Pub Date : 2025-12-01Epub Date: 2025-05-08DOI: 10.1016/j.scico.2025.103331
Abdalrahman Aburakhia , Mohammad Alshayeb
Third-party libraries (TPLs) have been widely used in software development. Recent studies showed that software developers struggle to manage the dependencies between third-party libraries for many reasons, such as unknown update efforts and the lack of awareness about related security issues. To overcome these limitations, in this paper, we propose a TPL update prioritization approach, which provides valuable insights for mobile app developers to help improve the decision-making process. We investigate mobile app developers’ behavior while updating TPLs through a survey with 39 practitioners. The results clearly show the need for a prioritization approach. To gain more insight into TPL, we propose five TPL categories (Compatibility, Accessibility, Maintenance, Business Value, and Security) and propose metrics to measure the related factors of each category. We utilize the Analytical Hierarchy Process (AHP) and the Simple Additive Weighting (SAW) methods to rank the libraries for the update and automate the approach via a chatbot. We conducted a case study with 7 participants. Most participants (82 %) found the bot’s results useful; moreover, the bot can save software developers around 4 min per task, with an average of 18 s per task compared to 243 s by the baseline.
{"title":"Toward a prioritization approach for third-party software library updates","authors":"Abdalrahman Aburakhia , Mohammad Alshayeb","doi":"10.1016/j.scico.2025.103331","DOIUrl":"10.1016/j.scico.2025.103331","url":null,"abstract":"<div><div>Third-party libraries (TPLs) have been widely used in software development. Recent studies showed that software developers struggle to manage the dependencies between third-party libraries for many reasons, such as unknown update efforts and the lack of awareness about related security issues. To overcome these limitations, in this paper, we propose a TPL update prioritization approach, which provides valuable insights for mobile app developers to help improve the decision-making process. We investigate mobile app developers’ behavior while updating TPLs through a survey with 39 practitioners. The results clearly show the need for a prioritization approach. To gain more insight into TPL, we propose five TPL categories (Compatibility, Accessibility, Maintenance, Business Value, and Security) and propose metrics to measure the related factors of each category. We utilize the Analytical Hierarchy Process (AHP) and the Simple Additive Weighting (SAW) methods to rank the libraries for the update and automate the approach via a chatbot. We conducted a case study with 7 participants. Most participants (82 %) found the bot’s results useful; moreover, the bot can save software developers around 4 min per task, with an average of 18 s per task compared to 243 s by the baseline.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"246 ","pages":"Article 103331"},"PeriodicalIF":1.5,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144068895","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-12-01Epub Date: 2025-05-14DOI: 10.1016/j.scico.2025.103322
Man Zhang , Andrea Arcuri , Yonggang Li , Yang Liu , Kaiming Xue , Zhao Wang , Jian Huo , Weiwei Huang
With several microservice architectures comprising thousands of web services in total, used to serve 630 million customers, companies like Meituan face several challenges in the verification and validation of their software. The use of automated techniques, especially advanced AI-based ones, could bring significant benefits here. EvoMaster is an open-source test case generation tool for web services, that exploits the latest advances in the field of Search-Based Software Testing research. This paper reports on our experience of integrating the EvoMaster tool in the testing processes at Meituan over almost 2 years (i.e., between October 2021 and July 2023). Two user studies were carried out in 2021 (with two industrial APIs) and in 2023 (with three industrial APIs) to evaluate two versions of EvoMaster (i.e., v1.3.0 and v1.6.1), respectively, in tackling the test generation for industrial web services which are parts of a large e-commerce microservice system. The two user studies involve in total 321,131 lines of code from these five APIs and 27 industrial participants at Meituan. Questionnaires and interviews were carried out in both user studies with the engineers and managers at Meituan. The two user studies demonstrate clear advantages of EvoMaster (in terms of code coverage and fault detection) and the urgent need to have such a fuzzer in industrial microservices testing. Given its clear advantages, EvoMaster now has been integrated into the industrial testing pipelines at Meituan. To study how these results could generalize, a follow up user study was done in 2024 (with EvoMaster v2.0.0) with five engineers in the five different companies. Our results show that, besides their clear usefulness, there are still many critical challenges that the research community needs to investigate to improve performance further.
