Unique identification of elements in evolving software models

Evolving models are often managed in file-based software configuration management systems. This causes the identification problem: if the model elements are not assigned with globally unique identifiers, we cannot identify them over time. However, if such identifiers would be given, they can be misleading because the elements to which they are assigned might change completely. As a consequence, evolution becomes incomprehensible, partial transformation is hampered, and sufficient management of inter-model relationships (e.g. traceability links) is impeded. This article presents an approach to identify model elements or even complete model fragments over time. It establishes a fine-grained history representation to describe model evolution. The representation contains identification links between the elements of different model revisions allowing us to identify elements of a given revision in other revisions or variants of the model. Due to the explicit expression of model evolution, it further enables the capturing of changes that have been applied to the fine-grained elements inside a model.     

软件安全缺陷发掘模型研究进展*

软件安全缺陷发掘模型在评估软件安全等级、预测软件剩余安全缺陷数量、确定为保证软件安全所需投入的资源等方面有着重要的意义。本文综述了软件安全缺陷发掘模型研究的进展状况,详细介绍了主要软件安全缺陷发掘模型的内容和原理,并对这些模型的特点和性能进行了比较和分析,最后提出了几个软件安全缺陷发掘模型研究领域需要进一步研究的问题。     

Pattern-based design evolution using graph transformation

In recent years, design patterns gain more interest in software engineering communities for both software development and maintenance. As a template to solve a certain recurring problem, a design pattern documents successful experiences of software experts and gradually becomes the design guidelines of software development. Applying design patterns correctly can improve the efficiency of software design in terms of reusability and enhance maintainability during reverse engineering. Software can be evolved when developers modify their initial designs as requirements change. For instance, a developer may add/delete a set of design elements, such as classes and methods. Modifications on software artifacts can introduce conflicts and inconsistencies in the previously applied design patterns, which are difficult to find and time-consuming to correct. This paper presents a graph-transformation approach to pattern level design validation and evolution. Based on a well founded formalism, we validate a given design by a graph grammar parser and automatically evolve the design at pattern level using a graph-transformation system. Rules for potential pattern evolutions are predefined. The graph-transformation approach preserves the integrity and consistency of design patterns in the system when designs change. A prototype system is built and a case study on the Strategy pattern demonstrates the feasibility of pattern-based design validation and evolution using graph transformation techniques.     

Analysing refactoring dependencies using graph transformation

Refactoring is a widely accepted technique to improve the structure of object-oriented software. Nevertheless, existing tool support remains restricted to automatically applying refactoring transformations. Deciding what to refactor and which refactoring to apply still remains a difficult manual process, due to the many dependencies and interrelationships between relevant refactorings. In this paper, we represent refactorings as graph transformations, and we propose the technique of critical pair analysis to detect the implicit dependencies between refactorings. The results of this analysis can help the developer to make an informed decision of which refactoring is most suitable in a given context and why. We report on several experiments we carried out in the AGG graph transformation tool to support our claims.     

Describing software architecture styles using graph grammars

We believe that software architectures should provide an appropriate basis for the proof of properties of large software. This goal can be achieved through a clearcut separation between computation and communication and a formal definition of the interactions between individual components. We present a formalism for the definition of software architectures in terms of graphs. Nodes represent the individual agents and edges define their interconnection. Individual agents can communicate only along the links specified by the architecture. The dynamic evolution of an architecture is defined independently by a “coordinator”. An architecture style is a class of architectures specified by a graph grammar. The class characterizes a set of architectures sharing a common communication pattern. The rules of the coordinator are statically checked to ensure that they preserve the constraints imposed by the architecture style     

Modeling discovery and removal of security vulnerabilities in software system using priority queueing models

This paper aims to model the discovery and removal of software vulnerabilities based on queueing theory. The probabilistic characteristics of the arrival and service processes are the core elements of queueing theory. Discovering and removing software vulnerabilities corresponds arrival and service processes in queueing models, respectively. Vulnerabilities can be classified into groups depending upon its severity levels measured by CVSS (common vulnerability scoring system). Groups with higher severity levels are fixed more quickly than groups with lower severity levels. Priority queueing models can be used and give various performance indices: the number of unfixed vulnerabilities at arbitrary instances and waiting time before getting fixed. Moreover, the service rate to prevent the number or accumulated degree of vulnerabilities from exceeding the predetermined level can be estimated.     

