Powered by
Conference Publishing Consulting

36th International Conference on Software Engineering (ICSE Companion 2014), May 31 – June 7, 2014, Hyderabad, India

ICSE Companion 2014 – Proceedings

Contents - Abstracts - Authors


Title Page

Message from the Chairs
Welcome to the 36th International Conference on Software Engineering, set in Hyderabad, India. On behalf of the entire Organizing Committee, it is our distinct pleasure to invite you to participate, not just in the official program of the conference and its full assortment of activities, but also in enjoying the beautiful history, customs, and surroundings of the city and people of Hyderabad.




Socio-Technical Coordination (Keynote)
James Herbsleb
(Carnegie Mellon University, USA)
Product architecture structures the coordination problem that the development organization must solve. The modularity strategy establishes design rules that fix module functionality and interfaces, and assigns development work for each module to a single team. The modules present relatively independent coordination problems that teams attempt to solve with all the traditional coordination mechanisms available to them. The applicability and effectiveness of this strategy is limited with increasing technical and organizational volatility. In the absence of theory explaining why and when modularity works, the technique is brittle, with very little firm basis for adjustment or for complementing it with other strategies.
I present a theory of coordination, based on decision networks, that generalizes the modularity strategy. I review evidence testing several hypotheses derived from the theory, and explore how this theoretical view can drive coordination research and provide a theoretical basis for practical techniques to assist architects, developers, and managers.

Publisher's Version Article Search

Software Engineering in Practice

Panel Session 1

Ready-Set-Transfer: Exploring the Technology Transfer Readiness of Academic Research Projects (Panel)
Jane Cleland-Huang, Daniela Damian, and Smita Ghaisas
(DePaul University, USA; University of Victoria, Canada; Tata Consultancy Services, India)
Software engineering research is undertaken to propose innovative solutions, to develop concepts, algorithms, processes, and technologies, to validate effective solutions for important software engineering problems, and ultimately to support the transition of important findings to practice. However prior studies have shown that successful projects often take from 20-25 years to reach the stage of full industry adoption, while many other projects fizzle out and never advance beyond the initial research phase. This panel provides the opportunity for practitioners and academics to engage in a meaningful discussion around the topic of technology transfer. In this fourth offering of the Ready-Set-Transfer panel, three research groups will present products that they believe to be industry-ready to a panel of industrial practitioners. Each team will receive feedback from the panelists. The long-term goal of the panel is to increase technology transfer in the software engineering domain.

Publisher's Version Article Search
Software Engineering for the Web: The State of the Practice
Alex Nederlof, Ali Mesbah, and Arie van Deursen
(Delft University of Technology, Netherlands; University of British Columbia, Canada)
Today’s web applications increasingly rely on client-side code execution. HTML is not just created on the server, but manipulated extensively within the browser through JavaScript code. In this paper, we seek to understand the software engineering implications of this. We look at deviations from many known best practices in such areas of performance, accessibility, and correct structuring of HTML documents. Furthermore, we assess to what extent such deviations manifest themselves through client-side code manipulation only. To answer these questions, we conducted a large scale experiment, involving automated client-enabled crawling of over 4000 web applications, resulting in over 100,000,000 pages analyzed, and close to 1,000,000 unique client-side user interface states. Our findings show that the majority of sites contain a substantial number of problems, making sites unnecessarily slow, inaccessible for the visually impaired, and with layout that is unpredictable due to errors in the dynamically modified DOM trees.

Publisher's Version Article Search

Dependability, Safety, and Reliability

An Empirical Study of Structural Defects in Industrial Use-Cases
Deepti Parachuri, A. S. M. Sajeev, and Rakesh Shukla
(Infosys Labs, India; University of New England, Australia)
Use-cases perform an important role in capturing and analys-ing software requirements in the IT industry. A number of guidelines have been proposed in the literature on how to write use-cases. Structural defects can occur when use-cases are written without following such guidelines. We develop a taxonomy of structural defects and analyse a sample of 360 industrial use-cases to understand the nature of defects in them. Our sample comes from both client-based projects and in-house projects. The results show that, compared to a sample of theoretical use-cases that follow Cockburn's guidelines, industrial use-cases on the average exhibit defects such as complex structures, lack of customer focus and missing actors. Given the shortage of analysis of real industry samples, our results make a significant contribution towards the understanding of the strengths and weaknesses in industrial use-cases in terms of structural defects. The results will be useful for industry practitioners in adopting use-case modelling standards to reduce the defects as well as for software engineering researchers to explore the reasons for such differences between the theory and the practice in use-case modelling.

Publisher's Version Article Search
Where Do Developers Log? An Empirical Study on Logging Practices in Industry
Qiang Fu, Jieming Zhu, Wenlu Hu, Jian-Guang Lou, Rui Ding, Qingwei Lin, Dongmei Zhang, and Tao Xie
(Microsoft Research, China; Chinese University of Hong Kong, China; Carnegie Mellon University, USA; University of Illinois at Urbana-Champaign, USA)
System logs are widely used in various tasks of software system management. It is crucial to avoid logging too little or too much. To achieve so, developers need to make informed decisions on where to log and what to log in their logging practices during development. However, there exists no work on studying such logging practices in industry or helping developers make informed decisions. To fill this significant gap, in this paper, we systematically study the logging practices of developers in industry, with focus on where developers log. We obtain six valuable findings by conducting source code analysis on two large industrial systems (2.5M and 10.4M LOC, respectively) at Microsoft. We further validate these findings via a questionnaire survey with 54 experienced developers in Microsoft. In addition, our study demonstrates the high accuracy of up to 90% F-Score in predicting where to log.

Publisher's Version Article Search
Active Files as a Measure of Software Maintainability
Lukas Schulte, Hitesh Sajnani, and Jacek Czerwonka
(Northeastern University, USA; University of California at Irvine, USA; Microsoft, USA)
In this paper, we explore the set of source files which are changed unusually often. We define these files as active files. Although discovery of active files relies only on version history and defect classification, the simple concept of active files can deliver key insights into software development activities. Active files can help focus code reviews, implement targeted testing, show areas for potential merge conflicts and identify areas that are central for program comprehension.
In an empirical study of six large software systems within Microsoft ranging from products to services, we found that active files constitute only between 2-8% of the total system size, contribute 20-40% of system file changes, and are responsible for 60-90% of all defects. Not only this, but we establish that the majority, 65-95%, of the active files are architectural hub files which change due to feature addition as opposed to fixing defects.

Publisher's Version Article Search
Nondeterminism in MapReduce Considered Harmful? An Empirical Study on Non-commutative Aggregators in MapReduce Programs
Tian Xiao, Jiaxing Zhang, Hucheng Zhou, Zhenyu Guo, Sean McDirmid, Wei Lin, Wenguang Chen, and Lidong Zhou
(Tsinghua University, China; Microsoft Research, China; Microsoft Bing, USA)
The simplicity of MapReduce introduces unique subtleties that cause hard-to-detect bugs; in particular, the unfixed order of reduce function input is a source of nondeterminism that is harmful if the reduce function is not commutative and sensitive to input order. Our extensive study of production MapReduce programs reveals interesting findings on commutativity, nondeterminism, and correctness. Although non-commutative reduce functions lead to five bugs in our sample of well-tested production programs, we surprisingly have found that many non-commutative reduce functions are mostly harmless due to, for example, implicit data properties. These findings are instrumental in advancing our understanding of MapReduce program correctness.

Publisher's Version Article Search

Processes and Agile Development

Automated Software Integration Flows in Industry: A Multiple-Case Study
Daniel Ståhl and Jan Bosch
(Ericsson, Sweden; Chalmers, Sweden)
There is a steadily increasing interest in the agile practice of continuous integration. Consequently, there is great diversity in how it is interpreted and implemented, and a need to study, document and analyze how automated software integration flows are implemented in the industry today. In this paper we study five separate cases, using a descriptive model developed to address the variation points in continuous integration practice discovered in literature. Each case is discussed and evaluated individually, whereupon six guidelines for the design and implementation of automated software integration are presented. Furthermore, the descriptive model used to document the cases is evaluated and evolved.

Publisher's Version Article Search
How to Build a Good Practice Software Project Portfolio?
Hennie Huijgens, Rini van Solingen, and Arie van Deursen
(Delft University of Technology, Netherlands; Goverdson, Netherlands; Prowareness, Netherlands)
What can we learn from historic data that is collected in three software companies that on a daily basis had to cope with highly complex project portfolios? In this paper we analyze a large dataset, containing 352 finalized software engineering projects, with the goal to discover what factors affect software project performance, and what actions can be taken to increase project performance when building a software project portfolio. The software projects were classified in four quadrants of a Cost/Duration matrix: analysis was performed on factors that were strongly related to two of those quadrants, Good Practices and Bad Practices. A ranking was performed on the factors based on statistical significance. The paper results in an inventory of ‘what factors should be embraced when building a project portfolio?’ (Success Factors), and ‘what factors should be avoided when doing so?’ (Failure Factors). The major contribution of this paper is that it analyzes characteristics of best performers and worst performers in the dataset of software projects, resulting in 7 Success Factors (a.o. steady heartbeat, a fixed, experienced team, agile (Scrum), and release-based), and 9 Failure Factors (a.o. once-only project, dependencies with other systems, technology driven, and rules- and regulations driven).

Publisher's Version Article Search Video
Distributed-Pair Programming Can Work Well and Is Not Just Distributed Pair-Programming
Julia Schenk, Lutz Prechelt, and Stephan Salinger
(Freie Universität Berlin, Germany)
Background: Distributed Pair Programming can be performed via screensharing or via a distributed IDE. The latter offers the freedom of concurrent editing (which may be helpful or damaging) and has even more awareness deficits than screen sharing.
Objective: Characterize how competent distributed pair programmers may handle this additional freedom and these additional awareness deficits and characterize the impacts on the pair programming process.
Method: A revelatory case study, based on direct observation of a single, highly competent distributed pair of industrial software developers during a 3-day collaboration. We use recordings of these sessions and conceptualize the phenomena seen.
Results: 1.Skilled pairs may bridge the awareness deficits without visible obstruction of the overall process. 2.Skilled pairs may use the additional editing freedom in a useful limited fashion, resulting in potentially better fluency of the process than local pair programming.
Conclusion: When applied skillfully in an appropriate context, distributed-pair programming can (not will!) work at least as well as local pair programming.

Publisher's Version Article Search
Empirical Insights into the Perceived Benefits of Agile Software Engineering Practices: A Case Study from SAP
Christoph Tobias Schmidt, Srinivasa Ganesha Venkatesha, and Juergen Heymann
(University of Mannheim, Germany; SAP Labs, India; SAP, Germany)
SAP AG has taught more than 4,000 developers the Agile Software Engineering methodology since 2010. As such, the company offers a unique setting to study its impact on developers' work. In this paper, we discuss how developers perceive the impact of pair programming and test automation on software quality, delivered feature scope, and various team work aspects. We draw our findings from a company-wide survey with answers from 174 developers working in 74 teams and 15 product owners from five locations world-wide. We complement our findings with insights from two in-depths case studies with two development teams. As expected, our findings confirm that the studied practices help developers develop better software. Deviating from existing preconceptions, however, the responding developers do not report a significant drop in their development speed. In addition, high adopters are more proud of their own contributions to the team, report a better team learning, and feel more motivated.

Publisher's Version Article Search
Evidence-Based Decision Making in Lean Software Project Management
Brian Fitzgerald, Mariusz Musiał, and Klaas-Jan Stol
(Lero, Ireland; University of Limerick, Ireland; Ericpol, Poland)
Many professions evolve from their origins as a creative craft process to a more product-centered industrial process. Software development is on such an evolutionary trajectory. A major step in this evolution is the progression from ad hoc to more rigorous evidence-based decision-making in software development project management. This paper extends theory and practice in relation to lean software development using such an evidence-based approach. Based on a comprehensive dataset of software development metrics, gathered in a longitudinal case study over a 22-month period, the Erlang-C model is used to analyze different software development parameters and to guide management decision-making in relation to development resources. The analysis reveals how `gut-feel' and intuition can be replaced by evidence-based decision-making, and reveals how incorrect assumptions can underpin decisions which as a consequence do not achieve the desired outcome.

Publisher's Version Article Search

Panel Session 2

Analyzing Software Data: After the Gold Rush (A Goldfish-Bowl Panel)
Tim Menzies, Christian Bird, and Thomas Zimmermann
(West Virginia University, USA; Microsoft Research, USA)
Over the past few years, the volume and types of data related to software engineering has grown at an unprecedented rate and shows no sign of slowing. This turn of events has led to a veritable gold rush, as researchers attempt to mine raw data and extract nuggets of insight. A very real danger is that the landscape may become a Wild West where inexperienced software "cowboys" sell hastily generated models to unsophisticated business users, without any concern for best or safe practices. Given the current enthusiasm for data analysis in software engineering, it is time to review how we using those techniques and can we use them better. While there may be no single best "right" way to analyze software data, there are many wrong ways. As data techniques mature, we need to move to a new era where data scientists understand and share the strengths and drawbacks of the many methods that might be deployed in industry. In this highly interactive panel skilled practitioners and academics can (a) broadcast their insights and (b) hear the issues of newcomers in this field.

Publisher's Version Article Search
Experiences Gamifying Developer Adoption of Practices and Tools
Will Snipes, Anil R. Nair, and Emerson Murphy-Hill
(ABB Research, USA; ABB Research, India; North Carolina State University, USA)
As software development practices evolve, toolsmiths face the continuous challenge of getting developers to adopt new practices and tools. We tested an idea with industrial software developers that adding game-like feedback to the development environment would improve adoption of tools and practices for code navigation. We present results from a pre-study survey of 130 developers' opinions on gamification and motivation, usage data from a study with an intact team of six developers of a game on code navigation practices, and feedback collected in post-study interviews. Our pre-study survey showed that most developers were interested in gamification, though some have strong negative opinions. Study results show that two of the six study developers adjusted their practices when presented with competitive game elements.

Publisher's Version Article Search

Software Testing and Analysis

Objective Safety Compliance Checks for Source Code
Alois Mayr, Reinhold Plösch, and Matthias Saft
(JKU Linz, Austria; Siemens, Germany)
Safety standards such as IEC 61508 are an important instrument for developing safety-critical systems. They provide requirements and recommendations to assist engineers in system and software development. Nevertheless, applying this standard in practice is difficult due to unclear requirements and unclear or missing acceptance criteria. We systematically developed a quality model including proper measurement support that covers the code-related parts of IEC 61508 in [20]. In this paper, we present the assessment approach for automatic compliance checks of the code-related parts of the standard. We find in a validation study that the assessment results obtained by applying this approach to real-world projects are in line with their externally granted certification. The results are valid for the vast majority of the modeled elements of the standard. Moreover, by drilling down into the assessment results, we are able to detect deficiencies in the certified real-world projects.

Publisher's Version Article Search
A Case Study on Testing, Commissioning, and Operation of Very-Large-Scale Software Systems
Michael Vierhauser, Rick Rabiser, and Paul Grünbacher
(JKU Linz, Austria)
An increasing number of software systems today are very-large-scale software systems (VLSS) with system-of-systems (SoS) architectures. Due to their heterogeneity and complexity VLSS are difficult to understand and analyze, which results in various challenges for development and evolution. Existing software engineering processes, methods, and tools do not sufficiently address the characteristics of VLSS. Also, there are only a few empirical studies on software engineering for VLSS. We report on results of an exploratory case study involving engineers and technical project managers of an industrial automation VLSS for metallurgical plants. The paper provides empirical evidence on how VLSS are tested, commissioned, and operated in practice. The paper discusses practical challenges and reports industrial requirements regarding process and tool support. In particular, software processes and tools need to provide general guidance at the VLSS level as well as specific methods and tools for systems that are part of the VLSS. Processes and tools need to support multi-disciplinary engineering across system boundaries. Furthermore, managing variability and evolution is success-critical in VLSS verification and validation.

