Automated Software Engineering最新文献

{"title":"Unveiling code clone patterns in open source VR software: an empirical study","authors":"Huashan Chen,&nbsp;Zisheng Huang,&nbsp;Yifan Xu,&nbsp;Wenjie Huang,&nbsp;Xuheng Wang,&nbsp;Jinfu Chen,&nbsp;Haotang Li,&nbsp;Kebin Peng,&nbsp;Feng Liu,&nbsp;Sen He","doi":"10.1007/s10515-025-00536-2","DOIUrl":"10.1007/s10515-025-00536-2","url":null,"abstract":"<div><p>Code cloning is frequently observed in software development, often leading to a variety of maintenance and security issues. While substantial research has been conducted on code cloning in traditional software, to the best of my knowledge, there is a lack of studies on cloning in virtual reality (VR) software that consider its unique nature, particularly the presence of numerous serialized files in conjunction with the source code. In this paper, we conduct the first large-scale quantitative empirical analysis of software clones in 345 open-source VR projects, using the NiCad detector for source code clone detection and large language models (LLMs) for identifying serialized file clones. Our study leads to a number of insights into cloning phenomena in VR software, guided by seven carefully formulated research questions. These findings, along with their implications, are anticipated to provide useful guidance for both researchers and software developers within the VR field.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"32 2","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145163057","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Detection of hidden privilege escalations in android","authors":"Mohamed A. El-Zawawy,&nbsp;Aya Hamdy","doi":"10.1007/s10515-025-00542-4","DOIUrl":"10.1007/s10515-025-00542-4","url":null,"abstract":"<div><p>Android’s most widely used smartphone OS has several inter-app communication options, such as broadcast receivers, intents, content providers, and objectives. Even though the Android permission system restricts access and safeguards user data, security flaws allow malicious apps to abuse permission systems. Higher-order privilege escalation, where apps cooperate to circumvent security limitations throughout several phases, is a key vulnerability in this ecosystem. This paper presents a new method for n-order case analysis to find undetectable privilege escalations. Our approach systematically identifies multi-stage permission escalations via automated test case generation and stationary analysis. Unlike current methods emphasizing direct permission misuse, our approach analyzes escalation chains across many app interactions and uncovered 52,982 instances of fourth-order privilege escalation that went unnoticed when just first-order transitions were examined. Furthermore, our findings show an important distinction: benign programs gradually gain greater permissions through escalation chains, whereas malignant apps request excessively high upfront rights. This difference emphasizes the necessity of better permission management techniques to reduce the serious risk associated with rising higher-order privilege escalations, which are generally disregarded by current detection systems. Therefore, our method fulfills the need for a more scalable detection technique to address this challenging security concern in Android ecosystem.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"32 2","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s10515-025-00542-4.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145160803","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Envisioning responsible quantum software engineering and quantum artificial intelligence","authors":"Muneera Bano,&nbsp;Shaukat Ali,&nbsp;Didar Zowghi","doi":"10.1007/s10515-025-00541-5","DOIUrl":"10.1007/s10515-025-00541-5","url":null,"abstract":"<div><p>The convergence of Quantum Computing (QC), Quantum Software Engineering (QSE), and Artificial Intelligence (AI) presents transformative opportunities across various domains. However, existing methodologies inadequately address the ethical, security, and governance challenges arising from this technological shift. This paper highlights the urgent need for interdisciplinary collaboration to embed ethical principles into the development of Quantum AI (QAI) and QSE, ensuring transparency, inclusivity, and equitable global access. Without proactive governance, there is a risk of deepening digital inequalities and consolidating power among a select few. We call on the software engineering community to actively shape a future where responsible QSE and QAI are foundational for ethical, accountable, and socially beneficial technological progress.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"32 2","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s10515-025-00541-5.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145160878","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MCL-VD: Multi-modal contrastive learning with LoRA-enhanced GraphCodeBERT for effective vulnerability detection","authors":"Yi Cao,&nbsp;Xiaolin Ju,&nbsp;Xiang Chen,&nbsp;Lina Gong","doi":"10.1007/s10515-025-00543-3","DOIUrl":"10.1007/s10515-025-00543-3","url":null,"abstract":"<div><p>Vulnerability detection in software systems is a critical challenge due to the increasing complexity of code and the rising frequency of security vulnerabilities. Traditional approaches typically rely on single-modality inputs and struggle to distinguish between similar code snippets. However, multi-modal methods find it challenging to balance performance and efficiency. To address these challenges, we propose MCL-VD, a framework that leverages multi-modal inputs including source code, code comments, and AST to capture complementary structural and contextual information. We employ LoRA, which reduces the computational burden by optimizing the number of trainable parameters without sacrificing performance. Additionally, we apply multi-modal contrastive learning to align and differentiate the representations across the three modalities, thereby enhancing the model’s discriminative power and robustness. We designed and conducted experiments on three public benchmark datasets, i.e., Devign, Reveal, and Big-Vul. The experimental results show that MCL-VD significantly outperforms the best-performing baselines, achieving F1-score improvements ranging from 4.86% to 17.26%. These results highlight the effectiveness of combining multi-modal contrastive learning with LoRA optimization, providing a powerful and efficient solution for vulnerability detection.