Automated Software Engineering最新文献_第2页

Intelligent test case generation method for fuzzing IoT protocols based on LLM 基于LLM的物联网协议模糊测试用例智能生成方法

IF 3.1 2区计算机科学

Automated Software Engineering Pub Date : 2025-09-18 DOI: 10.1007/s10515-025-00557-x

Ming Zhong, Zisheng Zeng, Yijia Guo, Dandan Zhao, Bo Zhang, Shenghong Li, Hao Peng, Zhiguo Ding

{"title":"Intelligent test case generation method for fuzzing IoT protocols based on LLM","authors":"Ming Zhong, Zisheng Zeng, Yijia Guo, Dandan Zhao, Bo Zhang, Shenghong Li, Hao Peng, Zhiguo Ding","doi":"10.1007/s10515-025-00557-x","DOIUrl":"10.1007/s10515-025-00557-x","url":null,"abstract":"<div><p>The Internet of Things (IoT) protocols are a core element of IoT systems, providing the fundamental support for communication and data exchange between devices. These protocols enable various devices to connect and work together. However, potential errors and vulnerabilities in IoT protocol implementations can make devices easily attacked. Therefore, ensuring the security of IoT protocols is of utmost importance. Common vulnerability detection methods, such as fuzzing, encounter significant challenges in evaluating these implementations, mainly due to the need for extensive protocol knowledge, high time and resource consumption, as well as the difficulty of generating high-quality and targeted test cases. In order to solve the above issues, this paper presents an intelligent fuzzer, LIPFuzzer, for testing IoT protocols. Unlike common methods that heavily rely on the user’s understanding of the protocol to generate test cases, LIPFuzzer, with the assistance of Large Language Models (LLMs), mutates real IoT protocol communication messages to automatically generate more targeted test cases. Specifically, it utilizes LLMs to understand the relative knowledge of protocols, analyze different categories of protocol messages, and identify recommended mutation fields in combination with the characteristics of IoT protocols, providing targeted mutation strategies for each category. In addition, we evaluate LIPFuzzer on several widely-used implementations of well-known IoT protocols (e.g., Modbus-TCP, MQTT, and CoAP). Experimental results indicate that, compared to widely-used protocol fuzzers such as Peach, LIPFuzzer generates test cases more conveniently and efficiently, while also discovering vulnerabilities more effectively.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"33 1","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145073629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

HMF: Enhancing reentrancy vulnerability detection and repair with a hybrid model framework HMF：使用混合模型框架增强可重入漏洞检测和修复

IF 3.1 2区计算机科学

Automated Software Engineering Pub Date : 2025-09-13 DOI: 10.1007/s10515-025-00546-0

Mengliang Li, Qiang Shen, Xiaoxue Ren, Han Fu, Zhuo Li, Jianling Sun

{"title":"HMF: Enhancing reentrancy vulnerability detection and repair with a hybrid model framework","authors":"Mengliang Li, Qiang Shen, Xiaoxue Ren, Han Fu, Zhuo Li, Jianling Sun","doi":"10.1007/s10515-025-00546-0","DOIUrl":"10.1007/s10515-025-00546-0","url":null,"abstract":"<div>\u0000 \u0000 <p>Smart contracts have revolutionized the credit landscape. However, their security remains intensely scrutinized due to numerous hacking incidents and inherent logical challenges. One well-known issue is reentrancy vulnerability, exemplified by DAO attacks that lead to substantial economic losses. Previous approaches have employed rule-based and deep learning-based (DL) algorithms to detect and repair reentrancy vulnerability. Large language models (LLM) have been distinguished in recent years for their excellent understanding of text and code. However, less attention has been paid to LLM-based reentrancy vulnerability detection and repair, and direct prompt-based approaches often suffer from inefficiencies and high false positives. To overcome the above shortcomings, this paper proposes a hybrid model framework combining LLM with DL to enhance the detection and repair of reentrancy vulnerabilities. This unified framework comprises three crucial phases: the data processing phase, the vulnerability detection phase, and the vulnerability repair phase. Extensive experimental results validate the superiority of our approach over state-of-the-art baselines, and ablation studies demonstrate the effectiveness of each component. Our approach demonstrates significant improvements in vulnerability detection, with increases of 3.51% in accuracy, 2.31% in recall, 0.42% in precision, and 0.85% in F1-score. Furthermore, our approach can achieve a notable 9.62% enhancement in the repair rate. Finally, we also conducted a user study to emphasize its potential to fortify the security of smart contracts.</p>\u0000 </div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"33 1","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s10515-025-00546-0.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145050890","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Automatic Code Generation Techniques: A Systematic Literature Review 自动代码生成技术：系统的文献综述

