Predictive modeling techniques of software quality from softwaremeasures

The objective in the construction of models of software quality is to use measures that may be obtained relatively early in the software development life cycle to provide reasonable initial estimates of the quality of an evolving software system. Measures of software quality and software complexity to be used in this modeling process exhibit systematic departures of the normality assumptions of regression modeling. Two new estimation procedures are introduced, and their performances in the modeling of software quality from software complexity in terms of the predictive quality and the quality of fit are compared with those of the more traditional least squares and least absolute value estimation techniques. The two new estimation techniques did produce regression models with better quality of fit and predictive quality when applied to data obtained from two software development projects     

An internally replicated quasi-experimental comparison of checklistand perspective based reading of code documents

The basic premise of software inspections is that they detect and remove defects before they propagate to subsequent development phases where their detection and correction cost escalates. To exploit their full potential, software inspections must call for a close and strict examination of the inspected artifact. For this, reading techniques for defect detection may be helpful since these techniques tell inspection participants what to look for and, more importantly, how to scrutinize a software artifact in a systematic manner. Recent research efforts investigated the benefits of scenario-based reading techniques. A major finding has been that these techniques help inspection teams find more defects than existing state-of-the-practice approaches, such as, ad-hoc or checklist-based reading (CBR). We experimentally compare one scenario-based reading technique, namely, perspective-based reading (PBR), for defect detection in code documents with the more traditional CBR approach. The comparison was performed in a series of three studies, as a quasi experiment and two internal replications, with a total of 60 professional software developers at Bosch Telecom GmbH. Meta-analytic techniques were applied to analyze the data     

The essential synthesis of problem frames and assurance cases

Abstract: Problem frames and assurance cases are two current research areas that can improve – and have improved – system dependability, in critical and noncritical systems alike. While these two techniques are effective separately, their synthesis is much more powerful. This paper describes the synthesis of these two techniques and the rationale behind the synthesis, the particular pieces that influence each other, and the beginning of a process to integrate the two in software system development. A detailed example of the application of the synthesis is also provided.     

计算机辅助建筑结构算量技术与软件

根据近年来计算机辅助建筑算量技术研究及相关软件开发情况,将现有的相关技术方法分为参数输入法、局部建模法、全局建模法和自动识别法4类,深入讨论了其特点,并分析了2个代表性的软件.最后展望了该技术的发展方向.     

改进的动态图水印实现方案

在研究动态图水印技术的基础上,针对不同的性能指标提出两种改进方案并作了简单的性能分析,最后指出软件水印技术的发展方向.     

Software Architects [review of 97 Things Every Software Architect Should Know: Collective Wisdom from the Experts (Monson-Haefel, R., Ed.; 2009)]

Richard Mateosian reviews this book that offers nuggets of information to anyone who designs software. Nearly 50 people contribute their ideas. Each entry fills two facing pages and includes a contributor photo and brief biography. Most of the ideas fall into the following themes: communication; requirements; pitfalls; design and development approaches; performance and maintenance; tools and techniques; and the necessary quality or skills of software architects.     

Test Case Generation as an AI Planning Problem

While Artificial Intelligence techniques have been applied to a variety of software engineering applications, the area of automated software testing remains largely unexplored. Yet, test cases for certain types of systems (e.g., those with command language interfaces and transaction based systems) are similar to plans. We have exploited this similarity by constructing an automated test case generator with an AI planning system at its core. We compared the functionality and output of two systems, one based on Software Engineering techniques and the other on planning, for a real application: the StorageTek robot tape library command language. From this, we showed that AI planning is a viable technique for test case generation and that the two approaches are complementary in their capabilities.     

