A requirement-driven approach for modelling software architectures

Throughout the software development lifecycle (SDLC) there are many pitfalls which software engineers have to face. Regardless of the methodology adopted, classic methodologies such as waterfall or more modern ones such as agile or scrum, defects can be injected in any phase of the SDLC. The main avenue to detect and remove defects is through Quality Assurance (QA) activities. The planned activities to detect, fix and remove defects occur later on and there is less effort spent in the initial phases of the SDLC to either detect, remove or prevent the injection of defects. In fact, the cost of detecting and fixing a defect in the later phases of the SDLC such as development, deployment, maintenance and support is much higher than detecting and fixing defects in the initial phases of the SDLC. The software architecture of the application also has an incidence on defect injection whereby the software architecture can be regarded asthe fundamental structures of a software system. The impact of detecting and fixing defects later on is exacerbated for software architecture which are distributed, such as service-oriented architectures or microservices. Thus, the aim of this research is to develop a semi-automated framework to translate requirements into design with the aim of reducing the introduction of defects from the early phases of the SDLC. Part of the objectives of this work is to conceptualize a design for architectural paradigms such as object-oriented and service-oriented programming. The proposed framework uses a series of techniques from Natural Language Processing (NLP) and a blend of techniques from intelligent learning systems such as ontologies and neural networks to partially automate the translation of requirements into a design. The novelty focuses on moulding the design into an architecture which is better adapted for distributed systems. The framework is evaluated with a case study where the design and architecture from the framework is compared to a design and architecture which was drawn by a software architect. In addition, the evaluation using a case study aims to demonstrate the use of the framework and how each individual design and architecture artefacts fair

Refactorings of Design Defects using Relational Concept Analysis

Software engineers often need to identify and correct design defects, ıe} recurring design problems that hinder development and maintenance\ud by making programs harder to comprehend and--or evolve. While detection\ud of design defects is an actively researched area, their correction---mainly\ud a manual and time-consuming activity --- is yet to be extensively\ud investigated for automation. In this paper, we propose an automated\ud approach for suggesting defect-correcting refactorings using relational\ud concept analysis (RCA). The added value of RCA consists in exploiting\ud the links between formal objects which abound in a software re-engineering\ud context. We validated our approach on instances of the <span class='textit'></span>Blob\ud design defect taken from four different open-source programs

Towards Vulnerability Discovery Using Staged Program Analysis

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents multiple challenges not the least of which is understanding what makes a bug exploitable and conveying this information to the developer. In this paper, we present the design and implementation of a practical vulnerability assessment framework, called Melange. Melange performs data and control flow analysis to diagnose potential security bugs, and outputs well-formatted bug reports that help developers understand and fix security bugs. Based on the intuition that real-world vulnerabilities manifest themselves across multiple parts of a program, Melange performs both local and global analyses. To scale up to large programs, global analysis is demand-driven. Our prototype detects multiple vulnerability classes in C and C++ code including type confusion, and garbage memory reads. We have evaluated Melange extensively. Our case studies show that Melange scales up to large codebases such as Chromium, is easy-to-use, and most importantly, capable of discovering vulnerabilities in real-world code. Our findings indicate that static analysis is a viable reinforcement to the software testing tool set.Comment: A revised version to appear in the proceedings of the 13th conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 201

From a Domain Analysis to the Specification and Detection of Code and Design Smells

Code and design smells are recurring design problems in software systems that must be identified to avoid their possible negative consequences\ud on development and maintenance. Consequently, several smell detection\ud approaches and tools have been proposed in the literature. However,\ud so far, they allow the detection of predefined smells but the detection\ud of new smells or smells adapted to the context of the analysed systems\ud is possible only by implementing new detection algorithms manually.\ud Moreover, previous approaches do not explain the transition from\ud specifications of smells to their detection. Finally, the validation\ud of the existing approaches and tools has been limited on few proprietary\ud systems and on a reduced number of smells. In this paper, we introduce\ud an approach to automate the generation of detection algorithms from\ud specifications written using a domain-specific language. This language\ud is defined from a thorough domain analysis. It allows the specification\ud of smells using high-level domain-related abstractions. It allows\ud the adaptation of the specifications of smells to the context of\ud the analysed systems.We specify 10 smells, generate automatically\ud their detection algorithms using templates, and validate the algorithms\ud in terms of precision and recall on Xerces v2.7.0 and GanttProject\ud v1.10.2, two open-source object-oriented systems.We also compare\ud the detection results with those of a previous approach, iPlasma