Pub Date : 2003-10-07DOI: 10.1109/ICSM.2003.1235416
T. Tourwé, T. Mens
In this paper, we show how elaborate support for framework-based software evolution can be provided based on explicit documentation of the hot spots of object-oriented application frameworks. Such support includes high-level transformations that guide a developer when instantiating applications from a framework by propagating the necessary changes, as well as application upgrading facilities based on these transformations. The approach relies on active declarative documentation of the design and evolution of the framework's hot spots, by means of metapatterns and their associated transformations.
{"title":"Automated support for framework-based software","authors":"T. Tourwé, T. Mens","doi":"10.1109/ICSM.2003.1235416","DOIUrl":"https://doi.org/10.1109/ICSM.2003.1235416","url":null,"abstract":"In this paper, we show how elaborate support for framework-based software evolution can be provided based on explicit documentation of the hot spots of object-oriented application frameworks. Such support includes high-level transformations that guide a developer when instantiating applications from a framework by propagating the necessary changes, as well as application upgrading facilities based on these transformations. The approach relies on active declarative documentation of the design and evolution of the framework's hot spots, by means of metapatterns and their associated transformations.","PeriodicalId":141256,"journal":{"name":"International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings.","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127791567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-10-07DOI: 10.1109/ICSM.2003.1235406
Amie L. Souter, D. Shepherd, L. Pollock
Often the code regions that are assigned for a maintenance task do not follow the modularization of the original application program, but instead include parts of code from many different units scattered throughout the application. In this paper, we investigate an approach to testing which we call concern-based testing, which leverages existing tools to help software maintainers identify the relevant code for their assigned task, their concern. The main contribution is a demonstration of the possible savings in test suite execution overhead and the increased precision in coverage information that can be obtained for a software maintainer if testing tasks are performed with respect to concerns. Based on a concern graph representation of the concern, a framework for guiding selective instrumentation for scalable coverage analysis is also presented.
{"title":"Testing with respect to concerns [software maintenance]","authors":"Amie L. Souter, D. Shepherd, L. Pollock","doi":"10.1109/ICSM.2003.1235406","DOIUrl":"https://doi.org/10.1109/ICSM.2003.1235406","url":null,"abstract":"Often the code regions that are assigned for a maintenance task do not follow the modularization of the original application program, but instead include parts of code from many different units scattered throughout the application. In this paper, we investigate an approach to testing which we call concern-based testing, which leverages existing tools to help software maintainers identify the relevant code for their assigned task, their concern. The main contribution is a demonstration of the possible savings in test suite execution overhead and the increased precision in coverage information that can be obtained for a software maintainer if testing tasks are performed with respect to concerns. Based on a concern graph representation of the concern, a framework for guiding selective instrumentation for scalable coverage analysis is also presented.","PeriodicalId":141256,"journal":{"name":"International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings.","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129276394","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-09-22DOI: 10.1109/ICSM.2003.1235403
M. Fischer, M. Pinzger, H. Gall
Version control and bug tracking systems contain large amounts of historical information that can give deep insight into the evolution of a software project. Unfortunately, these systems provide only insufficient support for a detailed analysis of software evolution aspects. We address this problem and introduce an approach for populating a release history database that combines version data with bug tracking data and adds missing data not covered by version control systems such as merge points. Then simple queries can be applied to the structured data to obtain meaningful views showing the evolution of a software project. Such views enable more accurate reasoning of evolutionary aspects and facilitate the anticipation of software evolution. We demonstrate our approach on the large open source project Mozilla that offers great opportunities to compare results and validate our approach.
