Pub Date : 2024-09-17DOI: 10.1007/s11219-024-09696-y
Anderson Uchôa, Rafael de Mello, Jairo Souza, Leopoldo Teixeira, Baldoino Fonseca, Alessandro Garcia
Gamification promotes user engagement with software features through the incorporation of game elements and rules. Gamification is often incorporated a posteriori into already existing systems. Success in gamifying an existing system depends on careful planning and the evolution of its previously produced software artifacts. This is particularly true for artifacts produced in the earliest development phases, such as the requirements specification. Incorporating game elements and rules into an existing system is far from trivial. Developers eventually struggle with performing certain development activities, such as evolving existing requirements and selecting game elements and game rules. This paper reports our practical experience in gamifying an existing system. Based on this experience, we introduce Gamify4Fun, a method that aims to assist developers in performing some key activities to gamify existing systems. We built Gamify4Fun based on the experience of 15 developers involved with the gamification of an existing healthcare system. We started by adopting an original method aimed at gamifying systems being built from scratch. As we needed to adapt the original method for supporting the particularities of gamifying a previously developed system, we refined the original method’s development activities and their respective phases. We also interviewed the developers to capture their perception of challenging development activities through gamification. The interviews’ outcomes guided some further refinements to the original method. Gamify4Fun supports the gamification of existing systems at the earliest development phases: from the preparation of the system gamification to both the gamification and system design. We refined the development activities of the original method as much as needed; we also used or adapted the activities prescribed by other methods from the literature, in the context of gamification from scratch, to fill gaps whenever necessary. By reporting our practical experience and introducing a gamification method, we expect to guide development teams in gamifying their existing systems, as well as shed insights about the current, unaddressed limitations of existing approaches (including ours) to gamifying existing systems.
{"title":"Towards effective gamification of existing systems: method and experience report","authors":"Anderson Uchôa, Rafael de Mello, Jairo Souza, Leopoldo Teixeira, Baldoino Fonseca, Alessandro Garcia","doi":"10.1007/s11219-024-09696-y","DOIUrl":"https://doi.org/10.1007/s11219-024-09696-y","url":null,"abstract":"<p>Gamification promotes user engagement with software features through the incorporation of game elements and rules. Gamification is often incorporated a <i>posteriori</i> into already existing systems. Success in gamifying an existing system depends on careful planning and the evolution of its previously produced software artifacts. This is particularly true for artifacts produced in the earliest development phases, such as the requirements specification. Incorporating game elements and rules into an existing system is far from trivial. Developers eventually struggle with performing certain development activities, such as evolving existing requirements and selecting game elements and game rules. This paper reports our practical experience in gamifying an existing system. Based on this experience, we introduce Gamify4Fun, a method that aims to assist developers in performing some key activities to gamify existing systems. We built Gamify4Fun based on the experience of 15 developers involved with the gamification of an existing healthcare system. We started by adopting an original method aimed at gamifying systems being built from scratch. As we needed to adapt the original method for supporting the particularities of gamifying a previously developed system, we refined the original method’s development activities and their respective phases. We also interviewed the developers to capture their perception of challenging development activities through gamification. The interviews’ outcomes guided some further refinements to the original method. Gamify4Fun supports the gamification of existing systems at the earliest development phases: from the preparation of the system gamification to both the gamification and system design. We refined the development activities of the original method as much as needed; we also used or adapted the activities prescribed by other methods from the literature, in the context of gamification from scratch, to fill gaps whenever necessary. By reporting our practical experience and introducing a gamification method, we expect to guide development teams in gamifying their existing systems, as well as shed insights about the current, unaddressed limitations of existing approaches (including ours) to gamifying existing systems.</p>","PeriodicalId":21827,"journal":{"name":"Software Quality Journal","volume":"208 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142252096","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Bug reports play an important role in the software development and maintenance process. As the eye of a bug report, a concise and fluent title is always preferred and expected by developers as it could help them quickly seize the problem point and make better decisions in handling the bugs. However, in practice, not all titles filled by bug reporters are found to be of high quality; some may not carry essential bug-related information, and some may be hard to understand or contain extra noise. With the aim to reduce the burden of bug reporters and ease developers’ life in handling bugs, we propose a deep learning-based technique named KeyTitle, to automatically generate a title for a given bug report. KeyTitle formulates the title generation problem as a one-sentence summarization task. It could be viewed as a Seq2Seq generation model (which generally directly generates target text based on source text) that incorporates keywords planning. Specifically, within KeyTitle, a transformer-based encoder-decoder model is enforced to generate a chain of keywords first from the detailed textual problem description, and then generate the target title by considering both these keywords and description content. Experiments over three large bug datasets collected from GitHub, Eclipse, and Apache shows that KeyTitle could outperform state-of-art title generation models relatively by up to 8.9-18.2(%), 11.4-30.4(%), and 13.0-18.0(%) in terms of ROUGE-1, ROUGE-2, and ROUGE-L F1-scores; the titles generated by KeyTitle are also found to be better in terms of Relevance, Accuracy, Conciseness, Fluency in human evaluation. Besides generating titles from textual descriptions, KeyTitle is also found to have great potential in generating titles based on just a few keywords, a task that also has much value in bug reporting/handling practice.
