cs.SE

185 posts

arXiv:2501.06837v1 Announce Type: new Abstract: This paper presents a novel approach to represent enterprise web application structures using Large Language Models (LLMs) to enable intelligent quality engineering at scale. We introduce a hierarchical representation methodology that optimizes the few-shot learning capabilities of LLMs while preserving the complex relationships and interactions within web applications. The approach encompasses five key phases: comprehensive DOM analysis, multi-page synthesis, test suite generation, execution, and result analysis. Our methodology addresses existing challenges around usage of Generative AI techniques in automated software testing by developing a structured format that enables LLMs to understand web application architecture through in-context learning. We evaluated our approach using two distinct web applications: an e-commerce platform (Swag Labs) and a healthcare application (MediBox) which is deployed within Atalgo engineering environment. The results demonstrate success rates of 90\% and 70\%, respectively, in achieving automated testing, with high relevance scores for test cases across multiple evaluation criteria. The findings suggest that our representation approach significantly enhances LLMs' ability to generate contextually relevant test cases and provide better quality assurance overall, while reducing the time and effort required for testing.

Zaber Al Hassan Ayon, Gulam Husain, Roshankumar Bisoi, Waliur Rahman, Dr Tom Osborn1/14/2025

arXiv:2501.06894v1 Announce Type: new Abstract: Quantum computing is an emerging field with significant potential, yet software development and maintenance challenges limit its accessibility and maturity. This work investigates the current state, evolution, and maintenance practices in the quantum computing community by conducting a large-scale mining analysis of over 21,000 quantum software repositories on GitHub, containing more than 1.2 million commits contributed by over 10,000 unique developers. Specifically, the focus of this paper is to: (i) assess the community's status and growth by examining the popularity of quantum computing, trends in programming languages and framework usage, growth of contributors, and insights from repository documentation; and (ii) analyze maintenance practices through commit patterns, issue classification, and maintenance levels. Our findings indicate rapid growth in the quantum computing community, with a 200% increase in the number of repositories and a 150% rise in contributors since 2017. Our analysis of commits shows a strong focus on perfective updates, while the relatively low number of corrective commits highlights potential gaps in bug resolution. Furthermore, one-third of the quantum computing issues highlight the need for specialized tools in addition to general software infrastructure. In summary, this work provides a foundation for targeted improvements in quantum software to support sustained growth and technical advancement. Based on our analysis of development activity, community structure, and maintenance practices, this study offers actionable recommendations to enhance quantum programming tools, documentation, and resources. We are also open-sourcing our dataset to support further analysis by the community and to guide future research and tool development for quantum computing.

Krishna Upadhyay, Vinaik Chhetri, A. B. Siddique, Umar Farooq1/14/2025

arXiv:2501.06738v1 Announce Type: new Abstract: Context: In collaborative software development, the peer code review process proves beneficial only when the reviewers provide useful comments. Objective: This paper investigates the usefulness of Code Review Comments (CR comments) through textual feature-based and featureless approaches. Method: We select three available datasets from both open-source and commercial projects. Additionally, we introduce new features from software and non-software domains. Moreover, we experiment with the presence of jargon, voice, and codes in CR comments and classify the usefulness of CR comments through featurization, bag-of-words, and transfer learning techniques. Results: Our models outperform the baseline by achieving state-of-the-art performance. Furthermore, the result demonstrates that the commercial gigantic LLM, GPT-4o, or non-commercial naive featureless approach, Bag-of-Word with TF-IDF, is more effective for predicting the usefulness of CR comments. Conclusion: The significant improvement in predicting usefulness solely from CR comments escalates research on this task. Our analyses portray the similarities and differences of domains, projects, datasets, models, and features for predicting the usefulness of CR comments.

Sharif Ahmed, Nasir U. Eisty1/14/2025

arXiv:2501.06788v1 Announce Type: new Abstract: Modern software systems are typically configurable, a fundamental prerequisite for wide applicability and reusability. This flexibility poses an extraordinary challenge for quality assurance, as the enormous number of possible configurations makes it impractical to test each of them separately. This is where t-wise interaction sampling can be used to systematically cover the configuration space and detect unknown feature interactions. Over the last two decades, numerous algorithms for computing small interaction samples have been studied, providing improvements for a range of heuristic results; nevertheless, it has remained unclear how much these results can still be improved. We present a significant breakthrough: a fundamental framework, based on the mathematical principle of duality, for combining near-optimal solutions with provable lower bounds on the required sample size. This implies that we no longer need to work on heuristics with marginal or no improvement, but can certify the solution quality by establishing a limit on the remaining gap; in many cases, we can even prove optimality of achieved solutions. This theoretical contribution also provides extensive practical improvements: Our algorithm SampLNS was tested on 47 small and medium-sized configurable systems from the existing literature. SampLNS can reliably find samples of smaller size than previous methods in 85% of the cases; moreover, we can achieve and prove optimality of solutions for 63% of all instances. This makes it possible to avoid cumbersome efforts of minimizing samples by researchers as well as practitioners, and substantially save testing resources for most configurable systems.

