By Topic

Quality Software, 2009. QSIC '09. 9th International Conference on

Date 24-25 Aug. 2009

Filter Results

Displaying Results 1 - 25 of 75
  • [Front cover]

    Publication Year: 2009 , Page(s): C1
    Save to Project icon | Request Permissions | PDF file iconPDF (1365 KB)  
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2009 , Page(s): i
    Save to Project icon | Request Permissions | PDF file iconPDF (11 KB)  
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2009 , Page(s): iii
    Save to Project icon | Request Permissions | PDF file iconPDF (54 KB)  
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2009 , Page(s): iv
    Save to Project icon | Request Permissions | PDF file iconPDF (118 KB)  
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2009 , Page(s): v - ix
    Save to Project icon | Request Permissions | PDF file iconPDF (192 KB)  
    Freely Available from IEEE
  • Message from the General Chair

    Publication Year: 2009 , Page(s): x
    Save to Project icon | Request Permissions | PDF file iconPDF (66 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Message from the Program Chair

    Publication Year: 2009 , Page(s): xi
    Save to Project icon | Request Permissions | PDF file iconPDF (69 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Conference organization

    Publication Year: 2009 , Page(s): xii - xiv
    Save to Project icon | Request Permissions | PDF file iconPDF (85 KB)  
    Freely Available from IEEE
  • Organizing Committee

    Publication Year: 2009 , Page(s): xv
    Save to Project icon | Request Permissions | PDF file iconPDF (61 KB)  
    Freely Available from IEEE
  • list-reviewer

    Publication Year: 2009 , Page(s): xvi
    Save to Project icon | Request Permissions | PDF file iconPDF (62 KB)  
    Freely Available from IEEE
  • Sponsors

    Publication Year: 2009
    Save to Project icon | Request Permissions | PDF file iconPDF (56 KB)  
    Freely Available from IEEE
  • Keynote 1

    Publication Year: 2009 , Page(s): xviii
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (80 KB)  

    Summary form only given: On the road to a successful software product, there are key milestones that you should not skip. Each of them is a chance to see if you are on the right path and to correct your direction if you are not. Each milestone is a document that records key design decisions in a way that allows them to be reviewed and analyzed. The meaning of each document must be precisely defined and there must be no ambiguity. If the document is vague and subject to many interpretations, it can lead you down a path from which recovery is difficult. This talk proposes and illustrates a set of software documents that can serve as precise (and immovable) milestones. It discusses how they can be analyzed and used to guide the project on the rest of its trip to completion. To obtain the necessary precision, and to make analysis possible, the documents are mathematical expressions but written in a way that makes them easy to read. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Keynote 2

    Publication Year: 2009 , Page(s): xix
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (69 KB)  

    Summary form only given. In the 2006 report of the SEI International Process Research Consortium we identified nine driving forces which are shaping the need for research into software process and product. These were the increased push for value-add, business diversification, technology change, systems complexity, product quality, regulation, security and safety, and globalization. Four research themes were developed of which only one will be explored in this presentation. In the theme entitled "The relationships between processes and product qualities" the authors document some twenty six broad research questions which remain as challenges for the software engineering research community. This presentation outlines research carried out since 2006 which addresses some of these questions. In particular the presentation explores research into the meaning of software product quality, the performance quality prediction of heterogeneous systems of systems, and the relationships between defined software process and enacted process. Examples of conclusions which can be drawn are that our research should no longer benchmark development process productivity without consideration of product quality. In another example it shows that we will need to evaluate heterogeneous SOA architectures in the context of processes and workflows. In order to achieve significant progress it is argued that we need to pursue our research at a much deeper and inclusive level of understanding than often seen in the past in terms of process and process / product relationships. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Hybrid Approach to Detecting Security Defects in Programs

    Publication Year: 2009 , Page(s): 1 - 10
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (437 KB) |  | HTML iconHTML  

    Static analysis works well at checking defects that clearly map to source code constructs. Model checking can find defects of deadlocks and routing loops that are not easily detected by static analysis, but faces the problem of state explosion. This paper proposes a hybrid approach to detecting security defects in programs. Fuzzy inference system is used to infer selection among the two detection approaches. A cluster algorithm is developed to divide a large system into several clusters in order to apply model checking. Ontology based static analysis employs logic reasoning to intelligently detect the defects. We also put forwards strategies to improve performance of the static analysis. At last, we perform experiments to evaluate the accuracy and performance of the hybrid approach. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Metrics for Object-Oriented Class Designs