{"title":"Fuzzing microservices: A series of user studies in industry on industrial systems with EvoMaster","authors":"Man Zhang , Andrea Arcuri , Yonggang Li , Yang Liu , Kaiming Xue , Zhao Wang , Jian Huo , Weiwei Huang","doi":"10.1016/j.scico.2025.103322","DOIUrl":"10.1016/j.scico.2025.103322","url":null,"abstract":"<div><div>With several microservice architectures comprising thousands of web services in total, used to serve 630 million customers, companies like Meituan face several challenges in the verification and validation of their software. The use of automated techniques, especially advanced AI-based ones, could bring significant benefits here. <span>EvoMaster</span> is an open-source test case generation tool for web services, that exploits the latest advances in the field of Search-Based Software Testing research. This paper reports on our experience of integrating the <span>EvoMaster</span> tool in the testing processes at Meituan over almost 2 years (i.e., between October 2021 and July 2023). Two user studies were carried out in 2021 (with two industrial APIs) and in 2023 (with three industrial APIs) to evaluate two versions of <span>EvoMaster</span> (i.e., v1.3.0 and v1.6.1), respectively, in tackling the test generation for industrial web services which are parts of a large e-commerce microservice system. The two user studies involve in total 321,131 lines of code from these five APIs and 27 industrial participants at Meituan. Questionnaires and interviews were carried out in both user studies with the engineers and managers at Meituan. The two user studies demonstrate clear advantages of <span>EvoMaster</span> (in terms of code coverage and fault detection) and the urgent need to have such a fuzzer in industrial microservices testing. Given its clear advantages, <span>EvoMaster</span> now has been integrated into the industrial testing pipelines at Meituan. To study how these results could generalize, a follow up user study was done in 2024 (with <span>EvoMaster</span> v2.0.0) with five engineers in the five different companies. Our results show that, besides their clear usefulness, there are still many critical challenges that the research community needs to investigate to improve performance further.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"246 ","pages":"Article 103322"},"PeriodicalIF":1.5,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144167753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-12-01Epub Date: 2025-05-26DOI: 10.1016/j.scico.2025.103336
Xianzhiyu Li , Kunjian Song , Mikhail R. Gadelha , Franz Brauße , Rafael S. Menezes , Konstantin Korovin , Lucas C. Cordeiro
This paper presents Efficient SMT-Based Context-Bounded Model Checker (ESBMC) v7.6, an extended version based on previous work on ESBMC v7.3 by K. Song et al. [1]. The v7.3 introduced a new Clang-based C++ front-end to address the challenges posed by modern C++ programs. Although the new front-end has demonstrated significant potential in previous studies, it remains in the developmental stage and lacks several essential features. ESBMC v7.6 further enhanced this foundation by adding and extending features based on the Clang AST, such as exception handling, extended memory management and memory safety verification, including dangling pointers, duplicate deallocation, memory leaks and rvalue references and new operational models for STL updating the outdated C++ operational models. Our extensive experiments demonstrate that ESBMC v7.6 can handle a significantly broader range of C++ features introduced in recent versions of the C++ standard.
