Journal of Systems and Software最新文献

FSECAM: A contextual thematic approach for linking feature to multi-level software architectural components FSECAM：将特征与多级软件架构组件联系起来的上下文主题方法

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Systems and Software

Pub Date : 2024-10-11 DOI: 10.1016/j.jss.2024.112245

Linking software features to code components is commonly performed during software development and maintenance, including to implement a feature, document code, design test cases, trace requirements, track changes, and support inspection of safety–critical software by government and other third parties. However, manually mapping features to code is error-prone and time consuming, even for developers familiar with a system. To overcome these challenges several studies proposed automated techniques to reduce human intervention when linking features to code components. Nonetheless, three challenges remain: (i) accuracy, (ii) cost, and (iii) explainability. Linking of irrelevant code snippets causes an extra burden of analyses. If the approach lacks explainability, then a tool is less useful for many crucial systems such as safety–critical software. Moreover, heavyweight techniques such as those that require generating execution traces of every scenario or require training deep-learning models are costly and limit small companies from integrating them into their development process.

We propose a contextual thematic approach that extracts the most relevant theme properties of the feature/requirement to address the aforementioned challenges. Our experiments with two proprietary projects reveal significant enhancement of performance (precision and F1 scores are more than 50% in ideal cases) in linking features to three abstractions of code components, i.e., modules, classes, and methods. Our approach is also capable of linking commits to issues in a promising way. Contextual theme extraction enhances the subjective explainability which has not yet been solved with existing approaches. Moreover, we extract several critical characteristics of the feature documents and code structures that are important to consider in both manual and automated techniques. Finally, we present the FSECAM tool for linking features to code components, which can be immediately deployed within the development process and used without much effort and cost in linking code components and commits.

Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.

在软件开发和维护过程中，通常会将软件功能与代码组件联系起来，包括实现功能、记录代码、设计测试用例、跟踪需求、跟踪更改以及支持政府和其他第三方对安全关键软件的检查。然而，手动将功能映射到代码既容易出错又耗费时间，即使是熟悉系统的开发人员也不例外。为了克服这些挑战，一些研究提出了自动化技术，以减少将特征链接到代码组件时的人工干预。然而，仍然存在三个挑战：(i) 准确性；(ii) 成本；(iii) 可解释性。链接不相关的代码片段会造成额外的分析负担。如果这种方法缺乏可解释性，那么对于许多关键系统（如安全关键型软件）来说，这种工具的作用就会大打折扣。此外，重量级技术（如需要生成每个场景的执行轨迹或需要训练深度学习模型的技术）成本高昂，限制了小公司将其集成到开发流程中。我们在两个专有项目中进行的实验表明，在将特征与代码组件的三种抽象概念（即模块、类和方法）联系起来时，性能得到了显著提高（在理想情况下，精确度和 F1 分数均超过 50%）。我们的方法还能将提交与问题联系起来，效果很好。上下文主题提取增强了主观可解释性，而现有方法尚未解决这一问题。此外，我们还提取了特征文档和代码结构的几个关键特征，这些特征在人工和自动化技术中都很重要。最后，我们介绍了用于将特征链接到代码组件的 FSECAM 工具，该工具可在开发过程中立即部署和使用，无需在链接代码组件和提交方面花费太多精力和成本。

{"title":"FSECAM: A contextual thematic approach for linking feature to multi-level software architectural components","authors":"","doi":"10.1016/j.jss.2024.112245","DOIUrl":"10.1016/j.jss.2024.112245","url":null,"abstract":"<div><div>Linking software features to code components is commonly performed during software development and maintenance, including to implement a feature, document code, design test cases, trace requirements, track changes, and support inspection of safety–critical software by government and other third parties. However, manually mapping features to code is error-prone and time consuming, even for developers familiar with a system. To overcome these challenges several studies proposed automated techniques to reduce human intervention when linking features to code components. Nonetheless, three challenges remain: (i) accuracy, (ii) cost, and (iii) explainability. Linking of irrelevant code snippets causes an extra burden of analyses. If the approach lacks explainability, then a tool is less useful for many crucial systems such as safety–critical software. Moreover, heavyweight techniques such as those that require generating execution traces of every scenario or require training deep-learning models are costly and limit small companies from integrating them into their development process.</div><div>We propose a contextual thematic approach that extracts the most relevant theme properties of the feature/requirement to address the aforementioned challenges. Our experiments with two proprietary projects reveal significant enhancement of performance (precision and F1 scores are more than 50% in ideal cases) in linking features to three abstractions of code components, i.e., modules, classes, and methods. Our approach is also capable of linking commits to issues in a promising way. Contextual theme extraction enhances the subjective explainability which has not yet been solved with existing approaches. Moreover, we extract several critical characteristics of the feature documents and code structures that are important to consider in both manual and automated techniques. Finally, we present the FSECAM tool for linking features to code components, which can be immediately deployed within the development process and used without much effort and cost in linking code components and commits.</div><div><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board</em>.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142441784","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Exploring emergent microservice evolution in elastic deployment environments 探索弹性部署环境中的新兴微服务演化