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"32 2","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-07-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145170970","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"From code to insight: studying code representation techniques for ML-based God class detection to support intelligent IDEs","authors":"Elmohanad Haroon,&nbsp;Khaled Tawfik Wassif,&nbsp;Lamia Abo Zaid","doi":"10.1007/s10515-025-00534-4","DOIUrl":"10.1007/s10515-025-00534-4","url":null,"abstract":"<div><p>In the realm of software development, detecting code smells is a critical task for ensuring good code quality. God class code smell specifically has a specific nature associated with a great deal of subjectivity due to the levels of coupling and cohesion associated to it. Automated techniques for code smell detection aim to resolve this subjectivity. Machine learning techniques have shown promising results that tend to improve accuracy and reduce the bias associated with other techniques for God class identification. This is due to their pattern recognition capabilities making them more objective in identifying patterns that indicate code smells. However, current results need to be further improved in terms of both accuracy and generalizability. The challenge in the use of machine learning is not only in selecting the most appropriate technique but also lies in effectively representing source code as input patterns fed to Machine Learning (ML) classifier(s). Code representation plays a pivotal role in encoding source code for ML algorithms. This study aims improving the accuracy and generalizability of God class code smell detection via exploring the effect of using various code representation techniques, namely, tree-based, metric-based, code embedding, and token-based code representation techniques on the ML detection results. The study is conducted on the MLCQ dataset, and applies various ML algorithms (specifically: Logistic Regression, Random Forest, SVM, Decision Tree, Naive Bayes, Gradient Boosting, XGBoost). The evaluation results show how different code representation techniques influence ML detection outcomes and the comparative performance of ML algorithms. The study findings reveal that the F1-score achieved outperforms prior studies on the MLCQ dataset, indicating the effectiveness of the proposed approach. The presented results reveal how the code representation technique used makes a significant impact on the ML classifier results. This paves the way for developing intelligent IDE plugins for just in time God Class code smell detection among other code smells.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"32 2","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s10515-025-00534-4.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145169395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DESCG: data encoding scheme classification with GNN in binary analysis","authors":"Xushu Dai,&nbsp;Nanqing Luo,&nbsp;Haizhou Wang,&nbsp;Zhilong Wang,&nbsp;Chen Cao,&nbsp;Peng Liu","doi":"10.1007/s10515-025-00538-0","DOIUrl":"10.1007/s10515-025-00538-0","url":null,"abstract":"<div><p>Binary analysis, the process of examining software without its source code, plays a crucial role in understanding program behavior, e.g., evaluating the security properties of commercial software, and analyzing malware. One challenging aspect of this process is to classify data encoding schemes, such as encryption and compression, due to the absence of high-level semantic information. Existing approaches either rely on code similarity, which only works for known schemes, or heuristic rules, which lack scalability. In this paper, we propose <b>DESCG</b>, a novel deep learning-based method for automatically classifying four widely employed kinds of data encoding schemes in binary programs: encryption, compression, decompression, and hashing. Our approach leverages dynamic analysis to extract execution traces from binary programs, builds data dependency graphs from these traces, and incorporates critical feature engineering. By combining the specialized graph representation with the Graph Neural Network (GNN), our approach enables accurate classification without requiring prior knowledge of specific encoding schemes. The Evaluation result shows that <b>DESCG </b>achieves 97.7% accuracy and an F1 score of 97.67%, outperforming baseline models. We also conducted an extensive evaluation of <b>DESCG </b>to explore which feature is more important for it and examine its performance and overhead.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"32 2","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s10515-025-00538-0.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145166985","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DPEfficR: a data and parameter efficient approach for training neural API recommendation model","authors":"Haibo Yu,&nbsp;Xiaohong Han,&nbsp;Simin Chen,&nbsp;Xiaoning Feng,&nbsp;Guangzhao Sun,&nbsp;Wei Yang","doi":"10.1007/s10515-025-00530-8","DOIUrl":"10.1007/s10515-025-00530-8","url":null,"abstract":"<div><p>Recommending application programming interfaces (APIs) is practical and essential in today’s programming landscape. An accurate API recommendation system could significantly improve developers’ coding efficiency. State-of-the-art (SOTA) API recommendation systems typically employ deep learning models as the backend model. However, training the backend deep learning model for API recommendation systems poses a challenging task due to the significant effort required for data labeling and the need for extensive computations. These challenges deeply affect the process of updating an existing API recommendation system when the API evolves. To address these issues, this paper proposes <span>DPEfficR</span>, a data and parameter efficient method for building API recommendation systems. Specifically, <span>DPEfficR</span> includes (1) the data selection module; (2) the task-specific parameter tuning module; and (3) the runtime API selection module. The data selection module selects representative data, while the task-specific parameter tuning module tunes pre-trained LLMs with a small number of parameters. Once the LLM is well-tuned, the runtime API selection module searches for a more accurate API sequence through consistency checking. We compare our approach against seven baseline methods, which belong to three different types. Our comprehensive evaluation demonstrates the effectiveness of our approach in recommending a more accurate API sequence, achieving improvements of 40% in BLEU-4 and 25% in ROUGE-2 over the baseline methods, with only <span>(varvec{3.61 times 10}^{varvec{4}})</span> tunable parameters, representing just 0.049% of the parameters used in the baseline methods. Moreover, our ablation study demonstrates the effectiveness of the proposed modules in our systems.