An Extended Replication of an Experiment for Assessing Methods for Software Requirements Inspections

We have performed an extended replication of the Porter-Votta-Basili experiment comparing the Scenario method and the Checklist method for inspecting requirements specifications using identical instruments. The experiment has been conducted in our educational context represented by a more general definition of a defect compared to the original defect list. Our study involving 24 undergraduate students manipulated three independent variables: detection method, requirements specification, and the order of the inspections. The dependent variable measured is the defect detection rate. We found the requirements specification inspected and not the detection method to be the most probable explanation for the variance in defect detection rate. This suggests that it is important to gather knowledge of how a requirements specification can convey an understandable view of the product and to adapt inspection methods accordingly. Contrary to the original experiment, we can not significantly support the superiority of the Scenario method. This is in accordance with a replication conducted by Fusaro, Lanubile and Visaggio, and might be explained by the lack of individual defect detection skill of our less experienced subjects.     

A Comparison of Tool-Based and Paper-Based Software Inspection

Software inspection is an effective method of defect detection. Recent research activity has considered the development of tool support to further increase the efficiency and effectiveness of inspection, resulting in a number of prototype tools being developed. However, no comprehensive evaluations of these tools have been carried out to determine their effectiveness in comparison with traditional paper-based inspection. This issue must be addressed if tool-supported inspection is to become an accepted alternative to, or even replace, paper-based inspection. This paper describes a controlled experiment comparing the effectiveness of tool-supported software inspection with paper-based inspection, using a new prototype software inspection tool known as ASSIST (Asynchronous/Synchronous Software Inspection Support Tool). 43 students used ASSIST and paper-based inspection to inspect two C++ programs of approximately 150 lines. The subjects performed both individual inspection and a group collection meeting, representing a typical inspection process. It was found that subjects performed equally well with tool-based inspection as with paper-based, measured in terms of the number of defects found, the number of false positives reported, and meeting gains and losses.     

An Experimental Evaluation of an Experience-Based Capture-Recapture Method in Software Code Inspections

In order to improve the efficiency of inspections, quantitative data on defect content have to be the basis for decisions in the inspection process. An experience-based capture-recapture method is proposed, which overcomes some problems with the basic pre-requisites of the original method. A C-code inspection experiment is conducted to evaluate the enhanced method and its applicability to software code inspections. It is concluded that the experience-based estimation procedure gives significantly better estimates than the maximum-likelihood method and the estimates are not very sensitive to changes in the inspection data.     

数据库对称复制思想的一种软件实现方法

本文介绍了在大型的分布式应用中，采用数据库对称复制技术的概念和利用软件实现双数据库对称复制的一种思想方法。     

Are the Perspectives Really Different? – Further Experimentation on Scenario-Based Reading of Requirements

Perspective-BasedReading (PBR) is a scenario-based inspection technique whereseveral reviewers read a document from different perspectives(e.g. user, designer, tester). The reading is made accordingto a special scenario, specific for each perspective. The basicassumption behind PBR is that the perspectives find differentdefects and a combination of several perspectives detects moredefects compared to the same amount of reading with a singleperspective. This paper presents a study which analyses the differencesin perspectives. The study is a partial replication of previousstudies. It is conducted in an academic environment using graduatestudents as subjects. Each perspective applies a specific modellingtechnique: use case modelling for the user perspective, equivalencepartitioning for the tester perspective and structured analysisfor the design perspective. A total of 30 subjects were dividedinto 3 groups, giving 10 subjects per perspective. The analysisresults show that (1) there is no significant difference amongthe three perspectives in terms of defect detection rate andnumber of defects found per hour, (2) there is no significantdifference in the defect coverage of the three perspectives,and (3) a simulation study shows that 30 subjects is enough todetect relatively small perspective differences with the chosenstatistical test. The results suggest that a combination of multipleperspectives may not give higher coverage of the defects comparedto single-perspective reading, but further studies are neededto increase the understanding of perspective difference.     

