Automated Software Engineering最新文献

Security is a very important challenge in mobile agent systems due to the strong dependence of agents on the platform and vice versa. According to recent studies, most current mobile agent platforms suffer from significant limitations in terms of security when they face Denial of Service (DOS) attacks. Current security solutions even provided by the mobile agent platforms or by the literature focus essentially on individual attacks and are mainly based on static models that present a lack of the permissions definition and are not detailed enough to face collaborative DOS attacks executed by multiple agents or users. This paper presents a security framework that adds security defenses to mobile agent platforms. The proposed security framework implements a standard security model described using MA-UML (Mobile Agent-Unified Modeling Language) notations. The framework lets the administrator (of agents’ place) define a precise and fine-grained authorization policy to defend against DOS attacks. The authorization enforcement in the proposed framework is dynamic : the authorization decisions executed by the proposed framework are based upon run-time parameters like the amount of activity of an agent. We implement an experiment on a mobile agent system of e-marketplaces. Given that we focus essentially on the availability criterion, the performance of the proposed framework on a place is evaluated against DOS and DDOS attacks and investigated in terms of duration of execution that is the availability of the place.

Various development tools have been introduced and the choice of suitable development tool depends on the particular context like the type of application to be developed, the development process and application domain, etc. The real challenge is to deliver new features at the right time with a faster development cycle. The selection of suitable development tools will help developers to save time and effort. In this research, we will explore software engineering repositories (like StackOverflow) to collect feedback from developers about development tools. This will explore which features in a development tool are most important, which features are missing, and which features require changes. The answers to these questions can be found by mining the community question-answering sites (CQA). We will use user feedback to innovate the new features in the development tool. Various techniques of Big Data, Data Mining, Deep Learning, and Transformers including Generative Pre-Training Transformer will be used in our research. Some of the major techniques include (i) data collection from CQA sites like StackOverflow, (ii) data preprocessing (iii) categories the data into various topics using topic modeling (iv) sentiment analysis of data to get positive or negative aspects of features (v) ranking of users and their feedback. The output of this research will categorize the users feedback into various ideas, this will help organizations to decide which features are required, which features are not required, which features are difficult or confusing, and which new features should be introduced into a new release.

The large number of unit tests produced in the test-driven development (TDD) method and the iterative execution of these tests extend the regression test execution time in TDD. This study aims to reduce test execution time in TDD. We propose a TDD-based approach that creates traceable code elements and connects them to relevant test cases to support regression test selection during the TDD process. Our proposed hybrid technique combines text and syntax program differences to select related test cases using the nature of TDD. We use a change detection algorithm to detect program changes. Our experience is reported with a tool called RichTest, which implements this technique. In order to evaluate our work, seven TDD projects have been developed. The implementation results indicate that the RichTest plugin significantly decreases the number of test executions and also the time of regression testing despite considering the overhead time. The test suite effectively enables fault detection because the selected test cases are related to the modified partitions. Moreover, the test cases cover the entire modified partitions; accordingly, the selection algorithm is safe. The concept is particularly designed for the TDD method. Although this idea is applicable in any programming language, it is already implemented as a plugin in Java Eclipse.

The recent surge in the integration of Large Language Models (LLMs) like ChatGPT into qualitative research in software engineering, much like in other professional domains, demands a closer inspection. This vision paper seeks to explore the opportunities of using LLMs in qualitative research to address many of its legacy challenges as well as potential new concerns and pitfalls arising from the use of LLMs. We share our vision for the evolving role of the qualitative researcher in the age of LLMs and contemplate how they may utilize LLMs at various stages of their research experience.

Class integration test order generation is a key step in integration testing, researching this problem can help find unknown bugs and improve the efficiency of software testing. The challenge of this problem is ordering the classes to be integrated to minimize the cost of required stubs. However, the existing approaches of generating class integration test orders cannot satisfy this requirement well. Considering the excellent performance of reinforcement learning in sequence decision problems, this paper proposes a class integration test order generation approach based on Sarsa algorithm, which is a data-driven model-free reinforcement learning algorithm. This approach takes the stubbing complexity as the indicator to evaluate the stubbing cost and uses it to measure the quality of a class integration test order. The Sarsa algorithm is used to train the agent, and three indicators such as test return, dependency complexity, and the number of cycles are integrated into the design of the reward function to evaluate the merits of the current action. By recording an action path of the agent from its initial state to its termination state, a class integration test order can be obtained. The experimental results on 10 systems show that the class integration test order generation approach based on Sarsa algorithm can generate the class integration test orders with lower stubbing cost.

The lack of flexibility and safety in C language development has been criticized for a long time, causing detriments to the development cycle and software quality in the embedded systems domain. TypeScript, as an optionally-typed dynamic language, offers the flexibility and safety that developers desire. With the advancement of Ahead-of-Time (AOT) compilation technologies for TypeScript and JavaScript, it has become feasible to write embedded applications using TypeScript. Despite the availability of writing AOT compiled programs with TypeScript, implementing a compiler toolchain for this purpose requires substantial effort. To simplify the design of languages and compilers, this paper presents a new compiler toolchain design methodology called TS(^-), which advocates the generation of target intermediate language code (such as C) from TypeScript rather than the construction of higher-level compiler tools and type systems on top of the intermediate language. TS(^-) not only simplifies the design of the system but also provides developers with a quasi-native TypeScript development experience. This paper also presents Ts2Wasm, a prototype that implements TS(^-) and allows compiling a language subset of TypeScript to WebAssembly (WASM). The tests in the TypeScript repository show that Ts2Wasm provides 3.8× as many features compared to the intermediate language (AssemblyScript). Regarding performance, Ts2Wasm offers a significant speed-up of 1.4× to 19×. Meanwhile, it imposes over 65% less memory overhead compared to Node.js in most cases.