Dominik Krupke, Ahmad Moradi, Michael Perk, Phillip Keldenich, Gabriel Gehrke, Sebastian Krieter, Thomas Th\"um, S\'andor P. Fekete1/14/2025

arXiv:2501.06305v1 Announce Type: new Abstract: Cloud computing has emerged as a crucial solution for managing data- and compute-intensive workflows, offering scalability to address dynamic demands. However, security concerns persist, especially for workflows involving sensitive data and tasks. One of the main gaps in the literature is the lack of robust and flexible measures for reacting to these security violations. To address this, we propose an innovative approach leveraging Reinforcement Learning (RL) to formulate adaptation chains, responding effectively to security violations within cloud-based workflows. These chains consist of sequences of adaptation actions tailored to attack characteristics, workflow dependencies, and user-defined requirements. Unlike conventional single-task adaptations, adaptation chains provide a comprehensive mitigation strategy by taking into account both control and data dependencies between tasks, thereby accommodating conflicting objectives effectively. Moreover, our RL-based approach uses insights from past responses to mitigate uncertainties associated with adaptation costs. We evaluate the method using our jBPM and Cloudsim Plus based implementation and compare the impact of selected adaptation chains on workflows with the single adaptation approach. Results demonstrate that the adaptation chain approach outperforms in terms of total adaptation cost, offering resilience and adaptability against security threats.

Nafiseh Soveizi, Dimka Karastoyanova1/14/2025

arXiv:2501.06370v1 Announce Type: new Abstract: Ensuring the reliability and verifiability of large language model (LLM)-enabled systems remains a significant challenge in software engineering. We propose a probabilistic framework for systematically analyzing and improving these systems by modeling and refining distributions over clusters of semantically equivalent outputs. This framework facilitates the evaluation and iterative improvement of Transference Models -- key software components that utilize LLMs to transform inputs into outputs for downstream tasks. To illustrate its utility, we apply the framework to the autoformalization problem, where natural language documentation is transformed into formal program specifications. Our case illustrates how probabilistic analysis enables the identification of weaknesses and guides focused alignment improvements, resulting in more reliable and interpretable outputs. This principled approach offers a foundation for addressing critical challenges in the development of robust LLM-enabled systems.

Juan Manuel Baldonado, Flavia Bonomo-Braberman, V\'ictor Adri\'an Braberman1/14/2025

arXiv:2501.06226v1 Announce Type: new Abstract: Machine learning (ML) has become crucial in modern life, with growing interest from researchers and the public. Despite its potential, a significant entry barrier prevents widespread adoption, making it challenging for non-experts to understand and implement ML techniques. The increasing desire to leverage ML is counterbalanced by its technical complexity, creating a gap between potential and practical application. This work introduces asanAI, an offline-first, open-source, no-code machine learning toolkit designed for users of all skill levels. It allows individuals to design, debug, train, and test ML models directly in a web browser, eliminating the need for software installations and coding. The toolkit runs on any device with a modern web browser, including smartphones, and ensures user privacy through local computations while utilizing WebGL for enhanced GPU performance. Users can quickly experiment with neural networks and train custom models using various data sources, supported by intuitive visualizations of network structures and data flows. asanAI simplifies the teaching of ML concepts in educational settings and is released under an open-source MIT license, encouraging modifications. It also supports exporting models in industry-ready formats, empowering a diverse range of users to effectively learn and apply machine learning in their projects. The proposed toolkit is successfully utilized by researchers of ScaDS.AI to swiftly draft and test machine learning ideas, by trainers to effectively educate enthusiasts, and by teachers to introduce contemporary ML topics in classrooms with minimal effort and high clarity.

