Teams","authors":"Delina Ly ,&nbsp;Michiel Overeem ,&nbsp;Sjaak Brinkkemper ,&nbsp;Fabiano Dalpiaz","doi":"10.1016/j.jss.2024.112243","DOIUrl":"10.1016/j.jss.2024.112243","url":null,"abstract":"<div><div>Software development is constantly evolving, adapting to emerging technologies and development paradigms while leveraging advancements in communication technologies and work modes. We conduct an exploratory case study in a large software organization to investigate how the development paradigm and the formality of communication channels affect written communication within hybrid teams. We perform statistical and content analysis of written conversations from 20 projects involving two software products that use industry adaptations of the Waterfall model and of Scrum, respectively. We found that in agile-developed projects, communication related to the execution-monitoring-control phase of the Project Management Life Cycle is more prevalent, and communication related to the initiation phase occurs more frequently in informal channels. For both project types, communication primarily pertains to the software construction phase of the Software Development Life Cycle. After annotating communication contents using speech acts, representatives are found to be prevalent in informal channels for agile-developed projects, directives are more prevalent in informal channels for waterfall-developed projects, and expressives are more frequent in informal channels for both project types. We provide empirical evidence that development paradigms and communication channel formality impact written communication, with agile-developed projects showing more collaborative interactions in informal channels compared to waterfall-developed projects.</div><div><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board</em>.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"219 ","pages":"Article 112243"},"PeriodicalIF":3.7,"publicationDate":"2024-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142535180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Andromeda: A model-connected framework for safety assessment and assurance","authors":"Athanasios Retouniotis ,&nbsp;Yiannis Papadopoulos ,&nbsp;Ioannis Sorokos","doi":"10.1016/j.jss.2024.112256","DOIUrl":"10.1016/j.jss.2024.112256","url":null,"abstract":"<div><div>Safety is a key factor in the development of critical systems, encompassing both conventional types, such as aircraft, and modern technologies, such as autonomous vehicles. Failures during their operation can be potentially far-reaching and impact people and the environment. To certify these systems and enable their employment, regulatory bodies require, among others, a safety case. However, the growing complexity of modern systems and iterative nature of development pose significant challenges to the traditional approaches for creating safety cases that are still used in practice. Furthermore, safety cases are often generated in an ad-hoc manner and remain disconnected from system models and related artefacts. Without these connections it is difficult to construct the proper infrastructure for producing and maintaining safety cases in a structured manner throughout the system lifecycle. This paper presents our innovative method, Andromeda, and its underpinning metamodel, which establish connections between safety cases, system models, safety assessment activities aligned with international safety standards, and argument patterns. Automation is applied across various stages of the production of argument structures that support safety assurance and certification activities. Andromeda is complemented by tool-support designed to facilitate its application, and we demonstrate our work through a case study from the aviation industry.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"220 ","pages":"Article 112256"},"PeriodicalIF":3.7,"publicationDate":"2024-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142655186","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}