Formal testing of timed graph transformation systems using metric temporal graph logic

Embedded real-time systems generate state sequences where time elapses between state changes. Ensuring that such systems adhere to a provided specification of admissible or desired behavior is essential. Formal model-based testing is often a suitable cost-effective approach. We introduce an extended version of the formalism of symbolic graphs, which encompasses types as well as attributes, for representing states of dynamic systems. Relying on this extension of symbolic graphs, we present a novel formalism of timed graph transformation systems (TGTSs) that supports the model-based development of dynamic real-time systems at an abstract level where possible state changes and delays are specified by graph transformation rules. We then introduce an extended form of the metric temporal graph logic (MTGL) with increased expressiveness to improve the applicability of MTGL for the specification of timed graph sequences generated by a TGTS. Based on the metric temporal operators of MTGL and its built-in graph binding mechanics, we express properties on the structure and attributes of graphs as well as on the occurrence of graphs over time that are related by their inner structure. We provide formal support for checking whether a single generated timed graph sequence adheres to a provided MTGL specification. Relying on this logical foundation, we develop a testing framework for TGTSs that are specified using MTGL. Lastly, we apply this testing framework to a running example by using our prototypical implementation in the tool AutoGraph.

     

Source transformation in software engineering using the TXL transformation system

Many tasks in software engineering can be characterized as source to source transformations. Design recovery, software restructuring, forward engineering, language translation, platform migration, and code reuse can all be understood as transformations from one source text to another. The tree transformation language, TXL, is a programming language and rapid prototyping system specifically designed to support rule-based source to source transformation. Originally conceived as a tool for exploring programming language dialects, TXL has evolved into a general purpose source transformation system that has proven well suited to a wide range of software maintenance and reengineering tasks, including the design recovery, analysis and automated reprogramming of billions of lines of commercial Cobol, PL/I, and RPG code for the Year 2000. In this paper, we introduce the basic features of modern TXL and its use in a range of software engineering applications, with an emphasis on how each task can be achieved by source transformation.     

Studying software evolution using topic models

Topic models are generative probabilistic models which have been applied to information retrieval to automatically organize and provide structure to a text corpus. Topic models discover topics in the corpus, which represent real world concepts by frequently co-occurring words. Recently, researchers found topics to be effective tools for structuring various software artifacts, such as source code, requirements documents, and bug reports. This research also hypothesized that using topics to describe the evolution of software repositories could be useful for maintenance and understanding tasks. However, research has yet to determine whether these automatically discovered topic evolutions describe the evolution of source code in a way that is relevant or meaningful to project stakeholders, and thus it is not clear whether topic models are a suitable tool for this task.In this paper, we take a first step towards evaluating topic models in the analysis of software evolution by performing a detailed manual analysis on the source code histories of two well-known and well-documented systems, JHotDraw and jEdit. We define and compute various metrics on the discovered topic evolutions and manually investigate how and why the metrics evolve over time. We find that the large majority (87%–89%) of topic evolutions correspond well with actual code change activities by developers. We are thus encouraged to use topic models as tools for studying the evolution of a software system.     

Estimating software readiness using predictive models

In this study, defect tracking is used as a proxy method to predict software readiness. The number of remaining defects in an application under development is one of the most important factors that allow one to decide if a piece of software is ready to be released. By comparing predicted number of faults and number of faults discovered in testing, software manager can decide whether the software is likely ready to be released or not.The predictive model developed in this research can predict: (i) the number of faults (defects) likely to exist, (ii) the estimated number of code changes required to correct a fault and (iii) the estimated amount of time (in minutes) needed to make the changes in respective classes of the application. The model uses product metrics as independent variables to do predictions. These metrics are selected depending on the nature of source code with regards to architecture layers, types of faults and contribution factors of these metrics. The use of neural network model with genetic training strategy is introduced to improve prediction results for estimating software readiness in this study. This genetic-net combines a genetic algorithm with a statistical estimator to produce a model which also shows the usefulness of inputs.The model is divided into three parts: (1) prediction model for presentation logic tier (2) prediction model for business tier and (3) prediction model for data access tier. Existing object-oriented metrics and complexity software metrics are used in the business tier prediction model. New sets of metrics have been proposed for the presentation logic tier and data access tier. These metrics are validated using data extracted from real world applications. The trained models can be used as tools to assist software mangers in making software release decisions.     