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Systems and Software

Pub Date : 2024-10-10 DOI: 10.1016/j.jss.2024.112252

Microservices have become an important technology to enable the dynamic composition of large-scale self-adaptive systems. Although modern microservice ecosystems provide a variety of autonomous adaptation mechanisms, when focusing on the microservice itself, they can only account for changes in the sheer increase in workload volume. On the other hand, when workload patterns change, efficient treatment requires the intervention of DevOps experts to manually evolve the internal architecture of services. Given the need to quickly adapt systems to respond to changes, solely relying on DevOps to react to workload pattern changes becomes a bottleneck for future systems. To address this issue, we advance the concept of emergent microservices, that autonomously adapt and evolve their internal architectural composition to better handle changes in the pattern of incoming requests without human intervention. We demonstrate the effectiveness of our approach by exploring this novel concept in the context of a microservice-based Smart City platform.

Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.

微服务已成为实现大规模自适应系统动态组合的一项重要技术。虽然现代微服务生态系统提供了各种自主适应机制，但如果只关注微服务本身，它们只能应对纯粹工作量增加带来的变化。另一方面，当工作负载模式发生变化时，有效的处理方法需要 DevOps 专家的干预，以手动演进服务的内部架构。鉴于需要快速调整系统以应对变化，仅仅依靠 DevOps 来应对工作负载模式的变化会成为未来系统的瓶颈。为了解决这个问题，我们提出了新兴微服务的概念，即在没有人工干预的情况下，自主调整和演进其内部架构组成，以更好地处理传入请求模式的变化。我们在基于微服务的智慧城市平台中探索了这一新颖概念，从而证明了我们的方法的有效性。编者注：开放科学材料已通过《系统与软件》杂志开放科学委员会的验证。

{"title":"Exploring emergent microservice evolution in elastic deployment environments","authors":"","doi":"10.1016/j.jss.2024.112252","DOIUrl":"10.1016/j.jss.2024.112252","url":null,"abstract":"<div><div>Microservices have become an important technology to enable the dynamic composition of large-scale self-adaptive systems. Although modern microservice ecosystems provide a variety of autonomous adaptation mechanisms, when focusing on the microservice itself, they can only account for changes in the sheer increase in workload volume. On the other hand, when workload patterns change, efficient treatment requires the intervention of DevOps experts to manually evolve the internal architecture of services. Given the need to quickly adapt systems to respond to changes, solely relying on DevOps to react to workload pattern changes becomes a bottleneck for future systems. To address this issue, we advance the concept of emergent microservices, that autonomously adapt and evolve their internal architectural composition to better handle changes in the pattern of incoming requests without human intervention. We demonstrate the effectiveness of our approach by exploring this novel concept in the context of a microservice-based Smart City platform.</div><div><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board</em>.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142444757","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Information needs in bug reports for web applications 网络应用程序错误报告中的信息需求

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Systems and Software

Pub Date : 2024-10-05 DOI: 10.1016/j.jss.2024.112230

Given the widespread popularity and increasing reliance on long-lived web applications (such as Netflix and Facebook), effective and efficient bug reproduction is essential to maintain functionality and user satisfaction throughout the application’s lifetime. Developers use bug reports to localize, reproduce, and eventually fix software bugs. However, the content of bug reports is not always helpful (e.g., due to incomplete or missing information). In this study, we explore what type of information is often missing in bug reports and how that information is presented in them. We manually analyzed the initial and final versions of 1000 bug reports from 10 popular open-source web-based applications. The analysis revealed that, regardless of the type of software (e.g., e-commerce software or personal tools), diagnostic suggestions from developers and end-user usage information are often missing in initial bug reports but only added later throughout the lifetime of a bug report. Also, textual descriptions and screenshots are used most to describe bugs, regardless of the type of bug (e.g., a functional or performance error). The study highlighted the need for improved bug reporting templates and tools to improve bug report quality and efficiency in web application development and maintenance.

鉴于长寿命网络应用程序（如 Netflix 和 Facebook）的广泛流行和日益依赖，有效和高效的错误重现对于在应用程序的整个生命周期内保持功能性和用户满意度至关重要。开发人员使用错误报告来定位、重现并最终修复软件错误。然而，错误报告的内容并不总是有用的（例如，由于信息不完整或缺失）。在本研究中，我们探讨了错误报告中经常缺失的信息类型以及这些信息是如何呈现的。我们人工分析了来自 10 个流行开源网络应用程序的 1000 份错误报告的初始和最终版本。分析结果表明，无论软件类型（如电子商务软件或个人工具）如何，初始错误报告中往往缺少开发人员的诊断建议和最终用户的使用信息，只有在错误报告的整个生命周期中才会添加这些信息。此外，无论错误的类型（如功能错误或性能错误）如何，文字描述和屏幕截图都是描述错误的最常用方法。这项研究强调了改进错误报告模板和工具的必要性，以提高网络应用程序开发和维护中的错误报告质量和效率。

