Object‐oriented processing of Java source code

Code transformation and analysis tools provide support for software engineering tasks such as style checking, testing, calculating software metrics as well as reverse‐ and re‐engineering. In this paper we describe the architecture and the applications of JTransform, a general Java source code processing and transformation framework. It consists of a Java parser generating a configurable parse tree and various visitors (transformers, tree evaluators) which produce different kinds of outputs. While our framework is written in Java, the paper further opens an opportunity for a new generation of XML‐based source code tools. Copyright © 2004 John Wiley & Sons, Ltd.     

Towards Specifying Constraints for Object-Oriented Frameworks

Object-oriented frameworks are often hard to learn and use (J. Bosch et al., In: ACM Computing Survey's Symposia on Object Oriented Application Frameworks, 1998; M. Fayad and D.C. Schmidt, Communication of the ACM, Special Issue on Object-Oriented Application Frameworks 1997;40(10)). As a result, software cost rises and quality suffers. Thus the capability to automatically detect errors occurring at the boundary between frameworks and applications is considered crucial to mitigate the problem. This paper introduces the notion of framework, constraints and a specification language, FCL (Framework Constraints Language), to formally specify them. Framework constraints are rules that frameworks impose on the code of framework-based applications. The semantics of FCL is primarily based on first order predicate logic and set theory though the evolving syntax is designed to resemble that of programming languages as much as possible. We take examples from the MFC (Microsoft Foundation Classes) framework (G. Shepherd and S. Wingo, MFC Internals: Inside the Microsoft Foundation Classes Architecture. Reading, MA: Addison Wesley, 1996) demonstrating both the nature of framework constraints and the semantics of FCL. Essentially, framework constraints can be regarded as framework-specific typing rules conveyed by the specification language FCL, and thus can be enforced by techniques analogous to those of conventional type checking.     

DECOR: A Method for the Specification and Detection of Code and Design Smells

Code and design smells are poor solutions to recurring implementation and design problems. They may hinder the evolution of a system by making it hard for software engineers to carry out changes. We propose three contributions to the research field related to code and design smells: 1) Decor, a method that embodies and defines all the steps necessary for the specification and detection of code and design smells, 2) Detex, a detection technique that instantiates this method, and 3) an empirical validation in terms of precision and recall of Detex. The originality of Detex stems from the ability for software engineers to specify smells at a high level of abstraction using a consistent vocabulary and domain-specific language for automatically generating detection algorithms. Using Detex, we specify four well-known design smells: the antipatterns Blob, Functional Decomposition, Spaghetti Code, and Swiss Army Knife, and their 15 underlying code smells, and we automatically generate their detection algorithms. We apply and validate the detection algorithms in terms of precision and recall on Xerces v2.7.0, and discuss the precision of these algorithms on 11 open-source systems.     

函数抽取重构的自动检测方法

软件重构历史的自动检测是目前软件重构领域的一个研究热点。其主要目的是方便程序员或软件维护人员理解 软件演化的历史,也便于根据服务代码重构历史对其客户代码进行相应的重构操作。虽然相关研究人员已经提出了多种自动化的重构历史检测方法,但目前未见关于函数提取重构历史检测的方法或工具。为此,提出了一种基于版本比较的函数抽取重构自动检测方法,实现并验证了该方法的有效性。在8个开源项目上进行了实验验证,结果表明其查准率为65％~90%。此外,在一个小型项目上通过监控程序员的重构操作获得了全部的函数提取重构操作,进而计算出检测算法的查全率和查准率均为85%。     

基于持续集成的Android自动化测试

Android测试方面的研究大多集中在测试工具和框架的实现上,有些工具和框架可以实现测试用例的自动生成和测试脚本的自动执行。然而在项目开发过程中,测试这个活动是需要人工启动的,不能及时有效地保证新增或者修改代码的质量。在 Robotium 测试框架的基础上,通过研究持续集成方案,包括被测代码和测试代码的托管、版本控制,应用的自动构建,测试的自动执行,实现了Android的自动化测试平台。使用该测试平台,可以及时自动地对被测代码的修改进行测试,直观可控地保证了Android应用的质量。     

