Journal of Systems and Software最新文献

{"title":"BaSFuzz: Fuzz testing based on difference analysis for seed bytes","authors":"Wenwei Lan ,&nbsp;Chen Huang ,&nbsp;Tingting Yu ,&nbsp;Li Li ,&nbsp;Zhanqi Cui","doi":"10.1016/j.jss.2025.112340","DOIUrl":"10.1016/j.jss.2025.112340","url":null,"abstract":"<div><div>Coverage-guided Greybox Fuzzing (CGF) is one of the most effective dynamic software testing techniques, which focus on improving the code coverage. The methodology automatically generates new offspring test cases by mutating existing test cases and analyzing program execution, preserving the interesting test cases as seeds for subsequent mutations. However, existing CGF tools often neglect the similarity between seeds. The mutation of similar seeds can yield a multitude of similar offspring test cases, subsequently executing similar code segments of the program under test. This challenge hinders the improvement of code coverage, consequently impacting the efficiency of fuzz testing.</div><div>To address this issue, this paper proposes a fuzz testing method BaSFuzz based on difference analysis for seed bytes. The method leverages both byte similarity and structure similarity to analyze the differences between seed bytes. Subsequently, it computes a similarity score for each seed and reorders the seed queue in ascending order of similarity scores.</div><div>Based on this method, a prototype tool is developed and compared with AFL, AFLFast, MOpt, AFL++-Hier and HTFuzz on 12 target programs. The experimental results indicate that BaSFuzz achieved 190.14%, 143.9%, 10.93%, 374.85% and 11.79% more edge coverage compared to the five tools, respectively. Additionally, BaSFuzz triggered unique crashes 3.57 times, 1.46 times, 42.38%, 2.85 times, and 33.44% more than the five tools, respectively.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"222 ","pages":"Article 112340"},"PeriodicalIF":3.7,"publicationDate":"2025-01-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143104115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Kotlin assimilating the Android ecosystem: An appraisal of diffusion and impact on maintainability","authors":"Riccardo Coppola,&nbsp;Tommaso Fulcini,&nbsp;Luca Ardito,&nbsp;Marco Torchiano","doi":"10.1016/j.jss.2025.112346","DOIUrl":"10.1016/j.jss.2025.112346","url":null,"abstract":"<div><div>Kotlin was introduced in 2011 as an alternative to the Java programming language, promising to address many of its predecessor’s limitations and positioning itself as a better option for application maintainability. In 2017, Kotlin became a first-class language for Android application development, complete with extensive tool support.</div><div>This paper aims to empirically assess the diffusion of Kotlin in developing Android applications and to investigate the impact of Kotlin adoption on application maintainability.</div><div>We mined 2708 open-source Android applications from F-Droid, focusing on the extent of Kotlin code presence, their popularity, and maintainability. This analysis adopted a set of six code metrics proxies.</div><div>The proportion of applications developed with Kotlin, either in conjunction with Java or exclusively, has continuously increased over the past five years. Currently, Kotlin is used in approximately 40% of the projects. The adoption of Kotlin in application development appears to be linked to greater popularity among end-users and developers when compared to the applications written in Java. Notably, the exclusive use of Kotlin in projects significantly enhances all the considered code maintainability metrics.</div><div>We conclude that Kotlin is rapidly gaining ground in the Android ecosystem. This trend is likely due to Kotlin’s fulfilment of its promise as a superior alternative to Java, particularly in terms of maintainability.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"222 ","pages":"Article 112346"},"PeriodicalIF":3.7,"publicationDate":"2025-01-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Extracting microservices from monolithic applications using consistent graph enhanced Graph Transformer","authors":"Xueyin Wei ,&nbsp;Jing Li ,&nbsp;Xudong He ,&nbsp;Weizhou Peng ,&nbsp;Ying Zhu ,&nbsp;Rongbin Gu ,&nbsp;Yunlong Zhu ,&nbsp;Jun Huang","doi":"10.1016/j.jss.2025.112345","DOIUrl":"10.1016/j.jss.2025.112345","url":null,"abstract":"<div><div>With the continuous development of cloud computing, the advantages of microservice architecture have become increasingly obvious compared with monolithic programs. Consequently, numerous firms are engaged in research aimed at transitioning legacy monolithic applications to microservices, thereby enabling them to maximize the advantages of cloud-based deployment. To solve the problem that manual decomposition of microservices is both time-consuming