    Publication Year: 2009 , Page(s): 11 - 20
    Cited by:  Papers (8)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (462 KB) |  | HTML iconHTML  

    Measuring quality attributes of object-oriented designs (e.g. maintainability and performance) has been covered by a number of studies. However, these studies have not considered security as much as other quality attributes. Also, most security studies focus at the level of individual program statements. This approach makes it hard and expensive to discover and fix vulnerabilities caused by design errors. In this work, we focus on the security design of an object-oriented application and define a number of security metrics. These metrics allow designers to discover and fix security vulnerabilities at an early stage, and help compare the security of various alternative designs. In particular, we propose seven security metrics to measure data encapsulation (accessibility) and Cohesion (interactions) of a given object-oriented class from the point of view of potential information flow. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Tag-Based Techniques for Black-Box Test Case Prioritization for Service Testing

    Publication Year: 2009 , Page(s): 21 - 30
    Cited by:  Papers (6)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (590 KB) |  | HTML iconHTML  

    A web service may evolve autonomously, making peer web services in the same service composition uncertain as to whether the evolved behaviors may still be compatible to its originally collaborative agreement. Although peer services may wish to conduct regression testing to verify the original collaboration, the source code of the former service can be inaccessible to them. Traditional code-based regression testing strategies are inapplicable. The rich interface specifications of a web service, however, provide peer services with a means to formulate black-box testing strategies. In this paper, we formulate new test case prioritization strategies using tags embedded in XML messages to reorder regression test cases, and reveal how the test cases use the interface specifications of services. We evaluate experimentally their effectiveness on revealing regression faults in modified WS-BPEL programs. The results show that the new techniques can have a high probability of outperforming random ordering. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards Selecting Test Data Using Topological Structure of Boolean Expressions

    Publication Year: 2009 , Page(s): 31 - 40
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (417 KB) |  | HTML iconHTML  

    Boolean expressions can be used in programs and specifications to describe the complex logic decisions in mission-critical, safety-critical and Web services applications. We define a topological model (T-model) to represent Boolean expressions and characterize the test data. This paper provides proofs of relevant T-model properties, employs the combinatorial design approach, and proposes a family of strategies and techniques to detect a variety of faults associated with Boolean expressions. We compare our strategies with MC/DC, MUMCUT, MANY-A, MANY-B, MAX-A and MAX-B, and conclude that T-model based approach detects more types of faults than MC/DC, MUMCUT MANY-A and MAX-A, and detects the same types but more instances of faults than MANY-B and MAX-B with much smaller test data set. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the Coverage of Program Code by Specification-Based Tests

    Publication Year: 2009 , Page(s): 41 - 50
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (417 KB) |  | HTML iconHTML  

    Generating test cases from the specification can be done early in the software development life cycle. A test suite systematically generated from the software specification can be comprehensive in ensuring the intended functions to be exercised. Such a test suite is also instrumental in facilitating early discovery of software defects. On the other hand, an adequate level of code coverage is required to inspire confidence of the testing and quality assurance process. To examine the effectiveness of a specification-based test suite in covering program code, we conducted an exploratory case study which involved many different versions of programs that implemented the same specification. On the basis of the case study, this paper identifies the types of path in the programs, suggests enhancements to the existing test generation methods, and discusses several issues on how the code coverage can be improved. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Indepth Study of Mirror Adaptive Random Testing

    Publication Year: 2009 , Page(s): 51 - 58
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (475 KB) |  | HTML iconHTML  

    Previous studies showed that adaptive random testing is an effective alternative to random testing method, but requires additional overheads to evenly spread test cases. Mirroring was introduced to reduce the overheads of adaptive random testing. This paper is the follow-up work to a previous study on the integration of mirroring and adaptive random testing, namely the mirror adaptive random testing. It studies characteristics and effectiveness of mirror adaptive random testing in depth, and provides guidelines on how to apply mirror adaptive random testing in practice. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Innovative Approach to Randomising Quasi-random Sequences and Its Application into Software Testing

    Publication Year: 2009 , Page(s): 59 - 64
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (196 KB) |  | HTML iconHTML  