Norman Koch, Siavash Ghiasvand1/14/2025

arXiv:2501.06716v1 Announce Type: new Abstract: Dynamic linking is the standard mechanism for using external dependencies since it enables code reuse, streamlines software updates, and reduces disk/network use. Dynamic linking waits until runtime to calculate an application's relocation mapping, i.e., the mapping between each externally referenced symbol in the application to the dependency that provides the symbol. Unfortunately, it comes with two downsides. First, dynamic linking limits the performance of current systems since it can take seconds to calculate a relocation mapping for a large program. Second, dynamic linking limits the dependency management of applications since it prevents a developer from accurately observing a relocation mapping except at runtime. This paper makes the key insight that the benefits conventionally attributed to dynamic linking: code reuse, streamlined software updates, and reduced disk/network use are actually benefits of shared libraries. Thus, we present stable linking, a new mechanism for using dependencies that uses shared libraries to retain their benefits but eliminates the downsides of dynamic linking. Stable linking separates a system's state into management times; when the system can be modified, and epochs when it cannot. Stable linking calculates each application's relocation mapping at the beginning of each epoch, allows developers to inspect the relocation mapping during the epoch, and reuses the mapping for subsequent executions in the epoch. We design and build MatR, the first stable linker. We use MatR in three workloads and show that it improves upon dynamic linking performance by a factor of 2.19 on average. Additionally, we use the system in three vignettes, or case-studies, that illustrate the system's improvements to dependency management.

Farid Zakaria, Andrew Quinn, Thomas R. W. Scogland1/14/2025

arXiv:2501.06283v1 Announce Type: new Abstract: Using large language models (LLMs) to generate source code from natural language prompts is a popular and promising idea with a wide range of applications. One of its limitations is that the generated code can be faulty at times, often in a subtle way, despite being presented to the user as correct. In this paper, we explore ways in which formal methods can assist with increasing the quality of code generated by an LLM. Instead of emitting code in a target language directly, we propose that the user guides the LLM to first generate an opaque intermediate representation, in the verification-aware language Dafny, that can be automatically validated for correctness against agreed on specifications. The correct Dafny program is then compiled to the target language and returned to the user. All user-system interactions throughout the procedure occur via natural language; Dafny code is never exposed. We describe our current prototype and report on its performance on the HumanEval Python code generation benchmarks.

Yue Chen Li, Stefan Zetzsche, Siva Somayyajula1/14/2025

arXiv:2501.06428v1 Announce Type: new Abstract: This research investigates how CDNs (Content Delivery Networks) can improve the digital experience, as consumers increasingly expect fast, efficient, and effortless access to online resources. CDNs play a crucial role in reducing latency, enhancing scalability, and optimizing delivery mechanisms, which is evident across various platforms and regions. The study focuses on key CDN concerns, such as foundational and modern CDN architectures, edge computing, hybrid CDNs, and multi-CDN strategies. It also explores performance-enhancing topics, including caching, load balancing, and the novel features of HTTP/3 and QUIC. Current trends, such as integrating CDNs with 5G networks, serverless architectures, and AI-driven traffic management, are examined to demonstrate how CDN technology is likely to evolve. The study also addresses challenges related to security, cost, and global regulations. Practical examples from the e-commerce, streaming, and gaming industries highlight how enhanced CDNs are transforming these sectors. The conclusions emphasize the need to evolve CDN strategies to meet growing user expectations and adapt to the rapidly changing digital landscape. Additionally, the research identifies future research opportunities, particularly in exploring the impact of QC, the enhancement of AI services, and the sustainability of CDN solutions. Overall, the study situates architectural design, performance strategies, and emerging trends to address gaps and create a more efficient and secure approach for improving digital experiences.

Anuj Tyagi1/14/2025

arXiv:2501.06437v1 Announce Type: new Abstract: Globally distributed software development has been a mainstream paradigm in developing modern software systems. We have witnessed a fast-growing population of software developers from areas where English is not a native language in the last several decades. Given that English is still the de facto working language in most global software engineering teams, we need to gain more knowledge about the experiences of developers who are non-native English speakers. We conducted an empirical study to fill this research gap. In this study, we interviewed 27 Chinese developers in commercial software development and open source global software development teams and applied Bourdieu's capital-field-habitus framework in an abductive data analysis process. Our study reveals four types of capital (language, social, symbolic, and economic) involved in their experiences and examines the interrelations among them. We found that non-native speakers' insufficient language capital played an essential role in prohibiting them from accessing and accumulating other capital, thus reproducing the sustained and systematic disadvantaged positions of non-native English speakers in GSD teams. We further discussed the theoretical and practical implications of the study.