Publisher's Version Article Search
Assessing Model-Based Testing: An Empirical Study Conducted in Industry
Christoph Schulze, Dharmalingam Ganesan, Mikael Lindvall, Rance Cleaveland, and Daniel Goldman
(Fraunhofer CESE, USA; Global Net Services, USA)
We compare manual testing without any automation performed by a tester at a software company with model-based testing (MBT) performed by a tester at a research center.
The system under test (SUT), of which two different versions were tested by each of the two testers, is a professionally developed web-based data collection system that now is in use.
The two testers tested the same versions, had identical testing goals (to detect defects), had access to the same resources, but used different processes (i.e. manual without any automation vs. model-based with automatic test case generation and automatic test case execution). The testers did not interact with each other.
We compare the effectiveness (issues found) and efficiency (effort spent) of the two approaches. The results show, for example, that manual testing required less preparation time and that its test coverage was somewhat uneven. In contrast, MBT required more preparation time, was more systematic, and detected more issues. While the manual approach detected more inconsistencies between specified and actual text labels, MBT detected more functional issues. This is reflected in the severity score summary which was about 60% higher for MBT than Manual.

Publisher's Version Article Search
Collecting and Leveraging a Benchmark of Build System Clones to Aid in Quality Assessments
Shane McIntosh, Martin Poehlmann, Elmar Juergens, Audris Mockus, Bram Adams, Ahmed E. Hassan, Brigitte Haupt, and Christian Wagner
(Queen's University, Canada; CQSE, Germany; Avaya Labs Research, USA; Polytechnique Montréal, Canada; Munich Re, Germany)
Build systems specify how sources are transformed into deliverables, and hence must be carefully maintained to ensure that deliverables are assembled correctly. Similar to source code, build systems tend to grow in complexity unless specifications are refactored. This paper describes how clone detection can aid in quality assessments that determine if and where build refactoring effort should be applied. We gauge cloning rates in build systems by collecting and analyzing a benchmark comprising 3,872 build systems. Analysis of the benchmark reveals that: (1) build systems tend to have higher cloning rates than other software artifacts, (2) recent build technologies tend to be more prone to cloning, especially of configuration details like API dependencies, than older technologies, and (3) build systems that have fewer clones achieve higher levels of reuse via mechanisms not offered by build technologies. Our findings aided in refactoring a large industrial build system containing 1.1 million lines.

Publisher's Version Article Search

Formal Development

Improving Software through Automatic Untangling of Cyclic Dependencies
Maayan Goldstein and Dany Moshkovich
(IBM Research, Israel)
Cyclic dependencies among software components are considered an architectural problem that increases the development time and prevents proper reuse. One cause for the existence of such dependencies is the improper organization of elements into components.
Optimal reorganization of the components that resolves the cyclic dependencies in large and complex software systems is extremely difficult to perform manually and is not computationally feasible to perform automatically.
We present an approach for automatic untangling of cyclic dependencies among components for cycles of any size, having direct or transitive dependencies on one another. Our approach aims at minimizing the modifications to the original structure of the system, while taking into account various architectural properties.
We evaluate our solution on twelve open source and three industrial applications. We demonstrate its applicability and value through architectural metrics and feedback from system architects.

Publisher's Version Article Search
A Systematic Approach to Transforming System Requirements into Model Checking Specifications
Daniel Aceituna, Hyunsook Do, and Sudarshan Srinivasan
(North Dakota State University, USA)
We propose a method that addresses the following dilemma: model checking can formally expose off-nominal behaviors and unintended scenarios in the requirements of concurrent reactive systems. Requirements engineers and non-technical stakeholders who are the system domain experts can greatly benefit from jointly using model checking during the elicitation, analysis, and verification of system requirements. However, model checking is formal verification and many requirements engineers and domain experts typically lack the knowledge and training needed to apply model checking to the formal verification of requirements. To get full advantages of model checking and domain experts’ knowledge in verifying the system, we proposed a front end framework to model checking and evaluated our approach using a real world application.

Publisher's Version Article Search
A Candid Industrial Evaluation of Formal Software Verification using Model Checking
Matthew Bennion and Ibrahim Habli
(Rolls Royce, UK; University of York, UK)
Model checking is a powerful formal analytical approach to verifying software and hardware systems. However, general industrial adoption is far from widespread. Some difficulties include the inaccessibility of techniques and tools and the need for further empirical evaluation in industrial contexts. This study considers the use of Simulink Design Verifier, a model checker that forms part of a modelling system already widely used in the safety-critical industry. Model checking is applied to a number of real-world problem reports, associated with aero-engine monitoring functions, to determine whether it can provide a practical route into effective verification, particularly for non-specialists. The study also considers the extent to which model checking can satisfy the requirements of the extensive DO-178C guidance on formal methods. The study shows that the benefits of model checking can be realised in an industrial setting without specialist skills, particularly when it is targeted at parts of the software that are error-prone, difficult to verify conventionally or critical. Importantly, it shows that model checking can find errors earlier in the design cycle than testing, which potentially saves money, due to reduced scrap and rework.

Publisher's Version Article Search
Architectural Dependency Analysis to Understand Rework Costs for Safety-Critical Systems
Robert L. Nord, Ipek Ozkaya, Raghvinder S. Sangwan, and Ronald J. Koontz
(SEI, USA; Pennsylvania State University, USA; Boeing, USA)
To minimize testing and technology upgrade costs for safety-critical systems, a thorough understanding and analysis of architectural dependencies is essential. Unmanaged dependencies create cost overruns and degraded qualities in systems. Architecture dependency analysis in practice, however, is typically performed in retrospect using code structures, the runtime image of a system, or both. Retrospective analysis can miss important dependencies that surface earlier in the life cycle. Development artifacts such as the software architecture description and the software requirements specification can augment the analysis process; however, the quality, consistency, and content of these artifacts vary widely. In this paper, we apply a commonly used dependency analysis metric, stability, and a visualization technique, the dependency structure matrix, to an architecture common to safety-critical systems that was re-engineered to reduce safety testing and upgrade cost. We describe the gaps observed when running the analysis and discuss the need for early life-cycle dependency analysis for managing rework costs in industrial software development environments.

Publisher's Version Article Search

Panel Session 3

Characterization of Operational Failures from a Business Data Processing SaaS Platform
Catello Di Martino, Zbigniew Kalbarczyk, Ravishankar K. Iyer, Geetika Goel, Santonu Sarkar, and Rajeshwari Ganesan
(University of Illinois at Urbana-Champaign, USA; Infosys Labs, India)
This paper characterizes operational failures of a production Custom Package Good Software-as-a-Service (SaaS) platform. Events log collected over 283 days of in-field operation are used to characterize platform failures. The characterization is performed by estimating (i) common failure types of the platform, (ii) key factors impacting platform failures, (iii) failure rate, and (iv) how user workload (files submitted for processing) impacts on the failure rate. The major findings are: (i) 34.1% of failures are caused by unexpected values in customers' data, (ii) nearly 33% of the failures are because of timeout, and (iii) the failure rate increases if the workload intensity (transactions/second) increases, while there is no statistical evidence of being influenced by the workload volume (size of users' data). Finally, the paper presents the lessons learned and how the findings and the implemented analysis tool allow platform developers to improve platform code, system settings and customer management.

Publisher's Version Article Search
Extrinsic Influence Factors in Software Reliability: A Study of 200,000 Windows Machines
Christian Bird, Venkatesh-Prasad Ranganath, Thomas Zimmermann, Nachiappan Nagappan, and Andreas Zeller
(Microsoft Research, USA; Kansas State University, USA; Microsoft, USA; Saarland University, Germany)
Reliability of software depends not only on intrinsic factors such as its code properties, but also on extrinsic factors—that is, the properties of the environment it operates in. In an empirical study of more than 200,000 Windows users, we found that the reliability of individual applications is related to whether and which other applications are in-stalled: While games and file-sharing applications tend to decrease the reliability of other applications, security applications tend to increase it. Furthermore, application reliability is related to the usage profiles of these applications; generally, the more an application is used, the more likely it is to have negative impact on reliability of others. As a conse-quence, software testers must be careful to investigate and control these factors.

Publisher's Version Article Search

Configuration and Requirements

Configurations Everywhere: Implications for Testing and Debugging in Practice
Dongpu Jin, Xiao Qu, Myra B. Cohen, and Brian Robinson
(University of Nebraska-Lincoln, USA; ABB Research, USA; ABB, USA)
Many industrial systems are highly-configurable, complicating the testing and debugging process. While researchers have developed techniques to statically extract, quantify and manipulate the valid system configurations, we conjecture that many of these techniques will fail in practice. In this paper we analyze a highly-configurable industrial application and two open source applications in order to quantify the true challenges that configurability creates for software testing and debugging. We find that (1) all three applications consist of multiple programming languages, hence static analyses need to cross programming language barriers to work, (2) there are many access points and methods to modify configurations, implying that practitioners need configuration traceability and should gather and merge metadata from more than one source and (3) the configuration state of an application on failure cannot be reliably determined by reading persistent data; a runtime memory dump or other heuristics must be used for accurate debugging. We conclude with a roadmap and lessons learned to help practitioners better handle configurability now, and that may lead to new configuration-aware testing and debugging techniques in the future.

Publisher's Version Article Search Video Best SEIP Paper
Software Feature Location in Practice: Debugging Aircraft Simulation Systems
Salman Hoseini, Abdelwahab Hamou-Lhadj, Patrick Desrosiers, and Martin Tapp
(Concordia University, Canada; CAE, Canada)
In this paper, we report on a study that we have conducted at CAE, one of the largest civil aircraft simulation companies in the world, in which we have developed a feature location approach to help software engineers debug simulation scenarios. A simulation scenario consists of a set of software components, configured in a certain way. A simulation fails when it does not behave as intended. This is typically a sign of a configuration problem. To detect configuration errors, we propose FELODE (Feature Location for Debugging), an approach that uses a single trace combined with user queries. When applied to CAE systems, FELODE achieves in average a precision of 50% and a recall of up to 100%.

Publisher's Version Article Search
Deriving Requirements Model from Textual Use Cases
Kiran Prakash Sawant, Suman Roy, Srivibha Sripathi, François Plesse, and A. S. M. Sajeev
(Infosys Labs, India; MINES ParisTech, France; University of New England, Australia)
In this paper, we present an approach to derive structured requirements models from textual use case requirements in the form of process diagrams and ontology using methods based on computational linguistics. These proposed requirements models are capable of modeling both structural and behavioral entities present in a use case. We consider a corpus containing 123 actual requirements use cases created by Infosys Ltd. and translated them to process diagrams and ontology. For evaluating the performance of conversion we propose a few metrics and show that on average our linguistic engine mis-identied 2% of actions and missed out only 3% of the actions described in the input text.

Publisher's Version Article Search
Tracking Requirements Evolution by Using Issue Tickets: A Case Study of a Document Management and Approval System
Shinobu Saito, Yukako Iimura, Kenji Takahashi, Aaron K. Massey, and Annie I. Antón
(NTT DATA, Japan; NTT, Japan; NTT, USA; Georgia Tech, USA)
Requirements evolve throughout the software life-cycle. When requirements change, requirements engineers must determine what software artifacts could be affected. The history of and rationale for requirements evolution provides engineers some information about artifact dependencies for impact analysis. In this paper, we discuss a case study of requirements evolution for a large-scale system governed by Japanese laws and regulations. We track requirements evolution using issue tickets created in response to stakeholder requests. We provide rules to identify requirements evolution events (e.g. refine, decompose, and replace) from combinations of operations (e.g. add, change, and delete) specified in the issue tickets. We propose a Requirements Evolution Chart (REC) to visually represent requirements evolution as a series of events over time, and implement tool support to generate a REC from a series of issue tickets using our rules to identify requirements evolution events. We found that the REC supports impact analysis and compliance efforts.

Publisher's Version Article Search

Software Engineering Education and Training

MOOCs in Education and Training

Using MOOCs to Reinvigorate Software Engineering Education (Keynote)
Armando Fox
(University of California at Berkeley, USA)
The spectacular failure of the Affordable Care Act website ("Obamacare") has focused public attention on software engineering. Yet experienced practitioners mostly sighed and shrugged, because the historical record shows that only 10 % of large (> 10 M) software projects using conventional methodologies such as Waterfall are successful. In contrast, Amazon and others successfully build comparably large and complex sites with hundreds of integrated subsystems by using modern agile methods and service-oriented architecture.
This contrast is one reason Industry has complained that academia ignores vital software topics, leaving students unprepared upon graduation. In too many courses, well-meaning instructors teach traditional approaches to software development that are neither supported by tools that students can readily use, nor appropriate for projects whose scope matches a college course. Students respond by continuing to build software more or less the way they always have, which is boring for students, frustrating for instructors, and disappointing for industry.
This talk explains how the confluence of cloud computing, software as a service (SaaS), and Massive Open Online Courses (MOOCs) have not only revolutionized the future of software, but changed it in a way that makes it easier and more rewarding to teach. UC Berkeley's revised Software Engineering course allows students to both enhance a legacy application and to develop a new app that matches requirements of non-technical customers, using the same tools and techniques that professionals use. By experiencing the whole software lifecycle repeatedly within a single college course, students learn to use and appreciate the skills that industry has long encouraged. The course is now popular with students, rewarding for faculty, and praised by industry.

Publisher's Version Article Search
Functional Programming For All! Scaling a MOOC for Students and Professionals Alike
Heather Miller, Philipp Haller, Lukas Rytz, and Martin Odersky
(EPFL, Switzerland; Typesafe, Switzerland)
Massive open online courses (MOOCs) have launched a scale shift in higher education, with several individual MOOCs now boasting tens or hundreds of thousands of participants worldwide. Our MOOC on the principles of functional programming has more than 100,000 registered students to date, and boasts one of the highest rates of completion (19.2%) for its size. In this paper, we describe our experience organizing this popular MOOC, and demonstrate how providing innovative supporting tools (IDE plugins, testing frameworks, interactive build tools, automated cloud-based graders, style checkers) and considering key human-computer interaction factors potentially contributed to this markedly high completion rate. We collect an unprecedented volume of course statistics and survey results and have made them available, along with scripts for generating interactive web-based visualizations, as an open-source project.

Publisher's Version Article Search

Collaborative Teaching and Training

Knowledge Transfer in Collaborative Teams: Experiences from a Two-Week Code Camp
Terhi Kilamo, Antti Nieminen, Janne Lautamäki, Timo Aho, Johannes Koskinen, Jarmo Palviainen, and Tommi Mikkonen
(Tampere University of Technology, Finland)
Software engineering has both technological and social dimensions. As development teams spanning across the globe are increasingly the norm and while the web enables massive online collaboration, there is a growing need for effective collaboration tools. In this paper, we describe experiences on collaborative programming as a tool for learning software development. To investigate the nature of collaboration in software engineering education, we arranged a two-week-long course experiment where students used a collaborative online integrated development environment to create different kinds of web services. We present lessons learned from the experiment and discuss how collaboration can act as a tool for knowledge transfer among learners.

Publisher's Version Article Search
Quasi-Crowdsourcing Testing for Educational Projects
Zhenyu Chen and Bin Luo
(Nanjing University, China)
The idea of crowdsourcing tasks in software engineering, especially software testing, has gained popularity in recent years. Crowdsourcing testing and educational projects are natural complementary. One of the challenges of crowdsourcing testing is to find a number of qualified workers with low cost. Students in software engineering are suitable candidates for crowdsourcing testing. On the other hand, practical projects play a key role in software engineering education. In order to enhance educational project outcomes and achieve industrial-strength training, we need to provide the opportunity for students to be exposed to commercial software development.
In this paper, we report a preliminary study on crowdsourcing testing for educational projects. We introduce three commercial software products as educational testing projects, which are crowdsourced by our teaching support system. We call this "Quasi-Crowdsourcing Test" (QCT) because the candidate workers are students, who have certain social relations. The investigation results are encouraging and show to be beneficial to both the students and industry in QCT projects.