and labor-intensive, while traditional automated microservice decomposition methods cannot effectively integrate the rich structural and semantic information of single programs, we propose a microservice extraction method based on consistent graph clustering (GC-VCG). Initially, a static analysis strategy is employed to extract dependencies between classes within the monolithic application, as well as the textual information utilized in the class creation process, to construct both the structural and semantic views. Subsequently, a consistent graph enhanced Graph Transformer is utilized to learn a unified graph from both structural and semantic views. Lastly, the k-means clustering algorithm is applied to cluster the nodes, thereby identifying candidate microservices. To verify the effectiveness of GC-VCG, this paper compares it with multiple baseline methods on four publicly available monolithic applications. The results show the effectiveness of GC-VCG.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"222 ","pages":"Article 112345"},"PeriodicalIF":3.7,"publicationDate":"2025-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On the understandability of machine learning practices in deep learning and reinforcement learning based systems","authors":"Evangelos Ntentos ,&nbsp;Stephen John Warnett ,&nbsp;Uwe Zdun","doi":"10.1016/j.jss.2025.112343","DOIUrl":"10.1016/j.jss.2025.112343","url":null,"abstract":"<div><div>Machine learning (ML) has emerged as a transformative subject, using various algorithms to help systems analyze data and make predictions. Deep Learning (DL) uses neural networks to address hard problems. Reinforcement Learning (RL) is a way to solve problems by making consecutive decisions.</div><div>Understanding ML systems based only on the source code is often a challenging task, especially for inexperienced developers. In a controlled experiment involving one hundred fifty-eight participants, we assessed the understandability of ML-based systems and workflows through source code inspection compared to semi-formal representations in models and metrics.</div><div>We hypothesize that ML system diagrams modeling details of ML workflows and practices like transfer learning and checkpoints can enhance the understandability of ML practices in system design comprehension tasks, assessed through task <em>correctness</em>. Additionally, providing these sources could lead to an increase in task <em>duration</em>, and we expect a significant correlation between <em>correctness</em> and <em>duration</em>.</div><div>Our findings show that providing semi-formal ML system diagrams with the source code improves the effectiveness of the <em>correctness</em> for the DL relevant tasks. The control group had an average correctness of 0.7121, while the experimental group had a higher average correctness of 0.7759. On the other hand, participants who received only the system source code showed slightly better performance in the <em>correctness</em> task (average <em>correctness</em> 0.6808) within the RL relevant tasks compared to those who also received the semi-formal diagrams (average <em>correctness</em> of 0.6612). However, no significant difference was found in the <em>duration</em> task between the two. The control group, for the DL relevant tasks, took an average of 1571.62 s, whereas the experimental group took an average of 1763.85 s. For the RL relevant tasks, the control group had an average of 1883.80 s, while the experimental group 1925.46 s. However, semi-formal ML system diagrams can benefit specific scenarios.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"222 ","pages":"Article 112343"},"PeriodicalIF":3.7,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CIPAC: A framework of automated software construction based on collective intelligence","authors":"Jiaxin Liu,&nbsp;Yating Zhang,&nbsp;Yiwei Li,&nbsp;Tiecheng Ma,&nbsp;Wei Dong","doi":"10.1016/j.jss.2025.112335","DOIUrl":"10.1016/j.jss.2025.112335","url":null,"abstract":"<div><div>In software development, constructing programs efficiently and accurately is essential, which leads to the rise of program synthesis. However, the complexity of program spaces and the diversity of user intents restrict the scale and quality of the code generated, resulting in many works focused on generating function-level code. To address the automated generation of complex code, we propose an automated program construction process model CIPAC based on collective intelligence, which can generate software-level code automatically. CIPAC incorporates methods for the automated aggregation of collective intelligence, the construction of software structures and task specifications, efficient program generation and search, and the optimization of code quality and composition. CIPAC employs explainable program synthesis methods as its core to ensure reliability and leverages collective intelligence throughout the entire software development lifecycle. To validate the effectiveness of CIPAC, we conduct a case study for developing a matrix operation application and explore complex tasks in the aerospace domain. The results show that our platform enables the construction of the software project compared to existing methods. To demonstrate reliability, we conduct integration testing, system testing, and security validation, with results indicating that the generated project passes all tests without security issues.