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"32 2","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145165802","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Enhancing search-based testing with LLMs for finding bugs in system simulators","authors":"Aidan Dakhama,&nbsp;Karine Even-Mendoza,&nbsp;W. B Langdon,&nbsp;Héctor D. Menéndez,&nbsp;Justyna Petke","doi":"10.1007/s10515-025-00531-7","DOIUrl":"10.1007/s10515-025-00531-7","url":null,"abstract":"<div><p>Despite the wide availability of automated testing techniques such as fuzzing, little attention has been devoted to testing computer architecture simulators. We propose a fully automated approach for this task. Our approach uses large language models (LLM) to generate input programs, including information about their parameters and types, as test cases for the simulators. The LLM’s output becomes the initial seed for an existing fuzzer, <span>AFL++</span>, which has been enhanced with three mutation operators, targeting both the input binary program and its parameters. We implement our approach in a tool called <span>SearchSYS</span> . We use it to test the <span>gem5</span> system simulator. <span>SearchSYS</span> discovered 21 new bugs in <span>gem5</span> , 14 where <span>gem5</span> ’s software prediction differs from the real behaviour on actual hardware, and 7 where it crashed. New defects were uncovered with each of the 6 LLMs used.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"32 2","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s10515-025-00531-7.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145164484","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Mobile application review summarization using chain of density prompting","authors":"Shristi Shrestha,&nbsp;Anas Mahmoud","doi":"10.1007/s10515-025-00533-5","DOIUrl":"10.1007/s10515-025-00533-5","url":null,"abstract":"<div><p>Mobile app users commonly rely on app store ratings and reviews to find apps that suit their needs. However, the sheer volume of reviews available on app stores can lead to information overload, thus impeding users’ ability to make informed app selection decisions. To overcome this limitation, in this paper, we leverage Large Language Models (LLMs) to summarize mobile app reviews. In particular, we use the Chain of Density (CoD) prompt to guide OpenAI GPT-4 to generate abstractive, semantically dense, and readable summaries of mobile app reviews. The CoD prompt is engineered to iteratively extract salient entities from the source text and fuse them into a fixed-length summary. We evaluate the performance of our approach using a large dataset of mobile app reviews. We further conduct an empirical evaluation with 48 study participants to assess the readability of the generated CoD summaries. Our results show that an altered CoD prompt can correctly identify the main themes in user reviews and consolidate them into a natural language summary that is intended for end-user consumption. The prompt also manages to maintain the readability of the generated summaries while increasing their density. Our work in this paper aims to substantially improve mobile app users’ experience by providing an effective mechanism for summarizing important user feedback in the review stream.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"32 2","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145168100","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DC-GAR: detecting vulnerabilities by utilizing graph properties and random walks to uncover richer features","authors":"Meng Wang,&nbsp;Xiao Han,&nbsp;Hong Zhang,&nbsp;Yiran Guo,&nbsp;Jiangfan Guo","doi":"10.1007/s10515-025-00532-6","DOIUrl":"10.1007/s10515-025-00532-6","url":null,"abstract":"<div><p>Deep learning has become prominent in source code vulnerability detection due to its ability to automatically extract complex feature representations from code, eliminating the need for manually defined rules or patterns. Some methods treat code as text sequences, however, they often overlook its inherent structural information. In contrast, graph-based approaches effectively capture structural relationships, but the sparseness and inconsistency of structures may lead to uneven feature vector extraction, which means that the model may not be able to adequately characterize important nodes or paths. To address this issue, we propose an approach called <b>D</b>ual-<b>c</b>hannel Graph Neural Network combining <b>G</b>raph properties <b>a</b>nd <b>R</b>andom walks (<b>DC-GAR</b>). This approach integrates graph properties and random walks within a dual-channel graph neural network framework to enhance vulnerability detection. Specifically, graph properties capture global semantic features, while random walks provide context-dependent node structure information. The combination of these features is then leveraged by the dual-channel graph neural network for detection and classification. We have implemented DC-GAR and evaluated it on a dataset of 29,514 functions. Experimental results demonstrate that DC-GAR surpasses state-of-the-art vulnerability detectors, including <i>FlawFinder</i>, <i>SySeVR</i>, <i>Devign</i>, <i>VulCNN</i>, <i>AMPLE</i>, <i>HardVD</i>, <i>CodeBERT</i>, and <i>GraphCodeBERT</i> in terms of accuracy and F1-Score. Moreover, DC-GAR has proven effective and practical in real-world open-source projects.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"32 2","pages":""},"PeriodicalIF":3.1,"publicationDate":"2025-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145165624","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}