Publisher's Version Article Search
Teaching Reuse-Driven Software Engineering through Innovative Role Playing
Gerald Kotonya and Jaejoon Lee
(Lancaster University, UK)
Reuse-Driven Software Engineering (RDSE) represents a development paradigm that promises to shorten development cycles and cut the costs associated with custom development by assembling systems from pre-existing software components and services. However, like most approaches that hold the promise of improving software engineering, the success of RDSE is dependent on skilled staff. This means that software engineering education remains the most effective vehicle to the community for reuse-driven technology transfer available. However, the teaching of RDSE poses many challenges to software engineering educators. These difficulties include how to make the benefits of RDSE visible to students and how to establish an acceptable balance between engineering principle and the software practice embodied RDSE. This paper describes a novel approach to teaching RDSE at Lancaster University, UK.

Publisher's Version Article Search
Towards a Supercollaborative Software Engineering MOOC
William Billingsley and Jim R. H. Steel
(NICTA, Australia; University of Queensland, Australia)
Recently there has been rapid growth in the number of online courses and venues through which students can learn introductory computer programming. As software engineering education becomes more prevalent online, online education will need to address how to give students the skills and experience at programming collaboratively on realistic projects. In this paper, we analyse factors affecting how a supercollaborative on-campus software studio course could be adapted as a project-led supercollaborative MOOC.

Publisher's Version Article Search Video Info
Teaching Students to Understand Large Programs by Understanding Historical Context
Collin McMillan and Richard Oosterhoff
(University of Notre Dame, USA)
Program comprehension is one of the most important challenges that new software developers face. Educators have sought to prepare students for this challenge through hands-on software development projects. These projects teach students effective software engineering principles. But, students often struggle to see the value of these principles in class projects, and therefore struggle to recognize them outside the classroom. The inevitable result is that these students have difficulty comprehending large programs after graduation. In this paper, we argue that a remedy to this problem is to teach the history of how software development principles were created. In this collaborative work with the Notre Dame Department of History, we present a course that blends a discussion of this history with a hands-on software project. We present a summary of the history covered in our course, and reflect on our teaching experience.

Publisher's Version Article Search

Industry Needs and Innovative Teaching Methods

Investigating the Skill Gap between Graduating Students and Industry Expectations
Alex Radermacher, Gursimran Walia, and Dean Knudson
(North Dakota State University, USA)
Graduating computer science and software engineering students do not always possess the necessary skills, abilities, or knowledge when beginning their careers in the software industry. The lack of these skills and abilities can limit the productivity of newly hired, recent graduates, or even prevent them from gaining employment. This paper presents the results of an empirical study where twenty-three managers and hiring personnel from various software companies in the United States and Europe were interviewed. Participants were asked about areas where recent graduates frequently struggled when beginning employment at their companies and which skill deficiencies might prevent a recent graduate from being hired. The results of this study indicate that recent graduates struggle with using configuration management systems (and other software tools), effectively communicating with co-workers and customers, producing unit tests for their code, and other skills or abilities. The results also indicate that a lack of project experience and problem solving abilities are the most commonly cited issues preventing students from gaining employment. This research is intended to assist educators in identifying areas where students may not measure up the expectations of industry companies and in improving the curriculum at their universities to better prepare them for their future careers.

Publisher's Version Article Search
Deploying an Online Software Engineering Education Program in a Globally Distributed Organization
John Hudepohl, Alpana Dubey, Sylvie Moisy, Jessica Thompson, and Hans-Martin Niederer
(ABB, Switzerland; ABB, India; ABB, France; TimelyText, USA; SynSpace, Switzerland)
A well-trained software engineering workforce is a key to success in a highly competitive environment. Changing tools and technologies, along with a rapidly changing development environment, make it incumbent on organizations to invest in training. In this paper, we describe our experience in deploying an online training program in a globally distributed organization. We write about the reasons behind ABB’s Software Development Improvement Program (SDIP), the requirements we established upfront, the people, processes and technologies we used, the promotion of SDIP, and metrics for measuring success. Finally, we share and describe results and lessons learned that could be applied to many organizations with similar issues. The goal of this paper is to provide a set of replicable best practices for initiating a software training program in a multi-national organization. The first SDIP online course was offered in June 2012. Since then, we have had more than 10,000 enrollments from employees in 54 countries. Today, our training library contains 89 e-learning, 17 webinar, video and virtual lab courses, and we have delivered more than 180 hosted webinars. Following each class, we ask students to evaluate the class. Ninety-eight percent are satisfied with the classes.

Publisher's Version Article Search
Scenario-Based Programming: Reducing the Cognitive Load, Fostering Abstract Thinking
Giora Alexandron, Michal Armoni, Michal Gordon, and David Harel
(Weizmann Institute of Science, Israel)
We examine how students work in scenario-based and object- oriented programming (OOP) languages, and qualitatively analyze the use of abstraction through the prism of the dif- ferences between the paradigms. The findings indicate that when working in a scenario-based language, programmers think on a higher level of abstraction than when working with OOP languages. This is explained by other findings, which suggest how the declarative, incremental nature of scenario-based programming facilitates separation of con- cerns, and how it supports a kind of programming that al- lows programmers to work with a less detailed mental model of the system they develop. The findings shed light on how declarative approaches can reduce the cognitive load involved in programming, and how scenario-based program- ming might solve some of the difficulties involved in the use of declarative languages. This is applicable to the design of learning materials, and to the design of programming lan- guages and tools.

Publisher's Version Article Search
Lessons Learned Managing Distributed Software Engineering Courses
Reid Holmes, Michelle Craig, Karen Reid, and Eleni Stroulia
(University of Waterloo, Canada; University of Toronto, Canada; University of Alberta, Canada)
We have run the Undergraduate Capstone Open Source Projects (UCOSP) program for ten terms over the past six years providing over 400 Canadian students from more than 30 schools the opportunity to be members of distributed software teams. UCOSP aims to provide students with real development experience enabling them to integrate lessons they have learned in the classroom with practical development experience while developing their technical communication skills. The UCOSP program has evolved over time as we have learned how to effectively manage a diverse set of students working on a large number of different projects. The goal of this paper is to provide an overview of the roles of the various stakeholders for distributed software engineering projects and the various lessons we have learned to make UCOSP an effective and positive learning experience.

Publisher's Version Article Search Video

Improving Student Software Projects

State-Based Monitoring and Goal-Driven Project Steering: Field Study of the SEMAT Essence Framework
Cécile Péraire and Todd Sedano
(Carnegie Mellon University, USA)
At Carnegie Mellon University in Silicon Valley, the graduate master program ends with a practicum project during which students serve as software engineering consultants for an industry client. In this context, students are challenged to demonstrate their ability to work on self-managing and self-organizing teams. This paper presents a field study of the Software Engineering Method and Theory (SEMAT) Essence framework. The objective is to evaluate the effectiveness of the Essence’s novel state-based monitoring and goal-driven steering approach provided by the Essence kernel alphas and their states. The researchers conducted the study on seven graduate master student teams applying the approach throughout their practicum projects. The research methodology involves weekly observation and recording of each team’s state progression and collecting students’ reflection on the application of the approach. The main result validates that the approach provides student teams with a holistic, lightweight, non-prescriptive and method-agnostic way to monitor progress and steer projects, as well as an effective structure for team reflection and risk management. The paper also validates that the Essence kernel provides an effective mechanism for monitoring and steering work common to most student software projects. This includes the work done during project initiation as well as the work done at the project or release level. Support for technical work should come from additional practices added on top of the kernel, or by extending or altering the kernel definition. The conclusion is that the approach enables students to learn to steer projects effectively by addressing the various dimensions of software engineering. Hence the approach could be leveraged in software engineering education.

Publisher's Version Article Search
Introduction of Continuous Delivery in Multi-Customer Project Courses
Stephan Krusche and Lukas Alperowitz
(TU München, Germany)
Continuous delivery is a set of practices and principles to release software faster and more frequently. While it helps to bridge the gap between developers and operations for software in production, it can also improve the communication between developers and customers in the development phase, i.e. before software is in production. It shortens the feedback cycle and developers ideally use it right from the beginning of a software development project. In this paper we describe the implementation of a customized continuous delivery workflow and its benefits in a multi-customer project course in summer 2013. Our workflow focuses on the ability to deliver software with only a few clicks to the customer in order to obtain feedback as early as possible. This helps developers to validate their understanding about requirements, which is especially helpful in agile projects where requirements might change often. We describe how we integrated this workflow and the role of the release manager into our project-based organization and how we introduced it using different teaching methods. Within three months 90 students worked in 10 different projects with real customers from industry and delivered 490 releases. After the project course we evaluated our approach in an online questionnaire and in personal interviews. Our findings and observations show that participating students understood and applied the concepts and are convinced about the benefits of continuous delivery.

Publisher's Version Article Search
Process Mining Software Repositories from Student Projects in an Undergraduate Software Engineering Course
Megha Mittal and Ashish Sureka
(IIIT Delhi, India)
An undergraduate level Software Engineering courses generally consists of a team-based semester long project and emphasizes on both technical and managerial skills. Software Engineering is a practice-oriented and applied discipline and hence there is an emphasis on hands-on development, process, usage of tools in addition to theory and basic concepts. We present an approach for mining the process data (process mining) from software repositories archiving data generated as a result of constructing software by student teams in an educational setting. We present an application of mining three software repositories: team wiki (used during requirement engineering), version control system (development and maintenance) and issue tracking system (corrective and adaptive maintenance) in the context of an undergraduate Software Engineering course. We propose visualizations, metrics and algorithms to provide an insight into practices and procedures followed during various phases of a software development life-cycle. The proposed visualizations and metrics (learning analytics) provide a multi-faceted view to the instructor serving as a feedback tool on development process and quality by students. We mine the event logs produced by software repositories and derive insights such as degree of individual contributions in a team, quality of commit messages, intensity and consistency of commit activities, bug fixing process trend and quality, component and developer entropy, process compliance and verification. We present our empirical analysis on a software repository dataset consisting of 19 teams of 5 members each and discuss challenges, limitations and recommendations.

Publisher's Version Article Search
Comparing Test Quality Measures for Assessing Student-Written Tests
Stephen H. Edwards and Zalia Shams
(Virginia Tech, USA)
Many educators now include software testing activities in programming assignments, so there is a growing demand for appropriate methods of assessing the quality of student-written software tests. While tests can be hand-graded, some educators also use objective performance metrics to assess software tests. The most common measures used at present are code coverage measures—tracking how much of the student’s code (in terms of statements, branches, or some combination) is exercised by the corresponding software tests. Code coverage has limitations, however, and sometimes it overestimates the true quality of the tests. Some researchers have suggested that mutation analysis may provide a better indication of test quality, while some educators have experimented with simply running every student’s test suite against every other student’s program—an “all-pairs” strategy that gives a bit more insight into the quality of the tests. However, it is still unknown which one of these measures is more accurate, in terms of most closely predicting the true bug revealing capability of a given test suite. This paper directly compares all three methods of measuring test quality in terms of how well they predict the observed bug revealing capabilities of student-written tests when run against a naturally occurring collection of student-produced defects. Experimental results show that all-pairs testing—running each student’s tests against every other student’s solution—is the most effective predictor of the underlying bug revealing capability of a test suite. Further, no strong correlation was found between bug revealing capability and either code coverage or mutation analysis scores.

Publisher's Version Article Search

Agility and Progressive Learning

An Inverted Classroom Experience: Engaging Students in Architectural Thinking for Agile Projects
Jane Cleland-Huang, Muhammad Ali Babar, and Mehdi Mirakhorli
(DePaul University, USA; University of Adelaide, Australia)
This case study presents our experiences using architecturally savvy personnas in the classroom. The personas were used to help students analyze and prioritize architecturally significant requirements, and then to drive and evaluate architectural design. The activity was designed to equip students with a technique for integrating architectural thinking into the agile development process. We describe our learning goals and the activity, discuss student learning outcomes,lessons learned from running the activity, and propose an improved structuring. All materials including training videos, hand outs, and instructions are available online at http://re.cs.depaul.edu/pedagogy/ASP.

Publisher's Version Article Search
Quantitative Assessment with Using Ticket Driven Development for Teaching Scrum Framework
Hiroshi Igaki, Naoki Fukuyasu, Sachio Saiki, Shinsuke Matsumoto, and Shinji Kusumoto
(Osaka University, Japan; Wakayama University, Japan; Kobe University, Japan)
Developing software by teams which adopted the agile development methodology such as Scrum seems totally natural in industry. On the other hand, students belonging to graduate schools of information science who have some experience on the agile team software development are rare. In the initial education on the Scrum, there exists some challenges. The first one is a concept of self-organization. In the Scrum project, members of the team determine how best to accomplish the tasks by themselves. However, it is challenging for students with less experience on team software development to cultivate the self-organizing team by themselves. The 2nd one is inequality on task assignment. In the Scrum project, each member pulls tasks to perform, and do not wait to be assigned by Project Manager. The assignment behavior may cause inequality on task assignment. As a result, such inequality may also cause inequality on learning opportunities to acquire skills and knowledge on the process and the product. In this paper, we propose quantitative assessment methods for the Scrum project with using TiDD(Ticket Driven Development) for the initial education on the Scrum framework and web application production. We report on our basic PBL(Project-Based Learning) course which involved 49 students. The use of quantitative criteria enabled students and teachers to assess the Scrum projects in the viewpoints of quality, assignment, and delivery of projects.

Publisher's Version Article Search
Teaching Students Scrum using LEGO Blocks
Maria Paasivaara, Ville Heikkilä, Casper Lassenius, and Towo Toivola
(Aalto University, Finland; F-Secure, Finland)
In this paper, we present a LEGO-based Scrum simulation game that we used twice with Master’s level students at Aalto University. The game was initially developed as an internal training tool in F-Secure Corporation, a Finnish security software company, to support their agile adoption. In the game, student teams learn the Scrum roles, events and concepts in practice by simulating several development Sprints, while incrementally planning and building a product of LEGO blocks. Student satisfaction was measured by a survey at the end of the course, and student learning evalu- ated by learning diaries. Our results show that the students were highly satisfied with the game, and that students with various degrees of experience with Scrum all learned a lot. In particular, students reported gaining insights about require- ments management and customer collaboration, effective teamwork, and the Scrum roles.

Publisher's Version Article Search
A Compiler Project with Learning Progressions
Derek Rayside
(University of Waterloo, Canada)
We describe the design of an undergraduate compilers course that is explicitly intended to teach software engineering concepts and skills in addition to compiler concepts. This objective is accomplished by structuring the course around two parallel learning progressions rather than around the logical structure of a compiler.
The nominal purpose of the project is to develop a simulator and synthesizer for simple circuits written in a subset of VHDL. This subset of VHDL is translated to a simple LL(1) boolean formula language. The circuit simulator reads and writes binary waveforms according to a regular grammar. The students start working with the simple waveform language and work their way up to the subset of VHDL. As the complexity of the input language and transformations increases, new software engineering concepts are introduced to help manage that complexity.
At the end of the project the students can simulate and synthesize simple circuits such as a ripple-carry adder or a multiplexer.

Publisher's Version Article Search

New Ideas and Emerging Results

Collaboration and Cloud

Integrating Software Project Resources Using Source Code Identifiers
Laura Inozemtseva, Siddharth Subramanian, and Reid Holmes
(University of Waterloo, Canada)
Source code identifiers such as classes, methods, and fields appear in many different contexts. For instance, a developer performing a task using the android.app.Activity class could consult various project resources including the class's source file, API documentation, issue tracker, mailing list discussions, code reviews, or questions on Stack Overflow.
These information sources are logically connected by the source code elements they describe, but are generally decoupled from each other. This has historically been tolerated by developers, since there was no obvious way to easily navigate between the data sources. However, it is now common for these sources to have web-based front ends that provide a standard mechanism (the browser) for viewing and interacting with the data they contain. Augmenting these front ends with hyperlinks and search would make development easier by allowing developers to quickly navigate between disparate sources of information about the same code element.
In this paper, we propose a method of automatically linking disparate information repositories with an emphasis on high precision. We also propose a method of augmenting web-based front ends with these links to make it easier for developers to quickly gain a comprehensive view of the source code elements they are investigating. Research challenges include identifying source code tokens in the midst of natural language text and incomplete code fragments, dynamically augmenting the web views of the data repositories, and supporting novel composition of the link data to provide comprehensive views for specific source code elements.

