A systematic literature review on process model testing: Approaches, challenges, and research directions

Testing is a key concern when developing process-oriented solutions as it supports modeling experts who have to deal with increasingly complex models and scenarios such as cross-organizational processes. However, the complexity of the research landscape and the diverse set of approaches and goals impedes the analysis and advancement of research and the identification of promising research areas, challenges, and research directions. Hence, a systematic literature review is conducted to identify interesting areas for future research and to provide an overview of existing work. Over 6300 potentially matching publications were determined during the search (literature databases, selected conferences\journals, and snowballing). Finally, 153 publications from 2002 to 2013 were selected, analyzed, and classified. It was found that the software engineering domain has influenced process model testing approaches (e.g., regarding terminology and concepts), but recent publications are presenting independent approaches. Additionally, historical data sources are not exploited to their full potential and current testing related publications frequently contain evaluations of relatively weak quality. Overall, the publication landscape is unevenly distributed so that over 31 publications concentrate on test-case generation but only 4 publications conduct performance test. Hence, the full potential of such insufficiently covered testing areas is not exploited. This systematic review provides a comprehensive overview of the interdisciplinary topic of process model testing. Several open research questions are identified, for example, how to apply testing to cross-organizational or legacy processes and how to adequately include users into the testing methods

Applied Metamodelling: A Foundation for Language Driven Development (Third Edition)

Modern day system developers have some serious problems to contend with. The systems they develop are becoming increasingly complex as customers demand richer functionality delivered in ever shorter timescales. They have to manage a huge diversity of implementation technologies, design techniques and development processes: everything from scripting languages to web-services to the latest 'silver bullet' design abstraction. To add to that, nothing stays still: today's 'must have' technology rapidly becomes tomorrow's legacy problem that must be managed along with everything else. How can these problems be dealt with? In this book we propose that there is a common foundation to their resolution: languages. Languages are the primary way in which system developers communicate, design and implement systems. Languages provide abstractions that can encapsulate complexity, embrace the diversity of technologies and design abstractions, and unite modern and legacy systems

Enhancing Reuse of Constraint Solutions to Improve Symbolic Execution

Constraint solution reuse is an effective approach to save the time of constraint solving in symbolic execution. Most of the existing reuse approaches are based on syntactic or semantic equivalence of constraints; e.g. the Green framework is able to reuse constraints which have different representations but are semantically equivalent, through canonizing constraints into syntactically equivalent normal forms. However, syntactic/semantic equivalence is not a necessary condition for reuse--some constraints are not syntactically or semantically equivalent, but their solutions still have potential for reuse. Existing approaches are unable to recognize and reuse such constraints. In this paper, we present GreenTrie, an extension to the Green framework, which supports constraint reuse based on the logical implication relations among constraints. GreenTrie provides a component, called L-Trie, which stores constraints and solutions into tries, indexed by an implication partial order graph of constraints. L-Trie is able to carry out logical reduction and logical subset and superset querying for given constraints, to check for reuse of previously solved constraints. We report the results of an experimental assessment of GreenTrie against the original Green framework, which shows that our extension achieves better reuse of constraint solving result and saves significant symbolic execution time.Comment: this paper has been submitted to conference ISSTA 201

Measuring Coverage of Prolog Programs Using Mutation Testing

Testing is an important aspect in professional software development, both to avoid and identify bugs as well as to increase maintainability. However, increasing the number of tests beyond a reasonable amount hinders development progress. To decide on the completeness of a test suite, many approaches to assert test coverage have been suggested. Yet, frameworks for logic programs remain scarce. In this paper, we introduce a framework for Prolog programs measuring test coverage using mutations. We elaborate the main ideas of mutation testing and transfer them to logic programs. To do so, we discuss the usefulness of different mutations in the context of Prolog and empirically evaluate them in a new mutation testing framework on different examples.Comment: 16 pages, Accepted for presentation in WFLP 201

Supporting Dynamic Service Composition at Runtime based on End-user Requirements

Network-based software application services are receiving a lot of attention in recent years, as observed in developments as Internet of Services, Software as a Service and Cloud Computing. A service-oriented computing ecosystem is being created where the end-user is having an increasingly more active role in the service creation process. However, supporting end-users in the creation process, at runtime, is a difficult undertaking. Users have different requirements and preferences towards application services, use services in different situations and expect highly abstract mechanisms in the creation process. Furthermore, there are different types of end-users: some can deliver more detailed requirements or can be provided with more advanced request interface, while others can not. To tackle these issues and provide end-users with personalised service delivery, we claim that runtime automated service composition mechanisms are required. In this paper we present the DynamiCoS framework, which aims at supporting the different phases required to provide end-users with automatic service discovery, selection and composition process. In this paper we also present the developed prototype and its evaluation