{"title":"Information needs in bug reports for web applications","authors":"","doi":"10.1016/j.jss.2024.112230","DOIUrl":"10.1016/j.jss.2024.112230","url":null,"abstract":"<div><div>Given the widespread popularity and increasing reliance on long-lived web applications (such as Netflix and Facebook), effective and efficient bug reproduction is essential to maintain functionality and user satisfaction throughout the application’s lifetime. Developers use bug reports to localize, reproduce, and eventually fix software bugs. However, the content of bug reports is not always helpful (e.g., due to incomplete or missing information). In this study, we explore what type of information is often missing in bug reports and how that information is presented in them. We manually analyzed the initial and final versions of 1000 bug reports from 10 popular open-source web-based applications. The analysis revealed that, regardless of the type of software (e.g., e-commerce software or personal tools), diagnostic suggestions from developers and end-user usage information are often missing in initial bug reports but only added later throughout the lifetime of a bug report. Also, textual descriptions and screenshots are used most to describe bugs, regardless of the type of bug (e.g., a functional or performance error). The study highlighted the need for improved bug reporting templates and tools to improve bug report quality and efficiency in web application development and maintenance.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142427420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Development and benchmarking of multilingual code clone detector 多语言代码克隆检测器的开发和基准测试

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Systems and Software

Pub Date : 2024-10-05 DOI: 10.1016/j.jss.2024.112215

The diversity of programming languages is growing, making the language extensibility of code clone detectors crucial. However, this is challenging for most existing clone detection detectors because the source code handler needs modifications, which requires specialist-level knowledge of the targeted language and is time-consuming. Multilingual code clone detectors make it easier to add new language support by providing syntax information of the target language only. To address the shortcomings of existing multilingual detectors for language scalability and detection performance, we propose a multilingual code block extraction method based on ANTLR parser generation, and implement a multilingual code clone detector (MSCCD), which supports the most significant number of languages currently available and has the ability to detect Type-3 code clones. We follow the methodology of previous studies to evaluate the detection performance of the Java language. Compared to ten state-of-the-art detectors, MSCCD performs at an average level while it also supports a significantly larger number of languages. Furthermore, we propose the first multilingual syntactic code clone evaluation benchmark based on the CodeNet database. Our results reveal that even when applying the same detection approach, performance can vary markedly depending on the language of the source code under investigation. Overall, MSCCD is the most balanced one among the evaluated tools when considering detection performance and language extensibility.

编程语言的多样性与日俱增，因此代码克隆检测器的语言可扩展性至关重要。然而，这对大多数现有的克隆检测器来说都具有挑战性，因为源代码处理程序需要修改，这需要目标语言的专家级知识，而且非常耗时。多语言代码克隆检测器只提供目标语言的语法信息，因此更容易添加新的语言支持。针对现有多语言检测器在语言可扩展性和检测性能方面的不足，我们提出了一种基于 ANTLR 解析器生成的多语言代码块提取方法，并实现了多语言代码克隆检测器 (MSCCD)，该检测器支持目前可用的最多语言，并具有检测第 3 类代码克隆的能力。我们沿用以前的研究方法，评估 Java 语言的检测性能。与十种最先进的检测器相比，MSCCD 的性能处于平均水平，同时它还支持更多语言。此外，我们还提出了首个基于 CodeNet 数据库的多语言句法代码克隆评估基准。我们的结果表明，即使采用相同的检测方法，性能也会因所调查源代码的语言不同而有明显差异。总体而言，考虑到检测性能和语言扩展性，MSCCD 是所评估工具中最均衡的一种。

{"title":"Development and benchmarking of multilingual code clone detector","authors":"","doi":"10.1016/j.jss.2024.112215","DOIUrl":"10.1016/j.jss.2024.112215","url":null,"abstract":"<div><div>The diversity of programming languages is growing, making the language extensibility of code clone detectors crucial. However, this is challenging for most existing clone detection detectors because the source code handler needs modifications, which requires specialist-level knowledge of the targeted language and is time-consuming. Multilingual code clone detectors make it easier to add new language support by providing syntax information of the target language only. To address the shortcomings of existing multilingual detectors for language scalability and detection performance, we propose a multilingual code block extraction method based on ANTLR parser generation, and implement a multilingual code clone detector (MSCCD), which supports the most significant number of languages currently available and has the ability to detect Type-3 code clones. We follow the methodology of previous studies to evaluate the detection performance of the Java language. Compared to ten state-of-the-art detectors, MSCCD performs at an average level while it also supports a significantly larger number of languages. Furthermore, we propose the first multilingual syntactic code clone evaluation benchmark based on the CodeNet database. Our results reveal that even when applying the same detection approach, performance can vary markedly depending on the language of the source code under investigation. Overall, MSCCD is the most balanced one among the evaluated tools when considering detection performance and language extensibility.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142432478","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

GeQuPI: Quantum Program Improvement with Multi-Objective Genetic Programming GeQuPI：利用多目标遗传编程改进量子程序

