A pattern-based model-driven approach for situational method engineering

ContextConstructing bespoke software development methodologies for specific project situations has become a crucial need, giving rise to Situational Method Engineering (SME). Compared with Software Engineering, SME has a long way to go yet; SME approaches are especially deficient as to support for modeling, portability, and automation. Model-Driven Development (MDD) has been effectively used for addressing these issues in Software Engineering, and is also considered a promising approach for resolving them in SME.ObjectiveThis paper aims to address the shortcomings of existing SME approaches by introducing a novel MDD approach, specifically intended for SME purposes, that uses a pattern-based approach for model transformation.MethodDeveloping a MDD approach for SME requires that a modeling framework, consisting of modeling levels, be defined for modeling software development methodologies. Transformation patterns should also be specified for converting the models from one level to the next. A process should then be defined for applying the framework and transformations patterns to real SME projects. The resulting MDD approach requires proper evaluation to demonstrate its applicability.ResultsA framework and a semi-automated process have been proposed that adapt pattern-based model transformation techniques for application to the methodology models used in SME. The transformation patterns have been implemented in the Medini-QVT model transformation tool, along with two supplementary method bases: one for mapping the situational factors of SME projects to requirements, and the other for mapping the requirements to method fragments. The method engineer can produce the methodology models by using the method bases and executing the transformation patterns via the tool.ConclusionThe validity of the proposed approach has been assessed based on special evaluation criteria, and also through application to a real-world project. Evaluation results indicate that the proposed approach addresses the deficiencies of existing approaches, and satisfies the practicality requirements of SME approaches.     

Privacy and security constraints for code contributions

In collaborative software development, developers submit their contributions to repositories that are used to integrate code from various collaborators. To avoid privacy and security issues, code contributions are often reviewed before integration. Although careful manual code review can detect such issues, it might be time-consuming, expensive, and error-prone. Automatic analysis tools can also detect privacy and security issues, but they often demand significant developer effort, or are domain specific, considering fixed framework specific vulnerability sources and sinks. To reduce these problems, in this paper we propose the Salvum policy language to support the specification of constraints that help to protect sensitive information from being inadvertently accessed by specific code contributions. We implement a tool that automatically checks Salvum policies for systems of different technical domains. We also investigate whether Salvum can find policy violations for a number of open-source projects. We find evidence that Salvum helps to detect violations even for well-supported and highly active projects. Moreover, our tool helps to find 80 violations in benchmark projects.     

面向行业应用的软件开发检查工具

现有的自动化测试和检查工具能够解决一些常规的测试和检查问题,但是对于行业应用软件开发过程的某些个性化测试和检查要求,没有提供很好的支持.因此针对行业应用软件的个性化要求,提出了一种面向行业应用的软件开发检查工具,在通用测试和检查工具的基础上,从代码检查、数据结构检查、接口检查和日志检查4个方面,对系统进行进一步的测试和检查.实验结果表明,该工具能有效地提高软件系统的开发效率和正确性,降低软件系统的开发成本.     

Detecting Coordination Problems in Collaborative Software Development Environments

Software development is rarely an individual effort and generally involves teams of developers collaborating to generate good reliable code. Among the software code there exist technical dependencies that arise from software components using services from other components. The different ways of assigning the design, development, and testing of these software modules to people can cause various coordination problems among them. We claim that the collaboration of the developers, designers and testers must be related to and governed by the technical task structure. These collaboration practices are handled in what we call Socio-Technical Patterns.

The TESNA project (Technical Social Network Analysis) we report on in this paper addresses this issue. We propose a method and a tool that a project manager can use in order to detect the socio-technical coordination problems. We test the method and tool in a case study of a small and innovative software product company.     

A Dynamic Integrated Framework for Software Process Improvement

Current software process models (CMM, SPICE, etc.) strongly recommend the application of statistical control and measure guides to define, implement, and evaluate the effects of different process improvements. However, whilst quantitative modeling has been widely used in other fields, it has not been considered enough in the field of software process improvement. During the last decade software process simulation has been used to address a wide diversity of management problems. Some of these problems are related to strategic management, technology adoption, understanding, training and learning, and risk management, among others. In this work a dynamic integrated framework for software process improvement is presented. This framework combines traditional estimation models with an intensive utilization of dynamic simulation models of the software process. The aim of this framework is to support a qualitative and quantitative assessment for software process improvement and decision making to achieve a higher software development process capability according to the Capability Maturity Model. The concepts underlying this framework have been implemented in a software process improvement tool that has been used in a local software organization. The results obtained and the lessons learned are also presented in this paper.     

