Experience in teaching a software reengineering course

Software engineering curricula emphasize developing new software systems. Little attention is given to how to change and modernize existing systems, i.e., the theory and practice of software maintenance and reengineering. This paper presents the author’s experience in teaching software reengineering in a masters-level course at University of Leicester, UK. It presents the course objectives, outline and the lessons learned. The main lessons are: first, there is a big shortage of educational materials for teaching software reengineering. Second, selecting the suitable materials (that balance theory and practice) and the right tool(s) for the level of students and depth of coverage required is a difficult task. Third, teaching reengineering using toy exercises and assignments does not convey the practical aspects of the subject. While, teaching with real, even small size, exercises and assignments, is almost infeasible. Getting the balance right requires careful consideration and experimentation. Finally, students understand and appreciate this topic much more if they have previous industrial experience and when they are presented with real industrial case studies

Similarity in Programs

An overview of the concept of program similarity is presented. It divides similarity into two types - syntactic and semantic - and provides a review of eight categories of methods that may be used to measure program similarity. A summary of some applications of these methods is included. The paper is intended to be a starting point for a more comprehensive analysis of the subject of similarity in programs, which is critical to understand if progress is to be made in fields such as clone detection

Mining System-User Interaction Traces for Use Case Models

While code understanding is the primary program comprehension activity, it is quite challenging to recognize the application requirements from code, since they have usually been occluded by a set of layers of later implementation decisions. An alternative source of evidence, especially valuable for understanding the purposes for which the application was built, can be the dynamic behavior of the system, and more specifically the system-user interaction. We have developed a method for modeling the application behavior from the user’s perspective in the form of use case models, using recorded traces of system-user interaction. We use data mining and pattern matching methods to mine these traces for frequently occurring user tasks. When interesting patterns are discovered, they are augmented with semantic information and they are used to build use case models. We demonstrate a successful application of this method to recover use case models from interaction traces with legacy 3270 systems to serve user interface reengineering activities. 1

Understanding Web Usage for Dynamic Web-Site Adaptation: A Case Study

Every day, new information, products and services are being offered by providers on the World Wide Web. At the same time, the number of consumers and the diversity of their interests increase. As a result, providers are seeking ways to infer the customers’ interests and to adapt their web sites to make the content of interest more easily accessible. Pattern mining is a promising approach in support of this goal. Assuming that past navigation behavior is an indicator of the users ’ interests, then, the records of this behavior, kept in the form of the web-server logs, can be mined to infer what the users are interested in. On that basis, recommendations can be dynamically generated, to help new web-site visitors find the information of interest faster. In this paper, we discuss our experience with pattern mining for dynamic web-site adaptation. Our particular approach is tailored to “focused ” web sites that offer information on a well-defined subject, such as, for example, the web site of an undergraduate course. Visitors of such focused sites exhibit similar types of navigation behavior, corresponding to the services offered by the web site; therefore, page recommendation based on usage-pattern mining can be quite effective

The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT’s Low-End Devices

Internet of Things Operating Systems (IoT OSs) run, manage and control IoT devices. Therefore, it is important to secure the source code for IoT OSs, especially if they are deployed on devices used for human care and safety. In this paper, we report the results of our investigations of the security status and the presence of security vulnerabilities in the source code of the most popular open source IoT OSs. Through this research, three Static Analysis Tools (Cppcheck, Flawfinder and RATS) were used to examine the code of sixteen different releases of four different C/C++ IoT OSs, with 48 examinations, regarding the presence of vulnerabilities from the Common Weakness Enumeration (CWE). The examination reveals that IoT OS code still suffers from errors that lead to security vulnerabilities and increase the opportunity of security breaches. The total number of errors in IoT OSs is increasing from version to the next, while error density, i.e., errors per 1K of physical Source Lines of Code (SLOC) is decreasing chronologically for all IoT Oss, with few exceptions. The most prevalent vulnerabilities in IoT OS source code were CWE-561, CWE-398 and CWE-563 according to Cppcheck, (CWE-119!/CWE-120), CWE-120 and CWE-126 according to Flawfinder, and CWE-119, CWE-120 and CWE-134 according to RATS. Additionally, the CodeScene tool was used to investigate the development of the evolutionary properties of IoT OSs and the relationship between them and the presence of IoT OS vulnerabilities. CodeScene reveals strong positive correlation between the total number of security errors within IoT OSs and SLOC, as well as strong negative correlation between the total number of security errors and Code Health. CodeScene also indicates strong positive correlation between security error density (errors per 1K SLOC) and the presence of hotspots (frequency of code changes and code complexity), as well as strong negative correlation between security error density and the Qualitative Team Experience, which is a measure of the experience of the IoT OS developers

Rule-based Model Extraction from Source Code

Abstract. In the context of an approach for reengineering legacy software systems at the architectural level, we present in this paper a reverse engineering methodology that uses a model defined as a type graph to represent source-code subject to a code categorization process. Two alternative methods for referencing the source code are discussed: native vs. graphical. To represent the code, the native representation uses the abstract syntax tree while the graphical uses a programming language metamodel. Two options regarding the way that the graph can relate to the source code reference model are also considered: association model vs. direct link. The extraction of the program representation, complying to the type graph, is based on rules that categorize source code according to its purpose. The techniques to address this process, such as the code categorization rules, are shown together with examples.