A Life Cycle Software Quality Model Using Bayesian Belief Networks

Beaver, Justin

01 January 2006

Software practitioners lack a consistent approach to assessing and predicting quality within their products. This research proposes a software quality model that accounts for the influences of development team skill/experience, process maturity, and problem complexity throughout the software engineering life cycle. The model is structured using Bayesian Belief Networks and, unlike previous efforts, uses widely-accepted software engineering standards and in-use industry techniques to quantify the indicators and measures of software quality. Data from 28 software engineering projects was acquired for this study, and was used for validation and comparison of the presented software quality models. Three Bayesian model structures are explored and the structure with the highest performance in terms of accuracy of fit and predictive validity is reported. In addition, the Bayesian Belief Networks are compared to both Least Squares Regression and Neural Networks in order to identify the technique is best suited to modeling software product quality. The results indicate that Bayesian Belief Networks outperform both Least Squares Regression and Neural Networks in terms of producing modeled software quality variables that fit the distribution of actual software quality values, and in accurately forecasting 25 different indicators of software quality. Between the Bayesian model structures, the simplest structure, which relates software quality variables to their correlated causal factors, was found to be the most effective in modeling software quality. In addition, the results reveal that the collective skill and experience of the development team, over process maturity or problem complexity, has the most significant impact on the quality of software products.

Software Engineering

Software Quality

Software Metrics

Bayesian Belief Networks

Computer Engineering

Engineering

A Software Vulnerability Prediction Model Using Traceable Code Patterns And Software Metrics

Sultana, Kazi Zakia

10 August 2018

Software security is an important aspect of ensuring software quality. The goal of this study is to help developers evaluate software security at the early stage of development using traceable patterns and software metrics. The concept of traceable patterns is similar to design patterns, but they can be automatically recognized and extracted from source code. If these patterns can better predict vulnerable code compared to the traditional software metrics, they can be used in developing a vulnerability prediction model to classify code as vulnerable or not. By analyzing and comparing the performance of traceable patterns with metrics, we propose a vulnerability prediction model. Objective: This study explores the performance of code patterns in vulnerability prediction and compares them with traditional software metrics. We have used the findings to build an effective vulnerability prediction model. Method: We designed and conducted experiments on the security vulnerabilities reported for Apache Tomcat (Releases 6, 7 and 8), Apache CXF and three stand-alone Java web applications of Stanford Securibench. We used machine learning and statistical techniques for predicting vulnerabilities of the systems using traceable patterns and metrics as features. Result: We found that patterns have a lower false negative rate and higher recall in detecting vulnerable code than the traditional software metrics. We also found a set of patterns and metrics that shows higher recall in vulnerability prediction. Conclusion: Based on the results of the experiments, we proposed a prediction model using patterns and metrics to better predict vulnerable code with higher recall rate. We evaluated the model for the systems under study. We also evaluated their performance in the cross-dataset validation.

vulnerability

software security

software quality

software testing

software metrics

nano-patterns

micro patterns

Change decision support:extraction and analysis of late architecture changes using change characterization and software metrics

Williams, Byron Joseph

02 May 2009

Software maintenance is one of the most crucial aspects of software development. Software engineering researchers must develop practical solutions to handle the challenges presented in maintaining mature software systems. Research that addresses practical means of mitigating the risks involved when changing software, reducing the complexity of mature software systems, and eliminating the introduction of preventable bugs is paramount to today’s software engineering discipline. Giving software developers the information that they need to make quality decisions about changes that will negatively affect their software systems is a key aspect to mitigating those risks. This dissertation presents work performed to assist developers to collect and process data that plays a role in change decision-making during the maintenance phase. To address these problems, developers need a way to better understand the effects of a change prior to making the change. This research addresses the problems associated with increasing architectural complexity caused by software change using a twoold approach. The first approach is to characterize software changes to assess their architectural impact prior to their implementation. The second approach is to identify a set of architecture metrics that correlate to system quality and maintainability and to use these metrics to determine the level of difficulty involved in making a change. The two approaches have been combined and the results presented provide developers with a beneficial analysis framework that offers insight into the change process.

software change characterization

software metrics

historical data analysis

software change

software evolution

Supporting Software Engineering Via Lightweight Forward Static Slicing

Alomari, Hakam W.

12 July 2012

No description available.