The most popular technique for specification requirements is natural language. The disadvantage of natural language is ambiguity. Boilerplates are syntactic patterns which limit the ambiguity problem associated with using natural language to specify system/software requirements. Also, using boilerplates is considered a useful tool for inexperienced engineers to define requirements. Using linguistic boilerplates, constrains the natural language syntactically. Furthermore, a domain-specific ontology is used to constrain requirements semantically, as well. In requirements specification, using ontologies helps to restrict the vocabulary to entities, properties, and property relationships which are semantically related. The above results in avoiding or making fewer mistakes. This work makes use of the combination of boilerplate and ontology. Usually, the attributes of boilerplates are completed with the help of the ontology. The contribution of this paper is that the whole boilerplates is stored in the ontology and attributes and fixed elements are part of the ontology. This combination helps to correct semantically and syntactically requirement construction. This paper proposes a tool based on a domain-specific ontology and a set of predefined generic linguistic boilerplates for requirements engineering. We create a domain-specific ontology and a minimal set of boilerplates for an ATM (Automated Teller Machine). We carried out an experiment in order to obtain evidence for the effectiveness and efficiency of our method. The experiment took the form of a case study for the ATM domain and our proposed method was evaluated by users. The contribution and novelty of our methodology is that we created a tool for defining requirements that integrates boilerplate templates and an ontology. We exploit the boilerplate language syntax, mapping them to Resource Description Framework triples which have also a linguistic nature.

As software systems become increasingly large and complex, automated parameter tuning of software systems (PTSS) has been the focus of research and many tuning algorithms have been proposed recently. However, due to the lack of a unified platform for comparing and reproducing existing tuning algorithms, it remains a significant challenge for a user to choose an appropriate algorithm for a given software system. There are multiple reasons for this challenge, including diverse experimental conditions, lack of evaluations for different tasks, and excessive evaluation costs of tuning algorithms. In this paper, we propose an extensible and efficient benchmark, referred to as PTSSBench, which provides a unified platform for supporting a comparative study of different tuning algorithms via surrogate models and actual systems. We demonstrate the usability and efficiency of PTSSBench through comparative experiments of six state-of-the-art tuning algorithms from a holistic perspective and a task-oriented perspective. The experimental results show the necessity and effectiveness of parameter tuning for software systems and indicate that the PTSS problem remains an open problem. Moreover, PTSSBench allows extensive runs and in-depth analyses of parameter tuning algorithms, hence providing an efficient and effective way for researchers to develop new tuning algorithms and for users to choose appropriate tuning algorithms for their systems. The proposed PTSSBench benchmark together with the experimental results is made publicly available online as an open-source project.

API tutorials are crucial resources as they often provide detailed explanations of how to utilize APIs. Typically, an API tutorial is segmented into a number of consecutive fragments.. If a fragment explains API usage, we regard it as a relevant fragment of the API. Recognizing relevant fragments can aid developers in comprehending, learning, and using APIs. Recently, some studies have presented relevant fragments recognition approaches, which mainly focused on using API tutorials or Stack Overflow to train the recognition model. API references are also important API learning resources as they contain abundant API knowledge. Considering the similarity between API tutorials and API references (both provide API knowledge), we believe that using API knowledge from API references could help recognize relevant tutorial fragments of APIs effectively. However, it is non-trivial to leverage API references to build a supervised learning-based recognition model. Two major problems are the lack of labeled API references and the unavailability of engineered features of API references. We propose a supervised learning based approach named RRTR (which stands for Recognize Relevant Tutorial fragments using API References) to address the above problems. For the problem of lacking labeled API references, RRTR designs heuristic rules to automatically collect relevant and irrelevant API references for APIs. Regarding the unavailable engineered features issue, we adopt the pre-trained SBERT model (SBERT stands for Sentence-BERT) to automatically learn semantic features for API references. More specifically, we first automatically generate labeled (leftlangle API, ARE rightrangle) pairs (ARE stands for an API reference) via our heuristic rules of API references. We then use SBERT to automatically learn semantic features for the collected pairs and train a supervised learning based recognition model. Finally, we can recognize the relevant tutorial fragments of APIs based on the trained model. To evaluate the effectiveness of RRTR, we collected Java and Android API reference datasets containing a total of 20,680 labeled (leftlangle API, ARE rightrangle) pairs. Experimental results demonstrate that RRTR outperforms state-of-the-art approaches in terms of F-Measure on two datasets. In addition, we conducted a user study to investigate the practicality of RRTR and the results further illustrate the effectiveness of RRTR in practice. The proposed RRTR approach can effectively recognize relevant fragments of APIs with API references by solving the problems of lacking labeled API references and engineered features of API references.