Science of Computer Programming最新文献_第3页

QualCode: A Data-Driven Framework for Predicting Software Maintainability Based on ISO/IEC 25010 基于ISO/IEC 25010的软件可维护性预测的数据驱动框架

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-10-17 DOI: 10.1016/j.scico.2025.103399

Elham Azhir , Morteza Zakeri , Yasaman Abedini , Mojtaba Mostafavi Ghahfarokhi

This paper presents a comprehensive study on evaluating and predicting software maintainability, leveraging the ISO/IEC 25010 standard as a foundation for software quality assessment. The standard defines eight primary characteristics, including maintainability, which is further divided into subcharacteristics to enable a detailed assessment of software systems. In this context, the QualCode framework is proposed as an efficient solution based on ISO/IEC 25010 principles for calculating the maintainability metric, which involves utilizing an efficient combination of submetrics and harnessing machine learning techniques to enhance the precision of predictions. The QualCode system introduces a comprehensive data-driven and automated approach to software maintainability evaluation, allowing developers and quality assurance teams to gauge the modularity, reusability, analyzability, modifiability, and testability of their software products more effectively. Through an extensive evaluation of prediction models and comparative analyses with existing tools for a diverse set of Java projects, the findings highlight the superior performance of QualCode in predicting software maintainability, reinforcing its significance in the software engineering domain.

本文对软件可维护性的评估和预测进行了全面的研究，利用ISO/IEC 25010标准作为软件质量评估的基础。该标准定义了八个主要特征，包括可维护性，它被进一步划分为子特征，以实现对软件系统的详细评估。在这种情况下，QualCode框架被提议作为一种基于ISO/IEC 25010原则的有效解决方案，用于计算可维护性度量，这涉及到利用子度量的有效组合和利用机器学习技术来提高预测的精度。QualCode系统为软件可维护性评估引入了一种全面的数据驱动和自动化的方法，允许开发人员和质量保证团队更有效地评估其软件产品的模块化、可重用性、可分析性、可修改性和可测试性。通过对预测模型进行广泛的评估，并与针对多种Java项目的现有工具进行比较分析，这些发现突出了QualCode在预测软件可维护性方面的优越性能，加强了它在软件工程领域的重要性。

{"title":"QualCode: A Data-Driven Framework for Predicting Software Maintainability Based on ISO/IEC 25010","authors":"Elham Azhir , Morteza Zakeri , Yasaman Abedini , Mojtaba Mostafavi Ghahfarokhi","doi":"10.1016/j.scico.2025.103399","DOIUrl":"10.1016/j.scico.2025.103399","url":null,"abstract":"<div><div>This paper presents a comprehensive study on evaluating and predicting software maintainability, leveraging the ISO/IEC 25010 standard as a foundation for software quality assessment. The standard defines eight primary characteristics, including maintainability, which is further divided into subcharacteristics to enable a detailed assessment of software systems. In this context, the QualCode framework is proposed as an efficient solution based on ISO/IEC 25010 principles for calculating the maintainability metric, which involves utilizing an efficient combination of submetrics and harnessing machine learning techniques to enhance the precision of predictions. The QualCode system introduces a comprehensive data-driven and automated approach to software maintainability evaluation, allowing developers and quality assurance teams to gauge the modularity, reusability, analyzability, modifiability, and testability of their software products more effectively. Through an extensive evaluation of prediction models and comparative analyses with existing tools for a diverse set of Java projects, the findings highlight the superior performance of QualCode in predicting software maintainability, reinforcing its significance in the software engineering domain.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"250 ","pages":"Article 103399"},"PeriodicalIF":1.4,"publicationDate":"2025-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145624895","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Social debt in software development environments: A systematic literature review 软件开发环境中的社会债务：系统的文献回顾

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-10-14 DOI: 10.1016/j.scico.2025.103396