Computer Science

Program slicing

software maintenance

impact analysis

software metrics

effort estimation

Definição e gerenciamento de métricas de teste no contexto de métodos ágeis / Definition and management of testing metrics in agile methods context

Vicente, André Abe

22 April 2010

Métodos ágeis são técnicas adequadas para o desenvolvimento de software sujeito a mudanças constantes. Essas mudanças não devem afetar o cronograma, orçamento do projeto e devem assegurar o atendimento às necessidades do cliente. Diversos valores, princípios e boas práticas de desenvolvimento e de condução de projeto são aplicados em projetos ágeis com esse objetivo. Algumas dessas práticas são relacionadas a atividade de teste de software. Este trabalho teve como objetivo caracterizar a atividade de teste de software aplicada dentro de métodos de desenvolvimento ágil, buscando eliminar aspectos de teste não produtivos, identificando boas práticas e, principalmente, criando formas de acompanhar e melhorar continuamente a condução da atividade de teste. A partir da caracterização da atividade foi proposta a adoção de um conjunto de métricas para facilitar o seu acompanhamento e melhoria constante da mesma. Algumas dessas métricas de acompanhamento de testes foram implementadas na ferramenta Agile Testing Metrics Management (ATMM). O objetivo principal da ferramenta é gerenciar as iterações de desenvolvimento do projeto ágil e, também, exibir a evolução das métricas relacionadas ao código que está sendo testado e aos casos de teste desenvolvidos utilizando a ferramenta JUnit. Para validar a ferramenta e as métricas foram conduzidos estudos de casos com dois projetos de software de domínios diferentes que utilizaram métodos ágeis e testes de unidade / Agile methods are appropriate techniques for software development subject to constant changes. These changes should not affect the project schedule, budget and must ensure meeting the clients needs. Several values, principles and practices of project development and driving are applied in agile projects with this goal. Some of these practices are related to software testing activity. This study aimed at characterizing the software testing activity applied to agile development methods, trying to eliminate unproductive testing aspects, identifying good practices and especially creating ways of tracking and continuously improve the test activity. From this activity characterization, it was proposed an adoption of metrics set to facilitate the monitoring and constant improvement of the activity. Some of these testing tracking metrics were implemented in the Agile Testing Metrics Management Tool (ATMM). The main goal of this tool is to manage the iterations of agile project development and, also show the metrics evolutions regarding the code that have been tested and the test cases developed using JUnit. The tool and metrics were validated by case studies that were conducted with two software projects of different domains which used agile methods and unit testing

Agile development methods

Agile methods

Métodos ágeis

Métodos de desenvolvimento ágil

Métricas de software

Software metrics

Software testing

Teste de software

Analyse statique et dynamique de code et visualisation des logiciels via la métaphore de la ville : contribution à l'aide à la compréhension des programmes / Static and Dynamic Analysis of Source Code and Software Visualization using the City Metaphor : contribution to enhance program understanding

Caserta, Pierre

07 December 2012

Ce travail s'inscrit dans le cadre des recherches menées autour de l'analyse et la visualisation des logiciels, notamment les logiciels à objets, et en particulier Java. Très brièvement, on peut dire que le but de cette thèse revient à tenter de répondre à une question fondamentale: comment faire pour faciliter la compréhension du logiciel par ses développeurs et concepteurs ? Ce travail de recherche est basé en grande partie sur deux axes principaux. Le premier consiste à analyser l'exécution des programmes, non seulement au niveau de la méthode, mais bien au niveau du bloc de base, pour recueillir des données d'exécutions avec un maximum de précision comme par exemple les différents types d'instances sur les sites d'appels. Le second axe considère l'utilisation des informations apportées par notre analyse dynamique de l'exécution pour permettre la visualisation de ces données. En effet, ces informations offrent des détails intéressants sur le fonctionnement du programme et aident à expliquer le comportement du logiciel, aussi bien pour déceler les problèmes de performance que les problèmes de codages. Nous proposons une technique souple et efficace qui effectue une analyse dynamique de l'exécution de programmes Java. Nous introduisons ainsi une nouvelle technique et un nouvel outil permettant de recueillir des informations encore non proposées par d'autres analyseurs. Cette approche trace l'exécution précise des programmes tout en ayant une baisse des performances d'exécution acceptable, laissant le programme final utilisable. De plus, nous proposons et expérimentons une approche basé sur la visualisation des relations au sein d'une représentation du logiciel par une métaphore de ville. Nous introduisons une nouvelle technique de représentation des relations nommée "3D HierarchicalEdge Bundles" qui est basée sur une représentation 2D existante nommée "HierarchicalEdge Bundles". Cette approche conserve la puissance de visualisation du logiciel offerte par la métaphore de la ville tout en ajoutant la représentation des relations, et cela d'une façon lisible. Ces travaux sont validés entre autres par le développement d'un outil d'analyse nommé VITRAIL JBInsTrace et d'un outil de visualisation nommé VITRAIL Visualizer. Ces outils sont la base de nos recherche actuelles sur l'étude de l'exécution des programmes objets / This work falls within the scope of research pertaining to the analysis and the visualization of software systems, especially for object oriented languages, and more precisely Java. In a nutshell, it can be said the aim of this thesis is to try to answer a fundamental question: what can we do to ease the understanding of software by its designers and developers ? This research work is mainly based on two axes. The first axis consists in analyzing software runtime, not only at method level, but also at basic bloc level, so as to be able to get meaningful and precise information about the runtime. For instance, we can acquire the different types of instances on call sites at runtime. The second axis considers the use of information coming from our dynamic analyzer of software runtime and allowing the visualization of these data. Indeed, this kind of information offers important details about software functioning and provide a way to explain the behavior of software, so as to identify performance, coding and even design and architecture issues. We propose a technique that allows flexible and efficient dynamic analysis of the execution of Java programs. We thus introduce a new technique and tool for gathering information not yet offered by other analyzers. This approach precisely traces the execution of programs with acceptable performance penalty, that is while keeping the traced programs usable. In addition, we propose and experiment an approach based on visualizing relationships within a software city representation. We introduce a new technique for representing relationships in 3D named the "3D Hierarchical Edge Bundles" that is based on an existing 2D technique, the "Hierarchical Edge Bundles". This approach keeps the power of the software city metaphor while adding the representation of the relationships within the software, in a readable way. These works are validated by, among others things, the development of a tracer and analyzer tool called VITRAIL JBInsTrace and a visualization tool called VITRAIL Visualizer. These tools are used on our current researches which consist in studying runtime of object-oriented programs