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Systems and Software

Pub Date : 2024-10-05 DOI: 10.1016/j.jss.2024.112223

Processing quantum information poses novel challenges regarding the debugging of faulty quantum programs. Notably, the lack of accessible information on intermediate states during quantum processing, renders traditional debugging techniques infeasible. Moreover, even correct quantum programs might not be processable, as current quantum computers are limited in computation capacity. Thus, quantum program developers have to consider trade-offs between accuracy (i.e., probabilistically correct functionality) and computational cost of the proposed solutions. Manually finding sufficiently accurate and efficient solutions is a challenging task, even for quantum computing experts. To tackle these challenges, we propose a quantum program improvement framework for an automated generation of accurate and efficient solutions, coined Genetic Quantum Program Improver (GeQuPI). In particular, we focus on the tasks of debugging and optimization of quantum programs. Our framework uses techniques from quantum information theory and applies multi-objective genetic programming, which can be further hybridized with quantum-aware optimizers. To demonstrate the benefits of GeQuPI, it is applied to 47 quantum programs reused from literature and openly published libraries. The results show that our approach is capable of correcting faulty programs and optimize inefficient ones for the majority of the studied cases, showing average optimizations of 35% with respect to computational cost.

处理量子信息给调试有问题的量子程序带来了新的挑战。值得注意的是，由于缺乏量子处理过程中的中间状态信息，传统的调试技术变得不可行。此外，由于当前量子计算机的计算能力有限，即使是正确的量子程序也可能无法处理。因此，量子程序开发人员必须考虑所提方案的准确性（即概率上正确的功能）和计算成本之间的权衡。即使对于量子计算专家来说，手动寻找足够准确和高效的解决方案也是一项具有挑战性的任务。为了应对这些挑战，我们提出了一个量子程序改进框架，用于自动生成准确高效的解决方案，并将其命名为遗传量子程序改进器（GeQuPI）。我们尤其关注量子程序的调试和优化任务。我们的框架使用了量子信息论的技术，并应用了多目标遗传编程，还可以进一步与量子感知优化器进行混合。为了证明 GeQuPI 的优势，我们将其应用于 47 个从文献和公开发布的程序库中重用的量子程序。结果表明，我们的方法能够纠正错误程序，并优化大多数研究案例中的低效程序，在计算成本方面平均优化了 35%。

{"title":"GeQuPI: Quantum Program Improvement with Multi-Objective Genetic Programming","authors":"","doi":"10.1016/j.jss.2024.112223","DOIUrl":"10.1016/j.jss.2024.112223","url":null,"abstract":"<div><div>Processing quantum information poses novel challenges regarding the debugging of faulty quantum programs. Notably, the lack of accessible information on intermediate states during quantum processing, renders traditional debugging techniques infeasible. Moreover, even correct quantum programs might not be processable, as current quantum computers are limited in computation capacity. Thus, quantum program developers have to consider trade-offs between accuracy (i.e., probabilistically correct functionality) and computational cost of the proposed solutions. Manually finding sufficiently accurate and efficient solutions is a challenging task, even for quantum computing experts. To tackle these challenges, we propose a quantum program improvement framework for an automated generation of accurate and efficient solutions, coined Genetic Quantum Program Improver (<span>GeQuPI</span>). In particular, we focus on the tasks of debugging and optimization of quantum programs. Our framework uses techniques from quantum information theory and applies multi-objective genetic programming, which can be further hybridized with quantum-aware optimizers. To demonstrate the benefits of <span>GeQuPI</span>, it is applied to 47 quantum programs reused from literature and openly published libraries. The results show that our approach is capable of correcting faulty programs and optimize inefficient ones for the majority of the studied cases, showing average optimizations of 35% with respect to computational cost.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142444756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An empirical study of AI techniques in mobile applications 移动应用中的人工智能技术实证研究

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Systems and Software

Pub Date : 2024-10-05 DOI: 10.1016/j.jss.2024.112233

The integration of artificial intelligence (AI) into mobile applications has significantly transformed various domains, enhancing user experiences and providing personalized services through advanced machine learning (ML) and deep learning (DL) technologies. AI-driven mobile apps typically refer to applications that leverage ML/DL technologies to perform key tasks such as image recognition and natural language processing. Despite existing research exploring how mobile apps exploit AI techniques, they have the following main limitations: (1) Most existing studies focus on DL-based apps, with limited research on ML-based apps. (2) Existing research typically focuses on investigating the apps and the technologies utilized in the apps, lacking user-level analysis. (3) The number of apps studied is limited, with only 1,000 to 2,000 ML/DL apps identified after filtering. To fill the gap, in this paper, we conducted the most extensive empirical study on AI applications, exploring on-device ML apps, on-device DL apps, and AI service-supported (cloud-based) apps. Our study encompasses 56,682 real-world AI applications, focusing on three crucial perspectives: (1) Application analysis, where we analyze the popularity of AI apps and investigate the update states of AI apps; (2) Framework and model analysis, where we analyze AI framework usage and AI model protection; (3) User analysis, where we examine user privacy protection and user review attitudes. Our study has strong implications for AI app developers, users, and AI R&D. On one hand, our findings highlight the growing trend of AI integration in mobile applications, demonstrating the widespread adoption of various AI frameworks and models. On the other hand, our findings emphasize the need for robust model protection to enhance app security. Additionally, our study highlights the importance of user privacy and presents user attitudes towards the AI technologies utilized in current AI apps. We provide our AI app dataset (currently the most extensive AI app dataset) as an open-source resource for future research on AI technologies utilized in mobile applications.