Eydy Suárez-Brieva , César Jésus Pardo Calvache , Ricardo Pérez-Castillo

Context: Lack of communication and coordination in a software development community can lead to short and long-term social problems. This can result in the misalignment of socio-technical congruence, understood as the disconnect between social and technical factors, which in turn leads to suboptimal decisions. The absence of adequate strategies to manage these problems, together with deficient organizational structures, favors the accumulation of social debt. Objective: This paper collects and analyzes studies related to the causes, effects, consequences, methods, patterns, domains, and prevention and management strategies of social debt in software development. While agile environments are included in the analysis, the overall focus covers a broader range of organizational and methodological contexts, including distributed, hybrid, and other team models. Method: A systematic literature review was conducted through a parameterized search in different databases. This allowed us to identify and filters 231 papers, of which 85 were considered relevant and 45 selected as primary studies. Results: The main socio-technical factors in which social debt is generated and exerts its impact were identified, along with a limited number of tools -mainly conceptual models and automated mechanisms- that facilitate its detection by defining potential causes affecting the well-being of the team and the companies. Conclusions: Based on the findings, it is important to further study other causes that allow identifying the presence of social debt, as well as the development of strategies to mitigate its effects on the social and emotional well-being of professionals.

上下文：在软件开发社区中缺乏沟通和协调可能导致短期和长期的社会问题。这可能导致社会技术一致性的不一致，被理解为社会和技术因素之间的脱节，从而导致次优决策。由于缺乏管理这些问题的适当战略，加上组织结构不足，导致社会债务的积累。目的：收集和分析软件开发中社会债务的成因、影响、后果、方法、模式、领域以及预防和管理策略等相关研究。虽然分析中包含了敏捷环境，但总体焦点涵盖了更广泛的组织和方法上下文，包括分布式、混合和其他团队模型。方法：通过对不同数据库进行参数化检索，进行系统的文献综述。这使我们能够识别和筛选231篇论文，其中85篇被认为是相关的，45篇被选为主要研究。结果：确定了产生社会债务并发挥其影响的主要社会技术因素，以及有限数量的工具-主要是概念模型和自动化机制-通过定义影响团队和公司福祉的潜在原因来促进其检测。结论：基于研究结果，重要的是进一步研究其他原因，以确定社会债务的存在，以及制定策略来减轻其对专业人员的社会和情感健康的影响。

{"title":"Social debt in software development environments: A systematic literature review","authors":"Eydy Suárez-Brieva , César Jésus Pardo Calvache , Ricardo Pérez-Castillo","doi":"10.1016/j.scico.2025.103396","DOIUrl":"10.1016/j.scico.2025.103396","url":null,"abstract":"<div><div>Context: Lack of communication and coordination in a software development community can lead to short and long-term social problems. This can result in the misalignment of socio-technical congruence, understood as the disconnect between social and technical factors, which in turn leads to suboptimal decisions. The absence of adequate strategies to manage these problems, together with deficient organizational structures, favors the accumulation of social debt. Objective: This paper collects and analyzes studies related to the causes, effects, consequences, methods, patterns, domains, and prevention and management strategies of social debt in software development. While agile environments are included in the analysis, the overall focus covers a broader range of organizational and methodological contexts, including distributed, hybrid, and other team models. Method: A systematic literature review was conducted through a parameterized search in different databases. This allowed us to identify and filters 231 papers, of which 85 were considered relevant and 45 selected as primary studies. Results: The main socio-technical factors in which social debt is generated and exerts its impact were identified, along with a limited number of tools -mainly conceptual models and automated mechanisms- that facilitate its detection by defining potential causes affecting the well-being of the team and the companies. Conclusions: Based on the findings, it is important to further study other causes that allow identifying the presence of social debt, as well as the development of strategies to mitigate its effects on the social and emotional well-being of professionals.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"249 ","pages":"Article 103396"},"PeriodicalIF":1.4,"publicationDate":"2025-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145364450","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

CtxFuzz: Discovering heap-based memory vulnerabilities through context heap operation sequence guided fuzzing CtxFuzz：通过上下文堆操作序列引导模糊检测发现基于堆的内存漏洞

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-10-10 DOI: 10.1016/j.scico.2025.103395