Métriques logicielles

Visualisation logicielle

Software metrics

Software visualization

005.12

Gestão de projetos: o monitoramento e controle nos processos de desenvolvimento de software

Ramos, Rommel Gabriel Gonçalves

07 March 2014

Made available in DSpace on 2016-04-29T14:23:26Z (GMT). No. of bitstreams: 1 Rommel Gabriel Goncalves Ramos.pdf: 1268874 bytes, checksum: a50dd4bc0953f7bc2dc15b68d9594492 (MD5) Previous issue date: 2014-03-07 / The purpose of this research is to investigate the existing difficulty in applying the activity of monitoring and control in the processes of software development, presenting tools and indicators that can help to their constant use. Although the processes of software developments indicate activities related to monitoring and control in project management are still lacking in the effective use of these activities. In the case study will address the monitoring and control over the processes of software development, emphasizing the use of indicators of productivity of a company by performing a measurement on the performance of deliveries in software production activities / O propósito desta pesquisa é investigar a dificuldade existente na aplicação da atividade de monitoramento e controle nos processos de desenvolvimento de software, apresentando ferramentas e indicadores que podem auxiliar a sua utilização constante. Apesar dos processos de desenvolvimentos de software indicar atividades ligadas ao monitoramento e controle, na gestão de projetos ainda há uma carência no uso efetivo dessas atividades. No estudo de caso será abordado o monitoramento e controle sobre os processos de desenvolvimento de software, destacando a utilização de indicadores de produtividade de uma empresa, realizando uma mensuração quanto ao desempenho das atividades de entregas realizadas na produção de software

Gestão de projetos

Processos de software

Monitoramento e controle

Métricas de software

Project management

Software processes

Monitoring and control software metrics

CNPQ::OUTROS

Ikriya: Simulating Software Quality Enhancement With Selected Replacement Policies

Murthy, Sindhu Dharani

01 May 2013

The quality of information systems in any organization helps to determine theefficiency of the organization. Many organizations maintain a custom software portfolio, whose quality is important to the organization. Management would like to optimize the portfolio’s quality. Decisions about software replacement or enhancement are made based on organizational needs and priorities. The development resources allocated help in determining the quality of new software, and should be put to optimal use. Enhancing existing software might sound cheap and easy but it is not always efficient. This thesis proposes a simulation model - iKriya - for this problem. It explores the consequences of various development and maintenance policies which might be applied.These depend on the state of existing software portfolio, the queue and properties of proposed projects, and the resources available. Optimal decisions are made by the simulator by taking the above mentioned factors into consideration.

