Journal of Software-Evolution and Process最新文献

With the widespread application of smart contracts in economics and asset management, the security of smart contracts has been widely addressed by academia and industry. Fuzz is an effective technique for vulnerability detection. Several fuzzers are currently available for smart contracts, how to choose the most appropriate tools to test smart contracts is a problem that needs to be solved. To this end, we propose an evaluation framework for a smart contract fuzzers, which sets eight evaluation indicators from five aspects to comprehensively evaluate the usability, transparency, detection ability, branch coverage, and design of oracle of the smart contract fuzzers. In order to verify the scientificity and rationality of the framework, we selected six state-of-the-art (SOTA) smart contract fuzzers for evaluation. By evaluating the usability of six fuzzers, the level of difficulty in using them was verified; by evaluating the transparency of six fuzzers, the usability of the tool's output information during use was verified; the branch coverage and rationality of oracle design of the six fuzzers was validated by evaluating their detection ability on the dataset. The final evaluation results validated the effectiveness of our proposed framework in guiding users to choose smart contract fuzzers.

Given the multidisciplinary complexity of embedded Internet of Things (IoT) projects and the demand for qualified professionals, this study investigates the influence of continuous integration and continuous delivery (CI/CD) skills and developers' perceptions regarding applying these practices in this domain. We conducted a quasi-experiment with 98 students from three undergraduate courses at two Brazilian federal universities, analyzing the impact of developer skills on CI/CD. The results showed that developers with no previous CI/CD skills faced more significant difficulties in practical activities. It was interesting to note that most participants in our sample already had some experience with real software development projects. However, most have never had real experience with an embedded IoT project or CI/CD tools. The approach we followed resulted in 92% success. Attendees expressed interest in more hands-on training on CI/CD pipeline, DevOps, and embedded IoT projects. We also noticed a great need for them to have more practical experience with Git, GitHub, GitHub Actions, and GNU/Linux.

Software engineering plays a critical role in improving the quality of software systems, because identifying and correcting defects is one of the most expensive tasks in software development life cycle. For instance, determining whether a software product still has defects before distributing it is crucial. The customer's confidence in the software product will decline if the defects are discovered after it has been deployed. Machine learning-based techniques for predicting software defects have lately started to yield encouraging results. The software defect prediction system's prediction results are raised by machine learning models. More accurate models tend to be more complicated, which makes them harder to interpret. As the rationale behind machine learning models' decisions are obscure, it is challenging to employ them in actual production. In this study, we employ five different machine learning models which are random forest (RF), gradient boosting (GB), naive Bayes (NB), multilayer perceptron (MLP), and neural network (NN) to predict software defects and also provide an explainable artificial intelligence (XAI) framework to both locally and globally increase openness throughout the machine learning pipeline. While global explanations identify general trends and feature importance, local explanations provide insights into individual instances, and their combination allows for a holistic understanding of the model. This is accomplished through the utilization of Explainable AI algorithms, which aim to reduce the “black-boxiness” of ML models by explaining the reasoning behind a prediction. The explanations provide quantifiable information about the characteristics that affect defect prediction. These justifications are produced using six XAI methods, namely, SHAP, anchor, ELI5, LIME, partial dependence plot (PDP), and ProtoDash. We use the KC2 dataset to apply these methods to the software defect prediction (SDP) system, and provide and discuss the results.

Smart contracts serve as decentralized applications essential for extensive utilization of blockchain technology across various contexts that have transitioned from the blockchain, characterized primarily by digital currency systems that emphasize the financial systems. Blockchain operates as a distributed ledger that securely records transactions using cryptographic techniques to establish a unique, chain-like data structure managed collectively by miners within the network. However, current methods for analyzing smart contracts often demand substantial processing time and face challenges in accurately detecting vulnerabilities in complex contracts. To address these limitations, this research introduces the Updated Wave search Graph Bidirectional Convolutional Neural Network (UWGBCNN), a novel approach designed to enhance smart contract security. UWGBCNN integrates a multilabel vulnerability classification mechanism, utilizing the Updated Wave Search Algorithm (UWSA) to efficiently analyze and identify patterns in smart contracts by adapting network parameters to detect vulnerabilities with speed and precision. Additionally, feature extraction is enhanced through the Bidirectional Encoder Representations from Transformer (BERT) language model, incorporating supplementary word embedding features. The proposed technique achieves superior performance, reaching a precision of 98.5%, recall of 98.6%, and an F1-score of 99.6%, surpassing current methods. This approach contributes significantly to blockchain security by minimizing financial risks associated with vulnerabilities in decentralized applications.

The recognition of Application Programming Interface (API) mentions in software-related texts is vital for extracting API-related knowledge, providing deep insights into API usage and enhancing productivity efficiency. Previous research identifies two primary technical challenges in this task: (1) differentiating APIs from common words and (2) identifying morphological variants of standard APIs. While deep learning-based methods have demonstrated advancements in addressing these challenges, they rely heavily on high-quality labeled data, leading to another significant data-related challenge: (3) the lack of such high-quality data due to the substantial effort required for labeling. To overcome these challenges, this paper proposes a context-aware API recognition method named CARLDA. This approach utilizes two key components, namely, Bidirectional Encoder Representations from Transformers (BERT) and Bidirectional Long Short-Term Memory (BiLSTM), to extract context at both the word and sequence levels, capturing syntactic and semantic information to address the first challenge. For the second challenge, it incorporates a character-level BiLSTM with an attention mechanism to grasp global character-level context, enhancing the recognition of morphological features of APIs. To address the third challenge, we developed specialized data augmentation techniques using large language models (LLMs) to tackle both in-library and cross-library data shortages. These techniques generate a variety of labeled samples through targeted transformations (e.g., replacing tokens and restructuring sentences) and hybrid augmentation strategies (e.g., combining real-world and generated data while applying style rules to replicate authentic programming contexts). Given the uncertainty about the quality of LLM-generated samples, we also developed sample selection algorithms to filter out low-quality samples (i.e., incomplete or incorrectly labeled samples). Moreover, specific datasets have been constructed to evaluate CARLDA's ability to address the aforementioned challenges. Experimental results demonstrate that (1) CARLDA significantly enhances F1 by 11.0% and the Matthews correlation coefficient (MCC) by 10.0% compared to state-of-the-art methods, showing superior overall performance and effectively tackling the first two challenges, and (2) LLM-based data augmentation techniques successfully yield high-quality labeled data and effectively alleviate the third challenge.