{"title":"KeyTitle: towards better bug report title generation by keywords planning","authors":"Qianshuang Meng, Weiqin Zou, Biyu Cai, Jingxuan Zhang","doi":"10.1007/s11219-024-09695-z","DOIUrl":"https://doi.org/10.1007/s11219-024-09695-z","url":null,"abstract":"<p>Bug reports play an important role in the software development and maintenance process. As the eye of a bug report, a concise and fluent title is always preferred and expected by developers as it could help them quickly seize the problem point and make better decisions in handling the bugs. However, in practice, not all titles filled by bug reporters are found to be of high quality; some may not carry essential bug-related information, and some may be hard to understand or contain extra noise. With the aim to reduce the burden of bug reporters and ease developers’ life in handling bugs, we propose a deep learning-based technique named KeyTitle, to automatically generate a title for a given bug report. KeyTitle formulates the title generation problem as a one-sentence summarization task. It could be viewed as a Seq2Seq generation model (which generally directly generates target text based on source text) that incorporates keywords planning. Specifically, within KeyTitle, a transformer-based encoder-decoder model is enforced to generate a chain of keywords first from the detailed textual problem description, and then generate the target title by considering both these keywords and description content. Experiments over three large bug datasets collected from GitHub, Eclipse, and Apache shows that KeyTitle could outperform state-of-art title generation models relatively by up to 8.9-18.2<span>(%)</span>, 11.4-30.4<span>(%)</span>, and 13.0-18.0<span>(%)</span> in terms of ROUGE-1, ROUGE-2, and ROUGE-L F1-scores; the titles generated by KeyTitle are also found to be better in terms of Relevance, Accuracy, Conciseness, Fluency in human evaluation. Besides generating titles from textual descriptions, KeyTitle is also found to have great potential in generating titles based on just a few keywords, a task that also has much value in bug reporting/handling practice.</p>","PeriodicalId":21827,"journal":{"name":"Software Quality Journal","volume":"160 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142188311","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-13DOI: 10.1007/s11219-024-09694-0
Daniel de Paula Porto, Sandra Camargo Pinto Ferraz Fabbri, Fabiano Cutigi Ferrari
Context: Improving software quality is a constant challenge in Software Engineering. One way to improve quality is to use gamification in software development activities. Purpose: This paper presents a framework and a set of strategies called GSA to gamify software development activities. Methods: Using action research as a methodology, we conduct three action research cycles. This paper presents the third action research cycle in which gamification was applied to reduce the number of faults in requirements and improve the quality of the projects. Results: The experimental study showed that the GSA framework introduced gamification into the company to reduce the number of requirements faults. However, the results were inconclusive due to the projects being in their first sprints, and possibly due to the COVID-19 pandemic. Conclusion: Despite the inconclusive results, the authors believe that the GSA framework is suitable for replication in other companies and software quality improvement contexts. They also present insights and lessons learned throughout the experimental studies on applying gamification in the software development process.
