Incremental UML for Agile development: embedding UML class models in source code

Agile methods favor "working software over comprehensive documentation." The latter presumably includes Unified Modeling Language. UML is expensive to maintain, and it lacks good drill-down mechanisms, however, UML affords very useful visualizations. This paper describes a discipline for incrementally embedding graphical UML class models within source code for continuous agile development. The approach consists of identifying a main function, and having it drive the piece-wise creation of UML by explicitly including in its postconditions the placement of functions corresponding directly to requirements. The approach thus introduces higher order pre-and postconditions. A specific process is provided for carrying this out, together with examples. It enables UML class model visualization in rapid development, especially when tool-supported

An Efficient Approach for Reviewing Security-Related Aspects in Agile Requirements Specifications of Web Applications

Defects in requirements specifications can have severe consequences during the software development lifecycle. Some of them may result in poor product quality and/or time and budget overruns due to incorrect or missing quality characteristics, such as security. This characteristic requires special attention in web applications because they have become a target for manipulating sensible data. Several concerns make security difficult to deal with. For instance, security requirements are often misunderstood and improperly specified due to lack of security expertise and emphasis on security during early stages of software development. This often leads to unspecified or ill-defined security-related aspects. These concerns become even more challenging in agile contexts, where lightweight documentation is typically produced. To tackle this problem, we designed an approach for reviewing security-related aspects in agile requirements specifications of web applications. Our proposal considers user stories and security specifications as inputs and relates those user stories to security properties via Natural Language Processing. Based on the related security properties, our approach identifies high-level security requirements from the Open Web Application Security Project (OWASP) to be verified, and generates a reading technique to support reviewers in detecting defects. We evaluate our approach via three experiment trials conducted with 56 novice software engineers, measuring effectiveness, efficiency, usefulness, and ease of use. We compare our approach against using: (1) the OWASP high-level security requirements, and (2) a perspective-based approach as proposed in contemporary state of the art. The results strengthen our confidence that using our approach has a positive impact (with large effect size) on the performance of inspectors in terms of effectiveness and efficiency.Comment: Preprint accepted for publication at the Requirements Engineering journal. arXiv admin note: text overlap with arXiv:1906.1143

A systematic mapping study on integration proposals of the personas technique in agile methodologies

Agile development processes are increasing their consideration of usability by integrating various user‐centered design techniques throughout development. One such technique is Personas, which proposes the creation of fictitious users with real preferences to drive application design. Since applying this technique conflicts with the time constraints of agile development, Personas has been adapted over the years. Our objective is to determine the adoption level and type of integration, as well as to propose improvements to the Personas technique for agile development. A systematic mapping study was performed, retrieving 28 articles grouped by agile methodology type. We found some common integration strategies regardless of the specific agile approach, along with some frequent problems, mainly related to Persona modelling and context representation. Based on these limitations, we propose an adaptation to the technique in order to reduce the creation time for a preliminary persona. The number of publications dealing with Personas and agile development is increasing, which reveals a growing interest in the application of this technique to develop usable agile softwareThis research was funded by the Spanish Ministry of Science, Innovation and Universities research grant PGC2018-097265-B-I00, MASSIVE project (RTI2018-095255-B-I00) and by EIT-Health, grant number 19091 (POSITIVE project). This research was also supported by the Madrid Region R&D programme (project FORTE, P2018/TCS-4314

Synthesizing Iterators from Abstraction Functions

A technique for synthesizing iterators from declarative abstraction functions written in a relational logic specification language is described. The logic includes a transitive closure operator that makes it convenient for expressing reachability queries on linked data structures. Some optimizations, including tuple elimination, iterator flattening, and traversal state reduction, are used to improve performance of the generated iterators. A case study demonstrates that most of the iterators in the widely used JDK Collections classes can be replaced with code synthesized from declarative abstraction functions. These synthesized iterators perform competitively with the hand-written originals. In a user study the synthesized iterators always passed more test cases than the hand-written ones, were almost always as efficient, usually took less programmer effort, and were the qualitative preference of all participants who provided free-form comments

