| 1. |
- Chechik, Marsha, et al.
(författare)
-
Message from the MiSE 2019 Workshop Organizers
- 2019
-
Ingår i: Proceedings - 2019 IEEE/ACM 11th International Workshop on Modelling in Software Engineering, MiSE 2019. ; , s. VII-
-
Konferensbidrag (övrigt vetenskapligt/konstnärligt)
|
|
| 2. |
|
|
| 3. |
- Damasceno, Carlos Diego N., et al.
(författare)
-
Family-Based Fingerprint Analysis: A Position Paper
- 2022
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer Nature Switzerland. - 1611-3349 .- 0302-9743. ; 13560 LNCS, s. 137-150
-
Bokkapitel (övrigt vetenskapligt/konstnärligt)abstract
- Thousands of vulnerabilities are reported on a monthly basis to security repositories, such as the National Vulnerability Database. Among these vulnerabilities, software misconfiguration is one of the top 10 security risks for web applications. With this large influx of vulnerability reports, software fingerprinting has become a highly desired capability to discover distinctive and efficient signatures and recognize reportedly vulnerable software implementations. Due to the exponential worst-case complexity of fingerprint matching, designing more efficient methods for fingerprinting becomes highly desirable, especially for variability-intensive systems where optional features add another exponential factor to its analysis. This position paper presents our vision of a framework that lifts model learning and family-based analysis principles to software fingerprinting. In this framework, we propose unifying databases of signatures into a featured finite state machine and using presence conditions to specify whether and in which circumstances a given input-output trace is observed. We believe feature-based signatures can aid performance improvements by reducing the size of fingerprints under analysis.
|
|
| 4. |
- Derks, C., et al.
(författare)
-
A benchmark generator framework for evolving variant-rich software
- 2023
-
Ingår i: Journal of Systems and Software. - 0164-1212. ; 203
-
Tidskriftsartikel (refereegranskat)abstract
- Software often needs to exist in different variants, which account for varying customer requirements, environments, or non-functional aspects, such as energy consumption. Unfortunately, the number of variants can grow exponentially with the number of features. As such, developing and evolving variant-rich systems is challenging, since they do not only evolve "in time"as single systems, but also "in space"with new variants. Fortunately, many different methods and tools for variant-rich systems have been proposed over the last decades, especially in the field of software product line engineering. However, their level of evaluation varies significantly, threatening their relevance for practitioners and that of future research. Many tools have only been evaluated on ad hoc datasets, minimal examples, or unrealistic and limited evolution scenarios, missing large parts of the actual evolution lifecycle of variant-rich systems. Our long-term goal is to provide benchmarks to increase the maturity of evaluation of methods and tools for evolving variant-rich systems. However, providing manually curated and sufficiently detailed benchmarks that cover the whole evolution lifecycle of variant-rich systems is challenging. We present the framework vpbench, which simulates the evolution of a variant-rich system and thereby generates an evolution enriched with metadata explaining the evolution. The generated benchmarks, i.e., the evolution histories and metadata, can serve as ground truth to check the results of tools applied on it. We formalize the claims we make about the generator and the generated benchmarks as requirements. The design of vpbench comprises modular generators and evolution operators that automatically evolve real codebases. We implement simple and advanced evolution operators-e.g., relying on code transplantation to incorporate features from real projects. We demonstrate how vpbench addresses its claimed requirements, also considering multiple degrees of realism, extensibility and language-independence of the generated benchmarks.(c) 2023 Elsevier Inc. All rights reserved.
|
|
| 5. |
- García Gonzalo, Sergio, 1989, et al.
(författare)
-
Robotics Software Engineering: A Perspective from the Service Robotics Domain (Summary)
- 2020
-
Ingår i: Lecture Notes in Informatics. - 1617-5468. ; P-310, s. 41-42
-
Konferensbidrag (refereegranskat)abstract
- We present our paper published in the proceedings of the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering 2020. Robots that support humans by performing useful tasks (a.k.a., service robots) are booming worldwide. In contrast to industrial robots, the development of service robots comes with severe software engineering challenges, since they require high levels of robustness and autonomy to operate in highly heterogeneous environments. As a domain with critical safety implications, service robotics faces a need for sound software development practices. In this paper, we present the first large-scale empirical study to assess the state of the art and practice of robotics software engineering. We conducted 18 semi-structured interviews with industrial practitioners working in 15 companies from 9 different countries and a survey with 156 respondents (from 26 countries) from the robotics domain. Our results provide a comprehensive picture of (i) the practices applied by robotics industrial and academic practitioners, including processes, paradigms, languages, tools, frameworks, and reuse practices, (ii) the distinguishing characteristics of robotics software engineering, and (iii) recurrent challenges usually faced, together with adopted solutions. The paper concludes by discussing observations, derived hypotheses, and proposed actions for researchers and practitioners.
|
|
| 6. |
- García Gonzalo, Sergio, 1989, et al.