人工智能（AI）与移动应用的融合极大地改变了各个领域，通过先进的机器学习（ML）和深度学习（DL）技术提升了用户体验并提供了个性化服务。人工智能驱动的移动应用程序通常是指利用 ML/DL 技术执行图像识别和自然语言处理等关键任务的应用程序。尽管现有研究都在探索移动应用程序如何利用人工智能技术，但这些研究存在以下主要局限性：（1）现有研究大多侧重于基于 DL 的应用程序，对基于 ML 的应用程序的研究有限。(2）现有研究通常侧重于调查应用程序和应用程序中使用的技术，缺乏用户层面的分析。(3) 所研究的应用程序数量有限，经过筛选后仅发现 1,000 至 2,000 个 ML/DL 应用程序。为了填补这一空白，我们在本文中对人工智能应用进行了最广泛的实证研究，探讨了设备上的 ML 应用、设备上的 DL 应用以及人工智能服务支持（基于云）的应用。我们的研究涵盖了 56682 个真实世界中的人工智能应用，重点关注三个关键视角：（1）应用分析，我们分析了人工智能应用的流行程度，并调查了人工智能应用的更新状态；（2）框架和模型分析，我们分析了人工智能框架的使用和人工智能模型的保护；（3）用户分析，我们研究了用户隐私保护和用户评论态度。我们的研究对人工智能应用程序开发者、用户和人工智能研发具有重要意义。一方面，我们的研究结果凸显了人工智能在移动应用中的整合趋势，表明了各种人工智能框架和模型的广泛应用。另一方面，我们的研究结果强调，需要对模型进行强有力的保护，以提高应用程序的安全性。此外，我们的研究还强调了用户隐私的重要性，并介绍了用户对当前人工智能应用中使用的人工智能技术的态度。我们提供了人工智能应用程序数据集（目前最广泛的人工智能应用程序数据集），作为未来研究移动应用程序中使用的人工智能技术的开源资源。

{"title":"An empirical study of AI techniques in mobile applications","authors":"","doi":"10.1016/j.jss.2024.112233","DOIUrl":"10.1016/j.jss.2024.112233","url":null,"abstract":"<div><div>The integration of artificial intelligence (AI) into mobile applications has significantly transformed various domains, enhancing user experiences and providing personalized services through advanced machine learning (ML) and deep learning (DL) technologies. AI-driven mobile apps typically refer to applications that leverage ML/DL technologies to perform key tasks such as image recognition and natural language processing. Despite existing research exploring how mobile apps exploit AI techniques, they have the following main limitations: (1) Most existing studies focus on DL-based apps, with limited research on ML-based apps. (2) Existing research typically focuses on investigating the apps and the technologies utilized in the apps, lacking user-level analysis. (3) The number of apps studied is limited, with only 1,000 to 2,000 ML/DL apps identified after filtering. To fill the gap, in this paper, we conducted the most extensive empirical study on AI applications, exploring on-device ML apps, on-device DL apps, and AI service-supported (cloud-based) apps. Our study encompasses 56,682 real-world AI applications, focusing on three crucial perspectives: <strong>(1) Application analysis</strong>, where we analyze the popularity of AI apps and investigate the update states of AI apps; <strong>(2) Framework and model analysis</strong>, where we analyze AI framework usage and AI model protection; <strong>(3) User analysis</strong>, where we examine user privacy protection and user review attitudes. Our study has strong implications for AI app developers, users, and AI R&D. On one hand, our findings highlight the growing trend of AI integration in mobile applications, demonstrating the widespread adoption of various AI frameworks and models. On the other hand, our findings emphasize the need for robust model protection to enhance app security. Additionally, our study highlights the importance of user privacy and presents user attitudes towards the AI technologies utilized in current AI apps. We provide our AI app dataset (currently the most extensive AI app dataset) as an open-source resource for future research on AI technologies utilized in mobile applications.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142427419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Symbolic testing of floating-point bugs and exceptions 浮点错误和异常的符号测试

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Systems and Software

Pub Date : 2024-10-02 DOI: 10.1016/j.jss.2024.112226

Numerical software are susceptible to floating-point bugs and exceptions, which may lead to severe threats like denial of service attacks. Static analysis techniques such as symbolic execution are effective in detecting general bugs which often cause memory error or program crash. Unfortunately, these methods do not deal well with numerical code as they do not support floating-point constraints and math functions symbolically. In this paper, we propose a new analysis framework YUSE, which can detect floating-point bugs by constructing constraints and exploring paths which contain floating-point expressions. Specifically, we introduce interval computation and interval constraint propagation in non-relational numerical abstract domains, and symbolically model math functions, to accurately detect floating-point bugs and exceptions. Moreover, we leverage two-phase constraint solving to enhance YUSE’s performance. Experimental results show that YUSE outperforms two state-of-the-art tools, Frama-c and Fpse-study, in terms of effectiveness and efficiency, with 1.4

\times

and 7.1

\times

faster than Frama-c and Fpse-study, respectively. Moreover, YUSE found 20 new bugs in real-world software, 12 of which were assigned CVE IDs and 8 of which were confirmed by developers.

