136 research outputs found
A classification procedure for the effective management of changes during the maintenance process
During software operation, maintainers are often faced with numerous change requests. Given available resources such as effort and calendar time, changes, if approved, have to be planned to fit within budget and schedule constraints. In this paper, we address the issue of assessing the difficulty of a change based on known or predictable data. This paper should be considered as a first step towards the construction of customized economic models for maintainers. In it, we propose a modeling approach, based on regular statistical techniques, that can be used in a variety of software maintenance environments. The approach can be easily automated, and is simple for people with limited statistical experience to use. Moreover, it deals effectively with the uncertainty usually associated with both model inputs and outputs. The modeling approach is validated on a data set provided by NASA/GSFC which shows it was effective in classifying changes with respect to the effort involved in implementing them. Other advantages of the approach are discussed along with additional steps to improve the results
Evaluating Model Testing and Model Checking for Finding Requirements Violations in Simulink Models
Matlab/Simulink is a development and simulation language that is widely used
by the Cyber-Physical System (CPS) industry to model dynamical systems. There
are two mainstream approaches to verify CPS Simulink models: model testing that
attempts to identify failures in models by executing them for a number of
sampled test inputs, and model checking that attempts to exhaustively check the
correctness of models against some given formal properties. In this paper, we
present an industrial Simulink model benchmark, provide a categorization of
different model types in the benchmark, describe the recurring logical patterns
in the model requirements, and discuss the results of applying model checking
and model testing approaches to identify requirements violations in the
benchmarked models. Based on the results, we discuss the strengths and
weaknesses of model testing and model checking. Our results further suggest
that model checking and model testing are complementary and by combining them,
we can significantly enhance the capabilities of each of these approaches
individually. We conclude by providing guidelines as to how the two approaches
can be best applied together.Comment: 10 pages + 2 page reference
Automated Smell Detection and Recommendation in Natural Language Requirements
Requirement specifications are typically written in natural language (NL) due
to its usability across multiple domains and understandability by all
stakeholders. However, unstructured NL is prone to quality problems (e.g.,
ambiguity) when writing requirements, which can result in project failures. To
address this issue, we present a tool, named Paska, that takes as input any NL
requirements, automatically detects quality problems as smells in the
requirements, and offers recommendations to improve their quality. Our approach
relies on natural language processing (NLP) techniques and a state-of-the-art
controlled natural language (CNL) for requirements (Rimay), to detect smells
and suggest recommendations using patterns defined in Rimay to improve
requirement quality. We evaluated Paska through an industrial case study in the
financial domain involving 13 systems and 2725 annotated requirements. The
results show that our tool is accurate in detecting smells (89% precision and
recall) and suggesting appropriate Rimay pattern recommendations (96% precision
and 94% recall)
Learning Failure-Inducing Models for Testing Software-Defined Networks
Software-defined networks (SDN) enable flexible and effective communication
systems, e.g., data centers, that are managed by centralized software
controllers. However, such a controller can undermine the underlying
communication network of an SDN-based system and thus must be carefully tested.
When an SDN-based system fails, in order to address such a failure, engineers
need to precisely understand the conditions under which it occurs. In this
paper, we introduce a machine learning-guided fuzzing method, named FuzzSDN,
aiming at both (1) generating effective test data leading to failures in
SDN-based systems and (2) learning accurate failure-inducing models that
characterize conditions under which such system fails. This is done in a
synergistic manner where models guide test generation and the latter also aims
at improving the models. To our knowledge, FuzzSDN is the first attempt to
simultaneously address these two objectives for SDNs. We evaluate FuzzSDN by
applying it to systems controlled by two open-source SDN controllers. Further,
we compare FuzzSDN with two state-of-the-art methods for fuzzing SDNs and two
baselines (i.e., simple extensions of these two existing methods) for learning
failure-inducing models. Our results show that (1) compared to the
state-of-the-art methods, FuzzSDN generates at least 12 times more failures,
within the same time budget, with a controller that is fairly robust to fuzzing
and (2) our failure-inducing models have, on average, a precision of 98% and a
recall of 86%, significantly outperforming the baselines
Measuring and assessing maintainability at the end of high level design
Software architecture appears to be one of the main factors affecting software maintainability. Therefore, in order to be able to predict and assess maintainability early in the development process we need to be able to measure the high-level design characteristics that affect the change process. To this end, we propose a measurement approach, which is based on precise assumptions derived from the change process, which is based on Object-Oriented Design principles and is partially language independent. We define metrics for cohesion, coupling, and visibility in order to capture the difficulty of isolating, understanding, designing and validating changes
Identifying the Hazard Boundary of ML-enabled Autonomous Systems Using Cooperative Co-Evolutionary Search
In Machine Learning (ML)-enabled autonomous systems (MLASs), it is essential
to identify the hazard boundary of ML Components (MLCs) in the MLAS under
analysis. Given that such boundary captures the conditions in terms of MLC
behavior and system context that can lead to hazards, it can then be used to,
for example, build a safety monitor that can take any predefined fallback
mechanisms at runtime when reaching the hazard boundary. However, determining
such hazard boundary for an ML component is challenging. This is due to the
problem space combining system contexts (i.e., scenarios) and MLC behaviors
(i.e., inputs and outputs) being far too large for exhaustive exploration and
even to handle using conventional metaheuristics, such as genetic algorithms.