Shimba—an environment for reverse engineering Java software systems

Shimba is a reverse engineering environment to support the understanding of Java software systems. Shimba integrates the Rigi and SCED tools to analyze and visualize the static and dynamic aspects of a subject system. The static software artifacts and their dependencies are extracted from Java byte code and viewed as directed graphs using the Rigi reverse engineering environment. The run‐time information is generated by running the target software under a customized SDK debugger. The generated information is viewed as sequence diagrams using the SCED tool. In SCED, statechart diagrams can be synthesized automatically from sequence diagrams, allowing the user to investigate the overall run‐time behavior of objects in the target system. Shimba provides facilities to manage the different diagrams and to trace artifacts and relations across views. In Shimba, SCED sequence diagrams are used to slice the static dependency graphs produced by Rigi. In turn, Rigi graphs are used to guide the generation of SCED sequence diagrams and to raise their level of abstraction. We show how the information exchange among the views enables goal‐driven reverse engineering tasks and aids the overall understanding of the target software system. The FUJABA software system serves as a case study to illustrate and validate the Shimba reverse engineering environment. Copyright © 2001 John Wiley & Sons, Ltd.     

CAFES: A framework for intrachip application modeling and communication architecture design

This paper describes CAFES, an extensible, open-source framework supporting several tasks related to high-level modeling and design of applications employing complex intrachip communication infrastructures. CAFES comprises several built-in models, including application, communication architecture, energy consumption and timing models. It also includes a set of generic and specific algorithms and additional supporting tools, which jointly with the cited models allow the designer to describe and evaluate applications requirements and constraints on specified communication architectures. Several examples of the use of CAFES underline the usefulness of the framework. Some of these are approached in this paper: (i) a realistic application captured at high-level that has its computation time estimated after mapping at the clock cycle level; (ii) a multi-application system that is automatically mapped to a large intrachip network with related tasks occupying contiguous areas in the chip layout; (iii) a set of mapping algorithms explored to define trade-offs between run time and energy savings for small to large intrachip communication architectures.     

Does your code need comment?

Code comments convey information about the programmers' intention in a more explicit but less rigorous manner than source code. This information can assist programmers in various tasks, such as code comprehension, reuse, and maintenance. To better understand the properties of the comments existing in the source code, we analyzed more than 450 000 comments across 136 popular open-source software systems coming different domains. We found that the methods involving header comments and internal comments were shown low percentages in software systems, ie, 4.4% and 10.27%, respectively. As an application of our findings, we propose an automatic approach to determine whether a method needs a header comment, known as commenting necessity identification. Specifically, we identify the important factors for determining the commenting necessity of a method and extract them as structural features, syntactic features, and textual features. Then, by applying machine learning techniques and noise-handling techniques, we achieve a precision of 88.5% on eight open-source software from GitHub. The encouraging experimental results demonstrate the feasibility and effectiveness of our approach.     

On using machine learning to automatically classify software applications into domain categories

Software repositories hold applications that are often categorized to improve the effectiveness of various maintenance tasks. Properly categorized applications allow stakeholders to identify requirements related to their applications and predict maintenance problems in software projects. Manual categorization is expensive, tedious, and laborious – this is why automatic categorization approaches are gaining widespread importance. Unfortunately, for different legal and organizational reasons, the applications’ source code is often not available, thus making it difficult to automatically categorize these applications. In this paper, we propose a novel approach in which we use Application Programming Interface (API) calls from third-party libraries for automatic categorization of software applications that use these API calls. Our approach is general since it enables different categorization algorithms to be applied to repositories that contain both source code and bytecode of applications, since API calls can be extracted from both the source code and byte-code. We compare our approach to a state-of-the-art approach that uses machine learning algorithms for software categorization, and conduct experiments on two large Java repositories: an open-source repository containing 3,286 projects and a closed-source repository with 745 applications, where the source code was not available. Our contribution is twofold: we propose a new approach that makes it possible to categorize software projects without any source code using a small number of API calls as attributes, and furthermore we carried out a comprehensive empirical evaluation of automatic categorization approaches.     