Deep Learning-Based Hybrid Fuzz Testing

With the rapid development of software techniques, domain-driven software raises new challenges in software security and robustness. Symbolic execution and fuzzing have been rapidly developed in recent decades, demonstrating their ability in detecting software bugs. Enormous detected and fixed bugs prove the feasibility of the two methods. However, it is still a challenging task to combine the two methods due to their respective weaknesses. State-of-the-art techniques focus on incorporating the two methods such as using symbolic execution to solve paths when fuzzing gets stuck in complex paths. Unfortunately, such methods are inefficient because they have to switch to fuzzing (resp. symbolic execution) when performing symbolic execution (resp. fuzzing). This paper presents a novel deep learning-based hybrid testing method using symbolic execution and fuzzing. The method tries to predict paths that are suitable for fuzzing (resp. symbolic execution) and use the fuzzing (resp. symbolic execution) to reach the paths. To further enhance effectiveness, this paper also proposes a hybrid mechanism to make them interact with each other. The proposed approach is evaluated on the programs in LAVA-M, and the results are compared with those in the case of using symbolic execution or fuzzing independently. It achieves more than 20\% increase in branch coverage and 1 to 13 times increase in the path number and uncovers 929 more bugs.     

Across disciplines: risk, design, method, process, and tools

In the search for solutions to make software development more predictable and controllable, one often looks for parallels in other disciplines such as architecture, bridge construction, and so on. The article looks at software development from the perspective of the electrical industry. Inspired by their management tradition, ATH techniek b.v. has learned to apply proven management techniques to software development. Simple and commonsense principles yield excellent results; for instance, developers reduced risk by estimating project effort using two different measures and by controlling execution. Comparing the software development processes with what goes on in the rest of the company or another application domain can be instructive     

.NET与Web服务解析

XML Web Services的出现使得软件开发人员在使用已有硬件、应用程序前提下继续工作的梦想得以实现。文中详细介绍了微软.NET的平台构成、Web服务的概念及其在.NET环境中的实现;并从Web服务的基本技术规范出发对.NET Web服务进行阐述;介绍了XML技术规范在.NET Web服务中的应用和SOAP协议的使用以及Web服务描述语言(WSDL)和Web服务的两种发现机制(DISCO和UDDI)、服务的数据服务等,以便大家对这些技术有全面而透彻的理解,掌握其精髓,从而能够充分利用.NET的强大功能。     

Software Engineering Economics

This paper summarizes the current state of the art and recent trends in software engineering economics. It provides an overview of economic analysis techniques and their applicability to software engineering and management. It surveys the field of software cost estimation, including the major estimation techniques available, the state of the art in algorithmic cost models, and the outstanding research issues in software cost estimation.     

Experiences Using Domain Specific Techniques within Multimedia Software Engineering

Domain specific techniques take advantage of the commonalities among applications developed within a certain domain. They are known to improve quality and productivity by incorporating domain knowledge and previous project experiences and promote reuse. This paper describes six domain specific software engineering techniques for developing multimedia applications within the digital library domain. We provide examples of each technique from several projects in which they were used, how the techniques are used within general software engineering practice (in particular, MBASE), how the techniques address some of the particular challenges multimedia software engineering, and the positive impacts we have measured resulting from their use within a graduate level software engineering course.     

基于深度学习的混合模糊测试方法

随着软件技术的快速发展,面向领域的软件系统在广泛使用的同时带来了研究与应用上的新挑战.由于领域应用对安全性、可靠性有着很高的要求,而符号执行和模糊测试等技术在保障软件系统的安全性、可靠性方面已经发展了数十年.许多研究和被发现的缺陷表明了它们的有效性.但是由于两者的优劣不同,将这两者的结合仍是近期热门研究话题.目前的结合方法在于两者相互协助,例如模糊测试不可达的区域交给符号执行求解.但是这些方法只能在模糊测试（或符号执行）运行时判定是否应该借助符号执行（或模糊测试）,无法同时利用这两者的优势,从而导致性能不足.基于此,我们提出基于深度学习,将基于符号执行的测试与模糊测试相结合的混合测试方法.该方法旨在测试开始之前就判断适合模糊测试（或符号执行）的路径集,从而制导模糊测试（或符号执行）到达适合它们的区域.同时,我们还提出混合机制实现两者之间的交互,从而进一步提升整体的覆盖率.基于LAVA-M中程序的实验表明,我们的方法相对于单独符号执行或模糊测试,能够提升20%多的分支覆盖率,增加约1~13倍的路径数目,多检测到929个缺陷.     

