Automated Software Engineering最新文献

Automated test data generation for unit testing C/C++ functions using concolic testing has been known for improving software quality while reducing human testing effort. However, concolic testing could face challenging problems when tackling complex practical projects. This paper proposes a concolic-based method named Automated Unit Testing and Stubbing (AUTS) for automated test data and stub generation. The key idea of the proposed method is to apply the concolic testing approach with three major improvements. Firstly, the test data generation, which includes two path search strategies, not only is able to avoid infeasible paths but also achieves higher code coverage. Secondly, AUTS generates appropriate values for specialized data types to cover more test scenarios. Finally, the proposed method integrates automatic stub preparation and generation to reduce the costs of human effort. The method even works on incomplete source code or missing libraries. AUTS is implemented in a tool to test various C/C++ industrial and open-source projects. The experimental results show that the proposed method significantly improves the coverage of the generated test data in comparison with other existing methods.

Regression testing is an important activity that aims to provide information about the quality of the software product under test when changes occur. The two primary techniques for optimizing regression testing are test case selection and prioritization. To identify features affected by a change and determine the best test cases for selection and prioritization, techniques allowing the semantic representation and the quantification of testing concepts are required. The goal of this paper is threefold. Firstly, we proposed an ontology-based test case selection model that enables automated regression testing by dynamically selecting appropriate test cases. The selection of test cases is based on a semantic mapping between change requests and their associated test suites and test cases. Secondly, the selected test cases are prioritized based on their functional size. The functional size is determined using the COmmon Software Measurement International Consortium (COSMIC) Functional Size Measurement (FSM) method. The test case prioritization attempts to reorganize test case execution in accordance with its goal. One common goal is fault detection, in which test cases with a higher functional size (i.e., with a higher chance of detecting a fault) are run first, followed by the remaining test cases. Thirdly, we built an automated testing tool using the output of the aforementioned processes to validate the robustness of our proposed research methodology. Results from a case study in the automotive industry domain show that semantically presenting change requests and using standardized FSM methods to quantify their related test cases are the most interesting metrics. Obviously, they assist in the automation of regression testing and, therefore, in all the software testing processes.

Reusing APIs can greatly expedite the software development process and reduce programming effort. To learn how to use APIs, developers often rely on API learning resources (such as API references and tutorials) that contain rich and valuable API knowledge. In recent years, numerous API analytic approaches have been presented to help developers mine API knowledge from API learning resources. While these approaches have shown promising results in various tasks, there are many opportunities in this area. In this paper, we discuss several possible future works on API analytics.

This paper introduces ALICE (Automated Logic for Identifying Contradictions in Engineering), a novel automated contradiction detection system tailored for formal requirements expressed in controlled natural language. By integrating formal logic with advanced large language models (LLMs), ALICE represents a significant leap forward in identifying and classifying contradictions within requirements documents. Our methodology, grounded on an expanded taxonomy of contradictions, employs a decision tree model addressing seven critical questions to ascertain the presence and type of contradictions. A pivotal achievement of our research is demonstrated through a comparative study, where ALICE’s performance markedly surpasses that of an LLM-only approach by detecting 60% of all contradictions. ALICE achieves a higher accuracy and recall rate, showcasing its efficacy in processing real-world, complex requirement datasets. Furthermore, the successful application of ALICE to real-world datasets validates its practical applicability and scalability. This work not only advances the automated detection of contradictions in formal requirements but also sets a precedent for the application of AI in enhancing reasoning systems within product development. We advocate for ALICE’s scalability and adaptability, presenting it as a cornerstone for future endeavors in model customization and dataset labeling, thereby contributing a substantial foundation to requirements engineering.

Software design optimization (SDO) demands advanced abstract reasoning to define optimal design components’ structure and interactions. Modeling tools such as UML and MERISE, and to a degree, programming languages, are chiefly developed for lucid human–machine design dialogue. For effective automation of SDO, an abstract layer attuned to the machine’s computational prowess is crucial, allowing it to harness its swift calculation and inference in determining the best design. This paper contributes an innovative and universal framework for search-based software design refactoring with an emphasis on optimization. The framework accommodates 44% of Fowler’s cataloged refactorings. Owing to its adaptable and succinct structure, it integrates effortlessly with diverse optimization heuristics, eliminating the requirement for further adaptation. Distinctively, our framework offers an artifact representation that obviates the necessity for a separate solution representation, this unified dual-purpose representation not only streamlines the optimization process but also facilitates the computation of essential object-oriented metrics. This ensures a robust assessment of the optimized model through the construction of pertinent fitness functions. Moreover, the artifact representation supports parallel optimization processes and demonstrates commendable scalability with design expansion.

Success in software projects is now an important challenge. The main focus of the engineering community is to predict software defects based on the history of classes and other code elements. However, these software defect prediction techniques are effective only as long as there is enough data to train the prediction model. To mitigate this problem, cross-project defect prediction is used. The purpose of this research investigation is twofold: first, to replicate the experiments in the original paper proposal, and second, to investigate other settings regarding defect prediction with the aim of providing new insights and results regarding the best approach. In this study, three composite algorithms, namely AvgVoting, MaxVoting and Bagging are used. These algorithms integrate multiple machine classifiers to improve cross-project defect prediction. The experiments use pre-processed methods (normalization and standardization) and also feature selection. The results of the replicated experiments confirm the original findings when using raw data for all three methods. When normalization is applied, better results than in the original paper are obtained. Even better results are obtained when feature selection is used. In the original paper, the MaxVoting approach shows the best performance in terms of the F-measure, and BaggingJ48 shows the best performance in terms of cost-effectiveness. The same results in terms of F-measure were obtained in the current experiments: best MaxVoting, followed by AvgVoting and then by BaggingJ48. Our results emphasize the previously obtained outcome; the original study is confirmed when using raw data. Moreover, we obtained better results when using preprocessing and feature selection.