{"title":"Getting into the game: gamifying software development with the GSA framework","authors":"Daniel de Paula Porto, Sandra Camargo Pinto Ferraz Fabbri, Fabiano Cutigi Ferrari","doi":"10.1007/s11219-024-09694-0","DOIUrl":"https://doi.org/10.1007/s11219-024-09694-0","url":null,"abstract":"<p>Context: Improving software quality is a constant challenge in Software Engineering. One way to improve quality is to use gamification in software development activities. Purpose: This paper presents a framework and a set of strategies called GSA to gamify software development activities. Methods: Using action research as a methodology, we conduct three action research cycles. This paper presents the third action research cycle in which gamification was applied to reduce the number of faults in requirements and improve the quality of the projects. Results: The experimental study showed that the GSA framework introduced gamification into the company to reduce the number of requirements faults. However, the results were inconclusive due to the projects being in their first sprints, and possibly due to the COVID-19 pandemic. Conclusion: Despite the inconclusive results, the authors believe that the GSA framework is suitable for replication in other companies and software quality improvement contexts. They also present insights and lessons learned throughout the experimental studies on applying gamification in the software development process.</p>","PeriodicalId":21827,"journal":{"name":"Software Quality Journal","volume":"23 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142188458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-08-02DOI: 10.1007/s11219-024-09688-y
Hina Saeeda, Muhammad Ovais Ahmad, Tomas Gustavsson
Agile methodologies have emerged as transformative paradigms in the ever-evolving software development landscape, emphasizing iterative development, customer collaboration, and adaptability. As the scope and complexity of projects and organizations expand, applying agile principles within the context of Large-Scale Agile Development (LSAD) encounters distinctive challenges. The majority of challenges encountered in LSAD, technical and non-technical, are attributed to the accrual of social debt. However, a conspicuous gap remains in understanding and addressing social debt in LSAD. This study aims to fill this void by investigating social debt in LSAD through an in-depth industrial case study with a leading Nordic company specializing in telecommunications software and services and focusing on producing secure 5G network solutions. The study investigates the causes of LSAD’s social debt and examines its impacts on secure 5G telecom software development. By addressing these objectives, this research sheds light on a critical aspect of LSAD’s social debt, caused by 3C challenges(communication, coordination and collaboration), social confines challenges, community smells challenges, and organisational social challenges in the telecom sector that have been underrepresented in the existing literature.
{"title":"Navigating social debt and its link with technical debt in large-scale agile software development projects","authors":"Hina Saeeda, Muhammad Ovais Ahmad, Tomas Gustavsson","doi":"10.1007/s11219-024-09688-y","DOIUrl":"https://doi.org/10.1007/s11219-024-09688-y","url":null,"abstract":"<p>Agile methodologies have emerged as transformative paradigms in the ever-evolving software development landscape, emphasizing iterative development, customer collaboration, and adaptability. As the scope and complexity of projects and organizations expand, applying agile principles within the context of Large-Scale Agile Development (LSAD) encounters distinctive challenges. The majority of challenges encountered in LSAD, technical and non-technical, are attributed to the accrual of social debt. However, a conspicuous gap remains in understanding and addressing social debt in LSAD. This study aims to fill this void by investigating social debt in LSAD through an in-depth industrial case study with a leading Nordic company specializing in telecommunications software and services and focusing on producing secure 5G network solutions. The study investigates the causes of LSAD’s social debt and examines its impacts on secure 5G telecom software development. By addressing these objectives, this research sheds light on a critical aspect of LSAD’s social debt, caused by 3C challenges(communication, coordination and collaboration), social confines challenges, community smells challenges, and organisational social challenges in the telecom sector that have been underrepresented in the existing literature.</p>","PeriodicalId":21827,"journal":{"name":"Software Quality Journal","volume":"48 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-08-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141884540","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-27DOI: 10.1007/s11219-024-09690-4
Alberto Gordillo, Coral Calero, Mª Ángeles Moraga, Félix García, João Paulo Fernandes, Rui Abreu, João Saraiva
Software is developed using programming languages whose choice is made based on a wide range of criteria, but it should be noted that the programming language selected can affect the quality of the software product. In this paper, we focus on analysing the differences in energy consumption when running certain algorithms that have been developed using different programming languages. Therefore, we focus on the software quality from the perspective of greenability, in concrete in the aspects related to energy efficiency. For this purpose, this study has conducted an empirical investigation about the most suitable programming languages from an energy efficiency perspective using a hardware-based consumption measurement instrument that obtains real data about energy consumption. The study builds upon a previous study in which energy efficiency of PL were ranked using a software-based approach where the energy consumption is an estimation. As a result, no significant differences are obtained between two approaches, in terms of ranking the PL. However, if it is required to have a more realistic knowledge of consumption, it is necessary to use hardware approaches. Furthermore, the hardware approach provides information about the energy consumption of specific DUT hardware components, such as, HDD, graphics card, and processor, and a ranking for each of component is elaborated. This can provide useful information to make a more informed decision on the choice of a PL, depending on several factors, such as the type of algorithms to be implemented, or the effects on power consumption not only in overall, but also depending on specific DUT hardware components.