(författare)
-
Software variability in service robotics
- 2023
-
Ingår i: Empirical Software Engineering. - : Springer Science and Business Media LLC. - 1573-7616 .- 1382-3256. ; 28:2
-
Tidskriftsartikel (refereegranskat)abstract
- Robots artificially replicate human capabilities thanks to their software, the main embodiment of intelligence. However, engineering robotics software has become increasingly challenging. Developers need expertise from different disciplines as well as they are faced with heterogeneous hardware and uncertain operating environments. To this end, the software needs to be variable—to customize robots for different customers, hardware, and operating environments. However, variability adds substantial complexity and needs to be managed—yet, ad hoc practices prevail in the robotics domain, challenging effective software reuse, maintenance, and evolution. To improve the situation, we need to enhance our empirical understanding of variability in robotics. We present a multiple-case study on software variability in the vibrant and challenging domain of service robotics. We investigated drivers, practices, methods, and challenges of variability from industrial companies building service robots. We analyzed the state-of-the-practice and the state-of-the-art—the former via an experience report and eleven interviews with two service robotics companies; the latter via a systematic literature review. We triangulated from these sources, reporting observations with actionable recommendations for researchers, tool providers, and practitioners. We formulated hypotheses trying to explain our observations, and also compared the state-of-the-art from the literature with the-state-of-the-practice we observed in our cases. We learned that the level of abstraction in robotics software needs to be raised for simplifying variability management and software integration, while keeping a sufficient level of customization to boost efficiency and effectiveness in their robots’ operation. Planning and realizing variability for specific requirements and implementing robust abstractions permit robotic applications to operate robustly in dynamic environments, which are often only partially known and controllable. With this aim, our companies use a number of mechanisms, some of them based on formalisms used to specify robotic behavior, such as finite-state machines and behavior trees. To foster software reuse, the service robotics domain will greatly benefit from having software components—completely decoupled from hardware—with harmonized and standardized interfaces, and organized in an ecosystem shared among various companies.
|
|
| 7. |
- García Gonzalo, Sergio, 1989, et al.
(författare)
-
Variability modeling of service robots: Experiences and challenges
- 2019
-
Ingår i: ACM International Conference Proceeding Series. - New York, NY, USA : ACM.
-
Konferensbidrag (refereegranskat)abstract
- Sensing, planning, controlling, and reasoning, are human-like capabilities that can be articially replicated in an autonomous robot. Such a robot implements data structures and algorithms devised on a large spectrum of theories, from probability theory, mechanics, and control theory to ethology, economy, and cognitive sciences. Software plays a key role in the development of robotic systems, as it is the medium to embody intelligence in the machine. During the last years, however, software development is increasingly becoming the bottleneck of robotic systems engineering due to three factors: (a) the software development is mostly based on community efforts and it is not coordinated by key stakeholders; (b) robotic technologies are characterized by a high variability that makes reuse of software a challenging practice; and (c) robotics developers are usually not specically trained in software engineering. In this paper, we illustrate our experiences from EU, academic, and industrial projects in identifying, modeling, and managing variability in the domain of service robots. We hope to raise awareness for the specic variability challenges in robotics software engineering and to inspire other researchers to advance thiseld.
|
|
| 8. |
- Garcia, Sergio, et al.
(författare)
-
Robotics Software Engineering: A Perspective from the Service Robotics Domain
- 2020
-
Ingår i: Proceedings of the 28th ACM Joint European Soft- ware Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE ’20). - New York, NY, USA : ACM. - 9781450370431
-
Konferensbidrag (refereegranskat)abstract
- Robots that support humans by performing useful tasks (a.k.a., service robots) are booming worldwide. In contrast to industrial robots, the development of service robots comes with severe software engineering challenges, since they require high levels of robustness and autonomy to operate in highly heterogeneous environments. As a domain with critical safety implications, service robotics faces a need for sound software development practices. In this paper, we present the first large-scale empirical study to assess the state of the art and practice of robotics software engineering. We conducted 18 semi-structured interviews with industrial practitioners working in 15 companies from 9 different countries and a survey with 156 respondents from 26 countries from the robotics domain. Our results provide a comprehensive picture of (i) the practices applied by robotics industrial and academic practitioners, including processes, paradigms, languages, tools, frameworks, and reuse practices, (ii) the distinguishing characteristics of robotics software engineering, and (iii) recurrent challenges usually faced, together with adopted solutions. The paper concludes by discussing observations, derived hypotheses, and proposed actions for researchers and practitioners.
|
|
| 9. |
|
|
| 10. |
- Horcas, Jose Miguel, et al.