{"title":"ESBMC v7.6: Enhanced model checking of C++ programs with clang AST","authors":"Xianzhiyu Li , Kunjian Song , Mikhail R. Gadelha , Franz Brauße , Rafael S. Menezes , Konstantin Korovin , Lucas C. Cordeiro","doi":"10.1016/j.scico.2025.103336","DOIUrl":"10.1016/j.scico.2025.103336","url":null,"abstract":"<div><div>This paper presents Efficient SMT-Based Context-Bounded Model Checker (ESBMC) v7.6, an extended version based on previous work on ESBMC v7.3 by K. Song et al. <span><span>[1]</span></span>. The v7.3 introduced a new Clang-based C++ front-end to address the challenges posed by modern C++ programs. Although the new front-end has demonstrated significant potential in previous studies, it remains in the developmental stage and lacks several essential features. ESBMC v7.6 further enhanced this foundation by adding and extending features based on the Clang AST, such as <figure><img></figure> exception handling, <figure><img></figure> extended memory management and memory safety verification, including dangling pointers, duplicate deallocation, memory leaks and rvalue references and <figure><img></figure> new operational models for STL updating the outdated C++ operational models. Our extensive experiments demonstrate that ESBMC v7.6 can handle a significantly broader range of C++ features introduced in recent versions of the C++ standard.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"246 ","pages":"Article 103336"},"PeriodicalIF":1.5,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144139534","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-01Epub Date: 2025-04-01DOI: 10.1016/j.scico.2025.103311
Jianqiang Lv , Cai Fu , Liangheng Chen , Ming Liu , Shuai He , Shuai Jiang , Lansheng Han
Many methods have been proposed to utilize software obfuscation techniques to steganographically embed certain code logic within a program, thereby enhancing the protection of software intellectual property. Currently, the protective effect of software obfuscation primarily focuses on safeguarding the native semantics of the target program, with little attention paid to the obfuscation of steganographic semantics. For instance, in the context of software copyright protection, code watermarks need to be embedded into the target program, and the ability to localize the watermark code becomes a critical means for attackers to bypass copyright protection. However, existing watermark code suffers from several shortcomings, such as low integration with the target program, weak resistance to dynamic reverse analysis, poor concealment, and ease of localization. This paper proposes a novel code semantic steganography scheme, DopSteg. The scheme leverages the principles of data-oriented programming, first determining the data-safe zones and semantic execution zones. Based on the semantic execution zones, the intermediate representation of the target software is partitioned. Through control flow flattening, reusable code fragments are encapsulated within the ‘switch’ branches of loop structures, thereby achieving code semantic steganography. A Turing completeness analysis of DopSteg demonstrates its capability to steganographically embed complex semantics. Experimental evaluations show that DopSteg increases instruction entropy by an average of approximately 140%, enabling deeper semantic steganography. Reverse analysis requires additional effort to analyze the steganographic semantic logic, significantly enhancing resistance to dynamic analysis while maintaining stable overhead. DopSteg provides a novel approach to software copyright protection.
{"title":"DopSteg: Program steganography using data-oriented programming","authors":"Jianqiang Lv , Cai Fu , Liangheng Chen , Ming Liu , Shuai He , Shuai Jiang , Lansheng Han","doi":"10.1016/j.scico.2025.103311","DOIUrl":"10.1016/j.scico.2025.103311","url":null,"abstract":"<div><div>Many methods have been proposed to utilize software obfuscation techniques to steganographically embed certain code logic within a program, thereby enhancing the protection of software intellectual property. Currently, the protective effect of software obfuscation primarily focuses on safeguarding the native semantics of the target program, with little attention paid to the obfuscation of steganographic semantics. For instance, in the context of software copyright protection, code watermarks need to be embedded into the target program, and the ability to localize the watermark code becomes a critical means for attackers to bypass copyright protection. However, existing watermark code suffers from several shortcomings, such as low integration with the target program, weak resistance to dynamic reverse analysis, poor concealment, and ease of localization. This paper proposes a novel code semantic steganography scheme, DopSteg. The scheme leverages the principles of data-oriented programming, first determining the data-safe zones and semantic execution zones. Based on