Jiacheng Jiang , Cheng Wen , Zhiyuan Fu , Shengchao Qin

Heap-based memory vulnerabilities are critical to software security and reliability. The presence of these vulnerabilities is affected by various factors, including code coverage, the frequency of heap operations, and the order of execution. Current fuzzing solutions strive to effectively identify these vulnerabilities by employing static analysis or incorporating feedback on the sequence of heap operations. However, these solutions exhibit limited practical applicability and fail to comprehensively address the temporal and spatial dimensions of heap operations. In this paper, we propose a dedicated fuzzing technique called CtxFuzz that efficiently discovers heap-based temporal and spatial memory vulnerabilities without necessitating domain specific knowledge. CtxFuzz employs context heap operation sequences (CHOS) as a novel feedback mechanism to guide the fuzzing process. CHOS comprises sequences of heap operations, including allocation, deallocation, read, and write, that are associated with their corresponding heap memory addresses and identified within the current context during the execution of the target program. By doing so, CtxFuzz can explore more heap states and trigger more heap-based memory vulnerabilities, both temporal and spatial. We evaluate CtxFuzz on 9 real-world open-source programs and compare its performance against 7 state-of-the-art fuzzers. The results indicate that CtxFuzz outperforms most of these fuzzers in terms of discovering heap-based memory vulnerabilities. Furthermore, our experiments led to the identification of ten zero-day vulnerabilities (10 CVEs).

基于堆的内存漏洞对软件的安全性和可靠性至关重要。这些漏洞的存在受到各种因素的影响，包括代码覆盖率、堆操作的频率和执行顺序。当前的模糊测试解决方案努力通过使用静态分析或结合对堆操作序列的反馈来有效地识别这些漏洞。然而，这些解决方案表现出有限的实际适用性，并且不能全面地处理堆操作的时间和空间维度。在本文中，我们提出了一种称为CtxFuzz的专用模糊测试技术，该技术可以有效地发现基于堆的时间和空间内存漏洞，而无需特定领域的知识。CtxFuzz采用上下文堆操作序列（CHOS）作为一种新的反馈机制来指导模糊过程。CHOS包含堆操作序列，包括分配、释放、读取和写入，这些操作与相应的堆内存地址相关联，并在目标程序执行期间在当前上下文中标识。通过这样做，CtxFuzz可以探索更多堆状态，并触发更多基于堆的内存漏洞，包括时间和空间漏洞。我们在9个真实世界的开源程序上评估CtxFuzz，并将其性能与7个最先进的fuzzers进行比较。结果表明，CtxFuzz在发现基于堆的内存漏洞方面优于大多数这些fuzzers。此外，我们的实验还发现了10个零日漏洞（10个cve）。

{"title":"CtxFuzz: Discovering heap-based memory vulnerabilities through context heap operation sequence guided fuzzing","authors":"Jiacheng Jiang , Cheng Wen , Zhiyuan Fu , Shengchao Qin","doi":"10.1016/j.scico.2025.103395","DOIUrl":"10.1016/j.scico.2025.103395","url":null,"abstract":"<div><div>Heap-based memory vulnerabilities are critical to software security and reliability. The presence of these vulnerabilities is affected by various factors, including code coverage, the frequency of heap operations, and the order of execution. Current fuzzing solutions strive to effectively identify these vulnerabilities by employing static analysis or incorporating feedback on the sequence of heap operations. However, these solutions exhibit limited practical applicability and fail to comprehensively address the temporal and spatial dimensions of heap operations. In this paper, we propose a dedicated fuzzing technique called <span>CtxFuzz</span> that efficiently discovers heap-based temporal and spatial memory vulnerabilities without necessitating domain specific knowledge. <span>CtxFuzz</span> employs context heap operation sequences (CHOS) as a novel feedback mechanism to guide the fuzzing process. CHOS comprises sequences of heap operations, including allocation, deallocation, read, and write, that are associated with their corresponding heap memory addresses and identified within the current context during the execution of the target program. By doing so, <span>CtxFuzz</span> can explore more heap states and trigger more heap-based memory vulnerabilities, both temporal and spatial. We evaluate <span>CtxFuzz</span> on 9 real-world open-source programs and compare its performance against 7 state-of-the-art fuzzers. The results indicate that <span>CtxFuzz</span> outperforms most of these fuzzers in terms of discovering heap-based memory vulnerabilities. Furthermore, our experiments led to the identification of ten zero-day vulnerabilities (10 CVEs).</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"249 ","pages":"Article 103395"},"PeriodicalIF":1.4,"publicationDate":"2025-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145322750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

The sampling threat when mining generalizable inter-library usage patterns 挖掘通用库间使用模式时的抽样威胁

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-09-27 DOI: 10.1016/j.scico.2025.103393

Yunior Pacheco Correa , Coen De Roover , Johannes Härtel

Tool support in software engineering often relies on relationships, regularities, patterns, or rules mined from other users’ code. Examples include approaches to bug prediction, code recommendation, and code autocompletion. Mining is typically performed on samples of code rather than the entirety of available software projects. While sampling is crucial for scaling data analysis, it can affect the generalization of the mined patterns.