(författare)
-
We're Not Gonna Break It! Consistency-Preserving Operators for Efficient Product Line Configuration
- 2023
-
Ingår i: IEEE Transactions on Software Engineering. - 0098-5589 .- 1939-3520. ; 49:3, s. 1102-1117
-
Tidskriftsartikel (refereegranskat)abstract
- When configuring a software product line, finding a good trade-off between multiple orthogonal quality concerns is a challenging multi-objective optimisation problem. State-of-the-art solutions based on search-based techniques create invalid configurations in intermediate steps, requiring additional repair actions that reduce the efficiency of the search. In this work, we introduce consistency-preserving configuration operators (CPCOs) - genetic operators that maintain valid configurations throughout the entire search. CPCOs bundle coherent sets of changes: the activation or deactivation of a particular feature together with other (de)activations that are needed to preserve validity. In our evaluation, our instantiation of the IBEA algorithm with CPCOs outperforms two state-of-the-art tools for optimal product line configuration in terms of both speed and solution quality. The improvements are especially pronounced in large product lines with thousands of features.
|
|
| 11. |
- Idowu, Samuel, 1985, et al.
(författare)
-
Asset Management in Machine Learning: A Survey
- 2021
-
Ingår i: Proceedings - International Conference on Software Engineering. - 0270-5257.
-
Konferensbidrag (refereegranskat)abstract
- Machine Learning (ML) techniques are becoming essential components of many software systems today, causing an increasing need to adapt traditional software engineering practices and tools to the development of ML-based software systems. This need is especially pronounced due to the challenges associated with the large-scale development and deployment of ML systems. Among the most commonly reported challenges during the development, production, and operation of ML-based systems are experiment management, dependency management, monitoring, and logging of ML assets. In recent years, we have seen several efforts to address these challenges as witnessed by an increasing number of tools for tracking and managing ML experiments and their assets. To facilitate research and practice on engineering intelligent systems, it is essential to understand the nature of the current tool support for managing ML assets. What kind of support is provided? What asset types are tracked? What operations are offered to users for managing those assets? We discuss and position ML asset management as an important discipline that provides methods and tools for ML assets as structures and the ML development activities as their operations. We present a feature-based survey of 17 tools with ML asset management support identified in a systematic search. We overview these tools' features for managing the different types of assets used for engineering ML-based systems and performing experiments. We found that most of the asset management support depends on traditional version control systems, while only a few tools support an asset granularity level that differentiates between important ML assets, such as datasets and models.
|
|
| 12. |
|
|
| 13. |
- Idowu, Samuel, 1985, et al.
(författare)
-
EMMM: A Unified Meta-Model for Tracking Machine Learning Experiments
- 2022
-
Ingår i: Proceedings - 48th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2022. ; , s. 48-55
-
Konferensbidrag (refereegranskat)abstract
- Traditional software engineering tools for managing assets—specifically, version control systems—are inadequate to manage the variety of asset types used in machine-learning model development experiments. Two possible paths to improve the management of machine learning assets include 1) Adopting dedicated machine-learning experiment management tools, which are gaining popularity for supporting concerns such as versioning, traceability, auditability, collaboration, and reproducibility; 2) Developing new and improved version control tools with support for domain-specific operations tailored to machine learning assets. As a contribution to improving asset management on both paths, this work presents Experiment Management Meta-Model (EMMM), a meta-model that unifies the conceptual structures and relationships extracted from systematically selected machine-learning experiment management tools. We explain the metamodel’s concepts and relationships and evaluate it using real experiment data. The proposed meta-model is based on the Eclipse Modeling Framework (EMF) with its meta-modeling language, Ecore, to encode model structures. Our meta-model can be used as a concrete blueprint for practitioners and researchers to improve existing tools and develop new tools with native support for machine-learning-specific assets and operations.
|
|
| 14. |
- Idowu, Samuel, 1985, et al.
(författare)
-
Machine learning experiment management tools: a mixed-methods empirical study
- 2024
-
Ingår i: Empirical Software Engineering. - 1573-7616 .- 1382-3256. ; 29:4
-
Tidskriftsartikel (refereegranskat)abstract
- Machine Learning (ML) experiment management tools support ML practitioners and software engineers when building intelligent software systems. By managing large numbers of ML experiments comprising many different ML assets, they not only facilitate engineering ML models and ML-enabled systems, but also managing their evolution—for instance, tracing system behavior to concrete experiments when the model performance drifts. However, while ML experiment management tools have become increasingly popular, little is known about their effectiveness in practice, as well as their actual benefits and challenges. We present a mixed-methods empirical study of experiment management tools and the support they provide to users. First, our survey of 81 ML practitioners sought to determine the benefits and challenges of ML experiment management and of the existing tool landscape. Second, a controlled experiment with 15 student developers investigated the effectiveness of ML experiment management tools. We learned that 70% of our survey respondents perform ML experiments using specialized tools, while out of those who do not use such tools, 52% are unaware of experiment management tools or of their benefits. The controlled experiment showed that experiment management tools offer valuable support to users to systematically track and retrieve ML assets. Using ML experiment management tools reduced error rates and increased completion rates. By presenting a user’s perspective on experiment management tools, and the first controlled experiment in this area, we hope that our results foster the adoption of these tools in practice, as well as they direct tool builders and researchers to improve the tool landscape overall.
|
|
| 15. |
|
|
| 16. |
- John, Stefan, et al.