Unifying Execution of Imperative and Declarative Code

We present a unified environment for running declarative specifications in the context of an imperative object-Oriented programming language. Specifications are Alloy-like, written in first-order relational logic with transitive closure, and the imperative language is Java. By being able to mix imperative code with executable declarative specifications, the user can easily express constraint problems in place, i.e., in terms of the existing data structures and objects on the heap. After a solution is found, the heap is updated to reflect the solution, so the user can continue to manipulate the program heap in the usual imperative way. We show that this approach is not only convenient, but, for certain problems can also outperform a standard imperative implementation. We also present an optimization technique that allowed us to run our tool on heaps with almost 2000 objects

Reasoning about Relaxed Programs

A number of approximate program transformations have recently emerged that enable transformed programs to trade accuracy of their results for increased performance by dynamically and nondeterministically modifying variables that control program execution. We call such transformed programs relaxed programs -- they have been extended with additional nondeterminism to relax their semantics and offer greater execution flexibility. We present programming language constructs for developing relaxed programs and proof rules for reasoning about properties of relaxed programs. Our proof rules enable programmers to directly specify and verify acceptability properties that characterize the desired correctness relationships between the values of variables in a program's original semantics (before transformation) and its relaxed semantics. Our proof rules also support the verification of safety properties (which characterize desirable properties involving values in individual executions). The rules are designed to support a reasoning approach in which the majority of the reasoning effort uses the original semantics. This effort is then reused to establish the desired properties of the program under the relaxed semantics. We have formalized the dynamic semantics of our target programming language and the proof rules in Coq, and verified that the proof rules are sound with respect to the dynamic semantics. Our Coq implementation enables developers to obtain fully machine checked verifications of their relaxed programs

Incorporando Alloy en desarrollos basados en metodologías agiles

Las Metodologías Ágiles (MA) son ampliamente elegidas en proyectos de software actuales. No obstante, frecuentemente deben afrontar problemas inherentes a su falta de formalidad; tales como la dificultad de recoger, entender y mantener los requerimientos del sistema. Alloy es un lenguaje formal, soportado por una amigable herramienta de verificación y validación. Estas caracterísiticas pueden ser aprovechadas en favor de las MA. La línea de investigación se enfoca puntualmente en la adopción de Alloy dentro de las MA mas populares. Esto incluye analizar no solo los beneficios, sino también la forma en que dicho lenguaje puede ser incorporado en el proceso de desarrollo de software.Eje: Ingeniería de SoftwareRed de Universidades con Carreras en Informática (RedUNCI

Incorporando Alloy en desarrollos basados en metodologías agiles

Las Metodologías Ágiles (MA) son ampliamente elegidas en proyectos de software actuales. No obstante, frecuentemente deben afrontar problemas inherentes a su falta de formalidad; tales como la dificultad de recoger, entender y mantener los requerimientos del sistema. Alloy es un lenguaje formal, soportado por una amigable herramienta de verificación y validación. Estas caracterísiticas pueden ser aprovechadas en favor de las MA. La línea de investigación se enfoca puntualmente en la adopción de Alloy dentro de las MA mas populares. Esto incluye analizar no solo los beneficios, sino también la forma en que dicho lenguaje puede ser incorporado en el proceso de desarrollo de software.Eje: Ingeniería de SoftwareRed de Universidades con Carreras en Informática (RedUNCI

Incorporando Alloy en desarrollos basados en metodologías agiles

Las Metodologías Ágiles (MA) son ampliamente elegidas en proyectos de software actuales. No obstante, frecuentemente deben afrontar problemas inherentes a su falta de formalidad; tales como la dificultad de recoger, entender y mantener los requerimientos del sistema. Alloy es un lenguaje formal, soportado por una amigable herramienta de verificación y validación. Estas caracterísiticas pueden ser aprovechadas en favor de las MA. La línea de investigación se enfoca puntualmente en la adopción de Alloy dentro de las MA mas populares. Esto incluye analizar no solo los beneficios, sino también la forma en que dicho lenguaje puede ser incorporado en el proceso de desarrollo de software.Eje: Ingeniería de SoftwareRed de Universidades con Carreras en Informática (RedUNCI