State of the Software Development Life-Cycle for the Internet-of-Things

Software has a longstanding association with a state of crisis considering its success rate. The explosion of Internet-connected devices, Internet-of-Things, adds to the complexity of software systems. The particular characteristics of these systems, such as being large-scale and its heterogeneity, pose increasingly new challenges. In this paper, we first briefly introduce the IoT paradigm and the current state of art of software development. Then, we delve into the particularities of developing software for IoT systems and systems of systems, given an overview of what are the current methodologies and tools for design, develop and test such systems. The findings are discussed, revealing open issues and research directions, and reveal that the nowadays IoT software development practices are still lagging behind of what are the current best practices.Comment: 38 page

Abstract Interpretation-based verification/certification in the ciaoPP system

CiaoPP is the abstract interpretation-based preprocessor of the Ciao multi-paradigm (Constraint) Logic Programming system. It uses modular, incremental abstract interpretation as a fundamental tool to obtain information about programs. In CiaoPP, the semantic approximations thus produced have been applied to perform high- and low-level optimizations during program compilation, including transformations such as múltiple abstract specialization, parallelization, partial evaluation, resource usage control, and program verification. More recently, novel and promising applications of such semantic approximations are being applied in the more general context of program development such as program verification. In this work, we describe our extensión of the system to incorpórate Abstraction-Carrying Code (ACC), a novel approach to mobile code safety. ACC follows the standard strategy of associating safety certificates to programs, originally proposed in Proof Carrying- Code. A distinguishing feature of ACC is that we use an abstraction (or abstract model) of the program computed by standard static analyzers as a certifícate. The validity of the abstraction on the consumer side is checked in a single-pass by a very efficient and specialized abstractinterpreter. We have implemented and benchmarked ACC within CiaoPP. The experimental results show that the checking phase is indeed faster than the proof generation phase, and that the sizes of certificates are reasonable. Moreover, the preprocessor is based on compile-time (and run-time) tools for the certification of CLP programs with resource consumption assurances

soCloud: A service-oriented component-based PaaS for managing portability, provisioning, elasticity, and high availability across multiple clouds

Multi-cloud computing is a promising paradigm to support very large scale world wide distributed applications. Multi-cloud computing is the usage of multiple, independent cloud environments, which assumed no priori agreement between cloud providers or third party. However, multi-cloud computing has to face several key challenges such as portability, provisioning, elasticity, and high availability. Developers will not only have to deploy applications to a specific cloud, but will also have to consider application portability from one cloud to another, and to deploy distributed applications spanning multiple clouds. This article presents soCloud a service-oriented component-based Platform as a Service (PaaS) for managing portability, elasticity, provisioning, and high availability across multiple clouds. soCloud is based on the OASIS Service Component Architecture (SCA) standard in order to address portability. soCloud provides services for managing provisioning, elasticity, and high availability across multiple clouds. soCloud has been deployed and evaluated on top of ten existing cloud providers: Windows Azure, DELL KACE, Amazon EC2, CloudBees, OpenShift, dotCloud, Jelastic, Heroku, Appfog, and an Eucalyptus private cloud

A Detailed Survey on Various Aspects of SQL Injection in Web Applications: Vulnerabilities, Innovative Attacks, and Remedies

In today's world, Web applications play a very important role in individual life as well as in any country's development. Web applications have gone through a very rapid growth in the recent years and their adoption is moving faster than that was expected few years ago. Now-a-days, billions of transactions are done online with the aid of different Web applications. Though these applications are used by hundreds of people, in many cases the security level is weak, which makes them vulnerable to get compromised. In most of the scenarios, a user has to be identified before any communication is established with the backend database. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection gives access to unauthorized users. This is mostly accomplished via SQL Injection input. In spite of the development of different approaches to prevent SQL injection, it still remains an alarming threat to Web applications. In this paper, we present a detailed survey on various types of SQL Injection vulnerabilities, attacks, and their prevention techniques. Alongside presenting our findings from the study, we also note down future expectations and possible development of countermeasures against SQL Injection attacks.Comment: Due to unresolved publication fee issue, authors withdrew paper after acceptance in INFORMATION Journal, Japan. To be published elsewher

Semantics-based services for a low carbon society: An application on emissions trading system data and scenarios management

A low carbon society aims at fighting global warming by stimulating synergic efforts from governments, industry and scientific communities. Decision support systems should be adopted to provide policy makers with possible scenarios, options for prompt countermeasures in case of side effects on environment, economy and society due to low carbon society policies, and also options for information management. A necessary precondition to fulfill this agenda is to face the complexity of this multi-disciplinary domain and to reach a common understanding on it as a formal specification. Ontologies are widely accepted means to share knowledge. Together with semantic rules, they enable advanced semantic services to manage knowledge in a smarter way. Here we address the European Emissions Trading System (EU-ETS) and we present a knowledge base consisting of the EREON ontology and a catalogue of rules. Then we describe two innovative semantic services to manage ETS data and information on ETS scenarios