(författare)
-
Searching for optimal models: Comparing two encoding approaches
- 2019
-
Ingår i: Journal of Object Technology. - : AITO - Association Internationale pour les Technologies Objets. - 1660-1769. ; 18:3, s. 1-22
-
Tidskriftsartikel (refereegranskat)abstract
- Search-Based Software Engineering (SBSE) is about solving software development problems by formulating them as optimization problems. In the last years, combining SBSE and Model-Driven Engineering (MDE), where models and model transformations are treated as key artifacts in the development of complex systems, has become increasingly popular. While search-based techniques have often successfully been applied to tackle MDE problems, a recent line of research investigates how a model-driven design can make optimization more easily accessible to a wider audience. In previous model-driven optimization efforts, a major design decision concerns the way in which solutions are encoded. Two main options have been explored: a model-based encoding representing candidate solutions as models, and a rule-based encoding representing them as sequences of transformation rule applications. While both encodings have been applied to different use cases, no study has yet compared them systematically. To close this gap, we evaluate both approaches on a common set of optimization problems, investigating their impact on the optimization performance. Additionally, we discuss their differences, strengths, and weaknesses laying the foundation for a knowledgeable choice of the right encoding for the right problem.
|
|
| 17. |
|
|
| 18. |
- Kosiol, Jens, et al.
(författare)
-
Finding the Right Way to Rome: Effect-Oriented Graph Transformation
- 2023
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - 1611-3349 .- 0302-9743. ; 13961 LNCS, s. 43-63
-
Konferensbidrag (refereegranskat)abstract
- Many applications of graph transformation require rules that change a graph without introducing new consistency violations. When designing such rules, it is natural to think about the desired outcome state, i.e., the desired effect, rather than the specific steps required to achieve it; these steps may vary depending on the specific rule-application context. Existing graph-transformation approaches either require a separate rule to be written for every possible application context or lack the ability to constrain the maximal change that a rule will create. We introduce effect-oriented graph transformation, shifting the semantics of a rule from specifying actions to representing the desired effect. A single effect-oriented rule can encode a large number of induced classic rules. Which of the potential actions is executed depends on the application context; ultimately, all ways lead to Rome. If a graph element to be deleted (created) by a potential action is already absent (present), this action need not be performed because the desired outcome is already present. We formally define effect-oriented graph transformation, show how matches can be computed without explicitly enumerating all induced classic rules, and report on a prototypical implementation of effect-oriented graph transformation in Henshin.
|
|
| 19. |
- Lambers, Leen, et al.
(författare)
-
Exploring conflict reasons for graph transformation systems
- 2019
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 11629 LNCS, s. 75-92
-
Konferensbidrag (refereegranskat)abstract
- Conflict and dependency analysis (CDA) is a static analysis for the detection of conflicting and dependent rule applications in a graph transformation system. Recently, granularity levels for conflicts and dependencies have been investigated focussing on delete-use conflicts and produce-use dependencies. A central notion for granularity considerations are (minimal) conflict and dependency reasons. For a rule pair, where the second rule is non-deleting, it is well-understood based on corresponding constructive characterizations how to efficiently compute (minimal) conflict and dependency reasons. We further explore the notion of (minimal) conflict reason for the general case where the second rule of a rule pair may be deleting as well. We present new constructive characterizations of (minimal) conflict reasons distinguishing delete-read from delete-delete reasons. Based on these constructive characterizations we propose a procedure for computing (minimal) conflict reasons and we show that it is sound and complete.
|
|
| 20. |
- Lambers, L., et al.