In the domain of cloud computing and distributed systems, microservices architecture has become preeminent due to its scalability and flexibility. However, the distributed nature of microservices systems introduces significant challenges in maintaining operational reliability, especially in fault localization. Traditional methods for fault localization are insufficient due to time-intensive and prone to error. Addressing this gap, we present SpanGraph, a novel framework employing graph convolutional networks (GCN) to achieve efficient span-level fault localization. SpanGraph constructs a directed graph from system traces to capture invocation relationships and execution times. It then utilizes GCN for edge representation learning to detect anomalies. Experimental results demonstrate that SpanGraph outperforms all baseline approaches on both the Sockshop and TrainTicket datasets. We also conduct incremental experiments on SpanGraph using unseen traces to validate its generalizability and scalability. Furthermore, we perform an ablation study, sensitivity analysis, and complexity analysis for SpanGraph to further verify its robustness, effectiveness, and flexibility. Finally, we validate SpanGraph’s effectiveness in anomaly detection and fault location using real-world datasets.

The Inter-Component Communication (ICC) model in Android enables the sharing of data and services among app components. However, it has been associated with several problems, including complexity, support for unconstrained communication, and difficulties for developers to understand. These issues have led to numerous security vulnerabilities in Android ICC. While existing research has focused on specific subsets of these vulnerabilities, it lacks comprehensive and scalable modeling of app specifications and interactions, which limits the precision of analysis. To tackle these problems, we introduce VAnDroid3, a Model-Driven Reverse Engineering (MDRE) framework. VAnDroid3 utilizes purposeful model-based representations to enhance the comprehension of apps and their interactions. We have made significant extensions to our previous work, which include the identification of six prominent ICC vulnerabilities and the consideration of both Intent and Data sharing mechanisms that facilitate ICCs. By employing MDRE techniques to create more efficient and accurate domain-specific models from apps, VAnDroid3 enables the analysis of ICC vulnerabilities on intra- and inter-app communication levels. We have implemented VAnDroid3 as an Eclipse-based tool and conducted extensive experiments to evaluate its correctness, scalability, and run-time performance. Additionally, we compared VAnDroid3 with state-of-the-art tools. The results substantiate VAnDroid3 as a promising framework for revealing Android inter-app ICC security issues.

The security of an application is critical for its success, as breaches cause loss for organizations and individuals. Search-based software security testing (SBSST) is the field that utilizes metaheuristics to generate test cases for the software testing for some pre-specified security test adequacy criteria This paper conducts a systematic literature review to compare metaheuristics and fitness functions used in software security testing, exploring their distinctive capabilities and impact on vulnerability detection and code coverage. The aim is to provide insights for fortifying software systems against emerging threats in the rapidly evolving technological landscape. This paper examines how search-based algorithms have been explored in the context of code coverage and software security testing. Moreover, the study highlights different metaheuristics and fitness functions for security testing and code coverage. This paper follows the standard guidelines from Kitchenham to conduct SLR and obtained 122 primary studies related to SBSST after a multi-stage selection process. The papers were from different sources journals, conference proceedings, workshops, summits, and researchers’ webpages published between 2001 and 2022. The outcomes demonstrate that the main tackled vulnerabilities using metaheuristics are XSS, SQLI, program crash, and XMLI. The findings have suggested several areas for future research directions, including detecting server-side request forgery and security testing of third-party components. Moreover, new metaheuristics must also need to be explored to detect security vulnerabilities that are still unexplored or explored significantly less. Furthermore, metaheuristics can be combined with machine learning and reinforcement learning techniques for better results. Some metaheuristics can be designed by looking at the complexity of security testing and exploiting more fitness functions related to detecting different vulnerabilities.

The substantial volume of user feedback contained in application reviews significantly contributes to the development of human-centred software requirement engineering. The abundance of unstructured text data necessitates an automated analytical framework for decision-making. Language models can automatically extract fine-grained aspect-based sentiment information from application reviews. Existing approaches are constructed based on the general domain corpus, and are challenging to elucidate the internal technique of the recognition process, along with the factors contributing to the analysis results. To fully utilize software engineering domain-specific knowledge and accurately identify aspect-sentiment pairs from application reviews, we design a dependency-enhanced heterogeneous graph neural networks architecture based on the dual-level attention mechanism. The heterogeneous information network with knowledge resources from the software engineering field is embedded into graph convolutional networks to consider the attribute characteristics of different node types. The relationship between aspect terms and sentiment terms in application reviews is determined by adjusting the dual-level attention mechanism. Semantic dependency enhancement is introduced to comprehensively model contextual relationships and analyze sentence structure, thereby distinguishing important contextual information. To our knowledge, this marks initial efforts to leverage software engineering domain knowledge resources to deep neural networks to address fine-grained sentiment analysis issues. The experimental results on multiple public benchmark datasets indicate the effectiveness of the proposed automated framework in aspect-based sentiment analysis tasks for application reviews.