Publisher's Version Article Search Info
Development Context Driven Change Awareness and Analysis Framework
Anita Sarma, Josh Branchaud, Matthew B. Dwyer, Suzette Person, and Neha Rungta
(University of Nebraska-Lincoln, USA; NASA Langley Research Center, USA; NASA Ames Research Center, USA)
Recent work on workspace monitoring allows conflict pre- diction early in the development process, however, these approaches mostly use syntactic differencing techniques to compare different program versions. In contrast, traditional change-impact analysis techniques analyze related versions of the program only after the code has been checked into the master repository. We propose a novel approach, DeCAF (Development Context Analysis Framework), that leverages the development context to scope a change impact analysis technique. The goal is to characterize the impact of each developer on other developers in the team. There are various client applications such as task prioritization, early conflict detection, and providing advice on testing that can benefit from such a characterization. The DeCAF frame- work leverages information from the development context to bound the iDiSE change impact analysis technique to analyze only the parts of the code base that are of interest. Bounding the analysis can enable DeCAF to efficiently com- pute the impact of changes using a combination of program dependence and symbolic execution based approaches.

Publisher's Version Article Search
New Opportunities for Extracting Insights from Cloud Based IDEs
Yi Wang, Patrick Wagstrom, Evelyn Duesterwald, and David Redmiles
(University of California at Irvine, USA; IBM Research, USA)
Traditional integrated development environments (IDEs) provide developers with robust environments for writing, testing, debugging, and deploying code. As the world becomes increasingly networked and more services are delivered via the cloud, it is only natural that the functionality of IDEs be delivered via the cloud. In addition to simplifying the provisioning and deployment of new IDE features, and making it easier to integrate with other web native tools, cloud based IDEs provide some fundamental advantages when it comes to understanding the behavior of a wide community of software developers. One of these advantages for the IDE provider is the ability to transparently monitor and analyze the real-time fine-grained actions of a large number of developers. In this paper, we explore how to leverage these transparent monitoring capabilities of cloud based IDEs to develop advanced analytics to understand developers' behavior and infer their characteristics. We demonstrate the feasibility of this research direction with a preliminary study focusing on the way that source code files grow for different developers, development tasks, and skill levels. We then analyze the trends of source code file growth and find growth is more similar within subjects than within tasks.

Publisher's Version Article Search
Cloudlet-Based Cyber-Foraging for Mobile Systems in Resource-Constrained Edge Environments
Grace A. Lewis, Sebastian Echeverría, Soumya Simanta, Ben Bradshaw, and James Root
First responders and others operating in crisis environments increasingly make use of handheld devices to help with tasks such as face recognition, language translation, decision-making and mission planning. These resource-constrained edge environments are characterized by dynamic context, limited computing resources, high levels of stress, and intermittent network connectivity. Cyber-foraging is the leverage of external resource-rich surrogates to augment the capabilities of resource-limited devices. In cloudlet-based cyber-foraging, resource-intensive computation is offloaded to cloudlets – discoverable, generic servers located in single-hop proximity of mobile devices. This paper presents several strategies for cloudlet-based cyber-foraging and encourages research in this area to consider a tradeoff space beyond energy, performance and fidelity of results.

Publisher's Version Article Search
A Runtime Cloud Efficiency Software Quality Metric
Mark Shtern, Michael Smit, Bradley Simmons, and Marin Litoiu
(York University, Canada; Dalhousie University, Canada)
This paper introduces the Cloud Efficiency (CE) metric, a novel runtime metric which assesses how effectively an application uses software-defined infrastructure. The CE metric is computed as the ratio of two functions: i) a benefit function which captures the current set of benefits derived from the application, and ii) a cost function which describes the current charges incurred by the application's resources. We motivate the need for the CE metric, describe in further detail how to compute it, and present experimental results demonstrating its calculation.

Publisher's Version Article Search

Testing and Evolution

Metamorphic Fault Tolerance: An Automated and Systematic Methodology for Fault Tolerance in the Absence of Test Oracle
Huai Liu, Iman I. Yusuf, Heinz W. Schmidt, and Tsong Yueh Chen
(RMIT University, Australia; Swinburne University of Technology, Australia)
A system may fail due to an internal bug or a fault in its execution environment. Incorporating fault tolerance strategies enables such system to complete its function despite the failure of some of its parts. Prior to the execution of some fault tolerance strategies, failure detection is needed. Detecting incorrect output, for instance, assumes the existence of an oracle to check the correctness of program outputs given an input. However, in many practical situations, oracle does not exist or is extremely difficult to apply. Such an oracle problem is a major challenge in the context of software testing. In this paper, we propose to apply metamorphic testing, a software testing method that alleviates the oracle problem, into fault tolerance. The proposed technique supports failure detection without the need of oracles.

Publisher's Version Article Search
Software Bug Localization with Markov Logic
Sai Zhang and Congle Zhang
(University of Washington, USA)
Software bug localization is the problem of determining buggy statements in a software system. It is a crucial and expensive step in the software debugging process. Interest in it has grown rapidly in recent years, and many approaches have been proposed. However, existing approaches tend to use isolated information to address the problem, and are often ad hoc. In particular, most existing approaches predict the likelihood of a statement being buggy sequentially and separately.
This paper proposes a well-founded, integrated solution to the software bug localization problem based on Markov logic. Markov logic combines first-order logic and probabilistic graphical models by attaching weights to first-order formulas, and views them as templates for features of Markov networks. We show how a number of salient program features can be seamlessly combined in Markov logic, and how the resulting joint inference can be solved.
We implemented our approach in a debugging system, called MLNDebugger, and evaluated it on 4 small programs. Our initial results demonstrated that our approach achieved higher accuracy than a previous approach.

Publisher's Version Article Search
Steering Model-Based Oracles to Admit Real Program Behaviors
Gregory Gay, Sanjai Rayadurgam, and Mats P. E. Heimdahl
(University of Minnesota, USA)
The oracle—an arbiter of correctness of the system under test (SUT)—is a major component of the testing process. Specifying oracles is particularly challenging for real-time embedded systems, where small changes in time or sensor inputs may cause large differences in behavior. Behavioral models of such systems, often built for analysis and simulation purposes, are naturally appealing for reuse as oracles. However, these models typically provide an idealized view of the system. Even when given the same inputs, the model’s behavior can frequently be at variance with some acceptable behavior of the SUT executing on a real platform. We therefore propose steering the model when used as an oracle, to admit an expanded set of behaviors when judging the SUT’s adherence to its requirements. On detecting a behavioral difference, the model is backtracked and then searched for a new state that satisfies certain constraints and minimizes a dissimilarity metric. The goal is to allow non-deterministic, but bounded, behavior differences while preventing future mismatches, by guiding the oracle—within limits—to match the execution of the SUT. Early experimental results show that steering significantly increases SUT-oracle conformance with minimal masking of real faults and, thus, has significant potential for reducing development costs.

Publisher's Version Article Search
Shadow Symbolic Execution for Better Testing of Evolving Software
Cristian Cadar and Hristina Palikareva
(Imperial College London, UK)
In this idea paper, we propose a novel way for improving the testing of program changes via symbolic execution. At a high-level, our technique runs two different program versions in the same symbolic execution instance, with the old version effectively shadowing the new one. In this way, the technique can exploit precise dynamic value information to effectively drive execution toward the behaviour that has changed from one version to the next. We discuss the main challenges and opportunities of this approach in terms of pruning and prioritising path exploration, mapping elements across versions, and sharing common symbolic state between versions.

Publisher's Version Article Search
Leveraging P2P Networks to Address the Test Scenario Explosion Problem
Mark Micallef, Conrad Attard, Andrea Mangion, and Sebastian Attard
(University of Malta, Malta)
The behaviour of software is influenced by whatever environment it happens to be deployed in. Achieving a sufficient level of coverage for all deployment scenarios during lab testing is difficult for even the most resources rich organisation. We refer to this as the Test Scenario Explosion Problem and propose the construction of a peer-to-peer network which facilitates the quick creation of large-scale virtual test labs that are representative of a company's customer base. Following an outline of our initial ideas in this regard, a number of open research challenges are discussed.

Publisher's Version Article Search
A Framework to Advise Tests using Tests
Yurong Wang, Suzette Person, Sebastian Elbaum, and Matthew B. Dwyer
(University of Nebraska-Lincoln, USA; NASA Langley Research Center, USA)
Tests generated by different approaches can form a rich body of information about the system under test (SUT), which can then be used to amplify the power of test suites. Diversity in test representations, however, creates an obstacle to extracting and using this information. In this work, we introduce a test advice framework which enables extraction and application of information contained in existing tests to help improve other tests or test generation techniques. Our framework aims to 1) define a simple, yet expressive test case language so that different types of tests can be represented using a unified language, and 2) define an advice extraction function that enables the elicitation and application of the information encoded in a set of test cases. Preliminary results show how test advice can be used to generate amplified test suites with higher code coverage and improved mutants killed scores over the original test suite.

Publisher's Version Article Search

Human Inputs in Software Engineering and Adaptation

Brainware: Synergizing Software Systems and Neural Inputs
Shihong Huang and Emmanuelle Tognoli
(Florida Atlantic University, USA)
The rapid advances in the field of Brain Computer Interfaces (BCI) are expected to enrich the quality of people’s lives. BCI connects computer actions with neural inputs—signals indicating the user’s intentions, desired actions, attention, thoughts, memories, and emotions. BCI applications present significant challenges for computer science and software engineering research: an avalanche of neural signals will make their way as direct input into software systems. Given the differences between neural inputs and behavioral ones, the integration of neural inputs will require special approaches, and not simply adding yet more user interface channels to pre-existing software systems. This paper explores the challenges of designing and implementing self-adaptive software systems that could synergize brain states. After framing the problem, its rationale and possible solutions, in this paper we argue that the software engineering community ought to investigate how to incorporate neural inputs into software systems. The days are now upon us when software systems can “feel” and “anticipate” the users’ intentions and therefore react self-adaptively and synergistically to their needs.

Publisher's Version Article Search
Quantifying Programmers' Mental Workload during Program Comprehension Based on Cerebral Blood Flow Measurement: A Controlled Experiment
Takao Nakagawa, Yasutaka Kamei, Hidetake Uwano, Akito Monden, Kenichi Matsumoto, and Daniel M. German
(NAIST, Japan; Kyushu University, Japan; Nara National College of Technology, Japan; University of Victoria, Canada)
Program comprehension is a fundamental activity in software development that cannot be easily measured, as it is performed inside the human brain. Using a wearable Near Infra-red Spectroscopy (NIRS) device to measure cerebral blood flow, this paper tries to answer the question: Can the measurement of brain blood-flow quantify programmers' mental workload during program comprehension activities? We performed a controlled experiment with 10 subjects; 8 of them showed high cerebral blood flow while understanding strongly obfuscated programs (requiring high mental workload). This suggests the possibility of using NIRS to measure the mental workload of a person during software development activities.

Publisher's Version Article Search
Who is the Expert? Combining Intention and Knowledge of Online Discussants in Collaborative RE Tasks
Itzel Morales-Ramirez, Matthieu Vergne, Mirko Morandini, Alberto Siena, Anna Perini, and Angelo Susi
(Fondazione Bruno Kessler, Italy; University of Trento, Italy)
Large, distributed software development projects rely on the collaboration of culturally heterogeneous and geographically distributed stakeholders. Software requirements, as well as solution ideas are elicited in distributed processes, which increasingly use online forums and mailing lists, in which stakeholders mainly use free or semi-structured natural language text. The identification of contributors of key information about a given topic --called experts, in both the software domain and code-- and in particular an automated support for retrieving information from available online resources, are becoming of crucial importance. In this paper, we address the problem of expert finding in mailing-list discussions, and propose an approach which combines content- and intent-based information extraction for ranking online discussants with respect to their expertise in the discussed topics. We illustrate its application on an example.

Publisher's Version Article Search
Who Asked What: Integrating Crowdsourced FAQs into API Documentation
Cong Chen and Kang Zhang
(University of Texas at Dallas, USA)
Documentation is important for learning Application Programming Interfaces (APIs). In addition to official documents, much crowdsourced API knowledge is available on the Web. Crowdsourced API documentation is fragmented, scattered around the Web, and disconnected from official documentation. Developers often rely on Web search to retrieve additional programming help. We propose to connect these two types of documentation by capturing developers' Web browsing behavior in the context of document reading and integrating crowdsourced frequently asked questions (FAQs) into API documents. Such an integration not only provides relevant API help more conveniently, but also opens a new approach to promoting knowledge collaboration and studying API users' information needs.

Publisher's Version Article Search Video
A World Full of Surprises: Bayesian Theory of Surprise to Quantify Degrees of Uncertainty
Nelly Bencomo and Amel Belaggoun
(Aston University, UK; CEA, France)
In the specific area of Software Engineering (SE) for self-adaptive systems (SASs) there is a growing research awareness about the synergy between SE and Artificial Intelligence (AI). However, just few significant results have been published so far. In this paper, we propose a novel and formal Bayesian definition of surprise as the basis for quantitative analysis to measure degrees of uncertainty and deviations of self-adaptive systems from normal behavior. A surprise measures how observed data affects the models or assumptions of the world during runtime. The key idea is that a "surprising'' event can be defined as one that causes a large divergence between the belief distributions prior to and posterior to the event occurring. In such a case the system may decide either to adapt accordingly or to flag that an abnormal situation is happening. In this paper, we discuss possible applications of Bayesian theory of surprise for the case of self-adaptive systems using Bayesian dynamic decision networks.

Publisher's Version Article Search
Modeling Self-Adaptive Software Systems with Learning Petri Nets
Zuohua Ding, Yuan Zhou, and MengChu Zhou
(Zhejiang Sci-Tech University, China; New Jersey Institute of Technology, USA)
Traditional models have limitation to model adaptive software systems since they build only for fixed requirements, and cannot model the behaviors that change at run-time in response to environmental changes. In this paper, an adaptive Petri net is proposed to model a self-adaptive software system. It is an extension of hybrid Petri nets by embedding a neural network algorithm into them at some special transitions. The proposed net has the following advantages: 1) It can model a runtime environment; 2) The components in the model can collaborate to make adaption decisions; and 3) The computing is done at the local, while the adaption is for the whole system. We illustrate the proposed adaptive Petri net by modeling a manufacturing system.

Publisher's Version Article Search

Learning and Mining

Automatic Search Term Identification for Change Tasks
Katja Kevic and Thomas Fritz
(University of Zurich, Switzerland)
At the beginning of a change task, software developers search the source code to locate the places relevant to the task. As previous research and a small exploratory study that we conducted show, developers perform poorly in identifying good search terms and therefore waste a lot of time querying and exploring irrelevant code. To support developers in this step, we present an approach to automatically identify good search terms. Based on existing work and an analysis of change tasks, we derived heuristics, determined their relevancy and used the results to develop our approach. For a preliminary evaluation, we conducted a study with ten developers working on open source change tasks. Our approach was able to identify good search terms for all tasks and outperformed the searches of the participants, illustrating the potential of our approach. In addition, since the used heuristics are solely based on textual features of change tasks, our approach is easy and generally applicable and can leverage much of the existing work on feature location.

Publisher's Version Article Search
An Automated Approach to Detect Violations with High Confidence in Incremental Code using a Learning System
Radhika D. Venkatasubramanyam and Shrinath Gupta
(Siemens, India)
Static analysis (SA) tools are often used to analyze a software system to identify violation of good programming practices (such as not validating arguments to public methods, use of magic numbers etc.) and potential defects (such as misused APIs, race conditions, deadlocks etc.). Most widely used SA tools perform shallow data flow analysis with the results containing considerable number of False Positives (FPs) and False Negatives (FNs). Moreover it is difficult to run these tools only on newly added or modified piece of code. In order to determine which violations are new we need to perform tedious process of post processing the SA tool results. The proposed system takes into consideration the above mentioned issues of SA and provides a lightweight approach to detection of coding violations statically and proactively, with high degree of confidence using a learning system. It also identifies the violations with a quality perspective using the predefined mapping of violations to quality attributes. We successfully implemented a prototype of the system and studied its use across some of the projects in Siemens, Corporate Technology, Development Center, Asia Australia (CT DC AA). Experimental results showed significant reduction in time required in result analysis and also in FPs and FNs reported.