{"title":"Programming languages ranking based on energy measurements","authors":"Alberto Gordillo, Coral Calero, Mª Ángeles Moraga, Félix García, João Paulo Fernandes, Rui Abreu, João Saraiva","doi":"10.1007/s11219-024-09690-4","DOIUrl":"https://doi.org/10.1007/s11219-024-09690-4","url":null,"abstract":"<p>Software is developed using programming languages whose choice is made based on a wide range of criteria, but it should be noted that the programming language selected can affect the quality of the software product. In this paper, we focus on analysing the differences in energy consumption when running certain algorithms that have been developed using different programming languages. Therefore, we focus on the software quality from the perspective of greenability, in concrete in the aspects related to energy efficiency. For this purpose, this study has conducted an empirical investigation about the most suitable programming languages from an energy efficiency perspective using a hardware-based consumption measurement instrument that obtains real data about energy consumption. The study builds upon a previous study in which energy efficiency of PL were ranked using a software-based approach where the energy consumption is an estimation. As a result, no significant differences are obtained between two approaches, in terms of ranking the PL. However, if it is required to have a more realistic knowledge of consumption, it is necessary to use hardware approaches. Furthermore, the hardware approach provides information about the energy consumption of specific DUT hardware components, such as, HDD, graphics card, and processor, and a ranking for each of component is elaborated. This can provide useful information to make a more informed decision on the choice of a PL, depending on several factors, such as the type of algorithms to be implemented, or the effects on power consumption not only in overall, but also depending on specific DUT hardware components.</p>","PeriodicalId":21827,"journal":{"name":"Software Quality Journal","volume":"354 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-07-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141780755","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-22DOI: 10.1007/s11219-024-09693-1
Jiaxuan Han, Cheng Huang, Jiayong Liu
Automated software bug localization is a significant technology to improve the efficiency of software repair and ensure software quality while promoting the software ecosystem’s stable development. The main objective is to address the semantic matching problem between bug reports and source codes. The appearance of the Transformer structure provides us with a new idea to solve this problem. Transformer-based deep learning models can provide accurate semantic matching results but with a considerable cost (e.g., time). In this paper, we propose a fast and accurate bug localization method named bjEnet based on natural language semantic matching. bjEnet utilizes a pre-trained code language model to transform source codes into code summaries. Then, a code filtering mechanism is employed to exclude source codes unrelated to bug reports, thereby reducing the number of source codes that need to be combined with bug reports for correlation evaluation. Finally, bjEnet uses a BERT-based cross-encoder to localize bugs in the natural language semantic space. The experimental results show that bjEnet is superior to state-of-the-art methods, with an average time to localize a bug report of less than 1 second.