{"title":"Populating a Release History Database from version control and bug tracking systems","authors":"M. Fischer, M. Pinzger, H. Gall","doi":"10.1109/ICSM.2003.1235403","DOIUrl":"https://doi.org/10.1109/ICSM.2003.1235403","url":null,"abstract":"Version control and bug tracking systems contain large amounts of historical information that can give deep insight into the evolution of a software project. Unfortunately, these systems provide only insufficient support for a detailed analysis of software evolution aspects. We address this problem and introduce an approach for populating a release history database that combines version data with bug tracking data and adds missing data not covered by version control systems such as merge points. Then simple queries can be applied to the structured data to obtain meaningful views showing the evolution of a software project. Such views enable more accurate reasoning of evolutionary aspects and facilitate the anticipation of software evolution. We demonstrate our approach on the large open source project Mozilla that offers great opportunities to compare results and validate our approach.","PeriodicalId":141256,"journal":{"name":"International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings.","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126818297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-09-22DOI: 10.1109/ICSM.2003.1235413
Charles Howell
When we build and maintain safety-, mission-, or security-critical systems, we are usually constrained by regulations and acquisition guidelines that requires us to provide a documented body of evidence that the system satisfies specified critical properties. In other words, we must construct an "assurance case" to convince the purchaser or user of the system's suitability or quality. However, in building such high-quality software and balancing many objectives, it has become painfully clear that the resulting software is brittle: small changes in the software itself; the hardware and software environment; or in its operational use, can have unexpected and significant (unwanted) effects. Unfortunately, assurance cases for software are often even more brittle than the software itself. This presentation will address the challenges we confront in preserving the quality of the assurance cases as we maintain the quality of the associated software. It is critical that we make progress in addressing these challenges as software continues to become a fundamental enabling technology for 21st-century society.
{"title":"The case for maintaining assurance cases","authors":"Charles Howell","doi":"10.1109/ICSM.2003.1235413","DOIUrl":"https://doi.org/10.1109/ICSM.2003.1235413","url":null,"abstract":"When we build and maintain safety-, mission-, or security-critical systems, we are usually constrained by regulations and acquisition guidelines that requires us to provide a documented body of evidence that the system satisfies specified critical properties. In other words, we must construct an \"assurance case\" to convince the purchaser or user of the system's suitability or quality. However, in building such high-quality software and balancing many objectives, it has become painfully clear that the resulting software is brittle: small changes in the software itself; the hardware and software environment; or in its operational use, can have unexpected and significant (unwanted) effects. Unfortunately, assurance cases for software are often even more brittle than the software itself. This presentation will address the challenges we confront in preserving the quality of the assurance cases as we maintain the quality of the associated software. It is critical that we make progress in addressing these challenges as software continues to become a fundamental enabling technology for 21st-century society.","PeriodicalId":141256,"journal":{"name":"International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings.","volume":"33 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114023996","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-09-22DOI: 10.1109/ICSM.2003.1235429
D. DaCosta, C. Dahn, S. Mancoridis, V. Prevelakis
Software maintainers and auditors would benefit from a tool to help them focus their attention on functions that are likely to be the source of security vulnerabilities. However, the existence of such a tool is predicated on the ability to characterize a function's 'security vulnerability likelihood'. Our hypothesis is that functions near a source of input are most likely to contain security vulnerability. These functions should be a small percentage of the total number of functions in the system. To validate this hypothesis, we performed an experiment involving thirty one vulnerabilities in thirty open source systems. This paper describes the experiment, its outcome, and the tools used to conduct it. It also describes the FLF (front line functions) finder, which is a tool that was developed using knowledge gathered from the outcome of the experiment. This tool automates the detection of high-risk functions. To demonstrate the effectiveness of the FLF finder, three open source applications with known vulnerabilities were tested. In addition to this test, a case study was performed on the privilege separation code in the OpenSSH server daemon.