Estimating the coverage of the framework application reusable cluster-based test cases

Object-oriented frameworks support both software code and design reusability. In addition, it is found that providing class-based tests with the framework reduces considerably the class-based testing time and effort of the applications developed using the frameworks. Similarly, reusable cluster-based test cases can be generated using the framework hooks, and they, too, can be provided with the framework to reduce the cluster testing time and effort of the framework applications.In this paper, we introduce a methodology to estimate the possible coverage of the cluster-based reusable test cases for framework applications prior to suggesting and applying a specific technique to produce the test cases. An experimental case study is conducted to demonstrate the practical issues in applying the introduced methodology and to give insights on the possible coverage of the framework reusable cluster-based test cases. The results of applying the methodology on five framework applications show that, on average, the reusable cluster-based test cases cover at least one-third of the cluster testing areas of the interface classes created during the framework application engineering stage.     

Automating the construction of domain-specific modeling languages for object-oriented frameworks

The extension of frameworks with domain-specific modeling languages (DSML) has proved to be an effective way of improving the productivity in software product-line engineering. However, developing and evolving a DSML is typically a difficult and time-consuming task because it requires to develop and maintain a code generator, which transforms application models into framework-based code. In this paper, we propose a new approach for extending object-oriented frameworks that aims to alleviate this problem. The approach is based on developing an additional aspect-oriented layer that encodes a DSML for building framework-based applications, eliminating the need of implementing a code generator. We further show how a language workbench is capable of automating the construction of DSMLs using the proposed layer.     

Ranking open source application integration frameworks based on maintainability metrics: A review of five-year evolution

Integration frameworks are specialized software tools built and adapted to facilitate the design and implementation of integration solutions. An integration solution allows for the reuse of applications from the software ecosystem of companies to support their business processes. There are several open-source integration frameworks available on the market designed to operate in a business context to manipulate structured data; however, increasingly, they are required to deal with unstructured and large volumes of data, thus requiring effort to adapt these frameworks to work with unstructured and large volume of data. Choosing the framework, which is the easiest to be adapted, is not a trivial task. In this article, we review the newest stable versions of four open-source integration frameworks by analyzing how they have evolved regarding their adaptive maintainability over five years. We rank them according to their maintainability degree and compare past and current versions of each framework. To encourage and enable researchers and developers to replicate our experiments, with the aim of verifying our findings, and to experiment with new versions of the integration frameworks analyzed, we detail the experimental protocol used while also having made all the required software involved available on the Web.     

Detecting logic errors in discrete-event simulation: reverse engineering through event graphs

Several inherent constraints remain in the model development process, even though modern enhancements to simulation environments have provided tools for code generation, debugging, and tracing. To develop a simulation model, the simulation analyst still needs to have expertise in a number of different fields, e.g., probability, statistics, design of experiments, modeling, systems engineering, software engineering, and computer programming. Although several simulation packages implement syntactic-checks and semantic-consistency-checks, typically, the simulation analyst needs to possess output-analysis-knowledge specifically aimed at verifying and checking the simulation code.Reverse engineering a graphical model, e.g., an event graph, from general purpose simulation code demonstrates an enhancement to the model development process. A reverse engineering step allows an analyst to check, both, the static and dynamic properties of the coded simulation model. Even though the reverse engineering produces an event-oriented view, the enhanced model development process provides a systematic approach for conversion from other world views. Overall, this enhanced process provides a framework which yields better analysis techniques.Better diagnostic assistance is achieved when viewing a combination of static and dynamic properties of the simulation code. Now, the analyst is able to find logical/execution errors, e.g., errors related to resource deadlocks, before running simulation experiments. Since the graphical model is generated from the simulation code, and the process combines views, the analyst also has a better framework for verifying the coded simulation model. Also, the reverse engineering step provides a structural model useful in converting between different simulation languages or systems. Improvements to the techniques for conversion between languages will facilitate reuse of existing programmed models.     