the semantic execution zones, the intermediate representation of the target software is partitioned. Through control flow flattening, reusable code fragments are encapsulated within the ‘switch’ branches of loop structures, thereby achieving code semantic steganography. A Turing completeness analysis of DopSteg demonstrates its capability to steganographically embed complex semantics. Experimental evaluations show that DopSteg increases instruction entropy by an average of approximately 140%, enabling deeper semantic steganography. Reverse analysis requires additional effort to analyze the steganographic semantic logic, significantly enhancing resistance to dynamic analysis while maintaining stable overhead. DopSteg provides a novel approach to software copyright protection.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103311"},"PeriodicalIF":1.5,"publicationDate":"2025-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143791249","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-01Epub Date: 2025-04-03DOI: 10.1016/j.scico.2025.103313
Cheng-Hao Cai , Jing Sun , Gillian Dobbie
A design model is the abstract representation of an actual process or software product. Although some software faults can be found by diagnosing design models before implementation, repairing the design models is time-consuming to software developers. To achieve faster software development, this paper introduces an automated approach to generally repair design models diagnosed by model checking. Model checkers are used to detect faults such as unreachable goals and violated properties in design models. Such faults are eliminated in parallel by insertion, modification and deletion operators found by constraint solving and predictive models. The outcomes of model repair are evaluated using the ISO/IEC 25010 software quality metrics. Experimental results have demonstrated that the proposed approach can eliminate unreachable goals and invariant violations in various design models while preserving their model quality. The effectiveness and performance of such design model repair processes depend mainly on the complexity of design model, the efficiency of constraint solver and the accuracy of predictive model. This study indicates that model-driven software development can be more efficient by automating model diagnosis, fault elimination and quality evaluation.
{"title":"The automation of design model repair","authors":"Cheng-Hao Cai , Jing Sun , Gillian Dobbie","doi":"10.1016/j.scico.2025.103313","DOIUrl":"10.1016/j.scico.2025.103313","url":null,"abstract":"<div><div>A design model is the abstract representation of an actual process or software product. Although some software faults can be found by diagnosing design models before implementation, repairing the design models is time-consuming to software developers. To achieve faster software development, this paper introduces an automated approach to generally repair design models diagnosed by model checking. Model checkers are used to detect faults such as unreachable goals and violated properties in design models. Such faults are eliminated in parallel by insertion, modification and deletion operators found by constraint solving and predictive models. The outcomes of model repair are evaluated using the ISO/IEC 25010 software quality metrics. Experimental results have demonstrated that the proposed approach can eliminate unreachable goals and invariant violations in various design models while preserving their model quality. The effectiveness and performance of such design model repair processes depend mainly on the complexity of design model, the efficiency of constraint solver and the accuracy of predictive model. This study indicates that model-driven software development can be more efficient by automating model diagnosis, fault elimination and quality evaluation.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103313"},"PeriodicalIF":1.5,"publicationDate":"2025-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143786229","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Signal Temporal Logic (STL) is a convenient formalism to express bounded horizon properties of autonomous critical systems. STL allows to express real-valued signal properties and associates a non-singleton bound interval to each temporal operators. In the case of critical autonomous systems, it may be necessary to check the validity of an STL property in real-time. To that end, we provide a rigorous encoding of non-nested discrete-time STL formulas into Lustre synchronous observers.
Our encoding provides a three-valued online semantics for the observers and therefore enables both the verification of the property and the search of counter-examples. A key contribution of this work is an instrumented proof of the validity of the implementation with respect to the original STL semantics. All of the experiments are automated with the Kind2 model checker and the Z3 SMT solver.