Publisher's Version Article Search
A Novel Quantitative Evaluation Approach for Software Project Schedules using Statistical Model Checking
Dehui Du, Mingsong Chen, Xiao Liu, and Yun Yang
(East China Normal University, China; Swinburne University of Technology, Australia)
Project schedules are essential for successfully carrying out software projects. To support manager’s decision making, many project scheduling algorithms have been developed in recent years for generating candidate project schedules. However, these project schedules may not be able to be used directly because the uncertainty and complexity of real-world software development environments which have been overlooked or simplified in the project scheduling algorithms. Therefore, significant human efforts are still required to evaluate and compare these project schedules. To address such a problem, we propose a quantitative analysis approach based on statistical model checking technique which serves as a novel evaluation method for project schedules. By using the UPPAAL-SMC, we can systematically evaluate the performance of a project schedule and answer complex questions which are vital for manager’s decision making but cannot be efficiently addressed by any existing tools. The preliminary results show that our approach can efficiently filter out unsatisfactory candidates by answering simple “yes or no” questions first and then help effectively compare the rest by answering complicated user specified questions. Therefore, the human efforts in planning project schedules can be significantly reduced.

Publisher's Version Article Search
Reusable Execution Replay: Execution Record and Replay for Source Code Reuse
Ameer Armaly, Casey Ferris, and Collin McMillan
(University of Notre Dame, USA)
A key problem during source code reuse is that, to reuse even a small section of code from a program, a programmer must include a huge amount of dependency source code from elsewhere in the same program. These dependencies are no- toriously large and complex, and many can only be known at runtime. In this paper, we propose execution record/replay as a solution to this problem. We describe a novel reuse technique that allows programmers to reuse functions from a C or C++ program, by recording the execution of the program and selectively modifying how its functions are re- played. We have implemented our technique and evaluated it in a preliminary study in which two programmers used our tool to complete four tasks over four hours.

Publisher's Version Article Search
Mining Precise Performance-Aware Behavioral Models from Existing Instrumentation
Tony Ohmann, Kevin Thai, Ivan Beschastnikh, and Yuriy Brun
(University of Massachusetts, USA; Facebook, USA; University of British Columbia, Canada)
Software bugs often arise from differences between what developers envision their system does and what that system actually does. When faced with such conceptual inconsistencies, debugging can be very difficult. Inferring and presenting developers with accurate behavioral models of the system implementation can help developers reconcile their view of the system with reality and improve system quality.
We present Perfume, a model-inference algorithm that improves on the state of the art by using performance information to differentiate otherwise similar-appearing executions and to remove false positives from the inferred models. Perfume uses a system's runtime execution logs to infer a concise, precise, and predictive finite state machine model that describes both observed executions and executions that have not been observed but that the system can likely generate. Perfume guides the model inference process by mining temporal performance-constrained properties from the logs, ensuring precision of the model's predictions. We describe the model inference process and demonstrate how it improves precision over the state of the art.

Publisher's Version Article Search Info
Writing Bidirectional Model Transformations as Intentional Updates
Tao Zan, Hugo Pacheco, and Zhenjiang Hu
(Graduate University for Advanced Studies, Japan; National Institute of Informatics, Japan)
Model synchronization plays an important role in model- driven software development. Bidirectional model transformation approaches provide techniques for developers to specify the bidirectional relationship between source and target models, while keeping related models synchronized for free. Since models of interest are usually not in a one-to-one correspondence, this synchronization process is inherently ambiguous. Nevertheless, existing bidirectional model trans- formation tools focus mainly on enforcing consistency and provide developers only limited control over how models are synchronized, solving the latent ambiguity via default strategies whose behavior is unclear to developers. In this paper, we propose a novel approach in which developers write update programs that succinctly describe how a target model can be used to update a source model, such that the bidirectional behavior is fully determined. The new approach mitigates the unpredictability of existing solutions, by enabling a finer and more transparent control of what a bidirectional transformation does, and suggests a research direction for building more robust bidirectional model transformation tools.

Publisher's Version Article Search

Bugs and Failures

Do the Fix Ingredients Already Exist? An Empirical Inquiry into the Redundancy Assumptions of Program Repair Approaches
Matias Martinez, Westley Weimer, and Martin Monperrus
(University of Lille, France; INRIA, France; University of Virginia, USA)
Much initial research on automatic program repair has focused on experimental results to probe their potential to find patches and reduce development effort. Relatively less effort has been put into understanding the hows and whys of such approaches. For example, a critical assumption of the GenProg technique is that certain bugs can be fixed by copying and re-arranging existing code. In other words, GenProg assumes that the fix ingredients already exist elsewhere in the code. In this paper, we formalize these assumptions around the concept of ``temporal redundancy''. A temporally redundant commit is only composed of what has already existed in previous commits. Our experiments show that a large proportion of commits that add existing code are temporally redundant. This validates the fundamental redundancy assumption of GenProg.

Publisher's Version Article Search
Reproducing Software Failures by Exploiting the Action History of Undo Features
Tobias Roehm and Bernd Bruegge
(TU München, Germany)
Bug reports seldom contain information about the steps to reproduce a failure. Therefore, failure reproduction is a time consuming, difficult, and sometimes impossible task for software developers. Users are either unaware of the importance of steps to reproduce, are unable to describe them, or do not have time to report them. Similarly, automated crash reporting tools usually do not capture this information. In order to tackle this problem, we propose to exploit the action history of undo features, i.e. the history of user actions captured by many applications in order to allow users to undo previous actions. As it is captured anyway, our approach does not introduce additional monitoring overhead. We propose to extract the action history upon occurrence of a failure and present it to developers during bug fixing. Our hypothesis is that information about user actions contained in the action history of undo features enables developers to reproduce failures. We support this hypothesis with anecdotal evidence from a small empirical study of bug reports. A thorough evaluation is necessary to investigate the applicability and impact of our approach and to compare it to existing capture/ replay approaches.

Publisher's Version Article Search
Bugarium: 3D Interaction for Supporting Large-Scale Bug Repositories Analysis
Papon Yongpisanpop, Hideaki Hata, and Kenichi Matsumoto
(NAIST, Japan)
Big data became problems not just how to analyze and visualize but also how to interact with the data. In software analysis and maintenance, bug tracking system receive feedbacks of the software project users everyday, which means that the data is increasing everyday. A large-scale bug tracking system that contains large amount of information does not give end users an easy way to analyze bug information because it lacks of good interaction system. We present Bugarium that integrate 3D Motion Controller and data-driven documents to ease both interaction and visualization on a large-scale bug repository. Bugarium leads to a significant increase in terms of using 3D motion controller to operate big data in software visualization. An user study shows that Bugarium made users satisfied while using it to interact and visualize a large-scale bug tracking system.

Publisher's Version Article Search Info
RegViz: Visual Debugging of Regular Expressions
Fabian Beck, Stefan Gulan, Benjamin Biegel, Sebastian Baltes, and Daniel Weiskopf
(University of Stuttgart, Germany; University of Trier, Germany)
Regular expressions are a widely used programming technique, but seem to be neglected by software engineering research. Encoding complex string parsing in a very compact notation, their complexity and compactness, however, introduce particular challenges with respect to program comprehension. In this paper, we present RegViz, an approach to visually augment regular expressions without changing their original textual notation. The visual encoding clarifies the structure of the regular expressions and clearly discerns included tokens by function. The approach also provides advanced visual highlighting of matches in a sample text and defining test cases therein. We implemented RegViz as a Web-based tool for JavaScript regular expressions. Expert feedback suggests that the approach is intuitive to apply and increases the readability of regular expressions.

Publisher's Version Article Search Info
Characterizing Defect Trends in Software Support
Tung Thanh Nguyen, Evelyn Duesterwald, Tim Klinger, P. Santhanam, and Tien N. Nguyen
(Utah State University, USA; IBM Research, USA; Iowa State University, USA)
We present an empirical analysis of defect arrival data in the operational phase of multiple software products. We find that the shape of the defect curves is sufficiently determined by three external and readily available release cycle attributes: the product type, the license model, and the cycle time between releases. This finding provides new insights into the driving forces affecting the specifics of defect curves and opens up new opportunities for software support organizations to reduce the cost of maintaining defect arrival models for individual products. In addition, it allows the possibility of predicting the defect arrival rate of one product from another with similar known attributes.

Publisher's Version Article Search
On Failure Classification: The Impact of "Getting It Wrong"
Davide Falessi, Bill Kidwell, Jane Huffman Hayes, and Forrest Shull
(Fraunhofer CESE, USA; University of Kentucky, USA; SEI, USA)
Bug classification is a well-established practice which supports important activities such as enhancing verification and validation (V&V) efficiency and effectiveness. The state of the practice is manual and hence classification errors occur. This paper investigates the sensitivity of the value of bug classification (specifically, failure type classification) to its error rate; i.e., the degree to which misclassified historic bugs decrease the V&V effectiveness (i.e., the ability to find bugs of a failure type of interest). Results from the analysis of an industrial database of more than 3,000 bugs show that the impact of classification error rate on V&V effectiveness significantly varies with failure type. Specifically, there are failure types for which a 5% classification error can decrease the ability to find them by 66%. Conversely, there are failure types for which the V&V effectiveness is robust to very high error rates. These results show the utility of future research aimed at: 1) providing better tool support for decreasing human errors in classifying the failure type of bugs, 2) providing more robust approaches for the selection of V&V techniques, and 3) including robustness as an important criterion when evaluating technologies.

Publisher's Version Article Search

Process and Social Aspects

API as a Social Glue
Rohan Padhye, Debdoot Mukherjee, and Vibha Singhal Sinha
(IBM Research, India)
The rapid growth of social platforms such as Facebook, Twitter and LinkedIn underscores the need for people to connect to existing and new contacts for recreational and professional purposes. A parallel of this phenomenon exists in the software development arena as well. Open-source code sharing platforms such as GitHub provide the ability to follow people and projects of interest. However, users are manually required to identify projects or other users whom they might be interested in following. We observe that most software projects use third-party libraries and that developers who contribute to multiple projects often use the same library APIs across projects. Thus, the library APIs seem to be a good fingerprint of their skill set. Hence, we argue that library APIs can form the social glue to connect people and projects having similar interests. We propose APINet, a system that mines API usage profiles from source code version management systems and create a social network of people, projects and libraries. We describe our initial implementation that uses data from 568 open-source projects hosted on GitHub. Our system recommends to a user new projects and people that they may be interested in, suggests communities of people who use related libraries and finds experts for a given topic who are closest in a user's social graph.

Publisher's Version Article Search
Software Engineering for 'Social Good': Integrating Action Research, Participatory Design, and Agile Development
Maria Angela Ferrario, Will Simm, Peter Newman, Stephen Forshaw, and Jon Whittle
(Lancaster University, UK)
Software engineering for ‘social good’ is an area receiving growing interest in recent years. Software is increasingly seen as a way to promote positive social change: this includes initiatives such as Code for America and events such as hackathons, which strive to build innovative software solutions with a social conscience. From a software engineering perspective, existing software processes do not always match the needs of these social software projects, which are primarily aimed at social change and often involve vulnerable communities. In this paper, we argue for new software processes that combine elements of agile, iterative development with principles drawn from action research and participatory design. The former allow social software projects to be built quickly with limited resources; the latter allow for a proper understanding of the social context and vulnerable user groups. The paper describes Speedplay, a software development management framework integrating these approaches, and illustrates its use in a real social innovation case study.

Publisher's Version Article Search
Collaborative Infrastructure for Test-Driven Scientific Model Validation
Cyrus Omar, Jonathan Aldrich, and Richard C. Gerkin
(Carnegie Mellon University, USA; Arizona State University, USA)
One of the pillars of the modern scientific method is model validation: comparing a scientific model's predictions against empirical observations. Today, a scientist demonstrates the validity of a model by making an argument in a paper and submitting it for peer review, a process comparable to code review in software engineering. While human review helps to ensure that contributions meet high-level goals, software engineers typically supplement it with unit testing to get a more complete picture of the status of a project.
We argue that a similar test-driven methodology would be valuable to scientific communities as they seek to validate increasingly complex models against growing repositories of empirical data. Scientific communities differ from software communities in several key ways, however. In this paper, we introduce SciUnit, a framework for test-driven scientific model validation, and outline how, supported by new and existing collaborative infrastructure, it could integrate into the modern scientific process.

Publisher's Version Article Search
Lab-Based Action Design Research
Paul Ralph
(Lancaster University, UK)
This paper proposes a research methodology, Lab-based Action Design Research, which combines organizational intervention (action research), building innovative artifacts (engineering research) and studies of software development practice (behavioral research) within a laboratory environment. Seven principles for successful Lab-based Action Design Research are proposed – attract funding with a win-win scenario; select inspiring projects; conduct simultaneous studies; mix methods; use longitudinal, quasi-experimental designs; use enterprise-level technical infrastructure; use established project management infrastructure. Initial evaluation indicates that the proposed approach is practical and may produce improvements in internal validity and theoretical generalizability.

Publisher's Version Article Search
Flexible Product Line Engineering with a Virtual Platform
Michał Antkiewicz, Wenbin Ji, Thorsten Berger, Krzysztof Czarnecki, Thomas Schmorleiz, Ralf Lämmel, Ștefan Stănciulescu, Andrzej Wąsowski, and Ina Schaefer
(University of Waterloo, Canada; University of Koblenz-Landau, Germany; IT University of Copenhagen, Denmark; TU Braunschweig, Germany)
Cloning is widely used for creating new product variants. While it has low adoption costs, it often leads to maintenance problems. Long term reliance on cloning is discouraged in favor of systematic reuse offered by product line engineering (PLE) with a central platform integrating all reusable assets. Unfortunately, adopting an integrated platform requires a risky and costly migration. However, industrial experience shows that some benefits of an integrated platform can be achieved by properly managing a set of cloned variants.
In this paper, we propose an incremental and minimally invasive PLE adoption strategy called virtual platform. Virtual platform covers a spectrum of strategies between ad-hoc clone and own and PLE with a fully-integrated platform divided into six governance levels. Transitioning to a governance level requires some effort and it provides some incremental benefits. We discuss tradeoffs among the levels and illustrate the strategy on an example implementation.

Publisher's Version Article Search Info
Compiler Error Notifications Revisited: An Interaction-First Approach for Helping Developers More Effectively Comprehend and Resolve Error Notifications
Titus Barik, Jim Witschey, Brittany Johnson, and Emerson Murphy-Hill
(North Carolina State University, USA)
Error notifications and their resolutions, as presented by modern IDEs, are still cryptic and confusing to developers. We propose an interaction-first approach to help developers more effectively comprehend and resolve compiler error notifications through a conceptual interaction framework. We propose novel taxonomies that can serve as controlled vocabularies for compiler notifications and their resolutions. We use preliminary taxonomies to demonstrate, through a prototype IDE, how the taxonomies make notifications and their resolutions more consistent and unified.