Yi Wang, Yang Yue, Wei Wang, Gaowei Zhang1/14/2025

arXiv:2501.06443v1 Announce Type: new Abstract: Although classical computing has excelled in a wide range of applications, there remain problems that push the limits of its capabilities, especially in fields like cryptography, optimization, and materials science. Quantum computing introduces a new computational paradigm, based on principles of superposition and entanglement to explore solutions beyond the capabilities of classical computation. With the increasing interest in the field, there are challenges and opportunities for academics and practitioners in terms of software engineering practices, particularly in testing quantum programs. This paper presents an empirical study of testing patterns in quantum algorithms. We analyzed all the tests handling quantum aspects of the implementations in the Qiskit Algorithms library and identified seven distinct patterns that make use of (1) fixed seeds for algorithms based on random elements; (2) deterministic oracles; (3) precise and approximate assertions; (4) Data-Driven Testing (DDT); (5) functional testing; (6) testing for intermediate parts of the algorithms being tested; and (7) equivalence checking for quantum circuits. Our results show a prevalence of classical testing techniques to test the quantum-related elements of the library, while recent advances from the research community have yet to achieve wide adoption among practitioners.

Neilson Carlos Leite Ramalho, Erico Augusto da Silva, Higor Amario de Souza, Marcos Lordello Chaim1/14/2025

arXiv:2501.06459v1 Announce Type: new Abstract: The Open Network (TON), designed to support Telegram's extensive user base of hundreds of millions, has garnered considerable attention since its launch in 2022. FunC is the most popular programming language for writing smart contracts on TON. It is distinguished by a unique syntax compared to other smart contract languages. Despite growing interest, research on the practical defects of TON smart contracts is still in its early stages. In this paper, we summarize eight smart contract defects identified from TON's official blogs and audit reports, each with detailed definitions and code examples. Furthermore, we propose a static analysis framework called TONScanner to facilitate the detection of these defects. Specifically, TONScanner reuses FunC compiler's frontend code to transform the FunC source code into FunC intermediate representation (IR) in the form of a directed acyclic graph (DAG). Based on this IR, TONScanner constructs a control flow graph (CFG), then transforms it into a static single assignment (SSA) form to simplify further analysis. TONScanner also integrates Data Dependency, Call Graph, Taint Analysis, and Cell Construct, which are specifically tailored for TON blockchain's unique data structures. These components finally facilitate the identification of the eight defects. We evaluate the effectiveness of TONScanner by applying it to 1,640 smart contracts and find a total of 14,995 defects. Through random sampling and manual labeling, we find that TONScanner achieves an overall precision of 97.49%. The results reveal that current TON contracts contain numerous defects, indicating that developers are prone to making errors. TONScanner has proven its ability to accurately identify these defects, thereby aiding in their correction.

Hao Song, Teng Li, Jiachi Chen, Ting Chen, Beibei Li, Zhangyan Lin, Yi Lu, Pan Li, Xihan Zhou1/14/2025

arXiv:2501.06491v1 Announce Type: new Abstract: This study emphasizes the domain of requirements engineering by applying the SMOTE-Tomek preprocessing technique, combined with stratified K-fold cross-validation, to address class imbalance in the PROMISE dataset. This dataset comprises 969 categorized requirements, classified into functional and non-functional types. The proposed approach enhances the representation of minority classes while maintaining the integrity of validation folds, leading to a notable improvement in classification accuracy. Logistic regression achieved 76.16\%, significantly surpassing the baseline of 58.31\%. These results highlight the applicability and efficiency of machine learning models as scalable and interpretable solutions.

Barak Or1/14/2025

arXiv:2501.06523v1 Announce Type: new Abstract: The discipline of software engineering (SE) combines social and technological dimensions. It is an interdisciplinary research field. However, interdisciplinary research submitted to software engineering venues may not receive the same level of recognition as more traditional or technical topics such as software testing. For this paper, we conducted an online survey of 73 SE researchers and used a mixed-method data analysis approach to investigate their challenges and recommendations when publishing interdisciplinary research in SE. We found that the challenges of publishing interdisciplinary research in SE can be divided into topic-related and reviewing-related challenges. Furthermore, while our initial focus was on publishing interdisciplinary research, the impact of current reviewing practices on marginalized groups emerged from our data, as we found that marginalized groups are more likely to receive negative feedback. In addition, we found that experienced researchers are less likely to change their research direction due to feedback they receive. To address the identified challenges, our participants emphasize the importance of highlighting the impact and value of interdisciplinary work for SE, collaborating with experienced researchers, and establishing clearer submission guidelines and new interdisciplinary SE publication venues. Our findings contribute to the understanding of the current state of the SE research community and how we could better support interdisciplinary research in our field.