{"title":"Formally proved specification of non-nested STL formulas as synchronous observers","authors":"Céline Bellanger , Pierre-Loic Garoche , Matthieu Martel , Celia Picard","doi":"10.1016/j.scico.2025.103315","DOIUrl":"10.1016/j.scico.2025.103315","url":null,"abstract":"<div><div>Signal Temporal Logic (STL) is a convenient formalism to express bounded horizon properties of autonomous critical systems. STL allows to express real-valued signal properties and associates a non-singleton bound interval to each temporal operators. In the case of critical autonomous systems, it may be necessary to check the validity of an STL property in real-time. To that end, we provide a rigorous encoding of non-nested discrete-time STL formulas into Lustre synchronous observers.</div><div>Our encoding provides a three-valued online semantics for the observers and therefore enables both the verification of the property and the search of counter-examples. A key contribution of this work is an instrumented proof of the validity of the implementation with respect to the original STL semantics. All of the experiments are automated with the Kind2 model checker and the Z3 SMT solver.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103315"},"PeriodicalIF":1.5,"publicationDate":"2025-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143837897","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-01Epub Date: 2025-04-19DOI: 10.1016/j.scico.2025.103317
Xiangyu Mu , Xuan Zhang , Chenlu Zhu , Ning Li , Peng Zhang , Lei Liu
With the continuous development of the MapReduce programming model, it is necessary to ensure the reliability of MapReduce programs. In practice, the non-commutativity of Reduce functions seriously affects the reliability of the MapReduce program, which is difficult to debug and even causes errors. Current researches on the non-commutability detection of Reduce function consider the case that the input value is a single attribute. However, such researches ignore the situation where inputs to most reduce functions in practical applications consist of multiple columns (such as a table). To test the commutativity of reduce functions where each input record may contain several input attributes, a new testing method is proposed. This approach uses symbolic execution tools to help generate a few input records, and breaks their data dependencies to generate an original test case t0, with a dynamic program slicing technique to lessen the scale of t0. And the ultimate test suite is consisted of different permutations of records in t0. In the end, experiments demonstrate the effectiveness of our testing method and that the permutation method Gm is helpful to reduce its complexity.
{"title":"Testing non-commutativity of reduce functions with multi-column inputs","authors":"Xiangyu Mu , Xuan Zhang , Chenlu Zhu , Ning Li , Peng Zhang , Lei Liu","doi":"10.1016/j.scico.2025.103317","DOIUrl":"10.1016/j.scico.2025.103317","url":null,"abstract":"<div><div>With the continuous development of the MapReduce programming model, it is necessary to ensure the reliability of MapReduce programs. In practice, the non-commutativity of Reduce functions seriously affects the reliability of the MapReduce program, which is difficult to debug and even causes errors. Current researches on the non-commutability detection of Reduce function consider the case that the input value is a single attribute. However, such researches ignore the situation where inputs to most reduce functions in practical applications consist of multiple columns (such as a table). To test the commutativity of reduce functions where each input record may contain several input attributes, a new testing method is proposed. This approach uses symbolic execution tools to help generate a few input records, and breaks their data dependencies to generate an original test case t<sub>0</sub>, with a dynamic program slicing technique to lessen the scale of t<sub>0</sub>. And the ultimate test suite is consisted of different permutations of records in t<sub>0</sub>. In the end, experiments demonstrate the effectiveness of our testing method and that the permutation method Gm is helpful to reduce its complexity.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103317"},"PeriodicalIF":1.5,"publicationDate":"2025-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143856028","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The complexity of Autonomous Vehicles imposes significant challenges to their formal specification and verification, especially when incorporating AI controllers based on quantized neural networks (QNNs), which use fixed-point arithmetic to accommodate the limited computational capabilities of embedded systems. Despite the advantages of QNNs, verification of these networks, whether using integers or bit vectors, has proven to be PSPACE-hard.
Our approach focuses on exhaustively verifying abstract scenarios expressed as Satisfiability Modulo Theories (SMT) proof objectives. We propose a formal verification method for QNNs that involves analyzing a rational approximation of the network with perturbations to ensure that the output sets of the perturbed rational neural network include those of both the QNN and its rational neural network approximation.
The distance between these output sets is computed using the p-norm. To evaluate our methodology, we used the Highway-env autonomous vehicle simulator and z3 SMT solver.