{"title":"bjEnet: a fast and accurate software bug localization method in natural language semantic space","authors":"Jiaxuan Han, Cheng Huang, Jiayong Liu","doi":"10.1007/s11219-024-09693-1","DOIUrl":"https://doi.org/10.1007/s11219-024-09693-1","url":null,"abstract":"<p>Automated software bug localization is a significant technology to improve the efficiency of software repair and ensure software quality while promoting the software ecosystem’s stable development. The main objective is to address the semantic matching problem between bug reports and source codes. The appearance of the Transformer structure provides us with a new idea to solve this problem. Transformer-based deep learning models can provide accurate semantic matching results but with a considerable cost (e.g., time). In this paper, we propose a fast and accurate bug localization method named bjEnet based on natural language semantic matching. bjEnet utilizes a pre-trained code language model to transform source codes into code summaries. Then, a code filtering mechanism is employed to exclude source codes unrelated to bug reports, thereby reducing the number of source codes that need to be combined with bug reports for correlation evaluation. Finally, bjEnet uses a BERT-based cross-encoder to localize bugs in the natural language semantic space. The experimental results show that bjEnet is superior to state-of-the-art methods, with an average time to localize a bug report of less than 1 second.</p>","PeriodicalId":21827,"journal":{"name":"Software Quality Journal","volume":"18 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141740914","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Software aging refers to the performance degradation and failure crash phenomena in long-running systems. As a proactive remedy, software rejuvenation can be scheduled timely to mitigate aging effects. Inescapably, how to accurately predict the time to aging failure (TTAF) of software is a prerequisite for implementing effective rejuvenation. However, the characterization of software aging is relatively complicated, leading to the selection of aging indicators case by case, which means that only fitting the variation trend of a single indicator for prediction models to formulate a rejuvenation schedule may be limited. To fill this gap, this paper proposes a novel framework called TTAFPred, which directly constructs the direct mapping relationships between the software aging process considering multiple system indicators and TTAF. Specifically, this framework includes three parts, i.e., data preprocessing, software degradation feature extraction, and TTAF prediction modules. First, the raw data is processed into the input form required by the network. Secondly, a temporal relationship extraction stream integrating bidirectional gated recurrent unit (BiGRU) with attention mechanism is used to extract temporal features from raw inputs. Synchronously, a spatial relationships extraction stream is adopted to extract the spatial features for enhancing the representation ability of degraded features by using the multi-scale one-dimensional convolutional neural network (1DCNN) with the residual connection. Then, extracted temporal-spatial features from the two streams are further fused. Finally, two fully-connected layers are constructed to estimate the TTAF. The experiments are performed on two mainstream software systems (OpenStack and Android), and four sets of real run-to-failure data for each software system are collected. The effectiveness of the proposed TTAFPred is verified through extensive experiments with its seven competing models, and the prediction performance can be improved by 9.1%, 8.0%, and 8.0%, respectively, in terms of three evaluation metrics, compared to the best baseline model.
{"title":"TTAFPred: Prediction of time to aging failure for software systems based on a two-stream multi-scale features fusion network","authors":"Kai Jia, Xiao Yu, Chen Zhang, Wenzhi Xie, Dongdong Zhao, Jianwen Xiang","doi":"10.1007/s11219-024-09692-2","DOIUrl":"https://doi.org/10.1007/s11219-024-09692-2","url":null,"abstract":"<p>Software aging refers to the performance degradation and failure crash phenomena in long-running systems. As a proactive remedy, software rejuvenation can be scheduled timely to mitigate aging effects. Inescapably, how to accurately predict the time to aging failure (TTAF) of software is a prerequisite for implementing effective rejuvenation. However, the characterization of software aging is relatively complicated, leading to the selection of aging indicators case by case, which means that only fitting the variation trend of a single indicator for prediction models to formulate a rejuvenation schedule may be limited. To fill this gap, this paper proposes a novel framework called TTAFPred, which directly constructs the direct mapping relationships between the software aging process considering multiple system indicators and TTAF. Specifically, this framework includes three parts, i.e., data preprocessing, software degradation feature extraction, and TTAF prediction modules. First, the raw data is processed into the input form required by the network. Secondly, a temporal relationship extraction stream integrating bidirectional gated recurrent unit (BiGRU) with attention mechanism is used to extract temporal features from raw inputs. Synchronously, a spatial relationships extraction stream is adopted to extract the spatial features for enhancing the representation ability of degraded features by using the multi-scale one-dimensional convolutional neural network (1DCNN) with the residual connection. Then, extracted temporal-spatial features from the two streams are further fused. Finally, two fully-connected layers are constructed to estimate the TTAF. The experiments are performed on two mainstream software systems (OpenStack and Android), and four sets of real run-to-failure data for each software system are collected. The effectiveness of the proposed TTAFPred is verified through extensive experiments with its seven competing models, and the prediction performance can be improved by 9.1%, 8.0%, and 8.0%, respectively, in terms of three evaluation metrics, compared to the best baseline model.</p>","PeriodicalId":21827,"journal":{"name":"Software Quality Journal","volume":"28 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141740915","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-07-20DOI: 10.1007/s11219-024-09691-3
Jiaqi Yin, Yuan Fei
Traditional IoT authentication methods, often centralized and reliant on a Trusted Third Party (TTP), face issues like high communication costs and vulnerability to data loss. Blockchain-based Internet of Things (IoT) authentication can effectively solve the problems brought by traditional IoT authentication. Because the authentication schemes are usually deployed on a large number of IoT devices it would be extremely expensive when there are issues to be fixed after the authentication schemes is deployed. Performing verification early at design time can alleviate this problem. To focus on these requirements, this article proposes a formal verification framework for blockchain-based IoT authentication (FVF-BIoT). Specifically, we design data type mapping and the conversion of elements in smart contracts for the authentication. Then we formalize the smart contracts into formal models in the interactive theorem prover Coq. Several algorithms are presented for the conversion of the smart contracts and the generation of examples. Examples and security properties related to contracts are described in the form of theorems, which are also proved by Coq. Through a case study, we not only demonstrate the effectiveness of the FVF-BIoT framework in ensuring the security and reliability of blockchain technology for IoT authentication but also highlight its innovative integration of formal verification processes. This distinctly addresses the previously unmet need for rigorous, mathematically proven security validations in the design and deployment of blockchain-based IoT authentication methods.
