2,718 research outputs found
Evolution of security engineering artifacts: a state of the art survey
Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security engineering artifacts. The article covers the state of the art on evolution of security requirements, security architectures, secure code, security tests, security models, and security risks as well as security monitoring. For each of these artifacts the authors give an overview of evolution and security aspects and discuss the state of the art on its security evolution in detail. Based on this comprehensive survey, they summarize key issues and discuss directions of future research
Code smells detection and visualization: A systematic literature review
Context: Code smells (CS) tend to compromise software quality and also demand
more effort by developers to maintain and evolve the application throughout its
life-cycle. They have long been catalogued with corresponding mitigating
solutions called refactoring operations. Objective: This SLR has a twofold
goal: the first is to identify the main code smells detection techniques and
tools discussed in the literature, and the second is to analyze to which extent
visual techniques have been applied to support the former. Method: Over 83
primary studies indexed in major scientific repositories were identified by our
search string in this SLR. Then, following existing best practices for
secondary studies, we applied inclusion/exclusion criteria to select the most
relevant works, extract their features and classify them. Results: We found
that the most commonly used approaches to code smells detection are
search-based (30.1%), and metric-based (24.1%). Most of the studies (83.1%) use
open-source software, with the Java language occupying the first position
(77.1%). In terms of code smells, God Class (51.8%), Feature Envy (33.7%), and
Long Method (26.5%) are the most covered ones. Machine learning techniques are
used in 35% of the studies. Around 80% of the studies only detect code smells,
without providing visualization techniques. In visualization-based approaches
several methods are used, such as: city metaphors, 3D visualization techniques.
Conclusions: We confirm that the detection of CS is a non trivial task, and
there is still a lot of work to be done in terms of: reducing the subjectivity
associated with the definition and detection of CS; increasing the diversity of
detected CS and of supported programming languages; constructing and sharing
oracles and datasets to facilitate the replication of CS detection and
visualization techniques validation experiments.Comment: submitted to ARC
A heuristic-based approach to code-smell detection
Encapsulation and data hiding are central tenets of the object oriented paradigm. Deciding what data and behaviour to form into a class and where to draw the line between its public and private details can make the difference between a class that is an understandable, flexible and reusable abstraction and one which is not. This decision is a difficult one and may easily result in poor encapsulation which can then have serious implications for a number of system qualities. It is often hard to identify such encapsulation problems within large software systems until they cause a maintenance problem (which is usually too late) and attempting to perform such analysis manually can also be tedious and error prone. Two of the common encapsulation problems that can arise as a consequence of this decomposition process are data classes and god classes. Typically, these two problems occur together – data classes are lacking in functionality that has typically been sucked into an over-complicated and domineering god class. This paper describes the architecture of a tool which automatically detects data and god classes that has been developed as a plug-in for the Eclipse IDE. The technique has been evaluated in a controlled study on two large open source systems which compare the tool results to similar work by Marinescu, who employs a metrics-based approach to detecting such features. The study provides some valuable insights into the strengths and weaknesses of the two approache
Handling High-Level Model Changes Using Search Based Software Engineering
Model-Driven Engineering (MDE) considers models as first-class artifacts during the software
lifecycle. The number of available tools, techniques, and approaches for MDE is increasing as its
use gains traction in driving quality, and controlling cost in evolution of large software systems.
Software models, defined as code abstractions, are iteratively refined, restructured, and evolved.
This is due to many reasons such as fixing defects in design, reflecting changes in requirements,
and modifying a design to enhance existing features.
In this work, we focus on four main problems related to the evolution of software models: 1) the
detection of applied model changes, 2) merging parallel evolved models, 3) detection of design
defects in merged model, and 4) the recommendation of new changes to fix defects in software
models.
Regarding the first contribution, a-posteriori multi-objective change detection approach has been
proposed for evolved models. The changes are expressed in terms of atomic and composite
refactoring operations. The majority of existing approaches detects atomic changes but do not
adequately address composite changes which mask atomic operations in intermediate models.
For the second contribution, several approaches exist to construct a merged model by
incorporating all non-conflicting operations of evolved models. Conflicts arise when the
application of one operation disables the applicability of another one. The essence of the problem
is to identify and prioritize conflicting operations based on importance and context – a gap in
existing approaches. This work proposes a multi-objective formulation of model merging that
aims to maximize the number of successfully applied merged operations.