{"title":"Formal specification and SMT verification of quantized neural network for autonomous vehicles","authors":"Wahiba Bachiri , Yassamine Seladji , Pierre-Loïc Garoche","doi":"10.1016/j.scico.2025.103316","DOIUrl":"10.1016/j.scico.2025.103316","url":null,"abstract":"<div><div>The complexity of Autonomous Vehicles imposes significant challenges to their formal specification and verification, especially when incorporating AI controllers based on quantized neural networks (QNNs), which use fixed-point arithmetic to accommodate the limited computational capabilities of embedded systems. Despite the advantages of QNNs, verification of these networks, whether using integers or bit vectors, has proven to be <span>PSPACE</span>-hard.</div><div>Our approach focuses on exhaustively verifying abstract scenarios expressed as Satisfiability Modulo Theories (SMT) proof objectives. We propose a formal verification method for QNNs that involves analyzing a rational approximation of the network with perturbations to ensure that the output sets of the perturbed rational neural network include those of both the QNN and its rational neural network approximation.</div><div>The distance between these output sets is computed using the <em>p</em>-norm. To evaluate our methodology, we used the <span>Highway-env</span> autonomous vehicle simulator and z3 SMT solver.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103316"},"PeriodicalIF":1.5,"publicationDate":"2025-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143856029","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-01Epub Date: 2025-04-28DOI: 10.1016/j.scico.2025.103319
Joelma Choma, Luciana Zaina
The Internet of Things (IoT) has increasingly gained prominence in developing smart cities. IoT technologies are essential resources to make smart cities more efficient and sustainable. Recent research in Software Engineering (SE) has investigated the characteristics of IoT systems and the most appropriate approaches to their design and development. The development of systems based on IoT technologies enables a continuous flow of communication in the context of a smart city by allowing different systems to interact and adjust automatically to optimize the city's operation. In an urban environment, IoT connects a vast network of devices such as environmental sensors, public transportation systems, smart traffic lights, security cameras, and more. These characteristics make these applications complex and difficult to evaluate, particularly regarding User Experience (UX) design. Recently, we performed a rapid systematic review to examine the methods and practices commonly employed for evaluating the UX in these scenarios. In our previous work, we analyzed 43 studies covering different types of IoT-based applications and areas of smart cities. In this study, we extend our analysis by exploring which quality aspects have been considered for UX evaluation and categorizing the typical applications evaluated. Our findings revealed the need for more appropriate UX instruments to assess quality aspects that consider specific features of non-traditional interfaces (e.g., haptics, gesture, speech) and smart technologies within specific interaction contexts (e.g., smart environments based on ubiquitous computing). These instruments can be expanded from established guidelines or developed from scratch as long as they are validated in practice.