This paper focuses on sampling software projects filtered for specific libraries and frameworks, and on mining patterns that connect different libraries. We call these inter-library patterns. We observe that limiting the sample to a specific library may hinder the generalization of inter-library patterns, posing a threat to their use or interpretation. Using a simulation and a real case study, we show this threat for different sampling methods. Our simulation shows that only when sampling for the disjunction of both libraries involved in the implication of a pattern, the implication generalizes well. Additionally, we show that real empirical data sampled using the GitHub search API does not behave as expected from our simulation. This identifies a potential threat relevant for many studies that use the GitHub search API for studying inter-library patterns.

软件工程中的工具支持通常依赖于从其他用户代码中挖掘的关系、规则、模式或规则。示例包括bug预测、代码推荐和代码自动完成的方法。挖掘通常在代码样本上执行，而不是在整个可用的软件项目上执行。虽然采样对于扩展数据分析至关重要，但它会影响挖掘模式的泛化。本文关注的是为特定库和框架筛选的软件项目抽样，以及挖掘连接不同库的模式。我们称之为库间模式。我们观察到，将样本限制在特定的库中可能会阻碍库间模式的推广，对它们的使用或解释构成威胁。通过模拟和实际案例研究，我们展示了不同采样方法的这种威胁。我们的模拟表明，只有在对两个库的分离进行采样时，隐含的模式才能很好地泛化。此外，我们表明，使用GitHub搜索API采样的真实经验数据并不像我们的模拟所期望的那样。这对许多使用GitHub搜索API研究库间模式的研究来说是一个潜在的威胁。

{"title":"The sampling threat when mining generalizable inter-library usage patterns","authors":"Yunior Pacheco Correa , Coen De Roover , Johannes Härtel","doi":"10.1016/j.scico.2025.103393","DOIUrl":"10.1016/j.scico.2025.103393","url":null,"abstract":"<div><div>Tool support in software engineering often relies on relationships, regularities, patterns, or rules mined from other users’ code. Examples include approaches to bug prediction, code recommendation, and code autocompletion. Mining is typically performed on samples of code rather than the entirety of available software projects. While sampling is crucial for scaling data analysis, it can affect the generalization of the mined patterns.</div><div>This paper focuses on sampling software projects filtered for specific libraries and frameworks, and on mining patterns that connect different libraries. We call these inter-library patterns. We observe that limiting the sample to a specific library may hinder the generalization of inter-library patterns, posing a threat to their use or interpretation. Using a simulation and a real case study, we show this threat for different sampling methods. Our simulation shows that only when sampling for the disjunction of both libraries involved in the implication of a pattern, the implication generalizes well. Additionally, we show that real empirical data sampled using the GitHub search API does not behave as expected from our simulation. This identifies a potential threat relevant for many studies that use the GitHub search API for studying inter-library patterns.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"248 ","pages":"Article 103393"},"PeriodicalIF":1.4,"publicationDate":"2025-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145219185","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Analyzing student perceptions and behaviors in the use of an engaging visualization dashboard for peer code review activities 分析学生的看法和行为，使用引人入胜的可视化仪表板进行同行代码审查活动

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-09-24 DOI: 10.1016/j.scico.2025.103394

Hoang-Thanh Duong , Chuan-Lin Huang , Bao-An Nguyen , Hsi-Min Chen

Background and context

Traditional learning management systems often fail to sustain student motivation in computer science education, where consistent practice is crucial for skill development. This necessitates specialized tools that better support technical learning processes, foster engagement, and enable timely interventions for struggling students.

Objectives

This study introduces and evaluates a dashboard module integrated into peer code review activities within an "Object-Oriented Design Laboratory" course. The research analyzes comprehensive peer code review data collected through this dashboard to examine student review behaviors and identify at-risk students through behavioral indicators.

Method

A mixed-methods approach compared an experimental group (n = 75) using the assessment dashboard against a control group (n = 78) without dashboard access. Both cohorts received identical instructions over 17 weeks. Data collection included peer code review processes, programming exam results, and student surveys to analyze review behaviors and perceptions of the dashboard.

Findings

Students with dashboard access demonstrated significantly improved engagement and self-awareness in the peer code review activity, along with measurable performance gains. Instructors benefited from more efficient monitoring capabilities across peer code review activities.