Using a Reliability Growth Model to Control Software Inspection

After a software inspection the project manager has to decide whether he can pass a product on to the next software development stage or whether it still contains a substantial number of defects and should be reinspected to further improve its quality. While a substantial number of defects remaining in a product after inspection is a reasonable precondition to schedule a reinspection, it is also important to estimate whether the likely number of defects to be found with a reinspection will lower the defect density under the target threshold. In this work we propose a reliability growth model and two heuristic linear models for software inspection, which estimate the likely number of additional defects to be found during reinspection. We evaluate the accuracy of these models with time-stamped defect data from a large-scale controlled inspection experiment on reinspection. Main findings are: (a) The two best models estimated the defect detection capability for reinspection with good accuracy: over 80% of the estimates had an absolute relative error of under 10%; (b) The reinspection decision correctness based on the estimates of all investigated models, overall around 80% correct decisions, was much better than the trivial models to always or never reinspect; the latter is the default decision in practice.     

一种利用UML的软件需求阶段风险评估方法

在软件开发活动早期阶段评估软件的风险及其影响程度将有效减少软件开发成本和降低软件开发风险。针对目前软件风险评估的研究主要集中在软件过程的中后期阶段的现状及遵循"尽早识别和控制风险"的实践准则,提出了一种在软件需求分析阶段,利用UML建模图形度量软件风险的方法。该方法主要关注在软件需求分析阶段预防软件风险,为降低风险在软件开发后期产生严重影响提供优化参考。     

运用中医四诊法对电脑故障进行检测

随着电脑科技的不断发展,电脑已经在各行各业中被普遍应用,在提升工作效率方面起到良好的推动作用。同时。电脑故障也给使用者带来一定的麻烦,利用有效的方法对电脑故障进行基本的检测,是现代电脑使用者必须具备的技能。将中医的“望”、“闻”、“问”、“切”四诊法加以转换后对电脑故障进行检测,是检测电脑故障行之有效的方法。     

A Pattern-Based Framework for Software Anomaly Detection

This paper presents a pattern-based framework for developing tool support to detect software anomalies. The use of a pattern-based approach is important because it provides the flexibility needed to address domain-specific needs, with respect to the types of problems the tools detect and the strategies used to inspect and adapt the code. Patterns can be used to detect a variety of problems, ranging from simple syntactic issues to difficult semantic problems requiring global analysis. Patterns can also be used to describe transformations of the software, used to rectify problems detected through software inspection, and to support interactive inspection and adaptation when full automation is impractical. This paper describes a part of the Knowledge Centric Software (KCS) framework that embodies the pattern-based approach and provides capabilities for addressing different languages and different application domains. While only the part of the framework relevant to code inspections is addressed in this paper, in future, we also expect to address UML analysis and design models. As an application of the research, we present an overview of an inspection tool being developed for high assurance software for avionics systems.     

基于口令应答的协作式WSNs移动复制节点检测方法研究

目前,针对无线传感器网络复制节点攻击研究主要集中在对静态网络中复制节点的检测。WSNs的应用中,节点部署在一定区域形成静态网络并采集信息,为了减少节点间通信量、降低能耗,若干个节点形成一个簇,簇内选举簇头节点作为簇间通信人。静态网络采集的信息通常由汇聚节点回收,为了方便,汇聚节点通常采用移动形式加入网络,收集完后离开。如果这类在移动中收集信息的节点是复制节点,对整个WSNs的威胁比静态网络中的复制节点威胁更大。在借鉴已有的移动网络检测方案的基础上,针对静态网络分簇和移动节点位置经常变换的特点,提出了基于口令应答的协作式WSN移动复制节点检测方法CRCDS（Challenge/Response and Collaborative Detection Scheme）,有效利用静态网络的存储空间,采取静态网络和移动节点相互协作的方式,规避因移动节点位置变化对检测结果的影响,并从理论和实验上分析了该检测方法的安全性和可行性。     