Publisher's Version Article Search

Formal Demonstrations

Automated Programming Support

ImpactMiner: A Tool for Change Impact Analysis
Bogdan Dit, Michael Wagner, Shasha Wen, Weilin Wang, Mario Linares-Vásquez, Denys Poshyvanyk, and Huzefa Kagdi
(College of William and Mary, USA; Wichita State University, USA)
Developers are often faced with a natural language change request (such as a bug report) and tasked with identifying all code elements that must be modified in order to fulfill the request (e.g., fix a bug or implement a new feature). In order to accomplish this task, developers frequently and routinely perform change impact analysis. This formal demonstration paper presents ImpactMiner, a tool that implements an integrated approach to software change impact analysis. The proposed approach estimates an impact set using an adaptive combination of static textual analysis, dynamic execution tracing, and mining software repositories techniques. ImpactMiner is available from our online appendix http://www.cs.wm.edu/semeru/ImpactMiner/

Publisher's Version Article Search Video Info
Migrating Code with Statistical Machine Translation
Anh Tuan Nguyen, Tung Thanh Nguyen, and Tien N. Nguyen
(Iowa State University, USA; Utah State University, USA)
In the era of mobile computing, developers often need to migrate code written for one platform in a programming language to another language for a different platform, e.g., from Java for Android to C# for Windows Phone. The migration process is often performed manually or semi-automatically, in which developers are required to manually define translation rules and API mappings. This paper presents semSMT, an automatic tool to migrate code written in Java to C#. semSMT utilizes statistical machine translation to automatically infer translation rules from existing migrated code, thus, requires no manual defining of rules. The video demonstration on semSMT can be found on YouTube at http://www.youtube.com/watch?v=aRSnl5-7vNo.

Publisher's Version Article Search
LTSA-PCA: Tool Support for Compositional Reliability Analysis
Pedro Rodrigues, Emil Lupu, and Jeff Kramer
(Imperial College London, UK)
Software systems are often constructed by combining new and existing services and components. Models of such systems should therefore be compositional in order to reflect the architectural structure. We present herein an extension of the LTSA model checker. It supports the specification, visualisation and failure analysis of composable, probabilistic behaviour of component-based systems, modelled as Probabilistic Component Automata (PCA). To evaluate aspects such as the probability of system failure, a DTMC model can be automatically constructed from the composition of the PCA representations of each component and analysed in tools such as PRISM. Before composition, we reduce each PCA to its interface behaviour in order to mitigate state explosion associated with composite representations. Moreover, existing behavioural analysis techniques in LTSA can be applied to PCA representations to verify the compatibility of interface behaviour between components with matching provided-required interfaces. A video highlighting the main features of the tool can be found at: http://youtu.be/moIkx8JHE7o.

Publisher's Version Article Search
DASHboards: Enhancing Developer Situational Awareness
Oleksii Kononenko, Olga Baysal, Reid Holmes, and Michael W. Godfrey
(University of Waterloo, Canada)
Issue trackers monitor the progress of software development "issues", such as bug fixes and discussions about features. Typically, developers subscribe to issues they are interested in through the tracker, and are informed of changes and new developments via automated email. In practice, however, this approach does not scale well, as developers may receive large volumes of messages that they must sort through using their mail client; over time, it becomes increasingly challenging for them to maintain awareness of the issues that are relevant to their activities and tasks. To address this problem, we present a tool called DASH that is implemented in the form of personalized views of issues; developers indicate issues of interest and DASH presents customized views of their progress and informs them of changes as they occur.
Video: http://youtu.be/Jka_MsZet20

Publisher's Version Article Search
Product Assignment Recommender
Jialiang Xie, Qimu Zheng, Minghui Zhou, and Audris Mockus
(Peking University, China; Avaya Labs Research, USA)
Effectiveness of software development process depends on the accuracy of data in supporting tools. In particular, a customer issue assigned to a wrong product team takes much longer to resolve (negatively affecting user-perceived quality) and wastes developer effort. In Open Source Software (OSS) and in commercial projects values in issue-tracking systems (ITS) or Customer Relationship Management (CRM) systems are often assigned by non-developers for whom the assignment task is difficult. We propose PAR (Product Assignment Recommender) to estimate the odds that a value in the ITS is incorrect. PAR learns from the past activities in ITS and performs prediction using a logistic regression model. Our demonstrations show how PAR helps developers to focus on fixing real problems, and how it can be used to improve data accuracy in ITS by crowd-sourcing non-developers to verify and correct low-accuracy data. http://youtu.be/IuykbzSTj8s

Publisher's Version Article Search
Verily: A Web Framework for Creating More Reasonable Web Applications
John L. Singleton and Gary T. Leavens
(University of Central Florida, USA)
The complexity of web application construction is increasing at an astounding rate. Developing for the web typically crosses multiple application tiers in a variety of languages, which can result in disjoint code bases. This lack of standardization introduces new challenges for reasoning.
In this paper we introduce Verily, a new web framework for Java that supports the development of verifiable web applications. Rather than requiring that programs be verified in separate a posteriori analysis, Verily supports construction via a series of Recipes, which are properties of an application that are enforced at compile time. In addition to introducing the Verily framework, we also present two Recipes: the Core Recipe, an application architecture for web applications designed to replace traditional server-side Model View Controller, and the Global Mutable State Recipe, which enables developers to use sessions within their applications without resorting to the use of unrestricted global mutable state. Demo Video: http://www.youtube.com/watch?v=TjRF7E4um3c

Publisher's Version Article Search Video
VeriWS: A Tool for Verification of Combined Functional and Non-functional Requirements of Web Service Composition
Manman Chen, Tian Huat Tan, Jun Sun, Yang Liu, and Jin Song Dong
(National University of Singapore, Singapore; Singapore University of Technology and Design, Singapore; Nanyang Technological University, Singapore)
Web service composition is an emerging technique to develop Web applications by composing existing Web services. Web service composition is subject to two important classes of requirements, i.e., functional and non-functional requirements. Both are crucial to Web service composition. Therefore, it is desirable to verify combined functional and non-functional requirements for Web service composition. We present VeriWS, a tool to verify combined functional and non-functional requirements of Web service composition. VeriWS captures the semantics of Web service composition and verifies it directly based on the semantics. We also show how to describe Web service composition and properties using VeriWS. The YouTube video for demonstration of VeriWS is available at https://sites. google.com/site/veriwstool/.

Publisher's Version Article Search

Software Understanding for Programmers and Researchers

SEWordSim: Software-Specific Word Similarity Database
Yuan Tian, David Lo, and Julia Lawall
(Singapore Management University, Singapore; INRIA, France; LIP6, France)
Measuring the similarity of words is important in accurately representing and comparing documents, and thus improves the results of many natural language processing (NLP) tasks. The NLP community has proposed various measurements based on WordNet, a lexical database that contains relationships between many pairs of words. Recently, a number of techniques have been proposed to address software engineering issues such as code search and fault localization that require understanding natural language documents, and a measure of word similarity could improve their results. However, WordNet only contains information about words senses in general-purpose conversation, which often differ from word senses in a software-engineering context, and the software-specific word similarity resources that have been developed rely on data sources containing only a limited range of words and word uses.
In recent work, we have proposed a word similarity resource based on information collected automatically from StackOverflow. We have found that the results of this resource are given scores on a 3-point Likert scale that are over 50% higher than the results of a resource based on WordNet. In this demo paper, we review our data collection methodology and propose a Java API to make the resulting word similarity resource useful in practice.
The SEWordSim database and related information can be found at http://goo.gl/BVEAs8. Demo video is available at http://goo.gl/dyNwyb.

Publisher's Version Article Search Video
BOAT: An Experimental Platform for Researchers to Comparatively and Reproducibly Evaluate Bug Localization Techniques
Xinyu Wang, David Lo, Xin Xia, Xingen Wang, Pavneet Singh Kochhar, Yuan Tian, Xiaohu Yang, Shanping Li, Jianling Sun, and Bo Zhou
(Zhejiang University, China; Singapore Management University, Singapore)
Bug localization refers to the process of identifying source code files that contain defects from descriptions of these defects which are typically contained in bug reports. There have been many bug localization techniques proposed in the literature. However, often it is hard to compare these techniques since different evaluation datasets are used. At times the datasets are not made publicly available and thus it is difficult to reproduce reported results. Furthermore, some techniques are only evaluated on small datasets and thus it is not clear whether the results are generalizable. Thus, there is a need for a platform that allows various techniques to be compared with one another on a common pool containing a large number of bug reports with known defective source code files. In this paper, we address this need by proposing our Bug lOcalization experimental plATform (BOAT). BOAT is an extensible web application that contains thousands of bug reports with known defective source code files. Researchers can create accounts in BOAT, upload executables of their bug localization techniques, and see how these techniques perform in comparison with techniques uploaded by other researchers, with respect to some standard evaluation measures. BOAT is already preloaded with several bug localization techniques and thus researchers can directly compare their newly proposed techniques against these existing techniques. BOAT has been made available online since October 2013, and researchers could access the platform at: http://www.vlis.zju.edu.cn/blp.

Publisher's Version Article Search Video
VMVM: Unit Test Virtualization for Java
Jonathan Bell and Gail Kaiser
(Columbia University, USA)
As software evolves and grows, its regression test suites tend to grow as well. When these test suites become too large, they can eventually reach a point where they become too length to regularly execute. Previous work in Test Suite Minimization has reduced the number of tests in such suites by attempting to identify those that are redundant (e.g. by a coverage metric). Our approach to ameliorating the runtime of these large test suites is complementary, instead focusing on reducing the overhead of running each test, an approach that we call Unit Test Virtualization. This Tool Demonstration presents our implementation of Unit Test Virtualization, VMVM (pronounced "vroom-vroom") and summarizes an evaluation of our implementation on 20 real-world Java applications, showing that it reduces test suite execution time by up to 97% (on average, 62%). A companion video to this demonstration is available online, at https://www.youtube.com/watch?v=sRpqF3rJERI.

Publisher's Version Article Search Video Info
ViVA: A Visualization and Analysis Tool for Distributed Event-Based Systems
Youn Kyu Lee, Jae young Bang, Joshua Garcia, and Nenad Medvidovic
(University of Southern California, USA)
Distributed event-based (DEB) systems are characterized by highly-decoupled components that communicate by exchanging messages. This form of communication enables flexible and scalable system composition but also reduces understandability and maintainability due to the indirect manner in which DEB components communicate. To tackle this problem, we present Visualizer for eVent-based Architectures, ViVA, a tool that effectively visualizes the large number of messages and dependencies that can be exchanged between components and the order in which the exchange of messages occur. In this paper, we describe the design, implementation, and key features of ViVA. (Demo video at http://youtu.be/jHVwuR5AYgA)

Publisher's Version Article Search Video
Cookbook: In Situ Code Completion using Edit Recipes Learned from Examples
John Jacobellis, Na Meng, and Miryung Kim
(University of Texas at Austin, USA)
Existing code completion engines leverage only pre-defined templates or match a set of user-defined APIs to complete the rest of changes. We propose a new code completion technique, called Cookbook, where developers can define custom edit recipes—a reusable template of complex edit operations—by specifying change examples. It generates an abstract edit recipe that describes the most specific generalization of the demonstrated example program transformations. Given a library of edit recipes, it matches a developer’s edit stream to recommend a suitable recipe that is capable of filling out the rest of change customized to the target. We evaluate Cookbook using 68 systematic changed methods drawn from the version history of Eclipse SWT. Cookbook is able to narrow down to the most suitable recipe in 75% of the cases. It takes 120 milliseconds to find the correct suitable recipe on average, and the edits produced by the selected recipe are on average 82% similar to developer’s hand edit. This shows Cookbook’s potential to speed up manual editing and to minimize developer’s errors. Our demo video is available at https://www.youtube.com/watch?v=y4BNc8FT4RU.

Publisher's Version Article Search Video
Atlas: A New Way to Explore Software, Build Analysis Tools
Tom Deering, Suresh Kothari, Jeremias Sauceda, and Jon Mathews
(Iowa State University, USA; EnSoft, USA)
Atlas is a new software analysis platform from EnSoft Corp. Atlas decouples the domain-specific analysis goal from its underlying mechanism by splitting analysis into two distinct phases. In the first phase, polynomial-time static analyzers index the software AST, building a rich graph database. In the second phase, users can explore the graph directly or run custom analysis scripts written using a convenient API. These features make Atlas ideal for both interaction and automation. In this paper, we describe the motivation, design, and use of Atlas. We present validation case studies, including the verification of safe synchronization of the Linux kernel, and the detection of malware in Android applications. Our ICSE 2014 demo explores the comprehension and malware detection use cases. Video: http://youtu.be/cZOWlJ-IO0k

Publisher's Version Article Search Video Info
Teamscale: Software Quality Control in Real-Time
Lars Heinemann, Benjamin Hummel, and Daniela Steidl
(CQSE, Germany)
When large software systems evolve, the quality of source code is essential for successful maintenance. Controlling code quality continuously requires adequate tool support. Current quality analysis tools operate in batch-mode and run up to several hours for large systems, which hampers the integration of quality control into daily development. In this paper, we present the incremental quality analysis tool Teamscale, providing feedback to developers within seconds after a commit and thus enabling real-time software quality control. We evaluated the tool within a development team of a German insurance company. A video demonstrates our tool: http://www.youtube.com/watch?v=nnuqplu75Cg.

Publisher's Version Article Search

ICSE Posters

APISynth: A New Graph-Based API Recommender System
Chen Lv, Wei Jiang, Yue Liu, and Songlin Hu
(University of Chinese Academy of Sciences, China; Institute of Computing Technology at Chinese Academy of Sciences, China; Greatwall Drilling Company, China)
Current API recommendation tools yield either good recall ratio or good precision, but not both. A tool named APISynth is proposed in this paper by utilizing a new graph based approach. Preliminary evaluation demonstrates that APISynth wins over the state of the art with respect to both the two criteria.

Publisher's Version Article Search
Shedding Light on Distributed System Executions
Jenny Abrahamson, Ivan Beschastnikh, Yuriy Brun, and Michael D. Ernst
(Facebook, USA; University of British Columbia, Canada; University of Massachusetts, USA; University of Washington, USA)
In a distributed system, the hosts execute concurrently, generating asynchronous logs that are challenging to comprehend. We present two tools: ShiVector to transparently add vector timestamps to distributed system logs, and ShiViz to help developers understand distributed system logs by visualizing them as space-time diagrams. ShiVector is the first tool to offer automated vector timestamp instrumentation without modifying source code. The vector-timestamped logs capture partial ordering information, useful for analysis and comprehension. ShiViz space-time diagrams are simple to understand and interactive — the user can explore the log through the visualization to understand complex system behavior. We applied ShiVector and ShiViz to two systems and found that they aid developers in understanding and debugging.

Publisher's Version Article Search Info
Fault Localization for Build Code Errors in Makefiles
Jafar Al-Kofahi, Hung Viet Nguyen, and Tien N. Nguyen
(Iowa State University, USA)
Building is an important process in software development. In large software projects, build code has a high level of complexity, churn rate, and defect proneness. While several automated approaches exist to help developers in localizing faults in traditional source code and in detecting code smells in build code, fault localization techniques have not yet been developed for build code. In this work, we introduce MkFault, a tool to localize errors resulting in build crashes. MkFault monitors the execution traces from GNU Make statements that produce concrete build rules and the original code locations for each component of a rule (i.e., target, prerequisites, and recipe). It then uses a novel ranking algorithm to give suspiciousness scores to the original statements in the Makefile. In our empirical evaluation with real faults, we show that MkFault can help localize faults in Make code with high accuracy.

Publisher's Version Article Search
Avoiding Deadlocks using Stalemate and Dimmunix
Surabhi Pandey, Sushanth Bhat, and Vivek Shanbhag
(IIIT Bangalore, India)
The execution of a concurrent Java program can deadlock if its threads attempt to acquire shared locks in cyclic order. The JVM permits such behaviour. Research has demonstrated that such deadlocks can be predicted through static analysis. It is also known that a tool like Dimmunix helps to avoid deadlocks whose deadlock patterns (fingerprints) are known. The current work combines both approaches: conducting static analysis to predict possible deadlocks and provide their corresponding fingerprints to Dimmunix. These fingerprints forewarn Dimmunix of all deadlock possibilities rather than it learn about them one at a time. For our experiments we use 8 deadlock programs that were developed based upon deadlock predictions from static analysis of the entire JRE by a tool called Stalemate. We design a process to generate Dimmunix fingerprints from deadlock predictions.