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"222 ","pages":"Article 112335"},"PeriodicalIF":3.7,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143104065","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Best practices for evaluating IRFL approaches","authors":"Thomas Hirsch,&nbsp;Birgit Hofer","doi":"10.1016/j.jss.2025.112342","DOIUrl":"10.1016/j.jss.2025.112342","url":null,"abstract":"<div><div>Information retrieval fault localization (IRFL) is a popular research field and many IRFL approaches have been proposed recently. Unfortunately, the evaluation of some of these IRFL approaches is often too simplistic, which can cause an overestimation of performance of these approaches. In this paper, we discuss evaluation pitfalls and problems. Furthermore, we propose best practices to avoid them. In detail, we discuss evaluation strategies such as parameter tuning and temporal dependencies in the data, dataset issues, metrics, statistical significance testing, and the unavailability of supplemental material. To support our claim of the poor status quo of current evaluation practices in some research papers, we have performed a literature survey on 135 papers. We hope that this paper will help researchers to avoid the described pitfalls in their evaluation of IRFL approaches.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"222 ","pages":"Article 112342"},"PeriodicalIF":3.7,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171457","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Job satisfaction at risk: Measuring the role of process debt in agile software development","authors":"Tomas Gustavsson ,&nbsp;Muhammad Ovais Ahmad ,&nbsp;Hina Saeeda","doi":"10.1016/j.jss.2025.112350","DOIUrl":"10.1016/j.jss.2025.112350","url":null,"abstract":"<div><div>Process debt (PD) in agile software development represents inefficiencies that undermine team performance and job satisfaction. This study investigates the quantitative impact of PD on job satisfaction within agile teams, surveying 191 participants from two software development organizations. Our research examines five PD types: Process Unsuitability, Roles Debt, Synchronization Debt, Documentation Debt, and Infrastructure Debt. Using multiple regression analysis, our model explains approximately 33.8 % of the variance in job satisfaction. Among the five PD types, Process Unsuitability and Roles Debt emerged as statistically significant predictors of reduced job satisfaction. These findings indicate that certain forms of PD have a measurable negative impact on developers’ perceptions of their work environment. By identifying which PD types most strongly influence job satisfaction, this research offers empirically grounded insights that can inform targeted interventions. Understanding and addressing the most impactful PD categories may help organizations refine agile processes, thereby mitigating the detrimental effects of process inefficiencies on job satisfaction.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"222 ","pages":"Article 112350"},"PeriodicalIF":3.7,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143104064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Understanding the low inter-rater agreement on aggressiveness on the Linux Kernel Mailing List","authors":"Thomas Bock ,&nbsp;Niklas Schneider ,&nbsp;Angelika Schmid ,&nbsp;Sven Apel ,&nbsp;Janet Siegmund","doi":"10.1016/j.jss.2025.112339","DOIUrl":"10.1016/j.jss.2025.112339","url":null,"abstract":"<div><div>Communication among software developers plays an essential role in open-source software (OSS) projects. Not unexpectedly, previous studies have shown that the conversational tone and, in particular, aggressiveness influence the participation of developers in OSS projects. Therefore, we aimed at studying aggressive communication behavior on the Linux Kernel Mailing List (LKML), which is known for aggressive e-mails of some of its contributors. To that aim, we attempted to assess the extent of aggressiveness of 720 e-mails from the LKML with a human annotation study, involving multiple annotators, to select a suitable sentiment analysis tool.