软件缺陷预测模型间的比较实验:问题、进展与挑战

近年来,研究者提出了大量的软件缺陷预测模型,新模型往往通过与过往模型进行比较实验来表明其有效性.然而,研究者在设计新旧模型间的比较实验时并没有达成共识,不同的工作往往采用不完全一致的比较实验设置,这可能致使在对比模型时得到误导性结论,最终错失提升缺陷预测能力的机会.对近年来国内外学者所做的缺陷预测模型间的比较实验进行系统性的总结:首先,阐述缺陷预测模型间的比较实验的研究问题;然后,分别从缺陷数据集、数据集划分、基线模型、性能指标、分类阈值这5个方面对现有的比较实验进行总结;最后,指出目前在进行缺陷预测模型间比较实验时面临的挑战,并给出建议的研究方向.     

DRMDP:一个基于动态优先级的反射式数据复制中间件

反射式中间件是中间件研究的热点,其反射特性能够对中间件的灵活性和自适应性提供良好支持。数据网格通常处于动态变化的环境和不同的用户需求之中。一个良好的数据网格和数据复制系统应该具有很好的灵活性和自适应性。通过动态配置数据和存储元素SE的优先级,DRMDP提供了这一支持。使用OptorSim仿真的结果表明,DRMDP具有良好的性能。     

A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System

Requirements analysis for an intrusion detection system (IDS) involves deriving requirements for the IDS from analysis of the intrusion domain. When the IDS is, as here, a collection of mobile agents that detect, classify, and correlate system and network activities, the derived requirements include what activities the agent software should monitor, what intrusion characteristics the agents should correlate, where the IDS agents should be placed to feasibly detect the intrusions, and what countermeasures the software should initiate. This paper describes the use of software fault trees for requirements identification and analysis in an IDS. Intrusions are divided into seven stages (following Ruiu), and a fault subtree is developed to model each of the seven stages (reconnaissance, penetration, etc.). Two examples are provided. This approach was found to support requirements evolution (as new intrusions were identified), incremental development of the IDS, and prioritisation of countermeasures. Correspondence and offprint requests to: G. Helmer, Department of Computer Science, 226 Atanasoff Hall, Iowa State University, Ames, Iowa 50011, USA. Email: ghelmer@cs.iastate.edu     

软件抄袭检测研究综述

随着开源软件项目的蓬勃发展,软件抄袭俨然已成为软件生态环境健康发展的威胁之一,其得到越来越多的研究人员、教育人员、开源社区及软件企业的关注,软件抄袭检测对于软件知识产权保护具有重要意义。本文对软件抄袭检测的研究现状和进展进行综述。首先介绍软件抄袭检测的意义和威胁模型;然后,根据应用场景和技术手段,从源代码抄袭检测、无源码场景下基于软件水印和基于软件胎记的抄袭检测三个方面,对现有软件抄袭检测技术进行阐述和比较;最后,通过分析软件抄袭检测研究存在的问题及其面临的挑战和实际需求,对未来研究方向进行了展望。     

Active Learning for Knowledge Construction in E-Learning: A Replication Study

This paper replicates a previous study that used an active learning for knowledge construction in the e-learning model with three stages of underpinning, ownership, and engaging hypothesizing that the underpinning and ownership stages positively and significantly contribute to the engaging stage where the actual knowledge construction takes place. The findings of the present study have ensured the validity and the generalizability of the previous study results. Also, the findings reiterated the efficacy of the model for active learning for knowledge construction in e-learning. The paper concludes with implications and recommendations for future research.     

Crowdsourced Requirements Engineering Challenges and Solutions: A Software Industry Perspective

Software crowdsourcing (SW CS) is an evolving software development paradigm, in which crowds of people are asked to solve various problems through an open call (with the encouragement of prizes for the top solutions). Because of its dynamic nature, SW CS has been progressively accepted and adopted in the software industry. However, issues pertinent to the understanding of requirements among crowds of people and requirements engineers are yet to be clarified and explained. If the requirements are not clear to the development team, it has a significant effect on the quality of the software product. This study aims to identify the potential challenges faced by requirements engineers when conducting the SW–CS based requirements engineering (RE) process. Moreover, solutions to overcome these challenges are also identified. Qualitative data analysis is performed on the interview data collected from software industry professionals. Consequently, 20 SW–CS based RE challenges and their subsequent proposed solutions are devised, which are further grouped under seven categories. This study is beneficial for academicians, researchers and practitioners by providing detailed SW–CS based RE challenges and subsequent solutions that could eventually guide them to understand and effectively implement RE in SW CS.     