Implications

Dashboard systems enhance metacognitive awareness through self-reflection and interaction monitoring, showing particular promise for programming education. These systems improve learning outcomes and instructional effectiveness by providing visual feedback that helps students track progress and identify improvement areas while giving instructors valuable insights into engagement patterns and learning behaviors.

背景和背景传统的学习管理系统往往不能在计算机科学教育中维持学生的积极性，而在计算机科学教育中，持续的实践对于技能发展至关重要。这就需要专门的工具来更好地支持技术学习过程，促进参与，并为困难学生提供及时的干预。本研究介绍并评估了“面向对象设计实验室”课程中集成到同行代码审查活动中的仪表板模块。该研究分析了通过该仪表板收集的全面的同行代码审查数据，以检查学生的审查行为，并通过行为指标识别有风险的学生。方法采用混合方法将使用评估仪表板的实验组（n = 75）与不使用仪表板的对照组（n = 78）进行比较。两组患者在17周内接受了相同的指导。数据收集包括同行代码审查过程、编程考试结果和学生调查，以分析审查行为和对仪表板的看法。有仪表板访问权限的学生在同行代码审查活动中表现出显著提高的参与度和自我意识，以及可衡量的性能收益。讲师从跨同级代码审查活动的更有效的监视能力中受益。仪表板系统通过自我反思和交互监测来增强元认知意识，在编程教育方面表现出特别的前景。这些系统通过提供视觉反馈来提高学习效果和教学效率，帮助学生跟踪进度并确定改进的领域，同时为教师提供参与模式和学习行为的宝贵见解。

{"title":"Analyzing student perceptions and behaviors in the use of an engaging visualization dashboard for peer code review activities","authors":"Hoang-Thanh Duong , Chuan-Lin Huang , Bao-An Nguyen , Hsi-Min Chen","doi":"10.1016/j.scico.2025.103394","DOIUrl":"10.1016/j.scico.2025.103394","url":null,"abstract":"<div><h3>Background and context</h3><div>Traditional learning management systems often fail to sustain student motivation in computer science education, where consistent practice is crucial for skill development. This necessitates specialized tools that better support technical learning processes, foster engagement, and enable timely interventions for struggling students.</div></div><div><h3>Objectives</h3><div>This study introduces and evaluates a dashboard module integrated into peer code review activities within an \"Object-Oriented Design Laboratory\" course. The research analyzes comprehensive peer code review data collected through this dashboard to examine student review behaviors and identify at-risk students through behavioral indicators.</div></div><div><h3>Method</h3><div>A mixed-methods approach compared an experimental group (<em>n</em> = 75) using the assessment dashboard against a control group (<em>n</em> = 78) without dashboard access. Both cohorts received identical instructions over 17 weeks. Data collection included peer code review processes, programming exam results, and student surveys to analyze review behaviors and perceptions of the dashboard.</div></div><div><h3>Findings</h3><div>Students with dashboard access demonstrated significantly improved engagement and self-awareness in the peer code review activity, along with measurable performance gains. Instructors benefited from more efficient monitoring capabilities across peer code review activities.</div></div><div><h3>Implications</h3><div>Dashboard systems enhance metacognitive awareness through self-reflection and interaction monitoring, showing particular promise for programming education. These systems improve learning outcomes and instructional effectiveness by providing visual feedback that helps students track progress and identify improvement areas while giving instructors valuable insights into engagement patterns and learning behaviors.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"249 ","pages":"Article 103394"},"PeriodicalIF":1.4,"publicationDate":"2025-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145236532","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Systematicity and generalizability in business process redesign methodologies: A systematic literature review 业务流程再设计方法的系统性和概括性：系统的文献综述

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-09-20 DOI: 10.1016/j.scico.2025.103392

George Tsakalidis, Kostas Vergidis

Context

Business Process Management (BPM) plays a central role in helping organizations improve efficiency and service delivery, particularly in environments with rising demands and limited resources. Within this field, Business Process Redesign (BPR) has emerged as a way to rethink and restructure processes in response to continuous change. However, many existing BPR methodologies fall short—they lack methodological rigor and are often too narrowly tailored to specific industries or use cases.

Objectives

This study explores whether BPR methodologies are both systematically structured and broadly applicable across domains. It addresses three key questions: whether current approaches are methodologically grounded, whether they can be applied across diverse contexts, and what core elements are necessary to support both structure and generalizability in BPR design.