For the third and fourth contributions, the majority of existing works focuses on refactoring at
source code level, and does not exploit the benefits of software design optimization at model
level. However, refactoring at model level is inherently more challenging due to difficulty in
assessing the potential impact on structural and behavioral features of the software system. This requires analysis of class and activity diagrams to appraise the overall system quality, feasibility,
and inter-diagram consistency. This work focuses on designing, implementing, and evaluating a
multi-objective refactoring framework for detection and fixing of design defects in software
models.Ph.D.Information Systems Engineering, College of Engineering and Computer ScienceUniversity of Michigan-Dearbornhttp://deepblue.lib.umich.edu/bitstream/2027.42/136077/1/Usman Mansoor Final.pdfDescription of Usman Mansoor Final.pdf : Dissertatio
Towards automated restructuring of object oriented systems
The work introduces a method for diagnosing design flaws in object oriented systems, and finding meaningful refactorings to remove such flaws. The method is based on pairing up a structural pattern that is considered pathological (e.g. a code smell or anti-pattern) with a so called design context. The design context describes the design semantics associated to the pathological structure, and the desired strategic closure for that fragment. The process is tool supported and largely automated
Fundamental Approaches to Software Engineering
computer software maintenance; computer software selection and evaluation; formal logic; formal methods; formal specification; programming languages; semantics; software engineering; specifications; verificatio
A Domain-Specific Language and Editor for Parallel Particle Methods
Domain-specific languages (DSLs) are of increasing importance in scientific
high-performance computing to reduce development costs, raise the level of
abstraction and, thus, ease scientific programming. However, designing and
implementing DSLs is not an easy task, as it requires knowledge of the
application domain and experience in language engineering and compilers.
Consequently, many DSLs follow a weak approach using macros or text generators,
which lack many of the features that make a DSL a comfortable for programmers.
Some of these features---e.g., syntax highlighting, type inference, error
reporting, and code completion---are easily provided by language workbenches,
which combine language engineering techniques and tools in a common ecosystem.
In this paper, we present the Parallel Particle-Mesh Environment (PPME), a DSL
and development environment for numerical simulations based on particle methods
and hybrid particle-mesh methods. PPME uses the meta programming system (MPS),
a projectional language workbench. PPME is the successor of the Parallel
Particle-Mesh Language (PPML), a Fortran-based DSL that used conventional
implementation strategies. We analyze and compare both languages and
demonstrate how the programmer's experience can be improved using static
analyses and projectional editing. Furthermore, we present an explicit domain
model for particle abstractions and the first formal type system for particle
methods.Comment: Submitted to ACM Transactions on Mathematical Software on Dec. 25,
201
Management Aspects of Software Clone Detection and Analysis
Copying a code fragment and reusing it by pasting with or without minor modifications is a common practice in software development for improved productivity. As a result, software systems often have similar segments of code, called software clones or code clones. Due to many reasons, unintentional clones may also appear in the source code without awareness of the developer. Studies report that significant fractions (5% to 50%) of the code in typical software systems are cloned. Although code cloning may increase initial productivity, it may cause fault propagation, inflate the code base and increase maintenance overhead. Thus, it is believed that code clones should be identified and carefully managed. This Ph.D. thesis contributes in clone management with techniques realized into tools and large-scale in-depth analyses of clones to inform clone management in devising effective techniques and strategies.
To support proactive clone management, we have developed a clone detector as a plug-in to the Eclipse IDE. For clone detection, we used a hybrid approach that combines the strength of both parser-based and text-based techniques. To capture clones that are similar but not exact duplicates, we adopted a novel approach that applies a suffix-tree-based k-difference hybrid algorithm, borrowed from the area of computational biology. Instead of targeting all clones from the entire code base, our tool aids clone-aware development by allowing focused search for clones of any code fragment of the developer's interest.
A good understanding on the code cloning phenomenon is a prerequisite to devise efficient clone management strategies. The second phase of the thesis includes large-scale empirical studies on the characteristics (e.g., proportion, types of similarity, change patterns) of code clones in evolving software systems. Applying statistical techniques, we also made fairly accurate forecast on the proportion of code clones in the future versions of software projects. The outcome of these studies expose useful insights into the characteristics of evolving clones and their management implications.
Upon identification of the code clones, their management often necessitates careful refactoring, which is dealt with at the third phase of the thesis. Given a large number of clones, it is difficult to optimally decide what to refactor and what not, especially when there are dependencies among clones and the objective remains the minimization of refactoring efforts and risks while maximizing benefits. In this regard, we developed a novel clone refactoring scheduler that applies a constraint programming approach. We also introduced a novel effort model for the estimation of efforts needed to refactor clones in source code.
We evaluated our clone detector, scheduler and effort model through comparative empirical studies and user studies. Finally, based on our experience and in-depth analysis of the present state of the art, we expose avenues for further research and development towards a versatile clone management system that we envision
- …