Information and Software Technology最新文献

{"title":"Causal reasoning in Software Quality Assurance: A systematic review","authors":"Luca Giamattei,&nbsp;Antonio Guerriero,&nbsp;Roberto Pietrantuono,&nbsp;Stefano Russo","doi":"10.1016/j.infsof.2024.107599","DOIUrl":"10.1016/j.infsof.2024.107599","url":null,"abstract":"<div><h3>Context:</h3><div>Software Quality Assurance (SQA) is a fundamental part of software engineering to ensure stakeholders that software products work as expected after release in operation. Machine Learning (ML) has proven to be able to boost SQA activities and contribute to the development of quality software systems. In this context, <em>Causal Reasoning</em> is gaining increasing interest as a methodology to go beyond a purely data-driven approach by exploiting the use of causality for more effective SQA strategies.</div></div><div><h3>Objective:</h3><div>Provide a broad and detailed overview of the use of causal reasoning for SQA activities, in order to support researchers to access this research field, identifying room for application, main challenges and research opportunities.</div></div><div><h3>Methods:</h3><div>A systematic review of the scientific literature on causal reasoning for SQA. The study has found, classified, and analyzed 86 articles, according to established guidelines for software engineering secondary studies.</div></div><div><h3>Results:</h3><div>Results highlight the primary areas within SQA where causal reasoning has been applied, the predominant methodologies used, and the level of maturity of the proposed solutions. Fault localization is the activity where causal reasoning is more exploited, especially in the web services/microservices domain, but other tasks like testing are rapidly gaining popularity. Both causal inference and causal discovery are exploited, with the Pearl’s graphical formulation of causality being preferred, likely due to its intuitiveness. Tools to favor their application are appearing at a fast pace — most of them after 2021.</div></div><div><h3>Conclusions:</h3><div>The findings show that causal reasoning is a valuable means for SQA tasks with respect to multiple quality attributes, especially during V&amp;V, evolution and maintenance to ensure reliability, while it is not yet fully exploited for phases like requirements engineering and design. We give a picture of the current landscape, pointing out exciting possibilities for future research.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"178 ","pages":"Article 107599"},"PeriodicalIF":3.8,"publicationDate":"2024-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142527295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Detecting and Explaining Python Name Errors","authors":"Jiawei Wang ,&nbsp;Li Li ,&nbsp;Kui Liu ,&nbsp;Xiaoning Du","doi":"10.1016/j.infsof.2024.107592","DOIUrl":"10.1016/j.infsof.2024.107592","url":null,"abstract":"<div><div>Python has become one of the most popular programming languages nowadays but has not received enough attention from the software engineering community. Many errors, either fixed or not yet, have been scattered in the lifetime of Python projects, including popular Python libraries that have already been reused. NameError is among one of those errors that are widespread in the Python community, as confirmed in our empirical study. Yet, our community has not put effort into helping developers mitigate its introductions. To fill this gap, we propose in this work a static analysis-based approach called <em>DENE</em> (short for <strong>D</strong>etecting and <strong>E</strong>xplaining <strong>N</strong>ame <strong>E</strong>rrors) to automatically detect and explain name errors in Python projects. To this end, <em>DENE</em> builds control-flow graphs for Python projects and leverages a scope-aware reaching definition analysis to locate identifiers that may cause name errors at runtime and report their locations. Experimental results on carefully crafted ground truth demonstrate that <em>DENE</em> is effective in detecting name errors in real-world Python projects. The results also confirm that unknown name errors are still widely presented in popular Python projects and libraries, and the outputs of <em>DENE</em> can indeed help developers understand why the name errors are flagged as such.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"178 ","pages":"Article 107592"},"PeriodicalIF":3.8,"publicationDate":"2024-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142527296","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Better together: Automated app review analysis with deep multi-task learning","authors":"Yawen Wang ,&nbsp;Junjie Wang ,&nbsp;Hongyu Zhang ,&nbsp;Xuran Ming ,&nbsp;Qing Wang","doi":"10.1016/j.infsof.2024.107597","DOIUrl":"10.1016/j.infsof.2024.107597","url":null,"abstract":"<div><h3>Context:</h3><div>User reviews of mobile apps provide an important communication channel between developers and users. Existing approaches to automated app review analysis mainly focus on one task (e.g., bug classification task, information extraction task, etc.) at a time, and are often constrained by the manually defined patterns and the ignorance of the correlations among the tasks. Recently, multi-task learning (MTL) has been successfully applied in many scenarios, with the potential to address the limitations associated with app review mining tasks.</div></div><div><h3>Objective:</h3><div>In this paper, we propose <span>MABLE</span>, a deep MTL-based and semantic-aware approach, to improve app review analysis by exploiting task correlations.