Autor*innen mit den meisten Dokumenten
Neueste Veröffentlichungen
- Konferenz-AbstractVorwort zum 26. Workshop Software-Reengineering und -Evolution (WSRE)(Softwaretechnik-Trends Band 44, Heft 2, 2024) Quante, Jochen; Konersmann, Marco; Sauer, Stefan; Schilling, Daniela; Schulze, SandroDer 26. Workshop Software-Reengineering und -Evolution fand am 29. und 30. April 2024 im Physikzentrum Bad Honnef statt. Die Themen des WSRE erstrecken sich auf die Bereiche Software-Reengineering, Software-War tung und -Evolution. Darunter verstehen wir prinzipiell alle Aktivitäten rund um die Analyse, Bewertung, Visualisierung, Verbesserung, Migrati on und Weiterentwicklung von Software-Systemen. Im Vordergrund steht der Austausch zwischen Interessierten, insbesondere auch der Austausch zwischen Forschung und Praxis.
- KonferenzbeitragEffizienzsteigerung der GUI-Testautomatisierung durch maskenorientierte Testarchitektur(Softwaretechnik-Trends Band 44, Heft 2, 2024) Nerger, Jose CarrascosaEine streng an den Masken und Bedienelementen von GUI-Anwendungen orientierte Testautomatisierung, die eine klare Trennung zwischen der technischen Umsetzung der Automatisierung und der Erstellung der Testfälle vorsieht, kann viele typischen Probleme der GUI-Automatisierung signifikant reduzieren und zu einem effizienteren Ressourceneinsatz führen.
- ZeitschriftenartikelThe Integration of Multi-Color Taint-Analysis with Dynamic Symbolic Execution for Java Web Application Security Analysis(Softwaretechnik-Trends Band 44, Heft 2, 2024) Mues, MalteThe view on IT security in today’s software develop ment processes is changing. While IT security used to be seen mainly as a risk that had to be man aged during the operation of IT systems, a class of security weaknesses is seen today as measurable qual ity aspects of IT system implementations, e.g., the number of paths allowing SQL injection attacks. In consequence, we need tools that can measure and as sess the quality of an IT system regarding the pres ence of security weaknesses before shipping the final software product. Literature traditionally categorizes such tools into dynamic and static security analyzers with hybrid solutions in between that are static anal yses incorporating dynamic information or vice versa. In my thesis, I present the design of a dynamic se curity analyzer called Jaint that combines dynamic tainting as a pathwise security policy enforcing tech nique with dynamic symbolic execution as a path enu meration technique. More specifically, the thesis looks into SMT meta-solving, extending dynamic symbolic execution on Java programs with string operations, and the configuration problem of multi-color taint analysis in greater detail to enable Jaint for the anal ysis of Java web applications. The evaluation in Fig ure 1 demonstrates that the resulting framework is the best research tool on the OWASP Java Benchmark. JDart, one of the two dynamic symbolic execution engines that I worked on as part of the thesis has won gold in the Java track of SV-COMP 2022. GDart, the other dynamic symbolic execution engine, demon strates that it is possible to lift the implementation design from the research-specific Java PathFinder VM to the industry grade GraalVM, paving the way for the future scaling of Jaint.
- BuchBook Review: „Software Architectures“ of Nagl und Westfechtel(Softwaretechnik-Trends Band 44, Heft 2, 2024) Herrmann, AndreaNagl and Westfechtel present in their book an integrated, interdisciplinary and minimalistic approach how to model complex systems with a few essential models. This engineering model is built around architecture in the center as the leading artifact.
- KonferenzbeitragRevival der Mutationstests(Softwaretechnik-Trends Band 44, Heft 2, 2024) Sokenou, DehlaNachdem es lange ruhig um die Mutationstests war, nehmen die Veröffentlichungen zum Thema Mutationstest seit den 2020er Jahre deutlich zu. Dies liegt aus unserer Sicht auch daran, dass es inzwischen Werkzeuge gibt, die moderne Programmiersprachen unterstützen, bspw. PIT für JVM-Sprachen wie Java und Kotlin und Stryker für Javascript, .Net und Scala. Wir stellen in diesem Artikel einige Beispiele aus realen Projekten vor, um zu zeigen, warum für uns die Mutationstests einen Mehrwert bedeuten. Zuvor werfen wir jedoch einen kurzen Blick auf die Funktionsweise von Mutationstests.