{"title":"FVF-BIoT: a formal verification framework for blockchain-based IoT authentication","authors":"Jiaqi Yin, Yuan Fei","doi":"10.1007/s11219-024-09691-3","DOIUrl":"https://doi.org/10.1007/s11219-024-09691-3","url":null,"abstract":"<p>Traditional IoT authentication methods, often centralized and reliant on a Trusted Third Party (TTP), face issues like high communication costs and vulnerability to data loss. Blockchain-based Internet of Things (IoT) authentication can effectively solve the problems brought by traditional IoT authentication. Because the authentication schemes are usually deployed on a large number of IoT devices it would be extremely expensive when there are issues to be fixed after the authentication schemes is deployed. Performing verification early at design time can alleviate this problem. To focus on these requirements, this article proposes a formal verification framework for blockchain-based IoT authentication (FVF-BIoT). Specifically, we design data type mapping and the conversion of elements in smart contracts for the authentication. Then we formalize the smart contracts into formal models in the interactive theorem prover Coq. Several algorithms are presented for the conversion of the smart contracts and the generation of examples. Examples and security properties related to contracts are described in the form of theorems, which are also proved by Coq. Through a case study, we not only demonstrate the effectiveness of the FVF-BIoT framework in ensuring the security and reliability of blockchain technology for IoT authentication but also highlight its innovative integration of formal verification processes. This distinctly addresses the previously unmet need for rigorous, mathematically proven security validations in the design and deployment of blockchain-based IoT authentication methods.</p>","PeriodicalId":21827,"journal":{"name":"Software Quality Journal","volume":"11 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141740916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Metamorphic testing emerged as a solution to the Oracle problem, with its foundation deeply rooted in the concept of Metamorphic Relations (MRs). Researchers have made an intriguing discovery that certain diverse MRs exhibit similar fault detection capabilities as the test oracle. However, defining the criteria for diverse MRs has posed a challenge. Traditional metrics like Mutation Score (MS) and Fault Detection Rate (FDR) fail to assess the diversity of MRs. This paper introduces the MUT Model as a foundational framework for analyzing the "MR Diversity" between a pair of MRs. The word "diversity" in this paper pertains to the differences in the types of faults that two MRs are inclined to detect. The experimental findings indicate that by harnessing posterior knowledge, specifically by analyzing the MUT Model, it is possible to derive prior knowledge that can aid in the construction of Metamorphic Relations. Most importantly, the MUT Model may draw conclusions that violate intuition, exposing more details of the core essence of MR Diversity. Moreover, the concept of MR Diversity serves as a basis for MR selection, resulting in enhanced fault detection capabilities compared to the conventional MS-based approach. Additionally, it offers valuable insights into the construction of composite metamorphic relations, with the goal of amplifying their fault detection abilities beyond those of their individual MR components.