Methods

A systematic literature review (SLR) was conducted, applying an eight-step protocol to assess sixty-four primary BPR methodologies drawn from academic databases. Each methodology was evaluated against two sets of criteria: five indicators of systematic design (e.g., defined phases, interdependencies, evaluation checkpoints), and five indicators of generalizability (e.g., cross-domain adaptability, notation flexibility, heuristic support). A concept-centric synthesis was used to analyze the findings.

Results

Of the methodologies reviewed, thirty-eight demonstrated systematic features, while only eight met broader applicability standards. Only one methodology satisfied all ten criteria, revealing a notable gap in the field and a need for more balanced, reusable frameworks.

Conclusion

The study highlights a significant gap in the current BPR methodologies and presents the BPR Application Framework —a structured yet adaptable methodology that combines phase-based design with heuristic integration and notation-aware modeling. Compared with established references like BPM CBOK and Lean Six Sigma, it offers a clearer, more actionable path for practitioners and researchers seeking both rigor and flexibility in BPR.

上下文业务流程管理（BPM）在帮助组织提高效率和服务交付方面发挥着核心作用，特别是在需求不断增长和资源有限的环境中。在这个领域中，业务流程重新设计（BPR）作为一种重新思考和重构流程以响应持续变化的方法而出现。然而，许多现有的BPR方法都有不足之处——它们缺乏方法上的严谨性，并且常常过于狭隘地针对特定的行业或用例进行定制。本研究探讨业务流程再造方法是否具有系统的结构和跨领域的广泛适用性。它解决了三个关键问题：当前的方法是否基于方法，它们是否可以在不同的环境中应用，以及在BPR设计中需要哪些核心元素来支持结构和概括性。方法采用系统文献综述（SLR），采用8步方案对学术数据库中64种主要的业务流程再造方法进行评估。每种方法都是根据两组标准进行评估的：系统设计的五个指标（例如，已定义的阶段、相互依赖关系、评估检查点），以及可推广性的五个指标（例如，跨领域适应性、符号灵活性、启发式支持）。以概念为中心的综合被用来分析研究结果。结果在审查的方法中，38个显示出系统特征，而只有8个符合更广泛的适用性标准。只有一种方法满足所有10个标准，这表明该领域存在明显的差距，需要更平衡、更可重用的框架。该研究强调了当前业务流程再造方法中的一个重大差距，并提出了业务流程再造应用框架——一种结构化但适应性强的方法，将基于阶段的设计与启发式集成和符号感知建模相结合。与BPM CBOK和精益六西格玛等已建立的参考文献相比，它为寻求BPR的严谨性和灵活性的从业者和研究人员提供了更清晰、更可操作的路径。

{"title":"Systematicity and generalizability in business process redesign methodologies: A systematic literature review","authors":"George Tsakalidis, Kostas Vergidis","doi":"10.1016/j.scico.2025.103392","DOIUrl":"10.1016/j.scico.2025.103392","url":null,"abstract":"<div><h3>Context</h3><div>Business Process Management (BPM) plays a central role in helping organizations improve efficiency and service delivery, particularly in environments with rising demands and limited resources. Within this field, Business Process Redesign (BPR) has emerged as a way to rethink and restructure processes in response to continuous change. However, many existing BPR methodologies fall short—they lack methodological rigor and are often too narrowly tailored to specific industries or use cases.</div></div><div><h3>Objectives</h3><div>This study explores whether BPR methodologies are both systematically structured and broadly applicable across domains. It addresses three key questions: whether current approaches are methodologically grounded, whether they can be applied across diverse contexts, and what core elements are necessary to support both structure and generalizability in BPR design.</div></div><div><h3>Methods</h3><div>A systematic literature review (SLR) was conducted, applying an eight-step protocol to assess sixty-four primary BPR methodologies drawn from academic databases. Each methodology was evaluated against two sets of criteria: five indicators of systematic design (e.g., defined phases, interdependencies, evaluation checkpoints), and five indicators of generalizability (e.g., cross-domain adaptability, notation flexibility, heuristic support). A concept-centric synthesis was used to analyze the findings.</div></div><div><h3>Results</h3><div>Of the methodologies reviewed, thirty-eight demonstrated systematic features, while only eight met broader applicability standards. Only one methodology satisfied all ten criteria, revealing a notable gap in the field and a need for more balanced, reusable frameworks.</div></div><div><h3>Conclusion</h3><div>The study highlights a significant gap in the current BPR methodologies and presents the BPR Application Framework —a structured yet adaptable methodology that combines phase-based design with heuristic integration and notation-aware modeling. Compared with established references like BPM CBOK and Lean Six Sigma, it offers a clearer, more actionable path for practitioners and researchers seeking both rigor and flexibility in BPR.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"248 ","pages":"Article 103392"},"PeriodicalIF":1.4,"publicationDate":"2025-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145157612","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