    Quasi-random sequences, which can evenly spread points across a hypercube, have been widely used in various areas. Recently, quasi-random testing technique, which makes use of quasi-random sequences to generate test cases, was proposed, and it normally has a higher failure-detection capability than pure random testing. However, there exist only a few distinct quasi-random sequences in the literature, and all these sequences are deterministic rather than random. Therefore, the applicability of quasi-random sequences in testing is restricted. In this paper, we propose a new approach to randomising quasi-random sequences. Out approach can generate many distinct randomised quasi-random sequences that have even distributions of points. The experimental results also show that these sequences can significantly enhance the effectiveness of random testing. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Interactive Specification and Verification of Behavioural Adaptation Contracts

    Publication Year: 2009 , Page(s): 65 - 75
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (672 KB) |  | HTML iconHTML  

    Adaptation is a crucial issue when building new applications by reusing existing software services which were not initially designed to interoperate with each other. Adaptation contracts describe composition constraints and adaptation requirements among these services. The writing of this specification by a designer is a difficult and error-prone task, especially when service protocol needs to be considered and service functionality accessed through behavioural interfaces. In this paper, we propose an interactive approach to support the contract design process, and more specifically: (i) a graphical notation to define port bindings, and an interface similarity measure to compare protocols and suggest some port connections to the designer, (ii) compositional and hierarchical techniques to facilitate the specification of adaptation contracts by building them incrementally, (iii) validation and verification techniques to check that the contract will make the involved services work correctly and as expected by the designer. Our approach is fully supported by a prototype tool we have implemented. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Verification-Centric Software Development Process for Java

    Publication Year: 2009 , Page(s): 76 - 85
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (260 KB) |  | HTML iconHTML  

    Design by contract (DBC) is an oft-cited, but rarely followed, programming practice that focuses on writing formal specifications first, and writing code that fulfills those specifications second. The development of static analysis tools over the past several years has made it possible to fully embrace DBC in Java systems by writing, type checking, and consistency checking rich behavioral specifications for Java before writing any code. This paper discusses a DBC-based, verification-centric software development process for Java that integrates the Business Object Notation (BON), the Java Modeling Language, and several associated tools including the BON compiler BONc, the ESC/Java2 static checker, a runtime assertion checker, and a specification-based unit test generator. This verification-centric process, reinforced by its rich open source tool support, is one of the most advanced, concrete, open, practical, and usable processes available today for rigorously designing and developing software systems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modelling and Verification of Port Based Component Composition

    Publication Year: 2009 , Page(s): 86 - 91
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (286 KB) |  | HTML iconHTML  

    This paper presents a port based language to describe components and component composition. This language aims to check component composition in three aspects: signature constraints, behaviour compatibility and run time errors. For the run time errors, we have a result that can check if the system is in deadlock state. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Timed Modeling and Verification of BPEL Processes Using Time Petri Nets

    Publication Year: 2009 , Page(s): 92 - 97
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (407 KB) |  | HTML iconHTML  

    The execution time, an important criterion to measure the quality of a BPEL process, can be influenced by some slow external partner services (i.e., some long-running services). Therefore, it is desirable to specify response time of services into the SLAs (service level agreements). In this way, service consumers could verify whether the candidate services satisfy the expected time requirements before they are invoked. However, existing solutions are time-consuming especially when the BPEL process is quite complex (e.g., involving parallel structures and loops) and the number of candidate services is huge. To address this problem, in this paper, we propose a time Petri nets-based verification approach that efficiently verifies time requirements for a BPEL process. This allows service consumers to quickly identify suitable partner services that satisfy the time requirements at service looking up stage. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Web Traversal with a History Stack

    Publication Year: 2009 , Page(s): 98 - 107
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (386 KB) |  | HTML iconHTML  

    Correct navigational behavior of a web application is essential to its reliability. An effective means to improve our confidence in the correct behavior of a web application is to test it by exploring the possible navigation among the webpages at client side: The tester carries out the testing by consecutively clicking the hyperlinks along with some possible search parameters and checking whether the returned webpages are as expected. This type of client-side testing can be viewed as a traverse in a graph representing the considered webpages together with the hyperlinks among them. To reach an efficient test that traverses all hyperlinks considered, we make use of the interface provided by web browsers, typically, the goto menu. In doing so, the issues raised by cookies and URL rewriting are taken into account. Compared to the case without using the interface of web browsers, our experiments show a 17%-24% saving on the test sequence lengths in most cases. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.