(författare)
-
Granularity of conflicts and dependencies in graph transformation systems: A two-dimensional approach
- 2019
-
Ingår i: Journal of Logical and Algebraic Methods in Programming. - : Elsevier BV. - 2352-2208 .- 2352-2216. ; 103, s. 105-129
-
Tidskriftsartikel (refereegranskat)abstract
- Conflict and dependency analysis (CDA) is a static analysis for the detection of conflicting and dependent rule applications in a graph transformation system. The state-of-the-art CDA technique, critical pair analysis, provides all potential conflicts and dependencies in minimal context as critical pairs, for each pair of rules. Yet, critical pairs can be hard to understand; users are mainly interested in core information about conflicts and dependencies occurring in various combinations. In this paper, we present an approach to conflicts and dependencies in graph transformation systems based on two dimensions of granularity. The first dimension refers to the overlap considered between the rules of a given rule pair; the second one refers to the represented amount of context information about transformations in which the conflicts occur. We introduce a variety of new conflict notions, in particular, conflict atoms, conflict reasons, and minimal conflict reasons, relate them to the existing conflict notions of critical pairs and initial conflicts, and position all of these notions within our granularity approach. Finally, we introduce dual concepts for dependency analysis. As we discuss in a running example, our approach paves the way for an improved CDA technique. (C) 2018 Elsevier Inc. All rights reserved.
|
|
| 21. |
|
|
| 22. |
- Mahmood, Wardah, 1992, et al.
(författare)
-
Seamless Variability Management with the Virtual Platform
- 2021
-
Ingår i: Proceedings - International Conference on Software Engineering. - 0270-5257.
-
Konferensbidrag (refereegranskat)abstract
- Customization is a general trend in software engineering, demanding systems that support variable stakeholder requirements. Two opposing strategies are commonly used to create variants: software clone&own and software configuration with an integrated platform. Organizations often start with the former, which is cheap, agile, and supports quick innovation, but does not scale. The latter scales by establishing an integrated platform that shares software assets between variants, but requires high up-front investments or risky migration processes. So, could we have a method that allows an easy transition or even combine the benefits of both strategies? We propose a method and tool that supports a truly incremental development of variant rich systems, exploiting a spectrum between both opposing strategies. We design, formalize, and prototype the variability management framework virtual platform . It bridges clone&own and platform-oriented development. Relying on programming language independent conceptual structures representing software assets, it offers operators for engineering and evolving a system, comprising: traditional, asset-oriented operators and novel, feature-oriented operators for incrementally adopting concepts of an integrated platform. The operators record meta-data that is exploited by other operators to support the transition. Among others, they eliminate expensive feature-location effort or the need to trace clones. Our evaluation simulates the evolution of a real-world, clone-based system, measuring its costs and benefits.
|
|
| 23. |
- Mahmood, Wardah, 1992, et al.
(författare)
-
Virtual Platform: Effective and Seamless Variability Management for Software Systems
- 2024
-
Ingår i: IEEE Transactions on Software Engineering. - 0098-5589 .- 1939-3520. ; In Press
-
Tidskriftsartikel (refereegranskat)abstract
- Customization is a general trend in software engineering, demanding systems that support variable stakeholder requirements. Two opposing strategies are commonly used to create variants: software clone & own and software configuration with an integrated platform. Organizations often start with the former, which is cheap and agile, but does not scale. The latter scales by establishing an integrated platform that shares software assets between variants, but requires high up-front investments or risky migration processes. So, could we have a method that allows an easy transition or even combine the benefits of both strategies? We propose a method and tool that supports a truly incremental development of variant-rich systems, exploiting a spectrum between the opposing strategies. We design, formalize, and prototype a variability-management framework: the virtual platform. Virtual platform bridges clone & own and platform-oriented development. Relying on programming-language independent conceptual structures representing software assets, it offers operators for engineering and evolving a system, comprising: traditional, asset-oriented operators and novel, feature-oriented operators for incrementally adopting concepts of an integrated platform. The operators record meta-data that is exploited by other operators to support the transition. Among others, they eliminate expensive feature-location effort or the need to trace clones. A cost-and-benefit analysis of using the virtual platform to simulate the development of a real-world variant-rich system shows that it leads to benefits in terms of saved effort and time for clone detection and feature location. Furthermore, we present a user study indicating that the virtual platform effectively supports exploratory and hands-on tasks, outperforming manual development concerning correctness. We also observed that participants were significantly faster when performing typical variability management tasks using the virtual platform. Furthermore, participants perceived manual development to be significantly more difficult than using the virtual platform, preferring virtual platform for all our tasks. We supplement our findings with recommendations on when to use virtual platform and on incorporating the virtual platform in practice.
|
|
| 24. |
|
|
| 25. |
- Peldszus, Sven, et al.
(författare)
-
Secure Data-Flow Compliance Checks between Models and Code Based on Automated Mappings
- 2019
-
Ingår i: Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019. ; , s. 23-33
-
Konferensbidrag (refereegranskat)abstract
- During the development of security-critical software, the system implementation must capture the security properties postulated by the architectural design. This paper presents an approach to support secure data-flow compliance checks between design models and code. To iteratively guide the developer in discovering such compliance violations we introduce automated mappings. These mappings are created by searching for correspondences between a design-level model (Security Data Flow Diagram) and an implementation-level model (Program Model). We limit the search space by considering name similarities between model elements and code elements as well as by the use of heuristic rules for matching data-flow structures. The main contributions of this paper are three-fold. First, the automated mappings support the designer in an early discovery of implementation absence, convergence, and divergence with respect to the planned software design. Second, the mappings also support the discovery of secure data-flow compliance violations in terms of illegal asset flows in the software implementation. Third, we present our implementation of the approach as a publicly available Eclipse plugin and its evaluation on five open source Java projects (including Eclipse secure storage).
|
|
| 26. |
|
|
| 27. |
- Priefer, Dennis, et al.