</div></div><div><h3>Methods:</h3><div><span>MABLE</span> jointly identifies the types of involved bugs reported in the review and extracts the fine-grained features where bugs might occur. It consists of three main phases: (1) data preparation phase, which prepares data to allow data sharing beyond single task learning; (2) model construction phase, which employs a BERT model as the shared representation layer to capture the semantic meanings of reviews, and task-specific layers to model two tasks in parallel; (3) model training phase, which enables eavesdropping by shared loss function between the two related tasks.</div></div><div><h3>Results:</h3><div>Evaluation results on six apps show that <span>MABLE</span> outperforms ten commonly-used and state-of-the-art baselines, with the precision of 79.76% and the recall of 79.24% for classifying bugs, and the precision of 79.83% and the recall of 80.33% for extracting problematic app features. The MTL mechanism improves the F-measure of two tasks by 3.80% and 4.63%, respectively.</div></div><div><h3>Conclusion:</h3><div>The proposed approach provides a novel and effective way to jointly learn two related review analysis tasks, and sheds light on exploring other review mining tasks.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"177 ","pages":"Article 107597"},"PeriodicalIF":3.8,"publicationDate":"2024-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142442353","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A family of experiments to quantify the benefits of adopting WebDriverManager and Selenium-Jupiter","authors":"Maurizio Leotta ,&nbsp;Boni García ,&nbsp;Filippo Ricca","doi":"10.1016/j.infsof.2024.107595","DOIUrl":"10.1016/j.infsof.2024.107595","url":null,"abstract":"<div><h3>Context:</h3><div>While test automation offers numerous benefits, it also introduces significant challenges. Two challenges that developers and testers face on a daily basis, particularly when using Selenium WebDriver to test web applications, are driver management (involving tasks such as version identification, download, installation, and maintenance) and management of test lifecycle phases (using specific test libraries, as for example JUnit, and inserting annotations into the code). These manual tasks make test suite development particularly tedious, error-prone, and expensive. Recently, to ease the burden on developers and testers, some Java libraries have been proposed, called <em>WebDriverManager</em> and <em>Selenium-Jupiter</em>, capable of automatically carrying out the driver management process for Selenium WebDriver and simplifying the development of test suites. These libraries appear to be very promising but until now no one has experimentally evaluated their effectiveness.</div></div><div><h3>Objective:</h3><div>To investigate the effectiveness of <em>WebDriverManager</em> and <em>Selenium-Jupiter</em> in reducing driver management times and boilerplate code.</div></div><div><h3>Method:</h3><div>We designed and conducted a family of experiments (three for <em>WebDriverManager</em> and two for <em>Selenium-Jupiter</em>) with 104 master student participants from the University of Genoa, Italy (across academic years 2021/2022 and 2022/2023) and nine professional participants.</div></div><div><h3>Results:</h3><div>Results indicate that the adoption of Selenium WebDriver with <em>WebDriverManager</em> significantly reduces setup time for multi-browser test suites from 33% to 50% (depending on the tester experience). Additionally, <em>Selenium-Jupiter</em> reduces test suite development time significantly (20% on average). Although it also decreases total code length, the reduction is relatively small compared to overall code length.</div></div><div><h3>Conclusion:</h3><div><em>WebDriverManager</em> and <em>Selenium-Jupiter</em> can be seen as valuable solutions for enhancing testers’ productivity by shortening the time needed to develop test suites and minimizing the amount of code to write.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"178 ","pages":"Article 107595"},"PeriodicalIF":3.8,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142526806","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Strategic digital product management: Nine approaches","authors":"Helena Holmström Olsson ,&nbsp;Jan Bosch","doi":"10.1016/j.infsof.2024.107594","DOIUrl":"10.1016/j.infsof.2024.107594","url":null,"abstract":"<div><h3>Context:</h3><div>The role of product management (PM) is key for building, implementing and managing software-intensive systems. Whereas engineering is concerned with how to build systems, PM is concerned with ‘what’ to build and ‘why’ we should build the product. The role of PM is recognized as critical for the success of any product. However, few studies explore how the role of PM is changing due to recent trends that come with digitalization and digital transformation.</div></div><div><h3>Objectives:</h3><div>Although there is prominent research on PM, few studies explore how this role is changing due to the digital transformation of the software-intensive industry. In this paper, we study how trends such as DevOps and short feedback loops, data and artificial intelligence (AI), as well as the emergence of digital ecosystems, are changing current product management practices.</div></div><div><h3>Methods:</h3><div>This study employs a qualitative approach using multi-case study research as the method. For our research, we selected five case companies in the software-intensive systems domain. Through workshop sessions, frequent meetings and interviews, we explore how DevOps and short feedback loops, data and artificial intelligence (AI), and digital ecosystems challenge current PM practices.