Publisher's Version Article Search
Assuring System Goals under Uncertainty with Active Formal Models of Self-Adaptation
M. Usman Iftikhar and Danny Weyns
(Linnaeus University, Sweden)
Designing software systems with uncertainties, such as incomplete knowledge about changing system goals, is challenging. One approach to handle uncertainties is self-adaptation, where a system consists of a managed system and a managing system that realizes a feedback loop. The promise of self-adaptation is to enable a system to adapt itself realizing the system goals, regarding uncertainties. To realize this promise it is critical to provide assurances for the self-adaptive behaviours. Several approaches have been proposed that exploit formal methods to provide these assurances. However, an integrated approach that combines: (1) seamless integration of offline and online verification (to deal with inherent limitations of verification), with (2) support for runtime evolution of the system (to deal with new or changing goals) is lacking. In this paper, we outline a new approach named Active FORmal Models of Self-adaptation (ActivFORMS) that aims to deal with these challenges. In ActivFORMS, the formal models of the managing system are directly deployed and executed to realize self-adaptation, guaranteeing the verified properties. Having the formal models readily available at runtime paves the way for: (1) incremental verification during system execution, and (2) runtime evolution of the self-adaptive system. Experiences with a robotic system show promising results.

Publisher's Version Article Search
Timing Challenges in Automotive Software Architectures
Licong Zhang, Reinhard Schneider, Alejandro Masrur, Martin Becker, Martin Geier, and Samarjit Chakraborty
(TU München, Germany; TU Chemnitz, Germany)
Most of the innovation in the automotive domain is now in electronics and software, which has led to several million lines of code in today's high-end cars. However, in contrast to software in the general purpose computing domain -- where mostly functional correctness is of concern -- timing predictability of automotive software is an important problem which is still largely unsolved. More importantly, this problem is solely addressed within the embedded systems domain with little or no participation from the mainstream software engineering community. The goal of this poster is to highlight some of the aspects of timing analysis of automotive software, as an attempt to involve the broader software engineering research community in this problem.

Publisher's Version Article Search
An Adaptive Bayesian Approach for URL Selection to Test Performance of Large Scale Web-Based Systems
Alim Ul Gias and Kazi Sakib
(University of Dhaka, Bangladesh)
In case of large scale web-based systems, scripts for performance testing are updated iteratively. In each script, multiple URLs of the system are considered depending on intuitions that those URLs will expose the performance bugs. This paper proposes a Bayesian approach for including a URL to a test script based on its probability of being time intensive. As the testing goes on the scheme adaptively updates its knowledge regarding a URL. The comparison with existing methods shows that the proposed technique performs similar in guiding applications towards intensive tasks, which helps to expose performance bugs.

Publisher's Version Article Search
DEECo: An Ecosystem for Cyber-Physical Systems
Rima Al Ali, Tomas Bures, Ilias Gerostathopoulos, Petr Hnetynka, Jaroslav Keznikl, Michal Kit, and Frantisek Plasil
(Charles University, Czech Republic)
In this work we tackle the problem of designing and developing software-intensive cyber-physical systems (CPS), which are large distributed systems of collaborating elements that closely interact with the physical world, such as intelligent transportation systems and crowdsourcing applications. Due to their specific constraints, such as extreme dynamism and continuous evolution of the physical substratum, and requirements, such us open-endedness and adaptability, CPS introduce many new challenges for software engineering. In response, we present a tailored ecosystem of software engineering models, methods, and tools. This ecosystem is centered on the DEECo component model, which we have proposed specifically for architecting software-intensive CPS.

Publisher's Version Article Search Info
Calibrating Use Case Points
Ali Bou Nassif, Luiz Fernando Capretz, and Danny Ho
(University of Western Ontario, Canada; NFA Estimation, Canada)
An approach to calibrate the complexity weights of the use cases in the Use Case Points (UCP) model is put forward. The size metric used is the Use Case Points (UCP) which can be calculated from the use case diagram along with its use case scenario as described in the UCP model. The approach uses a neural network with fuzzy logic to tune the complexity weights.

Publisher's Version Article Search
The MechatronicUML Method: Model-Driven Software Engineering of Self-Adaptive Mechatronic Systems
Steffen Becker, Stefan Dziwok, Christopher Gerking, Christian Heinzemann, Wilhelm Schäfer, Matthias Meyer, and Uwe Pohlmann
(University of Paderborn, Germany; Fraunhofer IPT, Germany)
The software of mechatronic systems interacts with the system's physical environment. In such systems, an incorrect software may cause harm to human life. As a consequence, software engineering methods for developing such software need to enable developers to effectively and efficiently proof their correctness. This is further complicated by additional characteristics of mechatronic systems as self-adaptation and coordination with other systems. In this poster, we present MechatronicUML which is a model-driven software engineering method that especially considers these characteristics of self-adaptive mechatronic systems.

Publisher's Version Article Search
Model-Driven Development of Diverse User Interfaces
Zhiyi Ma, Wei Zhang, and Chih-Yi Yeh
(Peking University, China)
Developing and maintaining user interfaces of an application for various devices is usually laborious. This paper discusses how to build diverse user interfaces based on model-driven development.

Publisher's Version Article Search
Statistical Learning of API Mappings for Language Migration
Anh Tuan Nguyen, Hoan Anh Nguyen, Tung Thanh Nguyen, and Tien N. Nguyen
(Iowa State University, USA; Utah State University, USA)
The process of migrating software between languages is called language migration or code migration. To reduce manual effort in defining the rules of API mappings for code migration, we propose StaMiner, a data-driven model that statistically learns the mappings between API usages from the corpus of the corresponding methods in the client code of the APIs in two languages.

Publisher's Version Article Search
Asymmetric Software Structures in the Linux Kernel
Lei Wang, Ping Wang, and Zhen Wang
(Beihang University, China)
We investigated the asymmetry in the structure of complex software. After studying the degree distribution of the call graphs corresponding to the Linux kernel modules of 223 different versions, we found the asymmetry between the in-degree and out-degree distributions. After analyzing the behaviors of the newly added nodes in each version, we found that the preferential attachment behaviors of the new nodes are not only related with the degree of nodes, also related with the "age" of nodes, especially in the out-degree. In addition, the new nodes tend to cluster in Linux kernel.

Publisher's Version Article Search
Towards Designing Assistive Software Applications for Discrete Trial Training
Valerie Picardo, Samuel Metson, Rashina Hoda, Robert Amor, Angela Arnold-Saritepe, Rebecca Sharp, and Denys Brand
(University of Auckland, New Zealand)
Discrete Trial Training (DTT) is one of the most effective training methods for children diagnosed with Autism. Traditional DTT suffers from limitations of inconsistencies on account of human error, disruptions due to in-session data collection by trainers, and difficulties of producing physical within-stimulus prompts. Current software solutions either support sole child usage thereby eliminating the social interaction benefits of DTT or lack automated data collection. Designed by an inter-disciplinary team of software engineers, HCI, and psychology experts and certified behaviour analysts for a touch-tabletop, DTTAce is an assistive-software that provides digital consistency and integrity and supports customization of trials, automated data collection, and within-stimulus prompts while preserving natural interactions and the social nature of DTT. It is an important step towards designing effective assistive software for Discrete Trial Training.

Publisher's Version Article Search
An Optimized Design Approach for Extending HMI Systems with Mobile Devices
Manasvi Jain, Rahul Raj CP, and Seshubabu Tolety
(Siemens, India)
Remote monitoring and controlling of industrial machines have proven to be a necessary requirement for many engineering domains. HMI panels are already successful in providing proper control for such machines/ layouts. Many organizations are now utilizing new and trendy smart phones to access their legacy systems remotely. In this paper, we elicit a viable approach for extending HMI systems with the smart phones and tablets. This approach overcomes the challenges of explicit mobile application design approaches and provides appropriate application architecture for mobile extension providers.

Publisher's Version Article Search
Proposing a Theory of Gamification Effectiveness
Bilal Amir and Paul Ralph
(Sur University College, Oman; Lancaster University, UK)
Gamification informally refers to making a system more game-like. More specifically, gamification denotes applying game mechanics to a non-game system. We theorize that gamification success depends on the game mechanics employed and their effects on user motivation and immersion. The proposed theory may be tested using an experiment or questionnaire study.

Publisher's Version Article Search
Modeling and Model Checking by Modular Approach
Mo Xia, Guiming Luo, and Mian Sun
(Tsinghua University, China)
Model checking is a common formal verification technique, but it is only applicable to white box systems. In order to allow users without much formal verification expertise to use model checking easily, this paper proposes a modular approach for software modeling and model checking. Efficiency, correctness, and reusability are our main concerns. A hierarchical model is constructed for a system by modules, and it is translated into the specific model checking codes. The M^3C tool is implemented to support our approach, and it is successfully applied to actual industrial cases, as well as to some cases in the literature.

Publisher's Version Article Search
Hybrid Test Data Generation
Zicong Liu, Zhenyu Chen, Chunrong Fang, and Qingkai Shi
(Nanjing University, China)
Many automatic test data generation techniques have been proposed in the past decades. Each technique can only deal with very restrictive data types so far. This limits the usefulness of test data generation in practice. We present a preliminary approach on hybrid test data generation, by combining Random Strategy (RS), Dynamic Symbolic Execution (DSE), and Search-based Strategy (SBS). It is expected to take advantage of the state-of-the-arts to enhance the robustness and scalability, in terms of different types of test data.

Publisher's Version Article Search
Software Defect Prediction Based on Collaborative Representation Classification
Xiao-Yuan Jing, Zhi-Wu Zhang, Shi Ying, Feng Wang, and Yang-Ping Zhu
(Wuhan University, China; Nanjing University of Posts and Telecommunications, China)
In recent years, machine learning techniques have been successfully applied into software defect prediction. Although they can yield reasonably good prediction results, there still exists much room for improvement on the aspect of prediction accuracy. Sparse representation is one of the most advanced machine learning techniques. It performs well with respect to signal compression and classification, but suffers from its time-consuming sparse coding. Compared with sparse representation, collaborative representation classification (CRC) can yield significantly lower computational complexity and competitive classification performance in pattern recognition domains. To achieve better defect prediction results, we introduce the CRC technique in this paper and propose a CRC based software defect prediction (CSDP) approach. We first design a CRC based learner to build a prediction model, whose computational burden is low. Then, we design a CRC based predictor to classify whether the query software modules are defective or defective-free. Experimental results on the widely used NASA datasets demonstrate the effectiveness and efficiency of the proposed approach.

Publisher's Version Article Search

Doctoral Symposium

Mature A

COASTmed: Software Architectures for Delivering Customizable, Policy-Based Differential Web Services
Alegria Baquero
(University of California at Irvine, USA)
Inter-organizational exchange of personal information raises significant challenges in domains such as healthcare. First, trust among parties is not homogenous; data is shared according to complex relations. Second, personal data is used for unexpected, often divergent purposes. This tension between information need and provision calls for custom services whose access depends on specific trust and legal ties. Current Web services are "one-size-fits-all" solutions that do not capture nuanced relations nor meet all users' needs. Our goal is providing computation-enabled services which: (a) are accessible based on providers' policies, and; (b) allow user-controlled customization within the authority granted. We present our proposed solutions in COASTmed, a prototype for electronic health record (EHR) management which leverages novel architectural principles and formal policies.

Publisher's Version Article Search
Formal Verification Problems in a Big Data World: Towards a Mighty Synergy
Matteo Camilli
(University of Milan, Italy)
Formal verification requires high performance data processing software for extracting knowledge from the unprecedented amount of data coming from analyzed systems. Since cloud based computing resources have became easily accessible, there is an opportunity for verification techniques and tools to undergo a deep technological transition to exploit the new available architectures. This has created an increasing interest in parallelizing and distributing verification techniques. In this paper we introduce a distributed approach which exploits techniques typically used by the bigdata community to enable verification of very complex systems using bigdata approaches and cloud computing facilities.

Publisher's Version Article Search
Cross-Platform Testing and Maintenance of Web and Mobile Applications
Shauvik Roy Choudhary
(Georgia Tech, USA)
Modern software applications are expected to run on a variety of web and mobile platforms with diverse software and hardware level features. Thus, developers of such software need to duplicate the testing and maintenance effort on a wide range of platforms. Often developers are not able to cope with this increasing demand. Thus, they release software that is broken on certain platforms affecting a class of customers using such platforms. The goal of my work is to improve the testing and maintenance of cross-platform applications by developing automated techniques for matching such applications across the different platforms.

Publisher's Version Article Search

Mature B

Human Aspects, Gamification, and Social Media in Collaborative Software Engineering
Bogdan Vasilescu
(Eindhoven University of Technology, Netherlands)
Software engineering is inherently a collaborative venture. In open-source software (OSS) development, such collaborations almost always span geographies and cultures. Because of the decentralised and self-directed nature of OSS as well as the social diversity inherent to OSS communities, the success of an OSS project depends to a large extent on the social aspects of distributed collaboration and achieving coordination over distance. The goal of this dissertation research is to raise our understanding of how human aspects (e.g., gender or cultural diversity), gamification and social media (e.g., participation in social environments such as Stack Overflow or GitHub) impact distributed collaboration in OSS.

Publisher's Version Article Search
ReuseSEEM: An Approach to Support the Definition, Modeling, and Analysis of Software Ecosystems
Rodrigo Pereira dos Santos
(COPPE, Brazil; Federal University of Rio de Janeiro, Brazil)
Software Engineering (SE) community has discussed economic and social issues as a challenge for the next years. Companies and organizations have directly (or not) opened up their software platforms and assets to others, including partners and 3rd party developers, creating software ecosystems (SECOs). This scenario changes the traditional software industry because it requires mature research in SE dealing with an environment where business models and socio-technical networks can impact systems engineering and management, and reuse approaches. However, one strong inhibitor is the complexity in defining and modeling SECO elements to improve their comprehension and analysis. The main reason is the fact that this topic is emerging and no common sense on its concepts and relations exists yet. Thus, it is difficult to understand its real impacts in the SE industry. In this context, we propose an approach to support the definition, modeling and analysis of SECOs by exploring Software Reuse concepts in techniques in this area and treating nontechnical aspects in SE.

Publisher's Version Article Search
Summarization of Complex Software Artifacts
Laura Moreno
(Wayne State University, USA)
Program understanding is necessary for most software engineering tasks. Internal and external documentation help during this process. Unfortunately, this documentation is often missing or outdated. An alternative to solve this situation is automatically summarizing software artifacts. In the case of source code, a few approaches have been proposed to generate natural language descriptions of fine-grained elements of the code. This research focuses on the automatic generation of generic natural language summaries of complex code artifacts, such as, classes and change sets. In addition, these generic summaries will be adapted to support specific maintenance tasks.

Publisher's Version Article Search

Initial A

Nirikshan: Process Mining Software Repositories to Identify Inefficiencies, Imperfections, and Enhance Existing Process Capabilities
Monika Gupta
(IIIT Delhi, India)
Process mining is to extract knowledge about business processes from data stored implicitly in ad-hoc way or explicitly by information systems. The aim is to discover runtime process, analyze performance and perform conformance verification, using process mining tools like ProM and Disco, for single software repository and processes spanning across multiple repositories. Application of process mining to software repositories has recently gained interest due to availability of vast data generated during software development and maintenance. Process data are embodied in repositories which can be used for analysis to improve the efficiency and capability of process, however, involves a lot of challenges which have not been addressed so far. Project team defines workflow, design process and policies for tasks like issue tracking (defect or feature enhancement), peer code review (review the submitted patch to avoid defects before they are injected) etc. to streamline and structure the activities. The reality may not be the same as defined because of imperfections so the extent of non-conformance needs to be measured. We propose a research framework `Nirikshan' to process mine the data of software repositories from multiple perspectives like process, organizational, data and time. We apply process mining on software repositories to derive runtime process map, identify and remove inefficiencies and imperfections, extend the capabilities of existing software engineering tools to make them more process aware, and understand interaction pattern between various contributors to improve the efficiency of project.