数值软件容易受到浮点错误和异常的影响，这可能会导致严重的威胁，如拒绝服务攻击。符号执行等静态分析技术可以有效地检测出通常会导致内存错误或程序崩溃的一般错误。遗憾的是，这些方法不能很好地处理数值代码，因为它们不支持浮点约束和符号数学函数。在本文中，我们提出了一种新的分析框架 YUSE，它可以通过构建约束和探索包含浮点表达式的路径来检测浮点错误。具体来说，我们在非关系数值抽象域中引入了区间计算和区间约束传播，并对数学函数进行符号建模，从而准确检测浮点错误和异常。此外，我们还利用两阶段约束求解来提高 YUSE 的性能。实验结果表明，YUSE 在效果和效率方面均优于 Frama-c 和 Fpse-study 这两种最先进的工具，分别比 Frama-c 和 Fpse-study 快 1.4 倍和 7.1 倍。此外，YUSE 还在现实世界的软件中发现了 20 个新漏洞，其中 12 个被分配了 CVE ID，8 个得到了开发人员的确认。

{"title":"Symbolic testing of floating-point bugs and exceptions","authors":"","doi":"10.1016/j.jss.2024.112226","DOIUrl":"10.1016/j.jss.2024.112226","url":null,"abstract":"<div><div>Numerical software are susceptible to floating-point bugs and exceptions, which may lead to severe threats like denial of service attacks. Static analysis techniques such as symbolic execution are effective in detecting general bugs which often cause memory error or program crash. Unfortunately, these methods do not deal well with numerical code as they do not support floating-point constraints and math functions symbolically. In this paper, we propose a new analysis framework YUSE, which can detect floating-point bugs by constructing constraints and exploring paths which contain floating-point expressions. Specifically, we introduce interval computation and interval constraint propagation in non-relational numerical abstract domains, and symbolically model math functions, to accurately detect floating-point bugs and exceptions. Moreover, we leverage two-phase constraint solving to enhance YUSE’s performance. Experimental results show that YUSE outperforms two state-of-the-art tools, Frama-c and Fpse-study, in terms of effectiveness and efficiency, with 1.4<span><math><mo>×</mo></math></span> and 7.1<span><math><mo>×</mo></math></span> faster than Frama-c and Fpse-study, respectively. Moreover, YUSE found 20 new bugs in real-world software, 12 of which were assigned CVE IDs and 8 of which were confirmed by developers.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142427415","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A generalized, rule-based method for the detection of intermittent faults in software programs 基于规则的通用方法，用于检测软件程序中的间歇性故障

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Systems and Software

Pub Date : 2024-10-01 DOI: 10.1016/j.jss.2024.112228

Intermittent faults are a very common problem in the software world, and are very hard to locate and correct, due to the fact that they manifest their presence only under certain circumstances. Most of the existing approaches for intermittent fault identification assume that suitable instrumentation has been provided in the program, typically in the form of assertions that dictate which program states are considered to be erroneous, by examining variable values. This approach is, however, inefficient, since only errors for which appropriate instrumentation has been provided will be uncovered. In this paper we propose a method that can be used to detect probable sources of intermittent faults within a program. Our method proposes certain points in the code, whose data interdependencies combined with their execution interweaving indicate that they could be the root cause of intermittent faults. The approach presented in this paper extends our previous work, by examining shared variable access sequences and taking into account not only direct dependencies between shared variables, but additionally indirect ones, i.e. cases where values of local variables are computed using values of some shared variable(s), and subsequently the local variable values are used to set the value of other shared variables. The detection of suspicious access pattern, which may indicate the presence of intermittent faults, is formalized through the introduction of generalized rules; these rules are combined with model-based checking to ensure that all program execution paths are covered. The list of suspicious locations within the code is finally presented to the developer, who will decide after a thorough examination of the code, to accept or reject each of the proposals.

间歇性故障是软件世界中一个非常常见的问题，而且很难定位和纠正，因为它们只在特定情况下才会出现。大多数现有的间歇性故障识别方法都假定程序中已经提供了适当的工具，通常是以断言的形式，通过检查变量值来确定哪些程序状态被认为是错误的。然而，这种方法效率不高，因为只有提供了适当工具的错误才能被发现。在本文中，我们提出了一种可用于检测程序中间歇性故障可能来源的方法。我们的方法提出了代码中的某些点，这些点的数据相互依赖关系及其执行交织表明，它们可能是间歇性故障的根源。本文提出的方法扩展了我们之前的工作，通过检查共享变量的访问顺序，不仅考虑到共享变量之间的直接依赖关系，而且还考虑到间接依赖关系，即局部变量的值使用某些共享变量的值进行计算，随后局部变量的值被用于设置其他共享变量的值。可疑访问模式可能表明存在间歇性故障，对可疑访问模式的检测通过引入通用规则而正规化；这些规则与基于模型的检查相结合，以确保涵盖所有程序执行路径。代码中可疑位置的列表最终将提交给开发人员，开发人员在对代码进行彻底检查后，将决定接受或拒绝每项建议。

