A license to practice software engineering

The enduring effort to infuse more engineering discipline into software development has brought several issues to the forefront: standards, best practices, and, perhaps the most controversial, licensing and certification. To get an update on this area, I spoke with an expert: Leonard Tripp, Boeing Technical Fellow and past president of the IEEE Computer Society.     

Don't judge a software license by its cover

Software licenses are of vital concern to vendors and users. Software vendors use contracts, called licenses, to make sure that their products are used in a way that will benefit them. Users want to know the conditions that licenses impose on software so they can buy software that meets their needs. Beyond this, however, licenses and their enforceability are not always a straightforward matter. Are you bound by the conditions of a license even if the license is inside a container of shrinkwrap software, and you can't see its terms until after you buy the product? What if you can't see the license until you load your software into your computer and its terms appear on the monitor? This is particularly an issue with software sold by phone or mail, or over the Internet. In some of these cases, buyers purchase only a serial number or security code that activates publicly accessible software. In many cases, buyers don't even receive a solid product. They receive only a stream of electrons that contains data, an application program, instructions, and license conditions. The thorny legal issues that these situations raise recently confronted the US Court of Appeals for the Seventh Circuit, which hears appeals of cases from US District Courts in Illinois, Indiana, and Wisconsin. The changing nature of the software business has raised questions about the enforceability of shrinkwrap licenses     

Automated merging of software prototypes

As software becomes more complex, more sophisticated development and maintenance methods are needed to ensure software quality. Computer-aided prototyping achieves this via quickly built and iteratively updated prototypes of the intended system. This process requires automated support for keeping track of many independent changes and for exploring different combinations of alternative changes and refinements. This article formalizes the update and change merging process, extends the idea to multiple changes to the same base prototype, and introduces a new method of slicing prototypes. Applications of this technology include automatic updating of different versions of existing software with changes made to the baseline version of the system, integrating changes made by different design teams during development, and checking consistency after integration of seemingly disjoint changes to the same software system.     

Automated software test data generation

An alternative approach to test-data generation based on actual execution of the program under test, function-minimization methods and dynamic data-flow analysis is presented. Test data are developed for the program using actual values of input variables. When the program is executed, the program execution flow is monitored. If during program execution an undesirable execution flow is observed then function-minimization search algorithms are used to automatically locate the values of input variables for which the selected path is traversed. In addition, dynamic data-flow analysis is used to determine those input variables responsible for the undesirable program behavior, significantly increasing the speed of the search process. The approach to generating test data is then extended to programs with dynamic data structures and a search method based on dynamic data-flow analysis and backtracking is presented. In the approach described, values of array indexes and pointers are known at each step of program execution; this information is used to overcome difficulties of array and pointer handling     

Automated software engineering: supporting understanding

The most important role for automation in software engineering is the support of human understanding. Some aspects of understanding and how it can be supported are discussed.     

Automated support for modeling OO software

We explore how automated tools might support the dynamic modeling phase of object oriented software development. We use the Object Modeling Technique as a guideline and notational basis, but in principle our approach is not tied to any particular OO methodology. We assume, however, that dynamic modeling exploits scenarios (as in OMT) describing examples of using the system being developed. Our techniques can easily be adopted for various scenario representations, such as sequence diagrams or collaboration diagrams in UML     

Managing license compliance in free and open source software development

License compliance in Free and Open Source Software development is a significant issue today and organizations using free and open source software are predominately focusing on this issue. The non-compliance to licenses in free and open source software development leads to the loss of reputation and the high costs of litigation for organizations. Towards an automated compliance management, we use the Open Digital Rights Language to implement the clauses of open source software licenses in a machine interpretable way and propose a novel algorithm that analyzes compatibility between free and open source software licenses. Also, we describe a framework that inductively manages compliance of license clauses in a free and open source software development. We simulate and evaluate the formalized license compliance management by analyzing a real-time open source software project GRASS.     