Studying software logging using topic models

Software developers insert logging statements in their source code to record important runtime information; such logged information is valuable for understanding system usage in production and debugging system failures. However, providing proper logging statements remains a manual and challenging task. Missing an important logging statement may increase the difficulty of debugging a system failure, while too much logging can increase system overhead and mask the truly important information. Intuitively, the actual functionality of a software component is one of the major drivers behind logging decisions. For instance, a method maintaining network communications is more likely to be logged than getters and setters. In this paper, we used automatically-computed topics of a code snippet to approximate the functionality of a code snippet. We studied the relationship between the topics of a code snippet and the likelihood of a code snippet being logged (i.e., to contain a logging statement). Our driving intuition is that certain topics in the source code are more likely to be logged than others. To validate our intuition, we conducted a case study on six open source systems, and we found that i) there exists a small number of “log-intensive” topics that are more likely to be logged than other topics; ii) each pair of the studied systems share 12% to 62% common topics, and the likelihood of logging such common topics has a statistically significant correlation of 0.35 to 0.62 among all the studied systems; and iii) our topic-based metrics help explain the likelihood of a code snippet being logged, providing an improvement of 3% to 13% on AUC and 6% to 16% on balanced accuracy over a set of baseline metrics that capture the structural information of a code snippet. Our findings highlight that topics contain valuable information that can help guide and drive developers’ logging decisions.     

Prediction of software reliability using connectionist models

The usefulness of connectionist models for software reliability growth prediction is illustrated. The applicability of the connectionist approach is explored using various network models, training regimes, and data representation methods. An empirical comparison is made between this approach and five well-known software reliability growth models using actual data sets from several different software projects. The results presented suggest that connectionist models may adapt well across different data sets and exhibit a better predictive accuracy. The analysis shows that the connectionist approach is capable of developing models of varying complexity     

Domain-specific discrete event modelling and simulation using graph transformation

Graph transformation is being increasingly used to express the semantics of domain-specific visual languages since its graphical nature makes rules intuitive. However, many application domains require an explicit handling of time to accurately represent the behaviour of a real system and to obtain useful simulation metrics to measure throughputs, utilization times and average delays. Inspired by the vast knowledge and experience accumulated by the discrete event simulation community, we propose a novel way of adding explicit time to graph transformation rules. In particular, we take the event scheduling discrete simulation world view and provide rules with the ability to schedule the occurrence of other rules in the future. Hence, our work combines standard, efficient techniques for discrete event simulation (based on the handling of a future event set) and the intuitive, visual nature of graph transformation. Moreover, we show how our formalism can be used to give semantics to other timed approaches and provide an implementation on top of the rewriting logic system Maude.     

Tracing security requirements in industrial control systems using graph databases

Software and Systems Modeling - We must explicitly capture relationships and hierarchies between the multitude of system and security standards requirements. Current security requirements...     

Biometric template security using DNA codec based transformation

Multimedia Tools and Applications - Feature transformation is the most primary step in biometric template protection whose effectiveness is directly dependent upon the test and trained samples. The...     

基于PSO的软件可靠性模型参数估计方法

软件可靠性建模是一个重要的研究领域,现有的软件可靠性模型基本上是非线性函数模型,估计这些模型的参数比较困难。粒子群优化是一类适合求解非线性优化问题的随机优化方法,提出一种基于粒子群优化的软件可靠性模型估计参数方法,该方法的关键是构造合适的适应函数。用该方法分别估计了5个实际软件系统的指数软件可靠性模型以及对数泊松执行时间模型,实验结果表明：该方法参数估计的精度高,对模型的适应性强。     

Collaborative technologies for evolving software systems

The article discusses four major collaboration theme areas: collaborative information engineering; collaborative process and workflow; collaboration support (awareness); and integration of collaborative systems. Various projects incorporating these technologies are outlined. All of the projects described are developing component technologies intended for mixing and matching with each other and with technologies under investigation by other EDCS projects not particularly concerned with collaborative work, as well as with COTS software. Only GroupSpaces intends to assemble a full-blown, directly usable software development environment framework, and that comprises components, developed under EDCS and available off-the-shelf     

A study of design characteristics in evolving software using stability as a criterion

There are many ideas in software design that are considered good practice. However, research is still needed to validate their contributions to software maintenance. This paper presents a method for examining software systems that have been actively maintained and used over the long term and are potential candidates for yielding lessons about design. The method relies on a criterion of stability and a definition of distance to flag design characteristics that have potentially contributed to long-term maintainability. It is demonstrated by application to an example of long-lived scientific software. The results from this demonstration show that the method can provide insight into the relative importance of individual elements of a set of design characteristics for the long-term evolution of software.     

Unfolding semantics of graph transformation

Several attempts have been made of extending to graph grammars the unfolding semantics originally developed by Winskel for (safe) Petri nets, but only partial results were obtained. In this paper, we fully extend Winskel’s approach to single-pushout grammars providing them with a categorical concurrent semantics expressed as a coreflection between the category of (semi-weighted) graph grammars and the category of prime algebraic domains, which factorises through the category of occurrence grammars and the category of asymmetric event structures. For general, possibly nonsemi-weighted single-pushout grammars, we define an analogous functorial concurrent semantics, which, however, is not characterised as an adjunction. Similar results can be obtained for double-pushout graph grammars, under the assumptions that nodes are never deleted.