(författare)
-
Applying MDD in the Content Management System Domain: Scenarios and Empirical Assessment
- 2019
-
Ingår i: Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019. ; , s. 56-66
-
Konferensbidrag (refereegranskat)abstract
- Content Management Systems (CMSs) such as Joomla and WordPress dominate today's web. Enabled by standardized extensions, administrators can build powerful web applications for diverse customer demands. However, developing CMS extensions requires sophisticated technical knowledge, and the highly schematic code structure of an extension gives rise to errors during typical development and migration scenarios. Model-driven development (MDD) seems to be a promising paradigm to address these challenges, however it has not found adoption in the CMS domain yet. Systematic evidence of the benefit of applying MDD in this domain could facilitate its adoption; however, an empirical investigation of this benefit is currently lacking. In this paper, we present a mixed-method empirical investigation of applying MDD in the CMS domain, based on an interview suite, a controlled experiment, and a field experiment. We consider three scenarios of developing new (both independent and dependent) CMS extensions and of migrating existing ones to a new major platform version. The experienced developers in our interviews acknowledge the relevance of these scenarios and report on experiences that render them suitable candidates for a successful application of MDD. We found a particularly high relevance of the migration scenario. Our experiments largely confirm the potentials and limits of MDD as identified for other domains. In particular, we found a productivity increase up to factor 17 during the development of CMS extensions. Furthermore, our observations highlight the importance of good tooling that seamlessly integrates with already used tool environments and processes.
|
|
| 28. |
- Ramadan, Q., et al.
(författare)
-
A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization, and fairness requirements
- 2020
-
Ingår i: Software and Systems Modeling. - : Springer Science and Business Media LLC. - 1619-1366 .- 1619-1374. ; 19, s. 1191-1227
-
Tidskriftsartikel (refereegranskat)abstract
- Requirements are inherently prone to conflicts. Security, data-minimization, and fairness requirements are no exception. Importantly, undetected conflicts between such requirements can lead to severe effects, including privacy infringement and legal sanctions. Detecting conflicts between security, data-minimization, and fairness requirements is a challenging task, as such conflicts are context-specific and their detection requires a thorough understanding of the underlying business processes. For example, a process may require anonymous execution of a task that writes data into a secure data storage, where the identity of the writer is needed for the purpose of accountability. Moreover, conflicts not arise from trade-offs between requirements elicited from the stakeholders, but also from misinterpretation of elicited requirements while implementing them in business processes, leading to a non-alignment between the data subjects' requirements and their specifications. Both types of conflicts are substantial challenges for conflict detection. To address these challenges, we propose a BPMN-based framework that supports: (i) the design of business processes considering security, data-minimization and fairness requirements, (ii) the encoding of such requirements as reusable, domain-specific patterns, (iii) the checking of alignment between the encoded requirements and annotated BPMN models based on these patterns, and (iv) the detection of conflicts between the specified requirements in the BPMN models based on a catalog of domain-independent anti-patterns. The security requirements were reused from SecBPMN2, a security-oriented BPMN 2.0 extension, while the fairness and data-minimization parts are new. For formulating our patterns and anti-patterns, we extended a graphical query language called SecBPMN2-Q. We report on the feasibility and the usability of our approach based on a case study featuring a healthcare management system, and an experimental user study.
|
|
| 29. |
- Strüber, Daniel, 1986, et al.
(författare)
-
Facing the truth: Benchmarking the techniques for the evolution of variant-rich systems
- 2019
-
Ingår i: ACM International Conference Proceeding Series. - New York, NY, USA : ACM. ; A, s. 177-188
-
Konferensbidrag (refereegranskat)abstract
- The evolution of variant-rich systems is a challenging task. To support developers, the research community has proposed a range of different techniques over the last decades. However, many techniques have not been adopted in practice so far. To advance such techniques and to support their adoption, it is crucial to evaluate them against realistic baselines, ideally in the form of generally accessible benchmarks. To this end, we need to improve our empirical understanding of typical evolution scenarios for variant-rich systems and their relevance for benchmarking. In this paper, we establish eleven evolution scenarios in which benchmarks would be beneficial. Our scenarios cover typical lifecycles of variant-rich system, ranging from clone&own to adopting and evolving a configurable product-line platform. For each scenario, we formulate benchmarking requirements and assess its clarity and relevance via a survey with experts in variant-rich systems and software evolution. We also surveyed the existing benchmarking landscape, identifying synergies and gaps. We observed that most scenarios, despite being perceived as important by experts, are only partially or not at all supported by existing benchmarks-a call to arms for building community benchmarks upon our requirements. We hope that our work raises awareness for benchmarking as a means to advance techniques for evolving variant-rich systems, and that it will lead to a benchmarking initiative in our community.