Product information systems engineering: an approach for building product models by reuse of patterns

This paper deals with an approach for Product Information Systems (PIS) engineering by reuse of patterns. Patterns form generic solutions to problems frequently occurring during PIS specification and implementation. The pattern approach provides an engineering guide to model data by organizing hierarchically and functionally modeling problems and the manner to resolve them. Their use would contribute to accelerate building and implementing product and process models during PIS specification and implementation. Two kind of patterns are distinguished: business patterns used for specification and providing solutions for application field problems and software patterns used for implementation and providing solutions for technical problems (software). A special interest is given to identify and specify different business patterns for product modeling during PIS specification.However, a pattern-based approach can be developed only for disciplines which acquired a certain maturity, i.e. those for which there is both a consensus around a finite set of problems and a variety of known solutions for solving these problems. There is no universal agreement on the knowledge needed in product information systems, let alone on the representation of this knowledge and we therefore find it impossible to discuss product information systems without reference to what kind of knowledge is being managed. The first step consisted thus of constructing a general reference framework based on PIS concepts, providing a common terminology and a semantic of the principal concepts managed in PIS and proposing various models to fix these concepts. It forms a basis for exploring the problems frequently occurring during PIS specification. A pattern language is thus defined to resolve the identified problems, basing partially on existing design pattern catalogues.     

CAS-DSM: A Compiler Assisted Software Distributed Shared Memory

Traditional software Distributed Shared Memory (DSM) systems rely on the virtual memory management mechanisms to detect accesses to shared memory locations and maintain their consistency. The resulting involvement of the OS (kernel) and the associated overhead which is significant, can be avoided by careful compile time analysis and code instrumentation. In this paper, we propose such a Compiler Assisted Software support approach (CAS-DSM). In the CAS-DSM implementation, the involvement of the OS kernel is avoided by instrumenting the application code at the source level. The overhead caused by the execution of the instrumented code is reduced through several aggressive compile time optimizations. Finally, we also address the issue of reducing certain overheads in polling-based implementation of receiving asynchronous messages. We used SUIF, a public domain compiler tool, to implement compile time analysis, instrumentation and optimizations. We modified CVM, a publicly available software DSM to support the instrumentation inserted by the compiler. Detailed performance evaluation of CAS-DSM is reported using a set of Splash/Splash2 parallel application benchmarks on a distributed memory IBM SP-2 machine. CAS-DSM achieved moderate to good performance improvements for most of the applications compared to the original CVM implementation. Reducing the overheads in polling-based implementation improves the performance of CAS-DSM significantly resulting in an overall improvement of 12–52% over the original CVM implementation.     

The EMISQ method and its tool support-expert-based evaluation of internal software quality

There is empirical evidence that internal software quality, e.g., the quality of source code, has great impact on the overall quality of software. Besides well-known manual inspection and review techniques for source code, more recent approaches utilize tool-based static code analysis for the evaluation of internal software quality. Despite the high potential of code analyzers the application of tools alone cannot replace well-founded expert opinion. Knowledge, experience and fair judgment are indispensable for a valid, reliable quality assessment, which is accepted by software developers and managers. The EMISQ method (Evaluation Method for Internal Software Quality), guides the assessment process for all stakeholders of an evaluation project. The method is supported by the Software Product Quality Reporter (SPQR), a tool which assists evaluators with their analysis and rating tasks and provides support for generating code quality reports. The application of SPQR has already proved its usefulness in various code assessment projects around the world. This paper introduces the EMISQ method and describes the tool support needed for an efficient and effective evaluation of internal software quality.     

基于通用知识的软件设计安全性评估

安全性作为软件系统的重要属性,越来越受到人们的重视．在软件开发的早期对安全性进行评估,对软件的质量控制和成本控制有着重要意义．当前的软件安全性评估主要依靠专家评审,结果的客观性及准确性常常受到专家主观意见的影响．通过使用通用知识作为评估依据,提出一种可以对UML顺序图形式的软件设计文档进行自动化分析的方法,可以发现软件设计中潜在的安全性漏洞．该方法可以减少结果中的主观性,同时,通过基于该方法的辅助工具的使用,可以大大提高评估效率．     

Software Evolution for Moving into and Moving within Internetware Paradigm

Internetware has been an emerging software paradigm to best support computing in the Internet era. Internetware emphasises accommodating the open, dynamic and uncontrollable natures of Internet, which directly and indirectly relates software evolvability. This paper observes that evolving non-Internetware software into the Internetware paradigm and evolving software within Internetware will be two main research and practical issues, and hence proposes an integrated approach to address these two issues. The proposed framework is based a three-dimension structure, with System Functions, System Quality and System models as dimensions. With this framework, evolving software into internetware paradigm can be viewed mainly as changing the qualities of existing software and evolving software within Internetware paradigm can be viewed mainly as changing software functions. The involved prototype tool, working examples and experiments conducted, are used to illustrate the proposed approach.     