Using WinWin Quality Requirements Management Tools: A Case Study

Negotiating stakeholder WinWin relationships among software quality requirements is a technique that emerged during the 1990's in order to overcome the difficulties arising from contract-oriented specification compliance (popular in the 1970's) and service-oriented customer satisfaction (popular in the 1980's). Obstacles to adoption of negotiated win-win relationships include coordination of multiple stakeholder interests and priorities, reasoning of complicated dependencies, and scalability of an exponentially increasing resolution option space. Conflict identification and resolution techniques are key success factors to overcome the obstacles. This paper describes two exploratory knowledge-based tools (called QARCC and S-COST)^* for conflict identification and resolution and how they were used in the digital library projects of a USC Software Engineering class during the 1996/97 school year. A comparative analysis with the artifacts surfaced by stakeholders and the artifacts generated and analyzed by QARCC and S-COST focused on the conflict resolution process, stakeholders' roles and their relationships to quality artifacts, and tool effectiveness. We conclude that the tools helped stakeholders: (1) surface and negotiate conflicts; (2) identify conflicts among functional and quality requirements; and (3) generate, visualize, and negotiate potential resolution options for the conflicts.     

Enhanced Co-Scheduling: A Software Pipelining Method Using Modulo-Scheduled Pipeline Theory

Instruction scheduling methods which use the concepts developed by the classical pipeline theory have been proposed for architectures involving deeply pipelined function units. These methods rely on the construction of state diagrams (or automatons) to (i) efficiently represent the complex resource usage pattern; and (ii) analyze legal initiation sequences, i.e., those which do not cause a structural hazard. In this paper, we propose a state-diagram based approach for modulo scheduling or software pipelining, an instruction scheduling method for loops. Our approach adapts the classical pipeline theory for modulo scheduling, and, hence, the resulting theory is called Modulo-Scheduled pipeline (MS-pipeline) theory. The state diagram, called the Modulo-Scheduled (MS) state diagram is helpful in identifying legal initiation or latency sequences, that improve the number of instructions initiated in a pipeline. An efficient method, called Co-scheduling, which uses the legal initiation sequences as guidelines for constructing software pipelined schedules has been proposed in this paper. However, the complexity of the constructed MS-state diagram limits the usefulness of our Co-scheduling method. Further analysis of the MS-pipeline theory, reveals that the space complexity of the MS-state diagram can be significantly reduced by identifying primary paths. We develop the underlying theory to establish that the reduced MS-state diagram consisting only of primary paths is complete; i.e., it retains all the useful information represented by the original state diagram as far as scheduling of operations is concerned. Our experiments show that the number of paths in the reduced state diagram is significantly lower—by 1 to 3 orders of magnitude—compared to the number of paths in the original state diagram. The reduction in the state diagram facilitate the Co-scheduling method to consider multiple initiations sequences, and hence obtain more efficient schedules. We call the resulting method, enhanced Co-scheduling. The enhanced Co-scheduling method produced efficient schedules when tested on a set of 1153 benchmark loops. Further the schedules produced by this method are significantly better than those produced by Huff's Slack Scheduling method, a competitive software pipelining method, in terms of both the initiation interval of the schedules and the time taken to construct them.     

使用基准测试促进研究--对软件工程的挑战

计算机科学中,基准测试已经用来比较计算机系统性能、检索算法信息、数据库和其他一些技术。在研究领域,基准测试的创建和普遍使用经常伴随着快速的技术进步和团队建设。这些形成了科学学科的基准测试理论。基于这个理论,通过团队工作的方式定义基准测试来挑战软件工程研究,变得越来越具有科学性和需要。本文介绍一个成功使用基准测试促进研究状况的个案研究——逆向工程。