{"title":"MUT Model: a metric for characterizing metamorphic relations diversity","authors":"Xiaodong Xie, Zhehao Li, Jinfu Chen, Yue Zhang, Xiangxiang Wang, Patrick Kwaku Kudjo","doi":"10.1007/s11219-024-09689-x","DOIUrl":"https://doi.org/10.1007/s11219-024-09689-x","url":null,"abstract":"<p>Metamorphic testing emerged as a solution to the Oracle problem, with its foundation deeply rooted in the concept of Metamorphic Relations (MRs). Researchers have made an intriguing discovery that certain diverse MRs exhibit similar fault detection capabilities as the test oracle. However, defining the criteria for diverse MRs has posed a challenge. Traditional metrics like Mutation Score (MS) and Fault Detection Rate (FDR) fail to assess the diversity of MRs. This paper introduces the MUT Model as a foundational framework for analyzing the \"MR Diversity\" between a pair of MRs. The word \"diversity\" in this paper pertains to the differences in the types of faults that two MRs are inclined to detect. The experimental findings indicate that by harnessing posterior knowledge, specifically by analyzing the MUT Model, it is possible to derive prior knowledge that can aid in the construction of Metamorphic Relations. Most importantly, the MUT Model may draw conclusions that violate intuition, exposing more details of the core essence of MR Diversity. Moreover, the concept of MR Diversity serves as a basis for MR selection, resulting in enhanced fault detection capabilities compared to the conventional MS-based approach. Additionally, it offers valuable insights into the construction of composite metamorphic relations, with the goal of amplifying their fault detection abilities beyond those of their individual MR components.</p>","PeriodicalId":21827,"journal":{"name":"Software Quality Journal","volume":"31 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141722283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Code smell is a symptom of decisions about the system design or code that may degrade its modularity. For example, they may indicate inheritance misuse, excessive coupling and size. When two or more code smells occur in the same snippet of code, they form a code smell agglomeration. Few studies evaluate how agglomerations may impact code modularity. In this work, we evaluate which aspects of modularity are being hindered by agglomerations. This way, we can support practitioners in improving their code, by refactoring the code involved with code smell agglomeration that was found as harmful to the system modularity. We analyze agglomerations composed of four types of code smells: Large Class, Long Method, Feature Envy, and Refused Bequest. We then conduct a comparison study between 20 systems mined from the Qualita Corpus dataset with 10 systems mined from GitHub. In total, we analyzed 1789 agglomerations in 30 software projects, from both repositories: Qualita Corpus and GitHub. We rely on frequent itemset mining and non-parametric hypothesis testing for our analysis. Agglomerations formed by two or more Feature Envy smells have a significant frequency in the source code for both repositories. Agglomerations formed by different smell types impact the modularity more than classes with only one smell type and classes without smells. For some metrics, when Large Class appears alone, it has a significant and large impact when compared to classes that have two or more method-level smells of the same type. We have identified which agglomerations are more frequent in the source code, and how they may impact the code modularity. Consequently, we provide supporting evidence of which agglomerations developers should refactor to improve the code modularity.
{"title":"An exploratory evaluation of code smell agglomerations","authors":"Amanda Santana, Eduardo Figueiredo, Juliana Alves Pereira, Alessandro Garcia","doi":"10.1007/s11219-024-09680-6","DOIUrl":"https://doi.org/10.1007/s11219-024-09680-6","url":null,"abstract":"<p>Code smell is a symptom of decisions about the system design or code that may degrade its modularity. For example, they may indicate inheritance misuse, excessive coupling and size. When two or more code smells occur in the same snippet of code, they form a code smell agglomeration. Few studies evaluate how agglomerations may impact code modularity. In this work, we evaluate which aspects of modularity are being hindered by agglomerations. This way, we can support practitioners in improving their code, by refactoring the code involved with code smell agglomeration that was found as harmful to the system modularity. We analyze agglomerations composed of four types of code smells: Large Class, Long Method, Feature Envy, and Refused Bequest. We then conduct a comparison study between 20 systems mined from the Qualita Corpus dataset with 10 systems mined from GitHub. In total, we analyzed 1789 agglomerations in 30 software projects, from both repositories: Qualita Corpus and GitHub. We rely on frequent itemset mining and non-parametric hypothesis testing for our analysis. Agglomerations formed by two or more Feature Envy smells have a significant frequency in the source code for both repositories. Agglomerations formed by different smell types impact the modularity more than classes with only one smell type and classes without smells. For some metrics, when Large Class appears alone, it has a significant and large impact when compared to classes that have two or more method-level smells of the same type. We have identified which agglomerations are more frequent in the source code, and how they may impact the code modularity. Consequently, we provide supporting evidence of which agglomerations developers should refactor to improve the code modularity.</p>","PeriodicalId":21827,"journal":{"name":"Software Quality Journal","volume":"42 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141585228","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}