IF 3.1 2区计算机科学

Automated Software Engineering Pub Date : 2025-09-12 DOI: 10.1007/s10515-025-00551-3

Maha Alharbi, Mohammad Alshayeb

{"title":"Automatic Code Generation Techniques: A Systematic Literature Review","authors":"Maha Alharbi, Mohammad Alshayeb","doi":"10.1007/s10515-025-00551-3","DOIUrl":"10.1007/s10515-025-00551-3","url":null,"abstract":"<div><p>As modern software systems become complex and the demand for rapid development cycles increases, automatic code generation techniques have attained a prominent focus in academic research and industrial practice. These techniques can significantly reduce human error, increase productivity, and ensure consistency across large codebases. However, the task of generating code automatically presents significant challenges. In this study, we investigate, identify, and analyze the existing automatic techniques for generating code from various input formats, highlighting their efficiencies and areas for potential improvement. A Systematic Literature Review (SLR) is conducted to systematically summarize and review 76 primary studies related to automatic code generation in the software engineering domain. The selected studies are investigated from several dimensions: paradigms, techniques, input types, intermediate representations, tool support, targeted programming languages, and validation methods, including performance metrics, datasets, and benchmarking status. Our investigation identified 12 main techniques, categorized into five paradigms, where the Model-to-Code paradigm and model-driven techniques are the most prevalent. Notably, 57% of the studies utilized Java, and a limited number of studies showed multilingual support. Furthermore, 72% of the selected studies did not compare their results with existing techniques, and 17% lacked validation of the proposed techniques. We also noticed a lack of detailed information about the datasets used in the validation process, where 52% of the studies omitted these details. This SLR provides several recommendations to enhance methodological rigor in future research, and it highlights opportunities for leveraging emerging technologies to improve the efficiency of the identified automatic code generation techniques.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"33 1","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145037280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

GPTVD: vulnerability detection and analysis method based on LLM’s chain of thoughts GPTVD：基于LLM思维链的漏洞检测与分析方法

IF 3.1 2区计算机科学

Automated Software Engineering Pub Date : 2025-09-09 DOI: 10.1007/s10515-025-00550-4

Yinan Chen, Yuan Huang, Xiangping Chen, Pengfei Shen, Lei Yun

{"title":"GPTVD: vulnerability detection and analysis method based on LLM’s chain of thoughts","authors":"Yinan Chen, Yuan Huang, Xiangping Chen, Pengfei Shen, Lei Yun","doi":"10.1007/s10515-025-00550-4","DOIUrl":"10.1007/s10515-025-00550-4","url":null,"abstract":"<div><p>Traditional vulnerability detection methods based on rules or learning primarily focus on coarse-grained predictions, often lacking precise localization and interpretability regarding the root causes of vulnerabilities. The growing availability of open-source vulnerability databases calls for advanced methods that can reason about vulnerabilities at a finer slice-level granularity. GPTVD, which leverages large language models’ (LLMs) in-context learning (ICL) and chain-of-thought (COT) reasoning capabilities. The goal is to enhance both detection performance and explainability. GPTVD extracts threat code slices through static code analysis, focusing on data and control dependencies. Positive and negative samples are clustered based on heuristic features and semantic feature vectors, and representative samples are manually annotated with reasoning processes to build COT prompts. These prompts are combined with target samples to form LLM input queries, enabling slice-level vulnerability inference and explanation using LLM. The method was evaluated on 18,062 programs from a public dataset. GPTVD achieved superior performance compared to existing methods, with 92.21% accuracy, 93.20% precision, and 92.28% recall. Ablation studies confirm that clustering-based prompt selection, explicit threat code slices, and human expert reasoning significantly improve detection effectiveness and interpretability. GPTVD demonstrates that combining static code analysis with LLM-based COT reasoning can effectively detect vulnerabilities at the slice level with high accuracy and interpretability.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"33 1","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145011642","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhanced neighborhood metric for spreadsheet fault prediction 电子表格故障预测的增强邻域度量

IF 3.1 2区计算机科学

Automated Software Engineering Pub Date : 2025-09-09 DOI: 10.1007/s10515-025-00552-2