组态化嵌入式软件仿真系统设计

为缩短开发周期,提高嵌入式软件仿真系统的设计水平,提出一种组态化嵌入式系统设计。集成仿真建模工具、仿真模型代码生成工具,实现仿真运行环境搭建和对仿真数据的实时监控,采用组态化的仿真方法,根据用户需求生成监控界面。实验结果表明,该系统的运行平台快速高效,监控环境良好。     

版本管理与代码走查系统设计与实现

为优化软件项目管理,解决软件版本管理混乱、人工代码走查过程负责和结果难于控制的问题,研究了软件版本管理工具和代码走查工具,介绍了版本管理工具和代码走查工具在软件项目管理中应用。根据实践中软件项目管理的需求,提供了一种版本管理工具Subversion与代码走查工具Reviewboard相结合的系统的实现方法,介绍了版本管理工具和代码走查工具的安装部署,给出了一种基于该系统的软件开发应用流程。     

Pattern-based refinement schemas for design knowledge transfer

The transition from high-level to low-level design is a labour-intensive and time-consuming activity since it involves many iterations over design models to obtain a well-designed system. Moreover, it requires the knowledge and expertise of experienced developers. Design patterns provide proven design knowledge by capturing successful solutions to recurring problems which arise when building software systems. To transfer this design knowledge into detailed design, methodological support is needed. We provide such support with pattern-based refinement schemas.In this paper, we present a pattern-based approach to the correct stepwise refinement of UML static and dynamic design models by application of refinement schemas. A refinement schema is composed of two compartments. The first compartment describes the abstract model of the design, whereas the second compartment shows its corresponding detailed model after transformation and instantiation of one design pattern. We also propose a number of smaller transformations called micro-refinements whose correctness is proven. These micro-refinements can be composed into sequences to produce correct refinement schemas. Our approach will allow for the construction of intelligent CASE tools that provide automatic support for the selection, management, and application of design patterns for the refinement of design models. Such tool support will enable effective design knowledge transfer.     

软件框架开发过程研究

软件框架是实现大粒度复用的重要途径,它往往针对特定领域,同时支持设计复用和代码复用。论文主要探讨了软件框架开发的相关活动,包括软件框架开发以及基于框架的应用开发(即框架复用),通过建立开发过程模型,刻画了框架开发过程。进而基于该模型,描述了开发过程中的相关问题,如变化性处理策略、应用开发中的体系结构调整、框架演化等,从而指导相关开发活动。     

面向移动机器人应用的跨平台自适应软件框架

摘要：自适应软件在移动机器人上具有广泛的应用前景,然而要在具有不同软硬件平台的移动机器人上开发自适应软件是一件非常困难的事情．．为了解决这个问题,提出并实现了一个面向移动机器人应用的跨平台自适应软件框架该框架屏蔽了运行平台的软硬件差异性,并使用规则文件将自适应逻辑分离出来,从而降低了自适应软件开发的难度。为了便于编写及检查规则文件,还实现了一个可视化的规则文件编辑器,用于自动生成模型图,并检查规则中存在的语法及逻辑错误i,最后,通过实验测试了框架的使用情况,并对框架的应用效果进行了评估、     

Automating the analysis of design component contracts

Software patterns are a new design paradigm used to solve problems that arise when developing software within a particular context. Patterns capture the static and dynamic structure and collaboration among the components in a software design. A key promise of the pattern‐based approach is that it may greatly simplify the construction of software systems out of building blocks and thus reuse experience and reduce cost. However, it also introduces significant problems in ensuring the integrity and reliability of these composed systems because of their complex software topologies, interactions and transactions. There is a need to capture these features as a contract through a formal model that allows us to analyze pattern‐based designs. In this paper, we provide an overview of a formal framework for ensuring the integrity of the compositions in object‐oriented designs by providing mathematically rigorous modeling and analysis techniques for object‐oriented systems comprising pattern‐based designs as the basic building blocks or design components. A case study related to a hypermedia Web‐based application has been presented to illustrate our approach in distributed systems. Copyright © 2005 John Wiley & Sons, Ltd.     

一种快速测试Java异常处理机制的方法

异常处理机制能增强程序运行的可靠性，提高软件的健壮性，但异常处理代码本身可能存在错误．由于它的特殊性。采用与测试普通代码同样的方法对其进行测试，通常效率不高而且很难达到预期的效果．在分析了利用断言违背策略进行软件故障注入技术的基础上，提出了将Java异常处理机制的特殊结构同断言违背策略、程序变异技术相结合，可以有效地测试异常处理代码。并设计工具来支持这种故障注入方法．     

一种面向OSGi的构件化软件再工程方法

面向服务的构件模型可以解决当前大型软件系统难于管理、维护困难和缺乏动态性等问题,而OSGi框架为基于构件系统的服务化开发提供了有力支持。把OSGi作为基础框架对遗留软件系统进行再工程,设计了OSGi化软件的总体框架,提出了软件系统构件化方法,并针对再工程过程中普遍存在的问题给出了相应的解决方案。最后,通过对Web容器再工程的实例研究,验证了面向OSGi的构件化软件再工程方法的有效性。