{"title":"Investigating quality aspects for UX evaluation of IoT-based applications in smart cities: A literature review","authors":"Joelma Choma, Luciana Zaina","doi":"10.1016/j.scico.2025.103319","DOIUrl":"10.1016/j.scico.2025.103319","url":null,"abstract":"<div><div>The Internet of Things (IoT) has increasingly gained prominence in developing smart cities. IoT technologies are essential resources to make smart cities more efficient and sustainable. Recent research in Software Engineering (SE) has investigated the characteristics of IoT systems and the most appropriate approaches to their design and development. The development of systems based on IoT technologies enables a continuous flow of communication in the context of a smart city by allowing different systems to interact and adjust automatically to optimize the city's operation. In an urban environment, IoT connects a vast network of devices such as environmental sensors, public transportation systems, smart traffic lights, security cameras, and more. These characteristics make these applications complex and difficult to evaluate, particularly regarding User Experience (UX) design. Recently, we performed a rapid systematic review to examine the methods and practices commonly employed for evaluating the UX in these scenarios. In our previous work, we analyzed 43 studies covering different types of IoT-based applications and areas of smart cities. In this study, we extend our analysis by exploring which quality aspects have been considered for UX evaluation and categorizing the typical applications evaluated. Our findings revealed the need for more appropriate UX instruments to assess quality aspects that consider specific features of non-traditional interfaces (e.g., haptics, gesture, speech) and smart technologies within specific interaction contexts (e.g., smart environments based on ubiquitous computing). These instruments can be expanded from established guidelines or developed from scratch as long as they are validated in practice.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103319"},"PeriodicalIF":1.5,"publicationDate":"2025-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143882140","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-01Epub Date: 2025-03-26DOI: 10.1016/j.scico.2025.103303
Xinjie Wei , Chang-ai Sun , Pengpeng Yang , Xiao-Yi Zhang , Dave Towey
Microservice architecture has been increasingly adopted to develop various distributed systems due to, amongst other things, its flexibility and scalability. A microservice system often involves numerous invocations among services, making it vulnerable to potential anomalies such as improper configurations of services and improper coordination among services. Existing anomaly detection techniques either identify inter-service anomalies by constructing distributed traces or identify intra-service anomalies by mining features from system logs. However, the intra-service and inter-service behaviors may couple with each other, leading to complex anomalies that may escape detection through the individual examination of traces or logs. In this paper, we propose TraLogAnomaly, an approach for microservice-system anomaly detection. TraLogAnomaly proposes hybrid event vector sequences (HVSs) integrating both inter-service traces and intra-service logs and then identifies the anomalies' patterns from these HVSs. It extracts the patterns of anomalies with the help of a Transformer model. Term frequency-inverse document frequency (TF-IDF) is applied to weighted features learned from hybrid sequences. By integrating information from diverse data sources, the HVSs enhance the ability of these patterns to capture complex system behavior, cover multiple layers of system information, and have higher context-awareness. In addition, TraLogAnomaly also integrates a module that employs agglomeration hierarchical clustering to mine trace patterns of performance anomalies. Empirical results based on widely-used benchmarks show that TraLogAnomaly achieves a high F1-score for detecting anomalies of different types.
{"title":"TraLogAnomaly: A microservice system anomaly detection approach based on hybrid event sequences","authors":"Xinjie Wei , Chang-ai Sun , Pengpeng Yang , Xiao-Yi Zhang , Dave Towey","doi":"10.1016/j.scico.2025.103303","DOIUrl":"10.1016/j.scico.2025.103303","url":null,"abstract":"<div><div>Microservice architecture has been increasingly adopted to develop various distributed systems due to, amongst other things, its flexibility and scalability. A microservice system often involves numerous invocations among services, making it vulnerable to potential anomalies such as improper configurations of services and improper coordination among services. Existing anomaly detection techniques either identify inter-service anomalies by constructing distributed traces or identify intra-service anomalies by mining features from system logs. However, the intra-service and inter-service behaviors may couple with each other, leading to complex anomalies that may escape detection through the individual examination of traces or logs. In this paper, we propose TraLogAnomaly, an approach for microservice-system anomaly detection. TraLogAnomaly proposes hybrid event vector sequences (HVSs) integrating both inter-service traces and intra-service logs and then identifies the anomalies' patterns from these HVSs. It extracts the patterns of anomalies with the help of a Transformer model. Term frequency-inverse document frequency (TF-IDF) is applied to weighted features learned from hybrid sequences. By integrating information from diverse data sources, the HVSs enhance the ability of these patterns to capture complex system behavior, cover multiple layers of system information, and have higher context-awareness. In addition, TraLogAnomaly also integrates a module that employs agglomeration hierarchical clustering to mine trace patterns of performance anomalies. Empirical results based on widely-used benchmarks show that TraLogAnomaly achieves a high F1-score for detecting anomalies of different types.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"245 ","pages":"Article 103303"},"PeriodicalIF":1.5,"publicationDate":"2025-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143716327","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号