PANTHER: Pluginizable testing environment for network protocols PANTHER：可插入的网络协议测试环境

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-09-20 DOI: 10.1016/j.scico.2025.103389

Christophe Crochet , John Aoga , Axel Legay

We propose PANTHER, a modular and extensible framework for automated testing and verification of network protocols. PANTHER lets researchers plug in arbitrary protocol implementations, tester scripts, and network topologies to conduct experiments. Internally, it combines Microsoft’s Ivy tool for formal specification with the Shadow network simulator to handle time-varying behavior and real network conditions with reproducibility. Experiments are configured via simple YAML files and executed in Docker containers, ensuring easy deployment. We demonstrate PANTHER with a case study on the Quick UDP Internet Connections (QUIC) protocol. All code and experiment setups are publicly available for replication.

我们提出PANTHER，一个模块化和可扩展的框架，用于自动测试和验证网络协议。PANTHER允许研究人员插入任意协议实现、测试脚本和网络拓扑来进行实验。在内部，它将微软的Ivy工具与Shadow网络模拟器结合起来，用于正式规范，以处理时变行为和具有再现性的真实网络条件。通过简单的YAML文件配置实验，并在Docker容器中执行，确保易于部署。我们通过快速UDP互联网连接（QUIC）协议的案例研究来演示PANTHER。所有代码和实验设置都是公开的，可用于复制。

引用次数: 0

Special issue on selected papers from the 19th International Conference on Formal Aspects of Component Software (FACS 2023) 第19届组件软件正式方面国际会议（FACS 2023）论文精选特刊

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-09-11 DOI: 10.1016/j.scico.2025.103391

引用次数: 0

Profit-aware scheduling for time-sensitive applications in heterogeneous multi-server systems 异构多服务器系统中时间敏感应用程序的利润感知调度

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-09-10 DOI: 10.1016/j.scico.2025.103390

Rezvan Salimi, Sadoon Azizi, Amir Rastegari

The continuous evolution of Cyber-Physical Systems (CPS), particularly those empowered by the Internet of Things (IoT), has led to the generation of massive volumes of data and a growing demand for intelligent, real-time decision-making. Within such systems, efficient software-based task scheduling is vital to ensure timely responsiveness, optimal resource utilization, and sustained Quality of Service (QoS). Heterogeneous multi-server architectures offer a promising platform by enabling parallel processing and adaptive workload distribution. However, the inherent heterogeneity of computational nodes, coupled with the stringent temporal requirements of time-sensitive applications, imposes substantial challenges on software-level scheduling mechanisms. To address these challenges, this paper introduces a profit-aware and adaptive scheduling algorithm specifically designed for CPS environments comprising multiple input queues and heterogeneous servers. The proposed algorithm utilizes a greedy heuristic and a utility-based task modeling approach to dynamically allocate resources in accordance with current system state and task deadlines. Tasks that are completed within their deadline thresholds contribute positively to system profit, whereas delayed tasks incur penalties or are rejected. Extensive simulation experiments demonstrate that the proposed algorithm significantly enhances system responsiveness and improves overall system utility. In comparative evaluations against baseline and well-established scheduling strategies—including Random, Round Robin, MaxWeight, and MaxWeight with Discounted UCB—the proposed method achieves up to 30% reduction in average response time, 31% increase in total profit, and 50% improvement in deadline satisfaction rate. These results highlight the effectiveness of the proposed software-level scheduling approach in enhancing the operational efficiency of CPS in time-sensitive contexts.