Publisher's Version Article Search
Performance Analysis of Object-Oriented Software
David Maplesden
(University of Auckland, New Zealand)
Many large scale object-oriented applications suffer from chronic performance problems. The many layers of generalised frameworks and libraries that these applications are typically assembled from leads to seemingly simple tasks requiring many thousands of operations to complete. Addressing these performance problems with traditional profiling tools is difficult because of the scale and complexity of the dynamic behaviour being exhibited. A wealth of detailed data is collected but costs are thinly distributed across thousands of methods leaving few easily identifiable performance optimisation opportunities. However we believe there are repeated patterns of method calls hidden within the profile data that represent performance critical sections of code. We plan to investigate new approaches to analysing typical performance data sets to identify these repeated patterns. Our initial work shows some promising results - being able to identify, within an application with over 64 thousand unique calling contexts, ten patterns that account for over 50% of the execution time.

Publisher's Version Article Search
Improving Exception Handling with Recommendations
Eiji Adachi Barbosa
(PUC-Rio, Brazil)
Exception handling mechanisms are the most common model used to design and implement robust software systems. Despite their wide adoption in mainstream programming languages, empirical evidence suggests that developers are still not properly using these mechanisms to achieve better software robustness. Without adequate support, developers struggle to decide the proper manner in which they should handle their exceptions, i.e., the place where the exception should be caught and the handling actions that should be implemented. As a consequence, they tend to ignore exceptions by implementing empty handlers or leaving them unhandled, which may ultimately lead to the introduction of faults in the source code. In this context, this PhD research aims at investigating means to improve the quality of exception handling in software projects. To achieve this goal, we propose a recommender system able to support developers in implementing exception handling.

Publisher's Version Article Search
Verifying Incomplete and Evolving Specifications
Claudio Menghi
(Politecnico di Milano, Italy)
Classical verification techniques rely on the assumption that the model of the system under analysis is completely specified and does not change over time. However, most modern development life-cycles and even run-time environments (as in the case of adaptive systems), are implicitly based on incompleteness and evolution. Incompleteness occurs when some parts of the system are not specified. Evolution concerns a set of gradual and progressive changes that amend systems over time.
Modern development life-cycles are founded on a sequence of iterative and incremental steps through which the initial incomplete description of the system evolves into its final, fully detailed, specification. Similarly, adaptive systems evolve through a set of adaptation actions, such as plugging and removing components, that modify the behavior of the system in response to new environmental conditions, requirements or legal regulations. Usually, the adaptation is performed by first removing old components, leaving the system temporarily unspecified-incomplete-, and then by plugging the new ones.
This work aims to extend classical verification algorithms to consider incomplete and evolving specifications. We want to ensure that after any change, only the part of the system that is affected by the change, is re-analyzed, avoiding to re-verify everything from scratch.

Publisher's Version Article Search
Quantitative Properties of Software Systems: Specification, Verification, and Synthesis
Srđan Krstić
(Politecnico di Milano, Italy)
Functional and non-functional requirements are becoming more and more complex, introducing ambiguities in the natural language specifications. A very broad class of such requirements are the ones that define quantitative properties of software systems. Properties of this kind are of key relevance to express quality of service. For example, they are used to specify bounds on the timing information between specific events, or on their number of occurrences. Sometimes, they are also used to express higher level properties such as aggregate values over the multiplicity of certain events in a specific time window. These are practical specification patterns that can be frequently found in system documentation. The goal of this thesis is to develop an approach for specifying and verifying quantitative properties of complex software systems that execute in a changing environment. In addition, it will also explore synthesis techniques that can be applied to infer such type of properties from execution traces.

Publisher's Version Article Search

Initial B

Automatic Generation of Cost-Effective Test Oracles
Alberto Goffi
(University of Lugano, Switzerland)
Software testing is the primary activity to guarantee some level of quality of software systems. In software testing, the role of test oracles is crucial: The quality of test oracles directly affects the effectiveness of the testing activity and influences the final quality of software systems. So far, research in software testing focused mostly on automating the generation of test inputs and the execution of test suites, paying less attention to the generation of test oracles. Available techniques for generating test oracle are either effective but expensive or inexpensive but ineffective. Our research work focuses on the generation of cost-effective test oracles. Recent research work has shown that modern software systems can provide the same functionality through different execution sequences. In other words, multiple execution sequences perform the same, or almost the same, action. This phenomenon is called intrinsic redundancy of software systems. We aim to design and develop a completely automated technique to generate test oracles by exploiting the intrinsic redundancy freely available in the software. Test oracles generated by our technique check the equivalence between a given execution sequence and all the redundant and supposedly equivalent execution sequences that are available. The results obtained so far are promising.

Publisher's Version Article Search
Dynamic Data-Flow Testing
Mattia Vivanti
(University of Lugano, Switzerland)
Data-flow testing techniques have long been discussed in the literature, yet to date they are still of little practical relevance. The applicability of data-flow testing is limited by the complexity and the imprecision of the approach: writing a test suite that satisfy a data-flow criterion is challenging due to the presence of many test objectives that include infeasible elements in the coverage domain and exclude feasible ones that depend on aliasing and dynamic constructs.
To improve the applicability and effectiveness of data-flow testing we need both to augment the precision of the coverage domain by including data-flow elements dependent on aliasing and to exclude infeasible ones that reduce the total coverage.
In my PhD research I plan to address these two problems by designing a new data-flow testing approach that combines automatic test generation and dynamic identification of data-flow elements that can identify precise test targets by monitoring the program executions.

Publisher's Version Article Search
Holistic Recommender Systems for Software Engineering
Luca Ponzanelli
(University of Lugano, Switzerland)
Software maintenance is a relevant and expensive phase of the software development process. Developers have to deal with legacy and undocumented code that hinders the comprehension of the software system at hand. Enhancing program comprehension by means of recommender systems in the Integrated Development Environment (IDE) is a solution to assist developers in these tasks. The recommender systems proposed so far generally share common weaknesses: they are not proactive, they consider a single type of data-source, and in case of multiple data-source, relevant items are suggested together without considering interactions among them. We envision a future where recommender systems follow a holistic approach: They provide knowledge regarding a programming context by considering information beyond the one provided by single elements in the context of the software development. The recommender system should consider different elements such as development artifact (e.g., bug reports, mailing lists), and online resources (e.g., blogs, Q&A web sites, API documentation), developers activities, repository history etc. The provided information should be novel and emerge from the semantic links created by the analysis of the interactions among these elements.

Publisher's Version Article Search
Understanding the Dynamics of Test-Driven Development
Davide Fucci
(University of Oulu, Finland)
Test-driven development (TDD) has been the subject of several software engineering experiments. However the controversial results about its effects still need to be contextualized. This doctoral research will show how TDD could be better assessed by studying to what extent developers follow its cycle and for what kind of development tasks. This knowledge is foreseen to be beneficial for software industries willing to adopt or adapt TDD.

Publisher's Version Article Search
On the Use of Visualization for Supporting Software Reuse
Marcelo Schots
(COPPE, Brazil; Federal University of Rio de Janeiro, Brazil)
Reuse is present in the daily routine of software developers, yet mostly in an ad-hoc or pragmatic way. Reuse practices allow for reducing the time and effort spent on software development. However, organizations struggle in beginning and coping with a reuse program. The APPRAiSER environment, proposed in this work, aims at providing reuse awareness according to each stakeholder’s needs for performing reuse-related tasks, by providing appropriate software visualization mechanisms. The long-term goal is to help introducing, instigating, establishing and monitoring software reuse initiatives, by decreasing the effort and time spent by stakeholders in performing reuse tasks.

Publisher's Version Article Search

Initial C

Understanding the Redundancy of Software Systems
Andrea Mattavelli
(University of Lugano, Switzerland)
Our research aims to study and characterize the redundancy of software systems. Intuitively, a software is redundant when it can perform the same functionality in different ways. Researches have successfully defined several techniques that exploit various form of redundancy, for example for tolerating failures at runtime and for testing purposes.
We aim to formalize and study the redundancy of software systems in general. In particular, we are interested in the intrinsic redundancy of software systems, that is a form of undocumented redundancy present in software systems as consequence of various design and implementation decisions. In this thesis we will formalize the intuitive notion of redundancy. On the basis of such formalization, we will investigate the pervasiveness and the fundamental characteristics of the intrinsic redundancy of software systems. We will study the nature, the origin, and various forms of such redundancy. We will also develop techniques to automatically identify the intrinsic redundancy of software systems.

Publisher's Version Article Search
Study of Task Processes for Improving Programmer Productivity
Damodaram Kamma
(IIIT Delhi, India)
In a mature overall process of software development, productivity of a software project considerably depends on the effectiveness with which programmers execute tasks. A task process refers to the processes used by a programmer for executing an assigned task. This research focuses on studying the effect of task processes on programmer productivity. Our approach first identifies high productivity and average productivity programmers, then understands the task processes used by the two groups, the similarities between the task processes used by programmers within a group, and differences between the task processes in the two groups. This study is part of an ongoing study being conducted at a CMMi Level 5 software company. The results so far indicate that there are differences in task processes followed by high and average productivity programmers, and that it may be possible to improve the productivity of average productivity programmers by training them to use the task processes followed by the high productivity programmers.

Publisher's Version Article Search
Improving Enterprise Software Maintenance Efficiency through Mining Software Repositories in an Industry Context
Senthil Mani
(IIIT Delhi, India)
There is an increasing trend to outsource maintenance of large applications and application portfolios of a business to third parties, specializing in application maintenance, who are incented to deliver the best possible maintenance at the lowest cost. In a typical industry setting any maintenance project spans three different phases; Transition, Steady-State and Preventive Maintenance. Each phase has different goals and drivers, but underlying software repositories or artifacts remain the same. To improve the overall efficiency of the process and people involved in these different phases, we require appropriate insights to be derived from the available software repositories. In the past decade considerable research has been done in mining software repositories and deriving insights, particularly focussed on open source softwares. However, focussed studies on enterprise software maintenance in an industrial setting is severely lacking.
In this thesis work, we intend to understand the industry needs on desired insights and limitations on available software artifacts across these different phases. Based on this understanding we intend to propose and develop novel methods and approaches for deriving desirable insights from software repositories. We also intend to leverage empirical techniques to validate our approaches both qualitatively and quantitatively.

Publisher's Version Article Search
Enhancing Feature Interfaces for Supporting Software Product Line Maintenance
Bruno B. P. Cafeo
(PUC-Rio, Brazil)
Software product line (SPL) is a technology aimed at speeding up the development process. Although SPLs are widely used, their maintenance is a challenging task. In particular, when maintaining a SPL feature, developers need to know which parts of other dependent features might be affected by this maintenance. Otherwise, further maintenance problems can be introduced in the SPL implementation. However, the identification and understanding of the so-called feature dependencies in the source code are an exhaustive and error-prone task. In fact, developers often ignore unconsciously feature dependencies while reasoning about SPL maintenance. To overcome this problem, this PhD research aims at understanding the properties of feature dependencies in the source code that exert impact on SPL maintenance. Furthermore, we propose a way to structure and segregate feature interfaces in order to help developers to identify and understand feature dependencies, thus reducing the effort and avoiding undesirable side effects in SPL maintenance.

Publisher's Version Article Search
Supporting Evolution and Maintenance of Android Apps
Mario Linares-Vásquez
(College of William and Mary, USA)
In recent years, the market of mobile software applications (apps) has maintained an impressive upward trajectory. As of today, the market for such devices features over 850K+ apps for Android, and 19 versions of the Android API have been released in 4 years. There is evidence that Android apps are highly dependent on the underlying APIs, and APIs instability (change proneness) and fault-proneness are a threat to the success of those apps. Therefore, the goal of this research is to create an approach that helps developers of Android apps to be better prepared for Android platform updates as well as the updates from third-party libraries that can potentially (and inadvertently) impact their apps with breaking changes and bugs. Thus, we hypothesize that the proposed approach will help developers not only deal with platform and library updates opportunely, but also keep (and increase) the user base by avoiding many of these potential API ”update” bugs

Publisher's Version Article Search

ACM Student Research Competition

Exception Handling for Dynamic Information Flow Control
Abhishek Bichhawat
(Saarland University, Germany)
Exceptions are a source of information leaks, which are difficult to handle as they allow for non-local control transfer. Existing dynamic information flow control techniques either ignore unstructured control flow or are restrictive. This work presents a more permissive solution for controlling information leaks using program analysis techniques.

Publisher's Version Article Search
Automatic Performance Modeling of Multithreaded Programs
Alexander Tarvo
(Brown University, USA)
Multithreaded programs express a complex non-linear dependency between their configuration and the performance. To better understand this dependency performance prediction models are used. However, building performance models manually is time-consuming and error-prone. We present a novel methodology for automatically building performance models of industrial multithreaded programs.

Publisher's Version Article Search
Incremental Reachability Checking of KernelC Programs using Matching Logic
Alessandro Maria Rizzi
(Politecnico di Milano, Italy)
A fundamental phase in software development deals with verifying that software behaves correctly. Although accurate testing can discover many wrong behaviours, formal software verification techniques can help in developing applications that dependably satisfy their requirements. However, since formal verification techniques are time consuming and software changes continuously, incremental verification methods, i.e., methods which reuse the results of the verification of a previous version when verifying a new version of a program, are very useful, since they can significantly reduce the time required to perform the verification.
In this work I apply a syntactic-semantic incremental approach to reachability checking of KernelC programs using matching logic. KernelC is a significant, non-trivial subset of the C programming language. Matching logic is a language-independent proof system to reason about programs in any language that has a rewrite-based operational semantics. Incrementality is achieved by encoding the verification procedure in a syntax-driven fashion based on semantic attributes defined on top of an operator-precedence grammar.

Publisher's Version Article Search
Exploiting Undefined Behaviors for Efficient Symbolic Execution
Asankhaya Sharma
(National University of Singapore, Singapore)
Symbolic execution is an important and popular technique used in several software engineering tools for test case generation, debugging and program analysis. As such improving the performance of symbolic execution can have huge impact on the effectiveness of such tools. In this paper, we present a technique to systematically introduce undefined behaviors during compilation to speed up the subsequent symbolic execution of the program. We have implemented our technique inside LLVM and tested with an existing symbolic execution engine (Pathgrind). Preliminary results on the SIR repository benchmark are encouraging and show 48% speed up in time and 30% reduction in the number of constraints.

Publisher's Version Article Search Video Info
Identifying Caching Opportunities, Effortlessly
Alejandro Infante
(University of Chile, Chile)
Memory consumption is a great concern for most non trivial software. In this paper we introduce a dedicated code profiler that identifies opportunities to reduce memory consumption by introducing caches.

Publisher's Version Article Search
Program Transformations to Fix C Buffer Overflow
Alex Shaw
(Auburn University, USA)
This paper describes two program transformations to fix buffer overflows originating from unsafe library functions and bad pointer operations. Together, these transformations fixed all buffer overflows featured in 4,505 programs of NIST’s SAMATE reference dataset, making the changes automatically on over 2.3 million lines of C code.

Publisher's Version Article Search
Characteristics of the Vulnerable Code Changes Identified through Peer Code Review
Amiangshu Bosu
(University of Alabama, USA)
To effectively utilize the efforts of scarce security experts, this study aims to provide empirical evidence about the characteristics of security vulnerabilities. Using a three-stage, manual analysis of peer code review data from 10 popular Open Source Software (OSS) projects, this study identified 413 potentially vulnerable code changes (VCC). Some key results include: 1) the most experienced contributors authored the majority of the VCCs, 2) while less experienced authors wrote fewer VCCs, their code changes were 1.5 to 24 times more likely to be vulnerable, 3) employees of the organization sponsoring the OSS projects are more likely to write VCCs.

Publisher's Version Article Search Video Info
Privacy and Security Requirements Framework for the Internet of Things (IoT)
Israa Alqassem
(Masdar Institute of Science and Technology, United Arab Emirates)
Capturing privacy and security requirements in the very early stages is essential for creating sufficient public confidence in order to facilitate the adaption of novel systems such as the Internet of Things (IoT). However, traditional requirements engineering methods and frameworks might not be sufficiently effective when dealing with new types of IoT heterogeneous systems. Therefore, building a methodological framework to model the privacy and security requirements specifications for IoT is necessary in order to deal with its mission critical nature. The purpose of this project is to develop such a requirements engineering framework in order to ensure proper development of IoT with security and privacy taken into account from the earliest stages.

Publisher's Version Article Search

proc time: 1.95