- ZeitschriftenartikelCooperative Android App Analysis(Softwaretechnik-Trends Band 44, Heft 2, 2024) Pauck, FelixIn this summary, the three main contributions of the thesis ”Cooperative Android App Analysis” are presented. The first contribution proposes the cooperative analysis approach. The centerpiece of this approach is the AQL (Android App Analysis Query Language) – a domain specific query language. It allows formulating (AQL-)queries in order to interact with arbitrary analysis tools. As counterpart AQL-Answer come into play, which are able to universally but well structured embody any kind of analysis result. The second contribution uses the AQL to define reproducible benchmarks that can be used to automatically evaluate analysis tools on such. Various benchmarks are then used in the third contribution to conduct a thorough evaluation of 13 Android taint analysis tools. Please note, in the context of the thesis, the cooperative analysis implementation is tailored to Android taint analysis, however, the concept can be applied to any kind of analysis.
- KonferenzbeitragChallenges of Low Code PAAS Environments for Future Software Reengineering(Softwaretechnik-Trends Band 44, Heft 2, 2024) Konersmann, MarcoLow code software on Platform as a Service (PaaS) environments allow for rapid development and operation of productive business software systems by people that have no software development background. We identify and describe the challenges that low code software in PaaS environments pose on future reengineering. We distinguish between the challenges im posed by PaaS, by low code development, and by their combination, and outline potential solutions. Some of those have to be addressed by the platform owners, while some can be addressed only by the organizations using low code PaaS environments.
- ZeitschriftenartikelEvaluating Architectural Safeguards for Uncertain AI Black-Box Components(Softwaretechnik-Trends Band 44, Heft 2, 2024) Scheerer, MaxThere have been enormous achievements in the field of Artificial Intelligence (AI) which has attracted a lot of attention. Their unverifiable nature, however, makes them inherently unreliable. For example, there are various reports of incidents in which incorrect predictions of AI components led to serious system malfunctions (some even ended fatally). As a result, various architectural approaches (referred to as Architectural Safeguards) have been developed to deal with the unreliable and uncertain nature of AI. Software engineers are now facing the challenge to select the architectural safeguard that satisfies the non-functional requirements (e.g. reliability) best. However, it is crucial to resolve such design decisions as early as possible to avoid (i) changes after the system has been deployed (and thus potentially high costs) and to meet the rigorous quality requirements of safety-critical systems where AI is more commonly used. This dissertation presents a model-based approach that supports software engineers in the development of AI-enabled systems by enabling the evaluation of architectural safeguards. More specifically, an approach for reliability prediction of AI-enabled systems (based on established model-based techniques) is presented. Moreover, the approach is generalised to architectural safeguards with self-adaptive capabilities, i.e. self adaptive systems. The approach has been validated by considering four case studies. The results show that the approach not only makes it possible to analyse the impact of architectural safeguards on the overall reliability of an AI-enabled system, but also supports software engineers in their decision-making.
- ZeitschriftenartikelAutomatically Detecting and Mitigating Issues in Program Analyzers(Softwaretechnik-Trends Band 44, Heft 2, 2024) Mansur, Muhammad NumairThis dissertation tackles two major challenges that impede the incorporation of static analysis tools into software development workflows, despite their potential to detect bugs and vulnerabilities in software before deployment. The first challenge addressed is unintentional unsoundness in program analyzers, such as SMT solvers and Datalog engines, which are susceptible to undetected soundness issues that can lead to severe consequences, particularly in safety-critical software. The dissertation presents novel, publicly available techniques that detected over 55 critical soundness bugs in these tools. The second challenge is balancing soundness, precision, and performance in static analyzers, which struggle with integration into diverse development scenarios due to their inability to scale and adapt to different program sizes and resource constraints. To combat this, the dissertation introduces an approach to automatically tailor abstract interpreters to specific code and resource conditions and presents a method for horizontally scaling analysis tools in cloud-based platforms.
- KonferenzbeitragATDLLMD: Acceptance test-driven LLM development(Softwaretechnik-Trends Band 44, Heft 2, 2024) Faragó, DavidSince the capabilities of Large Language Models (LLMs) have massively increased in the last years, many new applications based on LLMs are possible. However, these new applications also pose new challenges in LLM development. This article proposes an acceptance test-driven development (ATDD) style, baptized ATDLLMD, where the LLM’s training and test sets are extended in each iteration by data coming from validation of the previous iteration’s LLM and system around the LLM. So the validation phase supplies the additional or updated data for training and verification of the LLM. ATDLLMD is made possible by two major innovative solutions: applying the innovative CPMAI process, and applying our own verification tool, LM-Eval, leading to a red-train green cycle for LLM development, which resembles ATDD, but integrates data science best practices.