</div></div><div><h3>Results:</h3><div>Our study yielded an in-depth understanding of how digital transformation of the software-intensive systems industry is changing current PM practices. We present empirical results from workshops and from interviews in which case company representatives share their insights on how software, data and AI impact current PM practices. Based on these results, we present a framework organized along two dimensions, i.e. a certainty dimension and an approach dimension. The framework helps structure the approaches product managers can employ to select and prioritize development of new functionality.</div></div><div><h3>Contributions:</h3><div>The contribution of this paper is a framework for ‘Strategic Digital Product Management’ (SDPM). The framework outlines nine approaches that product managers can employ to maximize the return on investment (RoI) of R&amp;D using new digital technologies.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"177 ","pages":"Article 107594"},"PeriodicalIF":3.8,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142423608","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Deciphering refactoring branch dynamics in modern code review: An empirical study on Qt","authors":"Eman Abdullah AlOmar","doi":"10.1016/j.infsof.2024.107596","DOIUrl":"10.1016/j.infsof.2024.107596","url":null,"abstract":"<div><h3>Context:</h3><div>Modern code review is a widely employed technique in both industrial and open-source projects, serving to enhance software quality, share knowledge, and ensure compliance with coding standards and guidelines. While code review is extensively studied for its general challenges, best practices, outcomes, and socio-technical aspects, little attention has been paid to how refactoring is reviewed and what developers prioritize when reviewing refactored code in the ‘Refactor’ branch.</div></div><div><h3>Objective:</h3><div>The goal is to understand the review process for refactoring changes in the ‘Refactor’ branch and to identify what developers care about when reviewing code in this branch.</div></div><div><h3>Method:</h3><div>In this study, we present a quantitative and qualitative examination to understand the main criteria developers use to decide whether to accept or reject refactored code submissions and identify the challenges inherent in this process.</div></div><div><h3>Results:</h3><div>Analyzing 2154 refactoring and non-refactoring reviews across Qt open-source projects, we find that reviews involving refactoring from the ‘Refactor’ branch take significantly less time to resolve in terms of code review efforts. Additionally, documentation of developer intent is notably sparse within the ‘Refactor’ branch compared to other branches. Furthermore, through thematic analysis of a substantial sample of refactoring code review discussions, we construct a comprehensive taxonomy consisting of 12 refactoring review criteria.</div></div><div><h3>Conclusion:</h3><div>Our findings underscore the importance of developing precise and efficient tools and techniques to aid developers in the review process amidst refactorings.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"177 ","pages":"Article 107596"},"PeriodicalIF":3.8,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142442351","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Migration of monolithic systems to microservices: A systematic mapping study","authors":"Ana Martínez Saucedo ,&nbsp;Guillermo Rodríguez ,&nbsp;Fabio Gomes Rocha ,&nbsp;Rodrigo Pereira dos Santos","doi":"10.1016/j.infsof.2024.107590","DOIUrl":"10.1016/j.infsof.2024.107590","url":null,"abstract":"<div><h3>Context:</h3><div>The popularity of microservices architecture has grown due to its ability to address monolithic architecture issues, such as limited scalability, hard maintenance, and technological dependence. Nonetheless, the migration of monolith systems to microservices is complex. Therefore, methodologies and techniques are needed to facilitate migration and support practitioners and software architects.</div></div><div><h3>Objective:</h3><div>The objective of this study is to investigate cases of application migration, microservices identification techniques, tools used during migration, factors that promote migration, as well as issues and benefits of the migration.</div></div><div><h3>Method:</h3><div>We have conducted this SMS following the guidelines established by Kitchenham and Petersen. The research objective was defined using part of the Goal-Question-Metric model and the Population, Intervention, and Outcome criteria. From 1546 studies that were retrieved from the search execution, 114 were selected and analyzed to answer the research questions.</div></div><div><h3>Results:</h3><div>This SMS contributes with (i) a migration process proposal based on migration cases, (ii) a characterization of migration techniques based on different criteria, (iii) an analysis of tools to support migration, (iv) the identification of migration drivers, and (v) an exploration of migration issues as well as benefits.</div></div><div><h3>Conclusion:</h3><div>This SMS sheds light on the complexity and variability of migrating monolithic systems to microservices, as well as the limited number of migration tools. While scalability and maintenance drive migration, few studies assess them. Key challenges include microservices communication and database migration, with most research focusing primarily on monolith decomposition. Despite these difficulties, migration offers benefits, particularly in scalability and maintainability.