Automated structural analysis of SCR‐style software requirements specifications using PVS

The importance of effective requirements analysis techniques cannot be overemphasized when developing software requiring high levels of assurance. Requirements analysis can be largely classified as either structural or functional. The former investigates whether definitions and uses of variables and functions are consistent, while the latter addresses whether requirements accurately reflect users' needs. Verification of structural properties for large and complex software requirements is often repetitive, especially if requirements are subject to frequent changes. While inspection has been successfully applied to many industrial applications, the authors found inspection to be ineffective when reviewing requirements to find errors violating structural properties. Moreover, current tools used in requirements engineering provide only limited support in automatically enforcing structural correctness of the requirements. Such experience has motivated research to automate straightforward but tedious activities. This paper demonstrates that a theorem prover, PVS (Prototype Verification System), is useful in automatically verifying structural correctness of software requirements specifications written in SCR (Software Cost Reduction)‐style. Requirements are automatically translated into a semantically equivalent PVS specification. Users need not be experts in formal methods or power users of PVS. Structural properties to be proved are expressed in PVS theorems, and the PVS proof commands are used to carry out the proof automatically. Since these properties are application independent, the same verification procedure can be applied to requirements of various software systems. Copyright © 2001 John Wiley & Sons, Ltd.     

一种基于硬件特征和动态许可证的服务器端软件授权认证模型

软件版权保护是知识产权保护体系中的重要组成部分。针对目前传统的服务器端软件授权方式无法完全满足EULA要求的问题,基于硬件特征和独立授权管理服务器的架构,提出了支持动态许可证的分布式服务器端软件授权认证模型。该模型通过"强制特征验证和原子授权"的机制解决了软件版权保护、软件迁移的重新认证授权等问题,在可行性、安全性和完备性等方面均达到了EULA协议的要求。     

Automated training-set creation for software architecture traceability problem

Automated trace retrieval methods based on machine-learning algorithms can significantly reduce the cost and effort needed to create and maintain traceability links between requirements, architecture and source code. However, there is always an upfront cost to train such algorithms to detect relevant architectural information for each quality attribute in the code. In practice, training supervised or semi-supervised algorithms requires the expert to collect several files of architectural tactics that implement a quality requirement and train a learning method. Establishing such a training set can take weeks to months to complete. Furthermore, the effectiveness of this approach is largely dependent upon the knowledge of the expert. In this paper, we present three baseline approaches for the creation of training data. These approaches are (i) Manual Expert-Based, (ii) Automated Web-Mining, which generates training sets by automatically mining tactic’s APIs from technical programming websites, and lastly (iii) Automated Big-Data Analysis, which mines ultra-large scale code repositories to generate training sets. We compare the trace-link creation accuracy achieved using each of these three baseline approaches and discuss the costs and benefits associated with them. Additionally, in a separate study, we investigate the impact of training set size on the accuracy of recovering trace links. The results indicate that automated techniques can create a reliable training set for the problem of tracing architectural tactics.     

Automated policy generation for testing access control software

Access control systems (ACS) are a critical component of modern information technology systems and require rigorous testing. If the ACS has defects, then the deployment is not secure and is a threat to system security. Firewalls are an important example of an ACS, and formally verifying firewall systems has recently attracted attention. We present an automated software-testing tool, PG, for the production of firewall policies for use in firewall policy enforcement testing. PG utilizes a number of heuristic techniques to improve space coverage over traditional systems based on randomly generated firewall policies. An empirical study is presented demonstrating that PG generates firewall policies with superior coverage compared to traditional policy-generation techniques. The extension of PG beyond firewall systems to other ACS situations is outlined.     

面向安全苛求软件的测试用例自动生成*

测试用例的自动生成是验证安全苛求软件最关键的技术问题,然而目前的研究并没有充分考虑安全苛求软件的安全性需求,为此提出一种应用安全覆盖准则的安全苛求软件的测试用例自动生成策略,将该策略应用于铁路车站计算机连锁软件,并与全节点覆盖准则进行了比较。结果表明该策略对关键变迁有更高的安全性保证。     