Computer Software

Software Measurement

Software Metrics

Information Technology

Management Information Systems

Computer Sciences

Databases and Information Systems

Software Engineering

Systems Architecture

Understanding and Improving Object-Oriented Software Through Static Software Analysis

Irwin, Warwick Allan

January 2007

Software engineers need to understand the structure of the programs they construct. This task is made difficult by the intangible nature of software, and its complexity, size and changeability. Static analysis tools can help by extracting information from source code and conveying it to software engineers. However, the information provided by typical tools is limited, and some potentially rich veins of information - particularly metrics and visualisations - are under-utilised because developers cannot easily acquire or make use of the data. This thesis documents new tools and techniques for static analysis of software. It addresses the problem of generating parsers directly from standard grammars, thus avoiding the com-mon practice of customising grammars to comply with the limitations of a given parsing al-gorithm, typically LALR(1). This is achieved by a new parser generator that applies a range of bottom-up parsing algorithms to produce a hybrid parsing automaton. Consequently, we can generate more powerful deterministic parsers - up to and including LR(k) - without incurring the combinatorial explosion that makes canonical LR(k) parsers impractical. The range of practical parsers is further extended to include GLR, which was originally developed for natural language parsing but is shown here to also have advantages for static analysis of programming languages. This emphasis on conformance to standard grammars im-proves the rigour of static analysis tools and allows clearer definition and communication of derived information, such as metrics. Beneath the syntactic structure of software (exposed by parsing) lies the deeper semantic structure of declarations, scopes, classes, methods, inheritance, invocations, and so on. In this work, we present a new tool that performs semantic analysis on parse trees to produce a comprehensive semantic model suitable for processing by other static analysis tools. An XML pipeline approach is used to expose the syntactic and semantic models of the software and to derive metrics and visualisations. The approach is demonstrated producing several types of metrics and visualisations for real software, and the value of static analysis for informing software engineering decisions is shown.

static analysis

parsing

parser generators

GLR

Tomita

semantic analysis

software metrics

software visualisation

XML pipeline

visualisation pipeline

Seleção automatizada de componentes de software orientada por métricas estruturais e informações de reúso

Alexandre Segundo, Jailton Maciel

30 August 2014

Made available in DSpace on 2015-05-14T12:36:52Z (GMT). No. of bitstreams: 1 arquivototal.pdf: 2070301 bytes, checksum: e15a4fc1a4f27fd39d2a55b1400d522b (MD5) Previous issue date: 2014-08-30 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / The great difficulty of selecting software components is still an obstacle to achieving the success of Component-Based Development (CBD). With the growing market for components, the tendency is always to increase the number of options for assembling applications in different contexts, making it impractical to manual selection. Dealing with a problem of gigantic and complex search space, it is required automation performed by optimization techniques. The proposed approach aims to automate the process of selecting components using techniques of Search-Based Software Engineering (SBSE), whose optimization technique is driven by structural metrics (i.e., connections between components of a software architecture) and information reuse (i.e., aggregated values to the component itself). The metrics used in this component selection context are intended to assess the structural perspective of an architectural instance, since they predict possible integration problems between implementations of components produced by third parties. Note that other proposals ignore this perspective and focus only on the component itself. In addition, reuse information can bring an alternative to represent the perception of the developers about the quality attributes of the software components in a reuse scenario as: the degree of consumers' satisfaction who have already purchased this component and the number of downloads of it. The proposed evaluation is carried out through experiments, which are validated by applying statistical tests. / A grande dificuldade de selecionar componentes de software ainda é um obstáculo para alcançar o sucesso do Desenvolvimento Baseado em Componentes (DBC). Com o crescimento do mercado de componentes, a tendência é sempre aumentar o número de opções para montagem de aplicações em diferentes contextos, tornando impraticável a seleção manual. Tratando de um problema com gigantesco espaço de busca e complexo, é requerida a automatização efetuada por técnicas de otimização. O trabalho proposto visa automatizar o processo de seleção de componentes utilizando técnicas da Engenharia de Software Baseada em Busca (ESBB), cuja técnica de otimização é orientada por métricas estruturais (avaliam as conexões entre componentes de uma arquitetura de software) e informações de reúso (i.e., valores correspondentes ao reúso de software agregados ao próprio componente). As métricas utilizadas neste contexto de seleção de componentes têm o propósito de avaliar a perspectiva estrutural de uma instância arquitetural, já que elas preveem possíveis problemas de integração entre implementações de componentes produzidas por terceiros, além de que muitos problemas ignoram essa perspectiva e só focam no componente em si. Já as informações de reúso trazem consigo uma alternativa para representar a percepção dos desenvolvedores sobre os atributos de qualidade dos componentes de software em cenários de reúso, tais como: o grau de satisfação dos consumidores que já adquiriram tal componente e o número de downloads do mesmo. A avaliação da proposta é conduzida através de experimentos, que são validados aplicando testes estatísticos.

DBC

ESBB

seleção de componentes

métricas de software

CBD

SBSE

component selection

software metrics