{"title":"Characterizing the 'security vulnerability likelihood' of software functions","authors":"D. DaCosta, C. Dahn, S. Mancoridis, V. Prevelakis","doi":"10.1109/ICSM.2003.1235429","DOIUrl":"https://doi.org/10.1109/ICSM.2003.1235429","url":null,"abstract":"Software maintainers and auditors would benefit from a tool to help them focus their attention on functions that are likely to be the source of security vulnerabilities. However, the existence of such a tool is predicated on the ability to characterize a function's 'security vulnerability likelihood'. Our hypothesis is that functions near a source of input are most likely to contain security vulnerability. These functions should be a small percentage of the total number of functions in the system. To validate this hypothesis, we performed an experiment involving thirty one vulnerabilities in thirty open source systems. This paper describes the experiment, its outcome, and the tools used to conduct it. It also describes the FLF (front line functions) finder, which is a tool that was developed using knowledge gathered from the outcome of the experiment. This tool automates the detection of high-risk functions. To demonstrate the effectiveness of the FLF finder, three open source applications with known vulnerabilities were tested. In addition to this test, a case study was performed on the privilege separation code in the OpenSSH server daemon.","PeriodicalId":141256,"journal":{"name":"International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings.","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131479434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-09-22DOI: 10.1109/ICSM.2003.1235431
Amie L. Souter
Many different testing techniques have been proposed by researchers, but essentially only two main testing philosophies exist, black box and white box. There exist a number of different testing methods for structural testing of procedural languages. However, the features of object-oriented languages are not addressed by such techniques. The article explores a new structural testing technique for object-oriented systems by developing a testing methodology based on object manipulations and driven by the context of the program under test.
{"title":"Context-driven testing of object-oriented systems","authors":"Amie L. Souter","doi":"10.1109/ICSM.2003.1235431","DOIUrl":"https://doi.org/10.1109/ICSM.2003.1235431","url":null,"abstract":"Many different testing techniques have been proposed by researchers, but essentially only two main testing philosophies exist, black box and white box. There exist a number of different testing methods for structural testing of procedural languages. However, the features of object-oriented languages are not addressed by such techniques. The article explores a new structural testing technique for object-oriented systems by developing a testing methodology based on object manipulations and driven by the context of the program under test.","PeriodicalId":141256,"journal":{"name":"International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings.","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124721263","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-09-22DOI: 10.1109/ICSM.2003.1235427
A. V. Knethen, M. Grund
Cost estimation of changes to software systems is often inaccurate and implementation of changes is time consuming, cost intensive, and error prone. One reason for these problems is that relationships between documentation entities (e.g., between different requirements) are not documented at all or only incompletely. In this paper, we describe a constructive approach to support later changes to software systems. Our approach consists of a traceability technique and a supporting tool environment. The tracing approach describes which traces should be established in which way. The proposed tool environment supports the application of the guidelines in a concrete development context. The tool environment integrates two existing tools: a requirements management tool (i.e., RequisitePro) and a CASE tool (i.e., Rhapsody). Our approach allows traces to be established, analyzed, and maintained effectively and efficiently.
{"title":"QuaTrace: a tool environment for (semi-) automatic impact analysis based on traces","authors":"A. V. Knethen, M. Grund","doi":"10.1109/ICSM.2003.1235427","DOIUrl":"https://doi.org/10.1109/ICSM.2003.1235427","url":null,"abstract":"Cost estimation of changes to software systems is often inaccurate and implementation of changes is time consuming, cost intensive, and error prone. One reason for these problems is that relationships between documentation entities (e.g., between different requirements) are not documented at all or only incompletely. In this paper, we describe a constructive approach to support later changes to software systems. Our approach consists of a traceability technique and a supporting tool environment. The tracing approach describes which traces should be established in which way. The proposed tool environment supports the application of the guidelines in a concrete development context. The tool environment integrates two existing tools: a requirements management tool (i.e., RequisitePro) and a CASE tool (i.e., Rhapsody). Our approach allows traces to be established, analyzed, and maintained effectively and efficiently.","PeriodicalId":141256,"journal":{"name":"International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings.","volume":"16 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132989243","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-09-22DOI: 10.1109/ICSM.2003.1235407
A. Capiluppi
Software evolution and maintenance is largely based on data gathered through years of experience: understanding and improving software is often a matter of how much data is available. Open source software offers the opportunity to analyze closely all the phases in the evolution of a project. What's more, data regarding its evolution is generally available for inspections. Based on simply code analyses, lots of questions about its efficiencies can't be resolved. It would be necessary to study the process from the inside, understanding who or what drove what improvement and so on. Still a quantitative analysis gives several insights about how much code is created and evolved by developers. This study takes a sample of 12 open source projects and gives some statistics to analyze their evolution. The purpose is here to compare what is commonly know in software evolution in traditional environments, and what happens instead in open environments.