Haitao Sun, Ying Wang, Hai Yu, Zhiliang Zhu

{"title":"Enhanced neighborhood metric for spreadsheet fault prediction","authors":"Haitao Sun, Ying Wang, Hai Yu, Zhiliang Zhu","doi":"10.1007/s10515-025-00552-2","DOIUrl":"10.1007/s10515-025-00552-2","url":null,"abstract":"<div><p>Spreadsheets are widely used in business and scientific domains, yet they are prone to input errors that can lead to significant risks. Faults often occur due to the use of formulas that are syntactically correct but semantically incorrect. This issue is particularly challenging for formula cells that are physically close and exhibit minor logical differences, which traditional fault prediction methods struggle to detect. To address these challenges, this paper introduces an enhanced neighborhood metric approach, which extends traditional formula-based metrics by incorporating neighborhood-based metrics. This approach analyzes the dependencies between adjacent formula cells, considering factors such as formula diversity, content dissimilarity, and structural consistency. This study introduces eight new neighborhood-based spreadsheet indicators to improve fault prediction, building on previous metric-based methods. Extensive experiments conducted on three widely used datasets–<i>Enron</i>, <i>INFO1</i>, and <i>EUSES</i>–demonstrated that integrating the enhanced neighborhood metrics with traditional ones significantly improves fault prediction performance. The approach shows notable improvements in precision, recall, and F1-scores, particularly for medium and large datasets. This study highlights the importance of incorporating neighborhood metrics for spreadsheet fault detection. The enhanced neighborhood metric approach improves fault detection accuracy by capturing subtle logical variations between formula cells that are physically close. This method offers a robust and effective approach for improving the reliability of spreadsheets and can be applied in various real-world data analysis tasks.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"33 1","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145011645","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhancing the ability of LLMs for spaceborne equipment code generation via retrieval-augmented generation and contrastive learning 通过检索增强生成和对比学习，增强了llm对星载设备代码生成的能力

IF 3.1 2区计算机科学

Automated Software Engineering Pub Date : 2025-08-29 DOI: 10.1007/s10515-025-00545-1

Rui He, Liang Zhang, Liangqing Lyu, Changbin Xue

{"title":"Enhancing the ability of LLMs for spaceborne equipment code generation via retrieval-augmented generation and contrastive learning","authors":"Rui He, Liang Zhang, Liangqing Lyu, Changbin Xue","doi":"10.1007/s10515-025-00545-1","DOIUrl":"10.1007/s10515-025-00545-1","url":null,"abstract":"<div><p>In the code generation field, Large Language Models (LLMs) pre-trained on numerous open-source code fragments show powerful reasoning abilities and remarkable downstream performance. They assist code generation by combining retrieval techniques like retrieving relevant code fragments as templates or using retrieval results to supplement natural language descriptions and get code examples. However, in domains like aerospace equipment, existing code generation technologies perform suboptimally. Different aerospace equipment has different functions and significant data processing and loading differences. There is a lack of effective retrieval methods to provide semantically similar code contexts for LLMs, hindering code generation from meeting complex task requirements. To address this, we propose CodeCLARE, a retrieval-augmented code generation framework. It first fine-tunes UniXcoder via contrastive learning and uses it as a semantic encoder for code fragment retrieval. Then, the NL2Code search strategy is adopted with program requirements as queries. In the final stage of the code generation process, through a “Few-Shots Selection” mechanism, the prompt templates effectively integrate both the retrieved code examples and the specific requirement information, enabling the successful generation of highly accurate C++ code through the advanced capabilities of LLMs. Experimental results show that our approach significantly improves code quality compared to traditional ones and provides an effective solution for spacecraft control code generation.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"33 1","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144914734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Adaptive and accessible user interfaces for seniors through model-driven engineering 通过模型驱动工程为老年人提供自适应和可访问的用户界面

IF 3.1 2区计算机科学

Automated Software Engineering Pub Date : 2025-08-11 DOI: 10.1007/s10515-025-00547-z

Shavindra Wickramathilaka, John Grundy, Kashumi Madampe, Omar Haggag

{"title":"Adaptive and accessible user interfaces for seniors through model-driven engineering","authors":"Shavindra Wickramathilaka, John Grundy, Kashumi Madampe, Omar Haggag","doi":"10.1007/s10515-025-00547-z","DOIUrl":"10.1007/s10515-025-00547-z","url":null,"abstract":"<div><p>The use of diverse mobile applications among senior users is becoming increasingly widespread. However, many of these apps contain accessibility problems that result in negative user experiences for seniors. A key reason is that software practitioners often lack the time or resources to address the broad spectrum of age-related accessibility and personalisation needs. As current developer tools and practices encourage one-size-fits-all interfaces with limited potential to address the diversity of senior needs, there is a growing demand for approaches that support the systematic creation of adaptive, accessible app experiences. To this end, we present <i>AdaptForge</i>, a novel model-driven engineering (MDE) approach that enables advanced design-time adaptations of mobile application interfaces and behaviours tailored to the accessibility needs of senior users. <i>AdaptForge</i> uses two domain-specific languages (DSLs) to address age-related accessibility needs. The first model defines users’ context-of-use parameters, while the second defines conditional accessibility scenarios and corresponding UI adaptation rules. These rules are interpreted by an MDE workflow to transform an app’s original source code into personalised instances. We also report evaluations with professional software developers and senior end-users, demonstrating the feasibility and practical utility of <i>AdaptForge</i>.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"32 2","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s10515-025-00547-z.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144810821","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Automated detection of affected libraries from vulnerability reports 从漏洞报告中自动检测受影响的库