|
|
| 30. |
|
|
| 31. |
- Strüber, Daniel, 1986
(författare)
-
The Complexity Paradox: An Analysis of Modeling Education Through the Lens of Complexity Science
- 2023
-
Ingår i: Proceedings - 2023 ACM/IEEE International Conference on Model Driven Engineering Languages and Systems Companion, MODELS-C 2023. - 9798350324983
-
Konferensbidrag (refereegranskat)abstract
- Modeling seeks to tame complexity during software development, by supporting design, analysis, and stakeholder communication. Paradoxically, experiences made by educators indicate that students often perceive modeling as adding complexity, instead of reducing it. In this position paper, I analyse modeling education from the lens of complexity science, a theoretical framework for the study of complex systems. I revisit pedagogical literature where complexity science has been used as a framework for general education and subject-specific education in disciplines such as medicine, project management, and sustainability. I revisit complexity-related challenges from modeling education literature, discuss them in the light of complexity and present recommendations for taming complexity when teaching modeling.
|
|
| 32. |
- Tuma, K., et al.
(författare)
-
Checking security compliance between models and code
- 2023
-
Ingår i: Software and Systems Modeling. - : Springer Science and Business Media LLC. - 1619-1366 .- 1619-1374. ; 22, s. 273-296
-
Tidskriftsartikel (refereegranskat)abstract
- It is challenging to verify that the planned security mechanisms are actually implemented in the software. In the context of model-based development, the implemented security mechanisms must capture all intended security properties that were considered in the design models. Assuring this compliance manually is labor intensive and can be error-prone. This work introduces the first semi-automatic technique for secure data flow compliance checks between design models and code. We develop heuristic-based automated mappings between a design-level model (SecDFD, provided by humans) and a code-level representation (Program Model, automatically extracted from the implementation) in order to guide users in discovering compliance violations, and hence, potential security flaws in the code. These mappings enable an automated, and project-specific static analysis of the implementation with respect to the desired security properties of the design model. We developed two types of security compliance checks and evaluated the entire approach on open source Java projects.
|
|
| 33. |
|
|
| 34. |
|
|
| 35. |
- van Harten, Niels, et al.
(författare)
-
Model-Driven Optimization: Generating Smart Mutation Operators for Multi-Objective Problems
- 2022
-
Ingår i: Proceedings - 48th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2022. ; , s. 390-397
-
Konferensbidrag (refereegranskat)abstract
- In search-based software engineering (SBSE), the choice of search operators can significantly impact the quality of the obtained solutions and the efficiency of the search. Recent work in the context of combining SBSE with model-driven engineering has investigated the idea of automatically generating smart search operators for the case at hand. While showing improvements, this previous work focused on single-objective optimization, a restriction that prohibits a broader use for many SBSE scenarios. Furthermore, since it did not allow users to customize the generation, it could miss out on useful domain knowledge that may further improve the quality of the generated operators. To address these issues, we propose a customizable framework for generating mutation operators for multi-objective problems. It generates mutation operators in the form of model transformations that can modify solutions represented as instances of the given problem meta-model. To this end, we extend an existing framework to support multiobjective problems as well as customization based on domain knowledge, including the capability to specify manual "baseline" operators that are refined during the operator generation. Our evaluation based on the Next Release Problem shows that the automated generation of mutation operators and user-provided domain knowledge can improve the performance of the search without sacrificing the overall result quality.
|
|
| 36. |
- Viertel, Fabien Patrick, et al.
(författare)
-
Detecting security vulnerabilities using clone detection and community knowledge
- 2019
-
Ingår i: Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE. - 2325-9000 .- 2325-9086. ; 2019-July, s. 245-252
-
Konferensbidrag (refereegranskat)abstract
- Faced with the severe financial and reputation implications associated with data breaches, enterprises now recognize security as a top concern for software analysis tools. While software engineers are typically not equipped with the required expertise to identify vulnerabilities in code, community knowledge in the form of publicly available vulnerability databases could come to their rescue. For example, the Common Vulnerabilities and Exposures Database (CVE) contains data about already reported weaknesses. However, the support with available examples in these databases is scarce. CVE entries usually do not contain example code for a vulnerability, its exploit or patch. They just link to reports or repositories that provide this information. Manually searching these sources for relevant information is time-consuming and error-prone. In this paper, we propose a vulnerability detection approach based on community knowledge and clone detection. The key idea is to harness available example source code of software weaknesses, from a large-scale vulnerability database, which are matched to code fragments using clone detection. We leverage a clone detection technique from the literature, which we adapted to make it applicable to vulnerability databases. In an evaluation based on 20 reports and affected projects, our approach showed good precision and recall.
|
|
| 37. |
- Zhang, Weixing, et al.