Process debt, like technical debt, can be a source of short-term benefits but often leads to harmful consequences in the long term for a software organization. Despite its impact, the phenomenon of process debt has not been thoroughly explored in current literature, leaving a gap in understanding how it affects and is managed within organizations. This paper addresses this gap by defining process debt, describing its occurrence, the risks of its mismanagement, and showing examples of mitigation strategies. Our study began with an exploratory phase involving semi-structured interviews with sixteen practitioners across four international organizations, allowing us to gather diverse insights into the occurrence and management of process debt. Then, to deepen our understanding and validate our findings, we conducted a cross-company focus group with ten additional practitioners and analyzed fifty-eight observations and thirty-five interviews from a longitudinal case study. The analysis of the research findings led to a definition of process debt and a novel framework. We also report on the causes, consequences, and occurrence patterns of process debt over time. We present mitigation strategies and discuss which ones need further attention for future research. Our results suggest that the debt metaphor may help companies understand how to manage and improve their processes and make process-related decisions that are beneficial both in the short and long term.

Functional requirements (FRs) prioritization is process of ranking of software FRs from development perspective such that which requirement to be implemented first and which should not. FRs prioritization is necessary as these requirements are interrelated such that one requirement is necessary for the implementation of another requirement. Also, when two parallel developers work on interrelated dependent requirements, requirements must be prioritized. Prioritizing small size requirements is not a big issue due to a fewer number of comparisons but when developers implement large size requirements such as enterprise resource planning (ERP), it requires a huge number of comparisons. Numerous techniques are suggested for FRs prioritization such as AHP, which yield more accurate results, but these techniques are not scalable for large size software requirements. In this research paper, a new prioritization approach based on graph and k-means clustering is suggested that will capture all dependencies from a list of FRs using a directed graph and then prioritize it with a clustering technique with fewer comparisons. The proposed technique based on directed graph and clustering approach is validated on ODOO ERP, which shows that with n-1 pairwise comparisons, requirements can be prioritized.

As organizations increasingly adopt DevOps practices, they often face limitations in IT/business alignment. BizDevOps emerges as an evolutionary and complementary approach that integrates business perspectives directly into the software development lifecycle, aiming to address these limitations and enhance overall organizational performance. This study investigates how BizDevOps builds upon and extends DevOps practices, focusing on developing a business capability to facilitate their integration and improve alignment without compromising agility. The study develops the BizDevOps Business Capability (BizDevOps-BC) through metaethnographic analysis and design principles application. To validate the applicability of this capability, both a proof of concept and an expert opinion survey were conducted. The PoC was implemented in a DevOps organization to evaluate whether this business capability improves IT-business alignment while maintaining software development agility. The expert survey gathered qualitative insights from industry professionals and academics, evaluating the relevance of BizDevOps-BC in various organizational contexts. The findings suggest that BizDevOps-BC has the potential to enhance alignment between IT and business, offering a structured approach that, if properly implemented, could help organizations evolve their DevOps practices, further improving overall IT/business alignment, without compromising their existing agility.

The cross-project defect prediction (CPDP) in software applications is crucial to predict defects and ensure software quality. The performance of the traditional CPDP models is degraded due to the class imbalance issue between different projects and differences in the data distribution. To overcome these limitations, a novel approach is proposed named as Levy flight–enabled greylag goose optimized UniXcoder-based stacked defect predictor (LFGGO-USDP) for the prediction of cross-project defects in the software engineering. In this paper, 23 software projects are selected from diverse datasets such as PROMISE, ReLink, AEEEM, and NASA that are preprocessed for enhancing reliability and reducing class imbalance issues. The transformation model maps source and target projects that are present in the feature space for enhancing predictive performances. During feature selection, the LF mechanism is embedded with the GGO algorithm to localize the features in the source code for enhancing diversity and minimizing local optimum issues. The integration of UniXcoder-based stacked bidirectional long short-term memory (U-SBiLSTM) is implemented as a cross-project defect predictor. The UniXcoder model extracts semantic information for source code tokenization. Then, the output of UniXcoder is fed as input to SBiLSTM, and the SBiLSTM model is applied to determine the relationship between the source code. After that, the output of UniXcoder (which contains the semantic features) is integrated with the output of SBiLSTM (which contains the sequential and temporal dependencies). After concatenating these features, the particular information is selected by using an attention mechanism for categorizing defective and nondefective classes. The experimental investigations are performed to analyze the nondefective and defective cases in software projects and numerical validation is conducted by applying different evaluation models for analyzing the superiority. The proposed model achieved the highest defect prediction accuracy of 0.986 compared to other existing approaches that demonstrates the proposed model provided better prediction outcomes.