{"title":"A generalized, rule-based method for the detection of intermittent faults in software programs","authors":"","doi":"10.1016/j.jss.2024.112228","DOIUrl":"10.1016/j.jss.2024.112228","url":null,"abstract":"<div><div>Intermittent faults are a very common problem in the software world, and are very hard to locate and correct, due to the fact that they manifest their presence only under certain circumstances. Most of the existing approaches for intermittent fault identification assume that suitable instrumentation has been provided in the program, typically in the form of assertions that dictate which program states are considered to be erroneous, by examining variable values. This approach is, however, inefficient, since only errors for which appropriate instrumentation has been provided will be uncovered. In this paper we propose a method that can be used to detect probable sources of intermittent faults within a program. Our method proposes certain points in the code, whose data interdependencies combined with their execution interweaving indicate that they could be the root cause of intermittent faults. The approach presented in this paper extends our previous work, by examining shared variable access sequences and taking into account not only direct dependencies between shared variables, but additionally indirect ones, i.e. cases where values of local variables are computed using values of some shared variable(s), and subsequently the local variable values are used to set the value of other shared variables. The detection of suspicious access pattern, which may indicate the presence of intermittent faults, is formalized through the introduction of generalized rules; these rules are combined with model-based checking to ensure that all program execution paths are covered. The list of suspicious locations within the code is finally presented to the developer, who will decide after a thorough examination of the code, to accept or reject each of the proposals.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142427416","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Model-based safety analysis of requirement specifications 基于模型的需求规格安全分析

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Systems and Software

Pub Date : 2024-09-30 DOI: 10.1016/j.jss.2024.112231

Model-based design primarily aims to establish a communication framework throughout a system’s design. Moreover, models with formal semantics allow verification based on rigorous methods, including the analysis of system safety. However, building formal models is a tedious manual process and cannot be easily applied to real problems.

A key gap that hinders automation of model development is that there is no systematic way to connect system requirements with the activity of model-based design. In this article, we introduce a workflow to tackle this gap and ultimately automate the analysis of system safety using formal methods.

We extend our previous work on boilerplate-based specification of system requirements with ontological semantics towards specifying FDIR (Failure, Detection, Isolation, Recovery) requirements. The workflow is centered around the automated generation of a model skeleton in SLIM, a component-based formal modeling language, from a set of ontology-based requirement specifications. Our approach has been implemented into a dedicated tool, which not only provides visualization of the ontology relations, but also supports traceability of the analysis findings back to the requirements specification. Finally, we provide results on the safety analysis of a real star-tracker system based on a SLIM model derived by minimally changing the auto-generated model skeleton.

基于模型的设计主要是为了在整个系统设计中建立一个通信框架。此外，具有形式语义的模型允许基于严格的方法进行验证，包括系统安全性分析。然而，建立正式模型是一个乏味的手工过程，而且不能轻易应用于实际问题。阻碍模型开发自动化的一个关键缺陷是，没有系统的方法将系统需求与基于模型的设计活动联系起来。在这篇文章中，我们介绍了一种工作流程来解决这个问题，并最终使用形式化方法实现系统安全分析的自动化。我们扩展了之前基于本体语义的锅炉板系统需求规范的工作，以规范 FDIR（故障、检测、隔离、恢复）需求。工作流程的核心是根据一组基于本体的需求规格，用 SLIM（一种基于组件的正式建模语言）自动生成模型骨架。我们的方法已实施到一个专用工具中，该工具不仅提供本体关系的可视化，还支持分析结果与需求规格的可追溯性。最后，我们提供了基于 SLIM 模型的真实星际追踪系统的安全分析结果，该模型是通过对自动生成的模型骨架进行最小化修改而得出的。

{"title":"Model-based safety analysis of requirement specifications","authors":"","doi":"10.1016/j.jss.2024.112231","DOIUrl":"10.1016/j.jss.2024.112231","url":null,"abstract":"<div><div>Model-based design primarily aims to establish a communication framework throughout a system’s design. Moreover, models with formal semantics allow verification based on rigorous methods, including the analysis of system safety. However, building formal models is a tedious manual process and cannot be easily applied to real problems.</div><div>A key gap that hinders automation of model development is that there is no systematic way to connect system requirements with the activity of model-based design. In this article, we introduce a workflow to tackle this gap and ultimately automate the analysis of system safety using formal methods.</div><div>We extend our previous work on boilerplate-based specification of system requirements with ontological semantics towards specifying FDIR (Failure, Detection, Isolation, Recovery) requirements. The workflow is centered around the automated generation of a model skeleton in SLIM, a component-based formal modeling language, from a set of ontology-based requirement specifications. Our approach has been implemented into a dedicated tool, which not only provides visualization of the ontology relations, but also supports traceability of the analysis findings back to the requirements specification. Finally, we provide results on the safety analysis of a real star-tracker system based on a SLIM model derived by minimally changing the auto-generated model skeleton.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142427418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