(författare)
-
Automated Extraction of Grammar Optimization Rule Configurations for Metamodel-Grammar Co-evolution
- 2023
-
Ingår i: In Proceedings of the 16th ACM SIGPLAN International Conference on Software Language Engineering (SLE ’23). - : ACM digital Library. - 9798400703966
-
Konferensbidrag (refereegranskat)abstract
- When a language evolves, meta-models and associated grammars need to be co-evolved to stay mutually consistent. Previous work has supported the automated migration of a grammar after changes of the meta-model to retain manual optimizations of the grammar, related to syntax aspects such as keywords, brackets, and component order. Yet, doing so required the manual specification of optimization rule configurations, which was laborious and error-prone. In this work, to significantly reduce the manual effort during meta-model and grammar co-evolution, we present an automated approach for extracting optimization rule configurations. The inferred configurations can be used to automatically replay optimizations on later versions of the grammar, thus leading to a fully automated migration process for the supported types of changes. We evaluated our approach on six real cases. Full automation was possible for three of them, with agreement rates between ground truth and inferred grammar between 88% and 67% for the remaining ones.
|
|
| 38. |
- Zhang, Wenli, 1995, et al.
(författare)
-
Manual Abstraction in the Wild: A Multiple-Case Study on OSS Systems’ Class Diagrams and Implementations
- 2023
-
Ingår i: Proceedings of the 26th International Conference on Model Driven Engineering Languages and Systems. - Västerås. - 9798350324808
-
Konferensbidrag (refereegranskat)abstract
- Models are a useful tool for software design, analysis, and to support the onboarding of new maintainers. However, these benefits are often lost over time, as the system implementation evolves and the original models are not updated. Reverse engineering methods and tools could help to keep models and implementation code in sync; however, automatically reverse-engineered models are typically not abstract and contain extensive information that prevents understanding. Recent advances in AI-based content generation make it likely that we will soon see reverse engineering tools with support for human-grade abstraction. To inform the design and validation of such tools, we need a principled understanding of what manual abstraction is, a question that has received little attention in the literature so far. Towards this goal, in this paper, we present a multiple-case study of model-to-code differences, investigating five substantial open-source software projects retrieved via repository mining. To explore characteristics of model-to-code differences, we, all in all, manually matched 466 classes, 1352 attributes, and 2634 operations from source code to 338 model elements (classes, attributes, operations, and relationships). These mappings precisely capture the differences between a provided class diagram design and an implementation codebase. Studying all differences in detail allowed us to derive a taxonomy of difference types and to provide a sorted list of cases corresponding to the identified types of differences. As we discuss, our contributions pave the way for improved reverse engineering methods and tools, new mapping rules for model-to-code consistency checks, and guidelines for avoiding over-abstraction and over-specification during design.
|
|
| 39. |
- Zhang, Weixing, 1987, et al.
(författare)
-
Supporting meta-model-based language evolution and rapid prototyping with automated grammar transformation
- 2024
-
Ingår i: Journal of Systems and Software. - 0164-1212. ; 214
-
Tidskriftsartikel (refereegranskat)abstract
- In model-driven engineering, developing a textual domain-specific language (DSL) involves constructing a meta-model, which defines an underlying abstract syntax, and a grammar, which defines the concrete syntax for the DSL. We consider a scenario in which the meta-model is manually maintained, which is common in various contexts, such as blended modeling, in which several concrete syntaxes co-exist in parallel. Language workbenches such as Xtext support such a scenario, but require the grammar to be manually co-evolved, which is laborious and error-prone. In this paper, we present GRAMMARTRANSFORMER, an approach for transforming generated grammars in the context of meta-model-based language evolution. To reduce the effort for language engineers during rapid prototyping and language evolution, it offers a catalog of configurable grammar transformation rules. Once configured, these rules can be automatically applied and re-applied after future evolution steps, greatly reducing redundant manual effort. In addition, some of the supported transformations can globally change the style of concrete syntax elements, further significantly reducing the effort for manual transformations. The grammar transformation rules were extracted from a comparison of generated and existing, expert-created grammars, based on seven available DSLs. An evaluation based on the seven languages shows GRAMMARTRANSFORMER's ability to modify Xtext-generated grammars in a way that agrees with manual changes performed by an expert and to support language evolution in an efficient way, with only a minimal need to change existing configurations over time.
|
|