{"title":"Models for the evolution of OS projects","authors":"A. Capiluppi","doi":"10.1109/ICSM.2003.1235407","DOIUrl":"https://doi.org/10.1109/ICSM.2003.1235407","url":null,"abstract":"Software evolution and maintenance is largely based on data gathered through years of experience: understanding and improving software is often a matter of how much data is available. Open source software offers the opportunity to analyze closely all the phases in the evolution of a project. What's more, data regarding its evolution is generally available for inspections. Based on simply code analyses, lots of questions about its efficiencies can't be resolved. It would be necessary to study the process from the inside, understanding who or what drove what improvement and so on. Still a quantitative analysis gives several insights about how much code is created and evolved by developers. This study takes a sample of 12 open source projects and gives some statistics to analyze their evolution. The purpose is here to compare what is commonly know in software evolution in traditional environments, and what happens instead in open environments.","PeriodicalId":141256,"journal":{"name":"International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings.","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126621267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-09-22DOI: 10.1109/ICSM.2003.1235432
B. Mitchell
This paper provides an overview of the author's Ph.D. thesis (2002). The primary contribution of this research involved developing techniques to extract architectural information about a system directly from its source code. To accomplish this objective a series of software clustering algorithms were developed. These algorithms use metaheuristic search techniques to partition a directed graph generated from the entities and relations in the source code into subsystems. Determining the optimal solution to this problem was shown to be NP-hard, thus significant emphasis was placed on finding solutions that were regarded as "good enough" quickly. Several evaluation techniques were developed to gauge solution quality, and all of the software clustering tools created to support this work was made available for download over the Internet.
{"title":"A heuristic approach to solving the software clustering problem","authors":"B. Mitchell","doi":"10.1109/ICSM.2003.1235432","DOIUrl":"https://doi.org/10.1109/ICSM.2003.1235432","url":null,"abstract":"This paper provides an overview of the author's Ph.D. thesis (2002). The primary contribution of this research involved developing techniques to extract architectural information about a system directly from its source code. To accomplish this objective a series of software clustering algorithms were developed. These algorithms use metaheuristic search techniques to partition a directed graph generated from the entities and relations in the source code into subsystems. Determining the optimal solution to this problem was shown to be NP-hard, thus significant emphasis was placed on finding solutions that were regarded as \"good enough\" quickly. Several evaluation techniques were developed to gauge solution quality, and all of the software clustering tools created to support this work was made available for download over the Internet.","PeriodicalId":141256,"journal":{"name":"International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings.","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133761603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2003-09-22DOI: 10.1109/ICSM.2003.1235440
P. Linos, C. Bailey-Kellogg
We discuss a service-learning program called EPICS (engineering projects in community service). More specifically, we describe an effort to incorporate EPICS within computer science and computer engineering curricula at Purdue University and Butler University, respectively.
{"title":"Service learning in software engineering and maintenance","authors":"P. Linos, C. Bailey-Kellogg","doi":"10.1109/ICSM.2003.1235440","DOIUrl":"https://doi.org/10.1109/ICSM.2003.1235440","url":null,"abstract":"We discuss a service-learning program called EPICS (engineering projects in community service). More specifically, we describe an effort to incorporate EPICS within computer science and computer engineering curricula at Purdue University and Butler University, respectively.","PeriodicalId":141256,"journal":{"name":"International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings.","volume":"41 9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122872228","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: