Software Quality Journal最新文献

Microservices architecture smells can significantly affect the quality of microservices due to poor design decisions, especially the granularity smells of microservice architectures will greatly affect the quality of a microservices architecture. The state-of-the-art methods of microservice architectural granularity detection primarily focus on the service level, which lacks consideration of detailed information such as interfaces, and these methods also lack considerations about semantic information related to business logic, leading to lower accuracy in the detection results. To address these issues, we introduce ASDMG, which takes semantic information within the Abstract Syntax Tree (AST) into consideration, integrating them with data dependency to extract business topic relationships of functions. It performs interface-oriented business topic clustering, allowing comprehensive detection of granularity smells both within individual microservices as well as the overall microservice architecture. Experiments were conducted using 5 open-source microservice systems in different scales and domains. Results show that ASDMG achieves an average precision of 83.41%, an average recall of 95.84%, and an average accuracy of 95.85% in detecting architectural granularity smells. Compared to state-of-the-art methods, it achieves better detection results and can improve the quality of microservice architecture.

For a 24/7 database system, backups should be implemented right after a large volume of data has been updated, putting their backup windows in non-busy states with user’s convenience.From this viewpoint, this paper studies periodic and random incremental backup policies, in which, incremental backup is implemented right after data update and full backup is performed at periodic times (varvec{KT}), or at a number (varvec{N}) of data updates, respectively. We firstly describe the stochastic processes of data update and database failure, and then model the expected cost rates for data backup and data restoration.Respective (varvec{K^*, N^*, K_f^*}), and (varvec{N_f^*}) are obtained to minimize their expected cost rates in analytical ways, respectively. Finally, numerical examples are given to illustrate the optimum policies.

Development of machine learning (ML) systems differs from traditional approaches. The probabilistic nature of ML leads to a more experimentative development approach, which often results in a disparity between the quality of ML models with other aspects such as business, safety, and the overall system architecture. Herein the Multi-view Modeling Framework for ML Systems (M³S) is proposed as a solution to this problem. M³S provides an analysis framework that integrates different views. It is supported by an integrated metamodel to ensure the connection and consistency between different models. To facilitate the experimentative nature of ML training, M³S provides an integrated platform between the modeling environment and the ML training pipeline. M³S is validated through a case study and a controlled experiment. M³S shows promise, but future research needs to confirm its generality.

As information technology continues to advance, software applications are becoming increasingly critical. However, the growing size and complexity of software development can lead to serious flaws resulting in significant financial losses. To address this issue, Software Defect Prediction (SDP) technology is being developed to detect and resolve defects early in the software development process, ensuring high software quality. As a result, SDP research has become a major focus for academics worldwide. This study aims to compare various machine learning-based SDP algorithm models and determine if traditional machine learning algorithms affect SDP outcomes. Unlike previous studies that aimed to identify the best prediction model for all datasets, this paper constructs SDP superiority models separately for different datasets. Using the publicly available ESEM2016 dataset, 13 machine learning classification algorithms are employed to predict software defects. Evaluation indicators such as Accuracy, AUC(Area Under the Curve), F-measure, and Running Time(RT) are utilized to assess the performance of the classification algorithms. Due to the serious class imbalance problem in this dataset, 10 sampling methods are combined with the 13 machine learning algorithms to explore the effect of sampling techniques on the performance of traditional machine learning classification models. Finally, a comprehensive evaluation is conducted to identify the best combination of sampling techniques and classification models to construct the final dominant model for SDP.

A common way of exposing functionality in contemporary systems is by providing a Web-API based on the REST API architectural guidelines. To describe REST APIs, the industry standard is currently OpenAPI-specifications. Test generation and fuzzing methods targeting OpenAPI-described REST APIs have been a very active research area in recent years. An open research challenge is to aid users in better understanding their API, in addition to finding faults and to cover all the code. In this paper, we address this challenge by proposing a set of behavioural properties, common to REST APIs, which are used to generate examples of behaviours that these APIs exhibit. These examples can be used both (i) to further the understanding of the API and (ii) as a source of automatic test cases. Our evaluation shows that our approach can generate examples deemed relevant for understanding the system and for a source of test generation by practitioners. In addition, we show that basing test generation on behavioural properties provides tests that are less dependent on the state of the system, while at the same time yielding a similar code coverage as state-of-the-art methods in REST API fuzzing in a given time limit.

Inter-Component Communication (ICC) plays a crucial role in facilitating information exchange and functionality integration within the complex ecosystem of Android systems. However, the security and safety implications arising from ICC interactions pose significant challenges. This paper is an extended work building upon our previously published research that focuses on the verification of safety properties in the ICC mechanism. We address the previously observed issues of data leakage and privilege escalation by incorporating a sandbox mechanism and permission control. The sandbox mechanism provides an isolated and controlled environment in which ICC components can operate while permission control mechanisms are introduced to enforce fine-grained access controls, ensuring that only authorized entities have access to sensitive resources. We further leverage formal methods, specifically communicating sequential processes (CSP), to verify several properties of the enhanced ICC mechanism. By employing CSP, we aim to systematically model and analyze the flow of information, the behavior of components, and the potential vulnerabilities associated with the enhanced ICC mechanism. The verification results highlight the effectiveness of our approach in enhancing the security and reliability of ICC mechanisms, ultimately contributing to the development of safer and more trustworthy Android Systems.

Auxiliary functions in software systems, often overlooked due to their perceived simplicity, play a crucial role in overall system reliability. This study focuses on the effectiveness of agile practices, specifically the pair programming and the test-first programming practices. Despite the importance of these functions, there exists a dearth of empirical evidence on the impact of agile practices on their development, raising questions about their potential to enhance correctness without affecting time-to-market. This paper aims to bridge this gap by comparing the application of agile practices with traditional approaches in the context of auxiliary function development. We conducted six experiments involving 122 participants (85 novices and 37 professionals) who used both traditional and agile methods to develop six auxiliary functions across three different domains. Our analysis of 244 implementations suggests the potential benefits of agile practices in auxiliary function development. Pair programming showed a tendency towards improved correctness, while test-first programming did not significantly extend the total development time, particularly among professionals. However, these findings should be interpreted cautiously as they do not conclusively establish that agile practices outperform traditional approaches universally. As indicated by our results, the potential benefits of agile practices may vary depending on factors such as the programmer’s experience level and the nature of the functions being developed. Further research is needed to fully understand the contexts in which these practices can be most effectively applied and to address the potential limitations of our study.

One of the main objectives of testing is to achieve adequate code coverage. Modern code coverage standards suggest MC/DC (Modified Condition/Decision Coverage) instead of MCC (Multiple Condition Coverage) due to its ability to generate a feasible number of test cases. In contrast to the MC/DC, which only takes independent pairs into consideration, the MCC often considers each and every test case. In our work, we suggest SC-MCC, i.e., MCC with Short-Circuit. The key aspect of this paper is to demonstrate the effectiveness of SC-MCC-based test cases compared to MC/DC using Coverage-Guided Fuzzing (CGF) technique. In this work, we have considered American Fuzzy Lop (AFL) tool to generate both the SC-MCC and MC/DC test cases for 54 RERS benchmark programs. As part of this paper, we propose unique goal constraint generation and fuzz-instrumentation techniques that help in mitigating the masking problem of AFL. Subsequently, we performed mutation testing by employing the GCOV tool and computed the mutation score in order to evaluate the quality of the generated test cases. Finally, based on our observations, SC-MCC has performed better for over 85% of the programs taken into consideration.

Organizations are increasingly migrating from on-premise enterprise information systems (EIS) to cloud products due to cloud computing benefits, such as flexibility, elasticity, and on-demand service. However, identifying the most suitable option becomes challenging with the proliferation of Cloud-EIS solutions in the market. To address this challenge, this study introduces a novel quality model named Cloud-QM, based on ISO/IEC 250nn standards. It diagnoses the quality of Cloud-EIS products, benchmarks available options, and identifies the most suitable choice for the organization. Cloud-QM comprises 10 main dimensions, 33 sub-dimensions, and corresponding metrics for a systematic quality assessment. Furthermore, the practical use of Cloud-QM is illustrated through a case study that evaluates two substitute Cloud-EIS products. The results from the case study highlight the effectiveness of Cloud-QM in enabling decision-makers to delve into the quality dimensions and facilitate the selection of the most suitable product for their organizations. The main contributions are as follows: (1) proposing a comprehensive and hierarchically structured quality model for Cloud-EIS products; (2) offering a quantifiable and standardized assessment approach through a set of metrics for quality evaluation; and (3) demonstrating applicability and usability of Cloud-QM by benchmarking Cloud-EIS products.

Large-scale distributed systems are becoming key engines of the IT industry due to their scalability and extensibility. A distributed system often involves numerous complex interactions among components, suffering anomalies such as data inconsistencies between components and unanticipated delays in response times. Existing anomaly detection techniques, which extract knowledge from system logs using either statistical or machine learning techniques, exhibit limitations. Statistical techniques often miss implicit anomalies that are related to complex interactions manifested by logs, whereas machine learning techniques lack explainability and they are usually sensitive to log variations. In this paper, we propose KAD, a knowledge formalization-based anomaly detection approach for distributed systems. KAD includes a general knowledge description language (KDL), leveraging the general structure of system logs and extended Backus-Naur form (EBNF) for complex knowledge extraction. Particularly, the semantic set is constructed based on the bidirectional encoder representation from the transformer (BERT) model to improve the expressive capabilities of KDL in knowledge description. In addition, KAD incorporates distributed scheduling computation module to improve the efficiency of anomaly detection processes. Experimental results based on two widely used benchmarks show that KAD can accurately describe the knowledge associated with anomalies, with a high F1-score in detecting various anomaly types.