An empirical approach to studying software evolution

With the approach of the new millennium, a primary focus in software engineering involves issues relating to upgrading, migrating, and evolving existing software systems. In this environment, the role of careful empirical studies as the basis for improving software maintenance processes, methods, and tools is highlighted. One of the most important processes that merits empirical evaluation is software evolution. Software evolution refers to the dynamic behaviour of software systems as they are maintained and enhanced over their lifetimes. Software evolution is particularly important as systems in organizations become longer-lived. However, evolution is challenging to study due to the longitudinal nature of the phenomenon in addition to the usual difficulties in collecting empirical data. We describe a set of methods and techniques that we have developed and adapted to empirically study software evolution. Our longitudinal empirical study involves collecting, coding, and analyzing more than 25000 change events to 23 commercial software systems over a 20-year period. Using data from two of the systems, we illustrate the efficacy of flexible phase mapping and gamma sequence analytic methods, originally developed in social psychology to examine group problem solving processes. We have adapted these techniques in the context of our study to identify and understand the phases through which a software system travels as it evolves over time. We contrast this approach with time series analysis. Our work demonstrates the advantages of applying methods and techniques from other domains to software engineering and illustrates how, despite difficulties, software evolution can be empirically studied     

Copilot: monitoring embedded systems

Runtime verification (RV) is a natural fit for ultra-critical systems that require correct software behavior. Due to the low reliability of commodity hardware and the adversity of operational environments, it is common in ultra-critical systems to replicate processing units (and their hosted software) and incorporate fault-tolerant algorithms to compare the outputs, even if the software is considered to be fault-free. In this paper, we investigate the use of software monitoring in distributed fault-tolerant systems and the implementation of fault-tolerance mechanisms using RV techniques. We describe the Copilot language and compiler that generates monitors for distributed real-time systems, and we discuss two case-studies in which Copilot-generated monitors were used to detect onboard software and hardware faults and monitor air-ground data link messaging protocols.     

Software development on Internet time

There is probably little debate that Internet software companies must use more flexible development techniques and introduce new products faster than companies with more stable technology, established customer needs, and longer product cycles. Internet and PC software firms favor a more flexible style. The basic idea is to give programmers the autonomy to evolve designs iteratively but to force team members to synchronize their work frequently and then periodically stabilize their design changes or feature innovations. Studying two companies, the authors found that Netscape was using a version of the Microsoft-style synchronize and stabilize process for PC software, but adapting it to build Internet browser and server products. They also found that Microsoft's Internet groups were modifying their standard process to increase development speed and flexibility. The goal was to balance flexibility and speed with professional engineering discipline     

Software visualization in the large

The invisible nature of software hides system complexity, particularly for large team-oriented projects. The authors have evolved four innovative visual representations of code to help solve this problem: line representation; pixel representation; file summary representation; and hierarchical representation. We first describe these four visual code representations and then discuss the interaction techniques for manipulating them. We illustrate our software visualization techniques through five case studies. The first three focus on software history and static software characteristics; the last two discuss execution behavior. The software library and its implementation are then described. Finally, we briefly review some related work and compare and contrast our different techniques for visualizing software     

Software Protection through Anti-Debugging

This article focuses on describing state-of-the-art attacks on debuggers to prevent reverse engineering. You can use the information we present as part of your strategy to protect your software or to assist you in overcoming the anti-debugging tricks present in malicious software. Currently, there are enough anti-debugging techniques available to software engineers to sufficiently protect software against most threats, likewise, most state-of-the-art malware can be sufficiently reverse-engineered with patience and skill to enable security researchers to continue to defend their networks. However, advances in software protection techniques and reverse engineering might alter the balance.     

Empirical Evaluations of Usage-Based Reading and Fault Content Estimation for Software Inspections

This thesis describes six empirical investigations of two techniques applied to software inspections, namely reading techniques and fault content estimation techniques. The first part of the thesis presents a series of experiments of a novel reading technique called usage-based reading. The second part investigates fault content estimation applied to the software inspection process. The estimation methods used are capture-recapture and curve fitting.