An Approach for Recovering Distributed System Architectures

Reasoning about software systems at the architectural level is key to effective software development, management, evolution and reuse. All too often, though, the lack of appropriate documentation leads to a situation where architectural design information has to be recovered directly from implemented software artifacts. This is a very demanding process, particularly when involving recovery of runtime abstractions (clients, servers, interaction protocols, etc.) that are typical to the design of distributed software systems. This paper presents an exploratory reverse engineering approach, called X-ray, to aid programmers in recovering architectural runtime information from a distributed system's existing software artifacts. X-ray comprises three domain-based static analysis techniques, namely component module classification, syntactic pattern matching, and structural reachability analysis. These complementary techniques can facilitate the task of identifying a distributed system's implemented executable components and their potential runtime interconnections. The component module classification technique automatically distinguishes source code modules according to the executables components they implement. The syntactic pattern matching technique in turn helps to recognise specific code fragments that may implement typical component interaction features. Finally, the structural reachability analysis technique aids in the association of those features to the code specific for each executable component. The paper describes and illustrates the main concepts underlying each technique, reports on their implementation as a suit of new and off-the-shelf tools, and, to give evidence of the utility of the approach, provides a detailed account of a successful application of the three techniques to help recover a static approximation of the runtime architecture for Field, a publicly-available distributed programming environment.     

A reverse engineering process for design level document production from ADA code

The paper describes a reverse engineering process for producing design level documents by static analysis of ADA code. The produced documents, which we call concurrent data flow diagrams, describe the task structure of a software system and the data flow between tasks. Firstly, concurrent data flow diagrams are defined and discussed and then the main characteristics and features of the reconstruction process are illustrated. The process has been used to support maintenance and reuse activities on existing real-time software and to check consistency between design and code.     

An empirical comparison of commercial and open-source web vulnerability scanners

Web vulnerability scanners (WVSs) are tools that can detect security vulnerabilities in web services. Although both commercial and open-source WVSs exist, their vulnerability detection capability and performance vary. In this article, we report on a comparative study to determine the vulnerability detection capabilities of eight WVSs (both open and commercial) using two vulnerable web applications: WebGoat and Damn vulnerable web application. The eight WVSs studied were: Acunetix; HP WebInspect; IBM AppScan; OWASP ZAP; Skipfish; Arachni; Vega; and Iron WASP. The performance was evaluated using multiple evaluation metrics: precision; recall; Youden index; OWASP web benchmark evaluation; and the web application security scanner evaluation criteria. The experimental results show that, while the commercial scanners are effective in detecting security vulnerabilities, some open-source scanners (such as ZAP and Skipfish) can also be effective. In summary, this study recommends improving the vulnerability detection capabilities of both the open-source and commercial scanners to enhance code coverage and the detection rate, and to reduce the number of false-positives.     

A Model-based approach for the synthesis of software to firmware adapters for use with automatically generated components

This paper presents the MDE process in use at Elettronica SpA (ELT) for the development of complex embedded systems integrating software and firmware. The process is based on the adoption of SysML as the system-level modeling language and the use of Simulink for the refinement of selected subsystems. Implementations are generated automatically for both the software (C++ code) and firmware parts, and communication adapters are automatically generated from SysML using a dedicated profile and open-source tools for modeling and code generation. The process starts from a SysML system model, developed according to the platform-based design paradigm, in which a functional model of the system is paired to a model of the execution platform. Subsystems are refined as Simulink models or hand-coded in C++. An implementation for Simulink models is generated as software code or firmware on FPGA. Based on the SysML system architecture specification, our framework drives the generation of Simulink models with consistent interfaces, allows the automatic generation of the communication code among all subsystems (including the HW–FW interface code). In addition, it provides for the automatic generation of connectors for system-level simulation and of test harnesses and mockups to ease the integration and verification stage. We provide early results on the time savings obtained by using these technologies in the development process.     

基于GUI的Android移动软件性能测试

移动应用软件已经拥有了数以千万计的用户群体.根据最新统计,Android手机以85.1%的市场占有份额,成为了最受欢迎的移动端设备.Android应用软件的快速开发,使得如何保证程序质量,成了难题.我们不仅要考虑程序的正确性,也应保证运行时的流畅性.现有的性能研究工作都基于传统的静态分析或者动态执行.对于Android程序,静态分析具有一定的局限性,而动态分析又忽略了APP执行时的遍历方式.因此,本文提出了基于GUI的Android自动化性能测试框架,将着重关注页面状态和APP状态的相关性.通过对页面的分析,聚合,尽可能遍历到APP的各个状态,然后从日志中,找出APP性能上的问题.本框架使用Java作为开发语言,搭建了Android移动软件自动化性能测试框架,并在开源社区F-Droid上随机抽取了移动应用软件进行实验.实验表明,该技术能更多的遍历APP的状态,发现APP在运行过程中出现的性能问题,取得良好的效果.