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"177 ","pages":"Article 107590"},"PeriodicalIF":3.8,"publicationDate":"2024-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142423606","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DFL: A DOM sample generation oriented fuzzing framework for browser rendering engines","authors":"Guoyun Duan ,&nbsp;Hai Zhao ,&nbsp;Minjie Cai ,&nbsp;Jianhua Sun ,&nbsp;Hao Chen","doi":"10.1016/j.infsof.2024.107591","DOIUrl":"10.1016/j.infsof.2024.107591","url":null,"abstract":"<div><div>The security of web browsers, being fundamental to Internet access infrastructure, has garnered significant attention. Current approaches to identify browser vulnerabilities predominantly rely on code auditing and componentized unit testing. Fuzzing has emerged as an efficient technique for vulnerability discovery. However, adapting this method to browser security testing poses considerable challenges. Recent endeavors in browser vulnerability discovery primarily concentrate on the parsing engine, with limited solutions addressing the rendering engine. Moreover, coverage-guided mutation, a critical aspect, is not prevalent in existing fuzzing frameworks. In this paper, we present a coverage-guided fuzzing framework of DFL, which builds on Freedom and AFL to re-engineer various text generators based on DOM syntax and optimize the efficiency of sample generation. Additionally, serialization and deserialisation methods are developed for the implementation of generator text mutations and the seamless conversion between binary samples and the source DOM tree. When compared with three established DOM fuzzing frameworks in the latest Chromium kernel, DFL has demonstrated an ability to uncover 1.5–3 times more vulnerabilities within a short timeframe. Our research identifies potential avenues for further exploration in browser rendering engine security, specifically focusing on sample generation and path direction.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"177 ","pages":"Article 107591"},"PeriodicalIF":3.8,"publicationDate":"2024-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142423607","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"What helps Agile remote teams to be successful in developing software? Empirical evidence","authors":"Marta Adzgauskaite,&nbsp;Carlos Tam,&nbsp;Ricardo Martins","doi":"10.1016/j.infsof.2024.107593","DOIUrl":"10.1016/j.infsof.2024.107593","url":null,"abstract":"<div><div>Software development firms have specific goals but today's dynamic business environment, especially regarding the use of remote teams, presents great challenges due to uncertainties and multiple risks. This study investigates the facilitators of the success of Agile software development projects delivered by remote teams. We employ a conceptual research model founded on the technology-organization-environment (TOE) framework. The study contributes to the literature by exploring how remote teams affect the success of Agile software development projects. Partial least squares structural equation modeling (PLS-SEM) analysis of the data collected from 198 IT professionals revealed that perceived pressure from government, job performance, and team satisfaction are significant in explaining these projects’ success.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"177 ","pages":"Article 107593"},"PeriodicalIF":3.8,"publicationDate":"2024-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142423609","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DeepMig: A transformer-based approach to support coupled library and code migrations","authors":"Juri Di Rocco ,&nbsp;Phuong T. Nguyen ,&nbsp;Claudio Di Sipio ,&nbsp;Riccardo Rubei ,&nbsp;Davide Di Ruscio ,&nbsp;Massimiliano Di Penta","doi":"10.1016/j.infsof.2024.107588","DOIUrl":"10.1016/j.infsof.2024.107588","url":null,"abstract":"<div><h3>Context:</h3><div>While working on software projects, developers often replace third-party libraries (TPLs) with different ones offering similar functionalities. However, choosing a suitable TPL to migrate to is a complex task. As TPLs provide developers with Application Programming Interfaces (APIs) to allow for the invocation of their functionalities after adopting a new TPL, projects need to be migrated by the methods containing the affected API calls. Altogether, the coupled migration of TPLs and code is a strenuous process, requiring massive development effort. Most of the existing approaches either deal with library or API call migration but usually fail to solve both problems coherently simultaneously.</div></div><div><h3>Objective:</h3><div>This paper presents DeepMig, a novel approach to the coupled migration of TPLs and API calls. We aim to support developers in managing their projects, at the library and API level, allowing them to increase their productivity.</div></div><div><h3>Methods:</h3><div>DeepMig is based on a transformer architecture, accepts a set of libraries to predict a new set of libraries. Then, it looks for the changed API calls and recommends a migration plan for the affected methods. We evaluate DeepMig using datasets of Java projects collected from the Maven Central Repository, ensuring an assessment based on real-world dependency configurations.</div></div><div><h3>Results:</h3><div>Our evaluation reveals promising outcomes: DeepMig recommends both libraries and code; by several projects, it retrieves a perfect match for the recommended items, obtaining an accuracy of 1.0. Moreover, being fed with proper training data, DeepMig provides comparable code migration steps of a static API migrator, a baseline for the code migration task.</div></div><div><h3>Conclusion:</h3><div>We conclude that DeepMig is capable of recommending both TPL and API migration, providing developers with a practical tool to migrate the entire project.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"177 ","pages":"Article 107588"},"PeriodicalIF":3.8,"publicationDate":"2024-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142423613","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}