网络物理系统（CPS）的不断发展，特别是由物联网（IoT）支持的网络物理系统（CPS），导致了大量数据的产生，以及对智能、实时决策的需求不断增长。在这样的系统中，高效的基于软件的任务调度对于确保及时响应、最佳资源利用和持续的服务质量（QoS）至关重要。异构多服务器架构通过支持并行处理和自适应工作负载分配，提供了一个很有前途的平台。然而，计算节点固有的异构性，加上时间敏感应用程序严格的时间要求，对软件级调度机制提出了实质性的挑战。为了解决这些挑战，本文介绍了一种专门为包含多个输入队列和异构服务器的CPS环境设计的利润感知和自适应调度算法。该算法利用贪婪启发式和基于效用的任务建模方法，根据当前系统状态和任务期限动态分配资源。在截止日期内完成的任务对系统利润有积极的贡献，而延迟的任务则会受到惩罚或被拒绝。大量的仿真实验表明，该算法显著提高了系统的响应能力，提高了系统的整体利用率。在对基线和完善的调度策略（包括随机、轮循、MaxWeight和MaxWeight与折扣ucb）的比较评估中，所提出的方法实现了平均响应时间减少30%，总利润增加31%，截止日期满意率提高50%。这些结果突出了所提出的软件级调度方法在时间敏感环境下提高CPS运行效率的有效性。

{"title":"Profit-aware scheduling for time-sensitive applications in heterogeneous multi-server systems","authors":"Rezvan Salimi, Sadoon Azizi, Amir Rastegari","doi":"10.1016/j.scico.2025.103390","DOIUrl":"10.1016/j.scico.2025.103390","url":null,"abstract":"<div><div>The continuous evolution of Cyber-Physical Systems (CPS), particularly those empowered by the Internet of Things (IoT), has led to the generation of massive volumes of data and a growing demand for intelligent, real-time decision-making. Within such systems, efficient software-based task scheduling is vital to ensure timely responsiveness, optimal resource utilization, and sustained Quality of Service (QoS). Heterogeneous multi-server architectures offer a promising platform by enabling parallel processing and adaptive workload distribution. However, the inherent heterogeneity of computational nodes, coupled with the stringent temporal requirements of time-sensitive applications, imposes substantial challenges on software-level scheduling mechanisms. To address these challenges, this paper introduces a profit-aware and adaptive scheduling algorithm specifically designed for CPS environments comprising multiple input queues and heterogeneous servers. The proposed algorithm utilizes a greedy heuristic and a utility-based task modeling approach to dynamically allocate resources in accordance with current system state and task deadlines. Tasks that are completed within their deadline thresholds contribute positively to system profit, whereas delayed tasks incur penalties or are rejected. Extensive simulation experiments demonstrate that the proposed algorithm significantly enhances system responsiveness and improves overall system utility. In comparative evaluations against baseline and well-established scheduling strategies—including Random, Round Robin, MaxWeight, and MaxWeight with Discounted UCB—the proposed method achieves up to 30% reduction in average response time, 31% increase in total profit, and 50% improvement in deadline satisfaction rate. These results highlight the effectiveness of the proposed software-level scheduling approach in enhancing the operational efficiency of CPS in time-sensitive contexts.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"248 ","pages":"Article 103390"},"PeriodicalIF":1.4,"publicationDate":"2025-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145095329","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An overview of research with Slco on seamless integration of formal verification into model-driven software engineering 与Slco一起对形式化验证与模型驱动软件工程无缝集成的研究概述

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-09-09 DOI: 10.1016/j.scico.2025.103386

Anton Wijs

In 2009, the Simple Language of Communicating Objects (Slco) Domain-Specific Language was designed. Since then, a range of tools have been developed around this language to conduct research on a wide range of topics, all related to the construction of complex, component-based software, with formal verification being applied in every development step. This addresses our vision that formal verification should be seamlessly integrated into Model-Driven Software Engineering, to effectively develop correct software. In this article, we present this range of topics, and draw connections between the various, at first glance disparate, research results. We discuss the current status of the Slco framework, i.e., the language in combination with the tools, related work w.r.t. each of the topics, and plans for future work.

2009年，设计了简单对象通信语言（Slco）领域特定语言。从那时起，围绕这种语言开发了一系列工具，用于对广泛的主题进行研究，这些主题都与复杂的、基于组件的软件的构建有关，并且在每个开发步骤中都应用了正式的验证。这说明了我们的愿景，即正式的验证应该无缝地集成到模型驱动的软件工程中，以有效地开发正确的软件。在这篇文章中，我们提出了这一系列的主题，并在各种各样的，乍一看完全不同的研究结果之间建立联系。我们讨论了Slco框架的当前状态，即语言与工具的结合，每个主题的相关工作，以及未来工作的计划。

引用次数: 0