Sonja M. Hyrynsalmi, Grischa Liebel, Ronnie de Souza Santos, Sebastian Baltes1/14/2025

arXiv:2501.06401v1 Announce Type: new Abstract: App developers aim to create apps that cater to the needs of different types of users. This development approach, also known as the "one-size-fits-all" strategy, involves combining various functionalities into one app. However, this approach has drawbacks, such as lower conversion rates, slower download speed, larger attack surfaces, and lower update rates. To address these issues, developers have created "lite" versions to attract new users and enhance the user experience. Despite this, there has been no study conducted to examine the relationship between lite and full apps. To address this gap, we present a comparative study of lite apps, exploring the similarities and differences between lite and full apps from various perspectives. Our findings indicate that most existing lite apps fail to fulfill their intended goals (e.g., smaller in size, faster to download, and using less data). Our study also reveals the potential security risks associated with lite apps.

Yutian Tang, Xiaojiang Du1/14/2025

arXiv:2501.06420v1 Announce Type: new Abstract: Code clones, referring to identical or similar code fragments, have long posed challenges in classical programming, impacting software quality, maintainability, and scalability. However, their presence and characteristics in quantum programming remain unexplored. This paper presents an empirical study of code clones in quantum programs, specifically focusing on software developed using the Qiskit framework. We examine the existence, distribution, density, and size of code clones in quantum software, revealing a high density of Type-2 and Type-3 clones involving minor modifications. Our findings suggest that these clones are more frequent in quantum software, likely due to the complexity of quantum algorithms and their integration with classical logic. This highlights the need for advanced clone detection and refactoring tools specifically designed for the quantum domain to improve software maintainability and scalability.

Kenta Manoku, Jianjun Zhao1/14/2025

arXiv:2501.06706v1 Announce Type: new Abstract: AI for IT Operations (AIOps) aims to automate complex operational tasks, such as fault localization and root cause analysis, to reduce human workload and minimize customer impact. While traditional DevOps tools and AIOps algorithms often focus on addressing isolated operational tasks, recent advances in Large Language Models (LLMs) and AI agents are revolutionizing AIOps by enabling end-to-end and multitask automation. This paper envisions a future where AI agents autonomously manage operational tasks throughout the entire incident lifecycle, leading to self-healing cloud systems, a paradigm we term AgentOps. Realizing this vision requires a comprehensive framework to guide the design, development, and evaluation of these agents. To this end, we present AIOPSLAB, a framework that not only deploys microservice cloud environments, injects faults, generates workloads, and exports telemetry data but also orchestrates these components and provides interfaces for interacting with and evaluating agents. We discuss the key requirements for such a holistic framework and demonstrate how AIOPSLAB can facilitate the evaluation of next-generation AIOps agents. Through evaluations of state-of-the-art LLM agents within the benchmark created by AIOPSLAB, we provide insights into their capabilities and limitations in handling complex operational tasks in cloud environments.

Yinfang Chen, Manish Shetty, Gagan Somashekar, Minghua Ma, Yogesh Simmhan, Jonathan Mace, Chetan Bansal, Rujia Wang, Saravan Rajmohan1/14/2025

arXiv:2501.06424v1 Announce Type: new Abstract: Fairness testing is increasingly recognized as fundamental in software engineering, especially in the domain of data-driven systems powered by artificial intelligence. However, its practical integration into software development may pose challenges, given its overlapping boundaries with usability and accessibility testing. In this tertiary study, we explore these complexities using insights from 12 systematic reviews published in the past decade, shedding light on the nuanced interactions among fairness, usability, and accessibility testing and how they intersect within contemporary software development practices.

Matheus de Morais Le\c{c}a, Ronnie de Souza Santos1/14/2025

arXiv:2501.06972v1 Announce Type: new Abstract: In recent years, there has been a tremendous interest in using generative AI, and particularly large language models (LLMs) in software engineering; indeed there are now several commercially available tools, and many large companies also have created proprietary ML-based tools for their own software engineers. While the use of ML for common tasks such as code completion is available in commodity tools, there is a growing interest in application of LLMs for more bespoke purposes. One such purpose is code migration. This article is an experience report on using LLMs for code migrations at Google. It is not a research study, in the sense that we do not carry out comparisons against other approaches or evaluate research questions/hypotheses. Rather, we share our experiences in applying LLM-based code migration in an enterprise context across a range of migration cases, in the hope that other industry practitioners will find our insights useful. Many of these learnings apply to any application of ML in software engineering. We see evidence that the use of LLMs can reduce the time needed for migrations significantly, and can reduce barriers to get started and complete migration programs.

Stoyan Nikolov, Daniele Codecasa, Anna Sjovall, Maxim Tabachnyk, Satish Chandra, Siddharth Taneja, Celal Ziftci1/14/2025