Automated software synthesis: an application in mechanical CAD

Automated program synthesis has not gained widespread acceptance among software practitioners despite considerable efforts by several researchers. We outline some of the difficulties in applying program synthesis for practical problems and argue that a careful analysis of the cost vs. benefit tradeoff is essential when considering such an approach. We describe a successful application of automated program generation for synthesizing geometric constraint satisfaction routines in the domain of mechanical CAD. We present a general framework for modeling and solving the problem, illustrate the framework using examples from the geometric constraint satisfaction domain, and describe experimental results on productivity increase using this approach. We also discuss characteristics of the problem domain and our approach that were critical for success     

Automated assembly of Internet-scale software systems involving autonomous agents

On the Internet, there is a great amount of distributed software entities deployed independently and behaving autonomously. This paper describes an automated approach to constructing Internet-scale software systems based on autonomous software agents. In the approach, the systems are modeled by interconnected divisions and cooperative roles. The approach adopts a dynamic trial-and-evaluation strategy to select high quality autonomous agents to undertake the responsibilities of roles, and implements a special mobile agent, called delegate, carrying the interaction information specified for responsibilities of roles to facilitate the interoperations among autonomous agents. The experiments show that the approach is highly scalable and improves the overall qualities of systems remarkably.     

面向云测试的并行测试用例自动生成方法

为实现云计算环境下的高效软件测试,提出一种Web 应用系统功能测试的并行测试用例自动生成方法。该方法首先根据场景流图采用深度优先遍历算法生成并行测试路径,录制组合产生并行测试脚本,并进行参数化处理;然后,使用基于搜索的软件测试(SBST)方法自动生成可经过目标路径的有效测试数据集,脚本与数据耦合形成大量可并行部署的自动化测试用例。为验证方法的有效性设计了自动化云测试原型系统。实验结果表明,该并行测试用例自动生成方法可以高效地为云平台提供测试用例输入,提高测试效率。     

Automated framework for classification and selection of software design patterns

Though, Unified Modeling Language (UML), Ontology, and Text categorization approaches have been used to automate the classification and selection of design pattern(s). However, there are certain issues such as time and effort for formal specification of new patterns, system context-awareness, and lack of knowledge which needs to be addressed. We propose a framework (i.e. Three-phase method) to discuss these issues, which can aid novice developers to organize and select the correct design pattern(s) for a given design problem in a systematic way. Subsequently, we propose an evaluation model to gauge the efficacy of the proposed framework via certain unsupervised learning techniques. We performed three case studies to describe the working procedure of the proposed framework in the context of three widely used design pattern catalogs and 103 design problems. We find the significant results of Fuzzy c-means and Partition Around Medoids (PAM) as compared to other unsupervised learning techniques. The promising results encourage the applicability of the proposed framework in terms of design patterns organization and selection with respect to a given design problem.     

基于多态蚁群算法的测试用例自动生成*

提出了一种基于多态蚁群算法的测试数据自动生成方法。该方法使用二进制编码将输入数据转换为位串;然后在蚁群算法的基础上将蚁群分为三类,据其信息素的不同采用不同的移动准则,重点对侦察蚁和搜索蚁进行功能分析。将局部搜索与全局搜索结合起来,结合路径的相似度,缩小搜索空间;根据适应度函数确定最好路径,既解决局部最优化问题,又提高收敛效率。与基本蚁群算法对比,其结果显示该方法效率优于基本蚁群算法。     

基于蚁群算法的软件测试数据自动生成

提出了一种基于蚁群算法的测试数据自动生成方法。该方法采用位串形式编码,实现了被测程序输入空间到蚂蚁路径网络的映射模型。根据程序插装函数定义的路径信息素轨迹强度,蚂蚁进行群体协作搜索最佳路径,生成测试数据。在基本蚁群算法基础上,通过引入变异算子和自适应挥发系数,提高了蚂蚁路径的多样性,克服了早熟停滞的缺陷。和模拟退火遗传算法进行了对比实验研究,结果表明了该方法的可行性,生成测试数据的效率优于模拟退火遗传算法。     

基于免疫遗传算法的软件测试数据自动生成

提出了一种应用于软件测试中的基于免疫遗传算法（IGA）的软件测试数据自动生成的算法。该算法在传统的遗传算法中引入免疫算子,免疫算子其中包括获取疫苗、注射疫苗和免疫选择。实验结果表明,该算法的效果比传统的遗传算法效果好。