Additionally, the high computational cost of simulations required to determine
any MLAS safety violations makes the problem even more challenging.
Furthermore, it is unrealistic to consider a region in the problem space
deterministically safe or unsafe due to the uncontrollable parameters in
simulations and the non-linear behaviors of ML models (e.g., deep neural
networks) in the MLAS under analysis. To address the challenges, we propose
MLCSHE (ML Component Safety Hazard Envelope), a novel method based on a
Cooperative Co-Evolutionary Algorithm (CCEA), which aims to tackle a
high-dimensional problem by decomposing it into two lower-dimensional search
subproblems. Moreover, we take a probabilistic view of safe and unsafe regions
and define a novel fitness function to measure the distance from the
probabilistic hazard boundary and thus drive the search effectively. We
evaluate the effectiveness and efficiency of MLCSHE on a complex Autonomous
Vehicle (AV) case study. Our evaluation results show that MLCSHE is
significantly more effective and efficient compared to a standard genetic
algorithm and random search
NLP-based Automated Compliance Checking of Data Processing Agreements against GDPR
Processing personal data is regulated in Europe by the General Data
Protection Regulation (GDPR) through data processing agreements (DPAs).
Checking the compliance of DPAs contributes to the compliance verification of
software systems as DPAs are an important source of requirements for software
development involving the processing of personal data. However, manually
checking whether a given DPA complies with GDPR is challenging as it requires
significant time and effort for understanding and identifying DPA-relevant
compliance requirements in GDPR and then verifying these requirements in the
DPA. In this paper, we propose an automated solution to check the compliance of
a given DPA against GDPR. In close interaction with legal experts, we first
built two artifacts: (i) the "shall" requirements extracted from the GDPR
provisions relevant to DPA compliance and (ii) a glossary table defining the
legal concepts in the requirements. Then, we developed an automated solution
that leverages natural language processing (NLP) technologies to check the
compliance of a given DPA against these "shall" requirements. Specifically, our
approach automatically generates phrasal-level representations for the textual
content of the DPA and compares it against predefined representations of the
"shall" requirements. Over a dataset of 30 actual DPAs, the approach correctly
finds 618 out of 750 genuine violations while raising 76 false violations, and
further correctly identifies 524 satisfied requirements. The approach has thus
an average precision of 89.1%, a recall of 82.4%, and an accuracy of 84.6%.
Compared to a baseline that relies on off-the-shelf NLP tools, our approach
provides an average accuracy gain of ~20 percentage points. The accuracy of our
approach can be improved to ~94% with limited manual verification effort.Comment: 24 pages, 5 figures, 10 tables, 1 Algorithm, TS
Developing interpretable models with optimized set reduction for identifying high risk software components
Applying equal testing and verification effort to all parts of a software system is not very efficient, especially when resources are limited and scheduling is tight. Therefore, one needs to be able to differentiate low/high fault frequency components so that testing/verification effort can be concentrated where needed. Such a strategy is expected to detect more faults and thus improve the resulting reliability of the overall system. This paper presents the Optimized Set Reduction approach for constructing such models, intended to fulfill specific software engineering needs. Our approach to classification is to measure the software system and build multivariate stochastic models for predicting high risk system components. We present experimental results obtained by classifying Ada components into two classes: is or is not likely to generate faults during system and acceptance test. Also, we evaluate the accuracy of the model and the insights it provides into the error making process
- …