IF 3.1 2区计算机科学

Automated Software Engineering Pub Date : 2025-08-11 DOI: 10.1007/s10515-025-00540-6

Jinwei Xu, He Zhang, Xin Zhou, Yanjing Yang, Runfeng Mao, Xiaokang Li, Lanxin Yang, Haifeng Shen

{"title":"Automated detection of affected libraries from vulnerability reports","authors":"Jinwei Xu, He Zhang, Xin Zhou, Yanjing Yang, Runfeng Mao, Xiaokang Li, Lanxin Yang, Haifeng Shen","doi":"10.1007/s10515-025-00540-6","DOIUrl":"10.1007/s10515-025-00540-6","url":null,"abstract":"<div><p>The growing reuse of third-party libraries in software supply chains increases the risk of being affected by the involved vulnerabilities. To strengthen software security, <i>security vendors</i> such as Snyk manage up-to-date vulnerability databases by associating reported vulnerabilities with their affected libraries, and <i>contemporary digital organizations</i> such as banking and software enterprises detect the third-party libraries they use if affected by these reported vulnerabilities. Existing studies focus on automating the detection process but make few efforts on detecting newly affected libraries, although new libraries (previously healthy) are constantly disclosed to be affected by new vulnerabilities. Moreover, existing studies do not seriously consider digital organizations’ concerns only about the libraries they use. In this paper, we propose an approach <b>LibAlarm</b> to address these challenges. We implement LibAlarm as a large language model-powered approach and compare it with the baseline approaches from multiple perspectives. Our experimental evaluation using 16,238 NVD reports indicates that LibAlarm improves the F1 by over 14% compared with baselines and detects over 40% newly affected libraries. For contemporary digital organizations, LibAlarm performs better than the baseline approaches with the F1 above 70% and the reduced false alarm ratio to 20%. Our case analysis using 540 NVD reports and 20 projects from Microsoft and Google demonstrates the effectiveness of LibAlarm. These results indicate that LibAlarm can help security vendors and digital organizations detect affected libraries from vulnerability reports.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"32 2","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144810831","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Ethereum fraud smart contract detection using heterogeneous semantic graph 基于异构语义图的以太坊欺诈智能合约检测

IF 3.1 2区计算机科学

Automated Software Engineering Pub Date : 2025-08-07 DOI: 10.1007/s10515-025-00537-1

Wei Chen, Xinjun Jiang, Tian Lan, Leyuan Liu

引用次数: 0

Agents in software engineering: survey, landscape, and vision 软件工程中的代理：调查、景观和远景

IF 3.1 2区计算机科学

Automated Software Engineering Pub Date : 2025-08-07 DOI: 10.1007/s10515-025-00544-2

Yanlin Wang, Wanjun Zhong, Yanxian Huang, Ensheng Shi, Min Yang, Jiachi Chen, Hui Li, Yuchi Ma, Qianxiang Wang, Zibin Zheng

{"title":"Agents in software engineering: survey, landscape, and vision","authors":"Yanlin Wang, Wanjun Zhong, Yanxian Huang, Ensheng Shi, Min Yang, Jiachi Chen, Hui Li, Yuchi Ma, Qianxiang Wang, Zibin Zheng","doi":"10.1007/s10515-025-00544-2","DOIUrl":"10.1007/s10515-025-00544-2","url":null,"abstract":"<div>\u0000 \u0000 <p>In recent years, Large Language Models (LLMs) have achieved remarkable success and have been widely used in various downstream tasks, especially in the tasks of the software engineering (SE) field. We find that many studies combining LLMs with SE have employed the concept of agents either explicitly or implicitly. However, there is a lack of an in-depth survey to sort out the development context of existing works, analyze how existing works combine the LLM-based agent technologies to optimize various tasks, and clarify the framework of LLM-based agents in SE. In this paper, we conduct the first survey of the studies on combining LLM-based agents with SE and present a framework of LLM-based agents in SE which includes three key modules: perception, memory, and action. We also summarize the current challenges in combining the two fields and propose future opportunities in response to existing challenges. We maintain a GitHub repository of the related papers at: https://github.com/DeepSoftwareAnalytics/Awesome-Agent4SE.</p>\u0000 </div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"32 2","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145163059","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0