CoMPers: A configurable conflict management framework for personalized collaborative modeling CoMPers：用于个性化协作建模的可配置冲突管理框架

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Systems and Software

Pub Date : 2024-09-27 DOI: 10.1016/j.jss.2024.112227

Context:

Modeling is an activity in the software development life cycle where experts and stakeholders collaborate as a team. In collaborative modeling, adhering to the optimistic versioning paradigm allows users to make concurrent changes to the same model, but conflicts may arise. To achieve an integrated and consistent merged model, conflicts must be resolved.

Objective:

The primary objective of this study was to provide a customizable and extensible framework for conflict management in personalized change propagation during collaborative modeling.

Methods:

We propose CoMPers, a customizable and extensible conflict management framework designed to address various conflicts encountered in collaborative modeling. We present the duel algorithm for automatically detecting and resolving conflicts according to user preferences. The framework utilizes personalized change propagation to customize collaboration and supports the conflict management process by executing the duel algorithm based on user preferences. As a proof-of-concept, we have implemented the CoMPers framework and extended the EMF.cloud modeling framework to demonstrate its applicability.

Results:

We have constructed a proof-of-concept implementation and conducted a real-world case study, a benchmark experiment, and a user experience evaluation. Our findings demonstrate that: (1) CoMPers enables collaborators to configure propagation strategies according to their habits; (2) CoMPers successfully identifies all anticipated conflicts and achieves a 100% accuracy in conflict handling; (3) The majority of participants agreed that CoMPers is user-friendly for collaborative modeling.

Conclusion:

This paper presents the CoMPers framework, which is based on personalized change propagation, and helps collaborators customize conflict management activities. The results confirm the feasibility and advantages of consistent and concurrent modeling within the collaborative CoMPers platform, with an acceptable functionality for approximately ten collaborators.

背景：建模是软件开发生命周期中的一项活动，专家和利益相关者作为一个团队进行协作。在协作建模中，遵循乐观版本范式允许用户同时对同一模型进行修改，但可能会出现冲突。方法：我们提出了CoMPers，一个可定制、可扩展的冲突管理框架，旨在解决协作建模中遇到的各种冲突。我们提出了根据用户偏好自动检测和解决冲突的决斗算法。该框架利用个性化变更传播来定制协作，并通过根据用户偏好执行决斗算法来支持冲突管理流程。作为概念验证，我们实施了CoMPers框架，并扩展了EMF.cloud建模框架，以证明其适用性。结果：我们构建了一个概念验证实施方案，并进行了实际案例研究、基准实验和用户体验评估。我们的研究结果表明(结论：本文提出了基于个性化变更传播的CoMPers框架，帮助合作者定制冲突管理活动。研究结果证实了在 CoMPers 协作平台上进行一致和并发建模的可行性和优势，其功能对于大约 10 个协作者来说是可以接受的。

{"title":"CoMPers: A configurable conflict management framework for personalized collaborative modeling","authors":"","doi":"10.1016/j.jss.2024.112227","DOIUrl":"10.1016/j.jss.2024.112227","url":null,"abstract":"<div><h3>Context:</h3><div>Modeling is an activity in the software development life cycle where experts and stakeholders collaborate as a team. In collaborative modeling, adhering to the optimistic versioning paradigm allows users to make concurrent changes to the same model, but conflicts may arise. To achieve an integrated and consistent merged model, conflicts must be resolved.</div></div><div><h3>Objective:</h3><div>The primary objective of this study was to provide a customizable and extensible framework for conflict management in personalized change propagation during collaborative modeling.</div></div><div><h3>Methods:</h3><div>We propose CoMPers, a customizable and extensible conflict management framework designed to address various conflicts encountered in collaborative modeling. We present the duel algorithm for automatically detecting and resolving conflicts according to user preferences. The framework utilizes personalized change propagation to customize collaboration and supports the conflict management process by executing the duel algorithm based on user preferences. As a proof-of-concept, we have implemented the CoMPers framework and extended the EMF.cloud modeling framework to demonstrate its applicability.</div></div><div><h3>Results:</h3><div>We have constructed a proof-of-concept implementation and conducted a real-world case study, a benchmark experiment, and a user experience evaluation. Our findings demonstrate that: (1) CoMPers enables collaborators to configure propagation strategies according to their habits; (2) CoMPers successfully identifies all anticipated conflicts and achieves a 100% accuracy in conflict handling; (3) The majority of participants agreed that CoMPers is user-friendly for collaborative modeling.</div></div><div><h3>Conclusion:</h3><div>This paper presents the CoMPers framework, which is based on personalized change propagation, and helps collaborators customize conflict management activities. The results confirm the feasibility and advantages of consistent and concurrent modeling within the collaborative CoMPers platform, with an acceptable functionality for approximately ten collaborators.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.7,"publicationDate":"2024-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142358798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0