Journal of Systems and Software最新文献

The use of microservice architecture is gaining popularity in the development of web applications. However, identifying the root cause of a failure can be challenging due to the complexity of interconnected microservices, long service invocation links, dynamic changes in service states, and the abundance of service deployment nodes. Furthermore, as each microservice may have multiple instances, it can be difficult to identify instance-level failures promptly and effectively when the microservice topology and failure types change dynamically. To address this issue, we propose MicroIRC (Instance-level Root Cause Localization for Microservice Systems), a novel metrics-based approach that localizes root causes at the instance level while exhibiting robustness to adapt to dynamic changes in topology and new types of anomalies. We begin by training a graph neural network to fit different root cause types based on extracted time series features of microservice system metrics. Next, we construct a heterogeneous weighted topology (HWT) of microservice systems and execute a personalized random walk to identify root cause candidates. These candidates, along with real-time metrics from the anomalous time window, are then fed into the trained graph neural network to generate a ranked root cause list. Experiments conducted on five real-world datasets demonstrate that MicroIRC can accurately locate the root cause of microservices at the instance level, achieving a precision rate of 93.1% for the top five results. Furthermore, compared to the state-of-the-art methods, MicroIRC can improve the accuracy of root cause localization by more than 17% at the service level and more than 11.5% at the instance level. Remarkably, it exhibits robustness in scenarios involving new failure types, achieving an accuracy of 84.2% for the top result amid dynamic topological changes.

Finite-state models are ubiquitous in the study of concurrent systems, especially controllers and servers that operate in a repetitive cycle. In this paper, we show how to extract finite state models from a run of a multi-threaded Java program and carry out runtime verification of correctness properties. These properties include data-oriented and control-oriented properties; the former express correctness conditions over the data fields of objects, while the latter are concerned with the correct flow of control among the modules of larger software. As the extracted models can become very large for long runs, the focus of this paper is on constructing reduced models with user-defined abstraction functions that map a larger domain space to a smaller one. The abstraction functions should be chosen so that the resulting model is property preserving, i.e., proving a property on the abstract model carries over to the concrete model. The main contribution of this paper is in showing how runtime verification can be made efficient through online property checking on property-preserving abstract models. The property specification language resembles a propositional linear temporal logic augmented with simple datatypes and operators. Classic concurrency examples and larger case studies (Multi-rotor Drone Controller, OAuth Protocol) are presented in order to demonstrate the usefulness of our proposed techniques, which are incorporated in an Eclipse plug-in for runtime visualization and verification of Java programs.

Program synthesis revolutionizes software development by automatically generating executable programs based on given specifications. An emerging trend is to augment generative models with external memory before generating programs. Better memory, in general, leads to better results. However, existing models tend to devolve into a copy mechanism, where retrieved memories are copied directly into the generative model, leading to misinformation or confusion. A sharp performance decline is caused when the retrieved memories are irrelevant or incorrect.

Inspired by the human programming process—sketching a solution before programming, we propose SynthoMinds. A novel framework that decomposes program synthesis tasks into retrieval, analogy, and reasoning, enabling the generation of programs by leveraging knowledge learned from previously solved solutions. Specifically, given a natural language (NL) description, SynthoMinds first retrieves similar programs via a retrieval module, and then mines the retrieved memories for some insightful revelations via an analogy module. The revelation acts as a bird’s-eye view of a program without delving into implementation details. The reasoning module harnesses the power of insightful revelations and NL to generate programs. Experimental results demonstrate that mining revelations from retrieved memories significantly outperforms existing baselines.

Logging is crucial in software development for addressing runtime issues but can pose challenges. Logging encompasses four essential sub-tasks: whether to log (Whether), where to log (Position), which log level (Level), and what information to log (Message). While existing approaches have performed well, they suffer from two limitations. Firstly, they address only a subset of the logging sub-tasks. Secondly, most of them focus on generating single log statements at class or method level, potentially overlooking multiple log statements within those scopes.

To address these issues, we propose ELogger, which enables end-to-end log statement generation at block-level. Furthermore, ELogger implements block-level log generation, enabling it to handle multiple log statements within different code blocks of a method. Evaluation results indicate that ELogger correctly predicts all four sub-tasks in 19.55% of cases. Compared to the baselines that combined existing approaches for end-to-end log statement generation, ELogger demonstrates a significant improvement with a 50.85% to 78.21% average increase. Additionally, ELogger correctly predicts whether to log in 71.68% of cases, two sub-tasks (Whether and Position) in 58.29% of cases, and three sub-tasks (Whether, Position, and Level) in 41.97% of cases, all of which outperform the baselines.

Software should comply with international privacy laws, like the General Data Protection Regulation (GDPR). However, implementing appropriate technical controls is often an error-prone and time-consuming process. This is partly due to the limited knowledge of software engineers about privacy and security. This paper proposes SoCo, a semi-automated approach to support organizations in achieving software compliance with the GDPR data protection principles. To do so, SoCo supports engineers in identifying and integrating appropriate technical controls in sequence diagrams during the design phase. SoCo includes a technique to assist engineers to identify data processing activities in software applications modeled as sequence diagrams that may need to comply with the GDPR, a catalog of privacy and security controls that engineers can use to fix non-compliant activities, and a technique to implement such controls in the non-compliant sequence diagrams. Our evaluation results show that SoCo can help software engineers identify and design appropriate security controls to address GDPR violations and required moderate manual effort when applied to a substantive open-source application.

Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.

Graph neural network (GNN)-based graph learning has been popular in natural language and programming language processing, particularly in text and source code classification. Typically, GNNs are constructed by incorporating alternating layers which learn transformations of graph node features, along with graph pooling layers that use graph pooling operators (e.g., Max-pooling) to effectively reduce the number of nodes while preserving the semantic information of the graph. Recently, to enhance GNNs in graph learning tasks, Manifold-Mixup, a data augmentation technique that produces synthetic graph data by linearly mixing a pair of graph data and their labels, has been widely adopted. However, the performance of Manifold-Mixup can be highly affected by graph pooling operators, and there have not been many studies that are dedicated to uncovering such affection. To bridge this gap, we take an early step to explore how graph pooling operators affect the performance of Mixup-based graph learning. To that end, we conduct a comprehensive empirical study by applying Manifold-Mixup to a formal characterization of graph pooling based on 11 graph pooling operations (9 hybrid pooling operators, 2 non-hybrid pooling operators). The experimental results on both natural language datasets (Gossipcop, Politifact) and programming language datasets (JAVA250, Python800) demonstrate that hybrid pooling operators are more effective for Manifold-Mixup than the standard Max-pooling and the state-of-the-art graph multiset transformer (GMT) pooling, in terms of producing more accurate and robust GNN models.

Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.

In response to the prevailing challenges in contemporary software development, this article introduces an innovative approach to code augmentation centered around Impermanent Identifiers. The primary goal is to enhance the software development experience by introducing dynamic identifiers that adapt to changing contexts, facilitating more efficient interactions between developers and source code, ultimately advancing comprehension, maintenance, and collaboration in software development. Additionally, this study rigorously evaluates the adoption and acceptance of Impermanent Identifiers within the software development landscape. Through a comprehensive empirical examination, we investigate how developers perceive and integrate this approach into their daily programming practices, exploring perceived benefits, potential barriers, and factors influencing its adoption. In summary, this article charts a new course for code augmentation, proposing Impermanent Identifiers as its cornerstone while assessing their feasibility and acceptance among developers. This interdisciplinary research seeks to contribute to the continuous improvement of software development practices and the progress of code augmentation technology.

This paper presents the design and the constitution of BugOss, a real-world regression bug benchmark for empirical study of regression fuzzing techniques. To reproduce the actual project context where a regression bug was introduced, each bug case of BugOss pinpoints the exact bug-inducing commit and provides a specific test oracle considering the presence of other co-existing bugs. BugOss currently comprises 20 real-world bug cases from 20 open-source C/C++ projects, which had been reported by the OSS-Fuzz projects and confirmed by the project maintainers. The empirical investigation with two regression fuzzing techniques show that, with the bug cases in BugOss, the regression fuzzing techniques perform differently depending on the given project context. In addition, the experiments imply that BugOss encompasses various cases of regression bugs in real-world, thus the bug cases would be useful for empirically investigating regression fuzzing techniques.

This study examines the dynamics of virtual onboarding (VO) for Salesforce Commerce Cloud developers during the COVID-19 pandemic in a multinational software company. The newly developed Virtual Integration and Retention Framework (VIRF), which provides an improved understanding of VO, customized to the opportunities and challenges presented by the pandemic, is the fundamental concept of this study.

A two-staged, higher-order constructed (HOC) quantitative research approach was used for the study, revealing a negative relationship between VO success and the challenges brought on by the pandemic. This emphasizes how difficult it can be to transition to remote work settings, especially regarding how operational effectiveness and employee well-being interact.

Furthermore, the study demonstrates the positive connection between VO success and the delivery of technology and equipment during the pandemic. This result emphasizes how important logistical support is to the effectiveness of remote work arrangements. The study's key findings show positive impact of successful VO on developers' job satisfaction and workplace relationship quality (WRQ). Strong VO practices are essential to improve employee retention, as evidenced by the inverse correlation between these factors and turnover intentions. The study uses mediation analysis, with job satisfaction and WRQ acting as mediators, to further clarify how VO success influences turnover intentions.

This study offers an in-depth understanding of VO practices during the pandemic. It discusses the future of remote work and onboarding procedures while navigating the immediate difficulties caused by the outbreak. The study emphasizes how important VO is for improving WRQ, decreasing turnover intentions of developers within the software company, and improving job satisfaction. These insights benefit organizations trying to improve developer integration and retention in changing work environments and improve their remote work strategies.

Code Smell Detection (CSD) plays a crucial role in improving software quality and maintainability. And Deep Learning (DL) techniques have emerged as a promising approach for CSD due to their superior performance. However, the effectiveness of DL-based CSD methods heavily relies on the quality of the training data. Despite its importance, little attention has been paid to analyzing the data preparation process. This systematic literature review analyzes the data preparation techniques used in DL-based CSD methods. We identify 36 relevant papers published by December 2023 and provide a thorough analysis of the critical considerations in constructing CSD datasets, including data requirements, collection, labeling, and cleaning. We also summarize seven primary challenges and corresponding solutions in the literature. Finally, we offer actionable recommendations for preparing and accessing high-quality CSD data, emphasizing the importance of data diversity, standardization, and accessibility. This survey provides valuable insights for researchers and practitioners to harness the full potential of DL techniques in CSD.