</div><div>The results of our annotation study revealed that there is substantial disagreement, even among humans, which uncovers a deeper methodological challenge of studying aggressiveness in the software-engineering domain. Adjusting our focus, we dug deeper and investigated why the agreement among humans is generally low, based on manual investigations of ambiguously rated e-mails. Our results illustrate that human perception is individual and context dependent, especially when it comes to technical content. Thus, when identifying aggressiveness in software-engineering texts, it is not sufficient to rely on aggregated measures of human annotations. Hence, sentiment analysis tools specifically trained on human-annotated data do not necessarily match human perception of aggressiveness, and corresponding results need to be taken with a grain of salt. By reporting our results and experience, we aim at confirming and raising additional awareness of this methodological challenge when studying aggressiveness (and sentiment, in general) in the software-engineering domain.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"222 ","pages":"Article 112339"},"PeriodicalIF":3.7,"publicationDate":"2025-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143104111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Engineering patterns for Trust and Safety on social media platforms: A case study of Mastodon and Diaspora","authors":"Geoffrey Cramer,&nbsp;William P. Maxam III,&nbsp;James C. Davis","doi":"10.1016/j.jss.2024.112322","DOIUrl":"10.1016/j.jss.2024.112322","url":null,"abstract":"<div><h3>Context:</h3><div>Trust &amp; Safety (T&amp;S) Engineering is an emerging area of software engineering that mitigates the risks of harmful interactions in online platforms. Numerous studies have explored T&amp;S risks on social media platforms, taxonomizing threats and investigating individual issues. However, there is limited empirical knowledge about engineering efforts to promote T&amp;S.</div></div><div><h3>Methods:</h3><div>This study examines T&amp;S risks and the engineering patterns to resolve them. We conducted a case study of the two largest decentralized SMPs: Mastodon and Diaspora. These SMPs are open-source, so we analyzed T&amp;S discussions within 60 GitHub issues. We analyzed T&amp;S discussions that took place in their online repository and extracted T&amp;S risks, T&amp;S engineering patterns, and resolution rationales considered by the engineers. We integrate our findings by mapping T&amp;S engineering patterns onto a general model of SMPs, to give SMP engineers a systematic understanding of their T&amp;S risk treatment options.</div></div><div><h3>Results:</h3><div>T&amp;S issues are a challenge throughout the feature set and lifespan of an SMP. A taxonomy of 12 solution patterns are developed, paving the way for academia and industry to standardize Trust &amp; Safety solutions. We conclude with future directions to study and improve T&amp;S Engineering, spanning software design, decision-making, and validation. We conclude with future directions to study and improve T&amp;S Engineering, spanning software design, decision-making, and validation.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"222 ","pages":"Article 112322"},"PeriodicalIF":3.7,"publicationDate":"2025-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143104114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Runtime defect prediction of industrial business processes: A focused look at real-life SAP systems","authors":"Max Nijholt ,&nbsp;Giovanni Quattrocchi ,&nbsp;Damian Andrew Tamburri","doi":"10.1016/j.jss.2024.112306","DOIUrl":"10.1016/j.jss.2024.112306","url":null,"abstract":"<div><div>Business process operations are the dominant logic underpinning most of the service-based applications currently in use. Situated in the field of SAP business processes — commonly referred to as iFlows — and their integration, this paper looks into the defectiveness of such flows with a Machine-Learning approach. We propose to cluster and classify at runtime the Integration Flows of business processes during their orchestration; we do so by using metrics extracted from the Integration of 400+ complex business interaction and service orchestration Flows along with their metadata. Through a combined ensemble-based, clustering, and supervised learning exercise, we conclude that an AI-based approach for runtime defect prediction of iFlows shows considerable promise in providing actionable insights for better orchestration intelligence, especially in sight of self-aware business processes of the future.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"222 ","pages":"Article 112306"},"PeriodicalIF":3.7,"publicationDate":"2025-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143171511","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}